Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijackthis Log


  • Please log in to reply
18 replies to this topic

#1 sko

sko

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 27 January 2008 - 10:21 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:21 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Outerinfo\Outerinfo.exe
C:\WINDOWS\explorer.exe

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvlox.dll,startup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvtow.dll,startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5660 bytes

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:52 PM

Posted 01 February 2008 - 12:18 PM

Hello sko and welcome to the BC HijackThis forum. Let's see what else we can find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 sko

sko
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 01 February 2008 - 12:55 PM

WinPFind35 logfile created on: 2/1/2008 11:53:40 AM

WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Josh's Super Box\Desktop\WinPFind35u

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

 

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.48% Memory free

3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.55% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 75.13 Gb Total Space | 62.33 Gb Free Space | 82.96% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 97.65 Gb Total Space | 97.59 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Drive F: | 292.97 Gb Total Space | 292.90 Gb Free Space | 99.97% Space Free | Partition Type: NTFS



Computer Name: JOSH

Current User Name: Josh's Super Box

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user





[Processes - Non-Microsoft Only]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/26/2006 11:57:00 PM | Attr =	]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/26/2006 11:57:00 PM | Attr =	]

avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/31/2007 2:18:30 AM | Attr =	]

cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]

rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.1.1.4 | Size = 16062464 bytes | Modified Date = 12/18/2006 9:12:00 PM | Attr = R  ]

cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 28 | Size = 16384 bytes | Modified Date = 5/24/2005 2:28:18 AM | Attr =	]

avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/31/2007 2:18:31 AM | Attr =	]

avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/3/2008 9:54:37 AM | Attr =	]

lxcycoms.exe -> %System32%\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 4:28:55 AM | Attr =	]

viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 3:38:08 PM | Attr =	]

emupatchmixdsp.exe -> %ProgramFiles%\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe -> EMU Systems [Ver = 1.71.01.0032 | Size = 581755 bytes | Modified Date = 5/4/2005 4:27:44 AM | Attr =	]

cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]

cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]

winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 12:38:16 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/26/2006 11:57:00 PM | Attr =	]

(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe ->  [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 12/27/2006 12:22:00 PM | Attr =	]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/31/2007 2:18:30 AM | Attr =	]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/31/2007 2:18:31 AM | Attr =	]

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/3/2008 9:54:37 AM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr =	]

(lxcy_device) lxcy_device [Win32_Own | Auto | Running] -> %System32%\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 4:28:55 AM | Attr =	]

(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 3:38:08 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6660 | Size = 1918464 bytes | Modified Date = 12/27/2006 12:04:00 AM | Attr =	]

(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 12/31/2007 2:18:33 AM | Attr =	]

(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 12/31/2007 2:18:35 AM | Attr =	]

(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 12/31/2007 2:18:35 AM | Attr =	]

(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/3/2008 9:54:38 AM | Attr =	]

(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 12/31/2007 2:18:41 AM | Attr =	]

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %System32%\drivers\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 503296 bytes | Modified Date = 5/24/2005 2:20:14 AM | Attr = R  ]

(ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 435712 bytes | Modified Date = 5/24/2005 2:21:02 AM | Attr = R  ]

(ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 7168 bytes | Modified Date = 5/24/2005 2:21:04 AM | Attr = R  ]

(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 145408 bytes | Modified Date = 5/24/2005 2:20:20 AM | Attr = R  ]

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 10:07:18 PM | Attr =	]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 10:07:18 PM | Attr =	]

(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr =	]

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %System32%\drivers\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 76800 bytes | Modified Date = 5/24/2005 2:20:18 AM | Attr = R  ]

(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> D:\INSTALL\GMSIPCI.SYS -> File not found

(ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ha10kx2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 744448 bytes | Modified Date = 5/24/2005 2:20:32 AM | Attr = R  ]

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 4:07:18 PM | Attr =	]

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5345 built by: WinDDK | Size = 4405248 bytes | Modified Date = 12/21/2006 2:26:00 AM | Attr = R  ]

(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found

(iteatapi) ITEATAPI_Service_Install [Kernel | Boot | Running] -> %System32%\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.0 built by: WinDDK | Size = 27648 bytes | Modified Date = 10/28/2005 10:11:00 AM | Attr = R  ]

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %System32%\drivers\ASACPI.sys ->  [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 8/13/2004 4:56:20 AM | Attr = R  ]

(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1102-2.05.0540 | Size = 115712 bytes | Modified Date = 5/24/2005 2:20:26 AM | Attr = R  ]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 4/1/2004 3:30:46 PM | Attr =	]

(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\drivers\pfmodnt.sys -> Creative Technology Ltd. [Ver = 3.0.0.11 | Size = 9216 bytes | Modified Date = 5/24/2005 2:28:46 AM | Attr = R  ]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 3/25/2002 2:02:14 PM | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/27/2008 1:56:07 PM | Attr =	]

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %System32%\drivers\yk51x86.sys -> Marvell [Ver = 8.27.3.3 built by: WinDDK | Size = 232064 bytes | Modified Date = 5/6/2005 7:27:00 AM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 4:43:00 AM | Attr = R  ]

ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe ->  [Ver =  | Size = 90112 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]

CTHelper -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 28 | Size = 16384 bytes | Modified Date = 5/24/2005 2:28:18 AM | Attr =	]

LXCYCATS -> %System32%\spool\drivers\w32x86\3\lxcytime.dll -> Lexmark International Inc. [Ver = 1.32.0.0 | Size = 106496 bytes | Modified Date = 11/21/2006 11:27:06 AM | Attr =	]

RTHDCPL -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.1.1.4 | Size = 16062464 bytes | Modified Date = 12/18/2006 9:12:00 PM | Attr = R  ]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

SetDefaultMIDI -> %SystemRoot%\MIDIDEF.EXE -> Creative Technology Ltd [Ver = 2, 9, 0, 5 | Size = 25088 bytes | Modified Date = 5/24/2005 2:17:46 AM | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =	]

< Josh's Super Box Startup Folder > -> C:\Documents and Settings\Josh's Super Box\Start Menu\Programs\Startup -> 

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{89A1E40D-0254-4F99-B9AE-B60A2D8754A9} [HKEY_LOCAL_MACHINE] -> %System32%\opnnmli.dll [] ->  [Ver =  | Size = 39424 bytes | Modified Date = 1/22/2008 10:52:27 AM | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 110592 bytes | Modified Date = 12/26/2006 11:58:00 PM | Attr =	]

opnnmli -> %System32%\opnnmli.dll ->  [Ver =  | Size = 39424 bytes | Modified Date = 1/22/2008 10:52:27 AM | Attr =	]

winrzf32 -> %System32%\winrzf32.dll ->  [Ver =  | Size = 23552 bytes | Modified Date = 1/22/2008 10:52:28 AM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

< HOSTS File > (224466 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 

33 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4184 domain(s) found. -> 

32 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr =	]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 12:37:24 PM | Attr = R  ]

{49375DFF-2A0E-465A-984A-3CA1324F5A22} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{4DEE268A-69AE-42D9-A1D5-93FDDD48733D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]

{89A1E40D-0254-4F99-B9AE-B60A2D8754A9} [HKEY_LOCAL_MACHINE] -> %System32%\opnnmli.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 39424 bytes | Modified Date = 1/22/2008 10:52:27 AM | Attr =	]

{B5ED7008-9FA3-431E-AF39-A5276CEC9F71} [HKEY_LOCAL_MACHINE] -> %System32%\pmkji.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 331776 bytes | Modified Date = 1/24/2008 10:40:14 AM | Attr =	]

{F10587E9-0E47-4CBE-84AE-7DD20B8684CC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Helper\superfindout.dll [e404mgr Class] -> File not found

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 12:37:24 PM | Attr = R  ]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 12:37:24 PM | Attr = R  ]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 12:56:24 PM | Attr =	]

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{02402D66-A0A1-4974-97CD-3F0930461DFE} ->	(Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr =	]

C:\WINDOWS\system32\pmkji -> %System32%\pmkji.dll ->  [Ver =  | Size = 331776 bytes | Modified Date = 1/24/2008 10:40:14 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 294400 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr =	]

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr =	]

schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]

wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 796 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1616 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 12/18/2007 1:04:17 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 1:17:27 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Disabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/31/2007 2:18:30 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Disabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/3/2008 9:54:37 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Disabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/3/2008 9:54:37 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Disabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 1/3/2008 9:54:37 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTornado\btdownloadgui.exe -> C:\Program Files\BitTornado\btdownloadgui.exe [C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Disabled:DNA] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\lxcycoms.exe -> C:\WINDOWS\system32\lxcycoms.exe [C:\WINDOWS\system32\lxcycoms.exe:*:Disabled:Lexmark Communications System] ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 4:28:55 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\winver.exe -> C:\WINDOWS\system32\winver.exe [C:\WINDOWS\system32\winver.exe:*:Enabled:winver] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 1/22/2008 10:52:39 AM | Attr = RH ]

tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/27/2008 1:58:57 PM | Attr =	]

AC3ACM.acm -> %System32%\AC3ACM.acm -> fccHandler [Ver = 0, 7, 0, 0 | Size = 81920 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

alf2cd.acm -> %System32%\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]

DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 1/9/2008 5:18:18 AM | Attr =	]

divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Created Date = 1/9/2008 5:18:18 AM | Attr =	]

divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]

divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]

divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]

dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]

dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]

drvlox.dll -> %System32%\drvlox.dll ->  [Ver =  | Size = 103936 bytes | Created Date = 1/22/2008 10:52:39 AM | Attr =	]

drvloxr.dll -> %System32%\drvloxr.dll ->  [Ver =  | Size = 15360 bytes | Created Date = 1/22/2008 10:52:39 AM | Attr =	]

drvtow.dll -> %System32%\drvtow.dll ->  [Ver =  | Size = 18944 bytes | Created Date = 1/27/2008 12:27:42 PM | Attr =	]

dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]

dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]

ijkmp.ini -> %System32%\ijkmp.ini ->  [Ver =  | Size = 403645 bytes | Created Date = 1/24/2008 10:40:15 AM | Attr =  HS]

ijkmp.ini2 -> %System32%\ijkmp.ini2 ->  [Ver =  | Size = 403405 bytes | Created Date = 1/24/2008 10:40:15 AM | Attr =  HS]

IM31IMG.DIL -> %System32%\IM31IMG.DIL -> Data Techniques, Inc. [Ver =  7.20  | Size = 49152 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

IM31XPNG.DEL -> %System32%\IM31XPNG.DEL -> Data Techniques, Inc. [Ver =  7.20  | Size = 98304 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

IM31XTIF.DEL -> %System32%\IM31XTIF.DEL -> Data Techniques, Inc. [Ver =  7.20  | Size = 69632 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

IMGMAN32.DLL -> %System32%\IMGMAN32.DLL -> Data Techniques, Inc. [Ver =  7.20  | Size = 339968 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

IMHOST32.DLL -> %System32%\IMHOST32.DLL -> Data Techniques, Inc. [Ver =  7.20  | Size = 98345 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]

javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]

javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]

javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]

LexFiles.ulf -> %System32%\LexFiles.ulf ->  [Ver =  | Size = 33527 bytes | Created Date = 1/20/2008 5:01:28 PM | Attr =	]

libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 1/9/2008 5:18:00 AM | Attr =	]

lxcy.loc -> %System32%\lxcy.loc ->  [Ver =  | Size = 1834 bytes | Created Date = 1/20/2008 5:01:28 PM | Attr =	]

lxcycfg.exe -> %System32%\lxcycfg.exe ->   [Ver = 6.4.29.0 | Size = 381616 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycoin.dll -> %System32%\lxcycoin.dll ->  [Ver =  | Size = 344064 bytes | Created Date = 1/20/2008 5:03:43 PM | Attr =	]

lxcycomc.dll -> %System32%\lxcycomc.dll ->   [Ver = 6.4.29.0 | Size = 684032 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycomm.dll -> %System32%\lxcycomm.dll ->   [Ver = 6.4.29.0 | Size = 421888 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycoms.exe -> %System32%\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycu.dll -> %System32%\lxcycu.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 77824 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycub.dll -> %System32%\lxcycub.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 86016 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycur.dll -> %System32%\lxcycur.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 36864 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcyhbn3.dll -> %System32%\lxcyhbn3.dll ->   [Ver = 6.4.29.0 | Size = 696320 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyhcp.dll -> %System32%\lxcyhcp.dll ->   [Ver = 6.4.29.0 | Size = 323584 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyhelp.chm -> %System32%\lxcyhelp.chm ->  [Ver =  | Size = 581173 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyiesc.dll -> %System32%\lxcyiesc.dll ->   [Ver = 6.4.29.0 | Size = 397312 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyih.exe -> %System32%\lxcyih.exe ->   [Ver = 6.4.29.0 | Size = 385712 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyinpa.dll -> %System32%\lxcyinpa.dll ->   [Ver = 6.4.29.0 | Size = 413696 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyins.dll -> %System32%\lxcyins.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 176128 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyinsb.dll -> %System32%\lxcyinsb.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 200704 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyinsr.dll -> %System32%\lxcyinsr.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 106496 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyinst.dll -> %System32%\lxcyinst.dll ->  [Ver =  | Size = 274432 bytes | Created Date = 1/20/2008 5:01:32 PM | Attr =	]

lxcyjswr.dll -> %System32%\lxcyjswr.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 147456 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcylmpm.dll -> %System32%\lxcylmpm.dll ->   [Ver = 6.4.29.0 | Size = 585728 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcypmui.dll -> %System32%\lxcypmui.dll ->   [Ver = 6.4.29.0 | Size = 643072 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcypplc.dll -> %System32%\lxcypplc.dll ->   [Ver = 6.4.29.0 | Size = 94208 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyprox.dll -> %System32%\lxcyprox.dll ->   [Ver = 6.4.29.0 | Size = 163840 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyserv.dll -> %System32%\lxcyserv.dll ->   [Ver = 6.4.29.0 | Size = 1224704 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyusb1.dll -> %System32%\lxcyusb1.dll ->   [Ver = 6.4.29.0 | Size = 995328 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyutil.dll -> %System32%\lxcyutil.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 462848 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyvs.dll -> %System32%\lxcyvs.dll ->  [Ver =  | Size = 40960 bytes | Created Date = 1/20/2008 5:03:45 PM | Attr =	]

LXPMONRC.DLL -> %System32%\LXPMONRC.DLL -> Lexmark International, Inc. [Ver = 0.1.35.8 | Size = 12288 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

LXPMONUI.DLL -> %System32%\LXPMONUI.DLL ->  [Ver = 0.1.35.8 | Size = 32768 bytes | Created Date = 1/20/2008 5:03:00 PM | Attr =	]

LXPRMON.DLL -> %System32%\LXPRMON.DLL ->  [Ver = 0.1.35.8 | Size = 45056 bytes | Created Date = 1/20/2008 5:03:00 PM | Attr =	]

mcdvd_32.dll -> %System32%\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

opnnmli.dll -> %System32%\opnnmli.dll ->  [Ver =  | Size = 39424 bytes | Created Date = 1/22/2008 10:52:27 AM | Attr =	]

pmkji.dll -> %System32%\pmkji.dll ->  [Ver =  | Size = 331776 bytes | Created Date = 1/24/2008 10:40:13 AM | Attr =	]

qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Created Date = 1/9/2008 5:18:12 AM | Attr =	]

Scg726.acm -> %System32%\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 1/9/2008 5:18:00 AM | Attr =	]

tsccvid.dll -> %System32%\tsccvid.dll -> TechSmith Corporation [Ver = 2.0.4 | Size = 110592 bytes | Created Date = 1/10/2008 8:21:25 PM | Attr =	]

vct3216.acm -> %System32%\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

vp6vfw.dll -> %System32%\vp6vfw.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Created Date = 1/22/2008 10:59:32 AM | Attr = R  ]

winrzf32.dll -> %System32%\winrzf32.dll ->  [Ver =  | Size = 23552 bytes | Created Date = 1/22/2008 10:52:28 AM | Attr =	]

winver.bat -> %System32%\winver.bat ->  [Ver =  | Size = 145 bytes | Created Date = 1/27/2008 12:27:48 PM | Attr =	]

xvid.ax -> %System32%\xvid.ax ->  [Ver =  | Size = 53248 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

xvidcore.dll -> %System32%\xvidcore.dll ->  [Ver =  | Size = 524288 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

xvidvfw.dll -> %System32%\xvidvfw.dll ->  [Ver =  | Size = 139264 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

ztx86.sys -> %System32%\ztx86.sys ->  [Ver =  | Size = 54764 bytes | Created Date = 1/22/2008 10:52:44 AM | Attr =	]

ARPR.INI -> %SystemRoot%\ARPR.INI ->  [Ver =  | Size = 890 bytes | Created Date = 1/3/2008 6:07:46 PM | Attr =	]

iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 1/14/2008 10:53:57 PM | Attr =	]

Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 1/5/2008 12:35:35 PM | Attr =	]

30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1413 bytes | Created Date = 1/11/2008 2:06:56 AM | Attr =	]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Created Date = 1/24/2008 2:46:47 PM | Attr =	]

PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 1/24/2008 12:42:26 PM | Attr =  H ]

pss -> %SystemRoot%\pss ->  [Folder | Created Date = 1/31/2008 8:37:19 PM | Attr =	]

Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 1/11/2008 2:09:43 AM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 219 bytes | Created Date = 1/27/2008 2:50:00 PM | Attr =	]

WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx ->  [Ver =  | Size = 156910 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

AVS4YOU -> %AllUsersAppData%\AVS4YOU ->  [Folder | Created Date = 1/5/2008 2:19:09 AM | Attr =	]

Azureus -> %AllUsersAppData%\Azureus ->  [Folder | Created Date = 1/3/2008 12:16:51 PM | Attr =	]

FaxCtr -> %AllUsersAppData%\FaxCtr ->  [Folder | Created Date = 1/20/2008 5:02:38 PM | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/27/2008 12:33:23 AM | Attr =	]

Nero -> %AllUsersAppData%\Nero ->  [Folder | Created Date = 1/24/2008 1:41:24 PM | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 1/27/2008 1:56:41 PM | Attr =	]

Yahoo! -> %AllUsersAppData%\Yahoo! ->  [Folder | Created Date = 1/23/2008 7:57:55 AM | Attr =	]

AVSDVDPlayer.m3u -> %UserAppData%\AVSDVDPlayer.m3u ->  [Ver =  | Size = 0 bytes | Created Date = 1/5/2008 12:19:10 PM | Attr =	]

Azureus -> %UserAppData%\Azureus ->  [Folder | Created Date = 1/3/2008 12:16:50 PM | Attr =	]

BitTorrent -> %UserAppData%\BitTorrent ->  [Folder | Created Date = 1/3/2008 12:23:17 PM | Attr =	]

DNA -> %UserAppData%\DNA ->  [Folder | Created Date = 1/3/2008 12:23:07 PM | Attr =	]

FaxCtr -> %UserAppData%\FaxCtr ->  [Folder | Created Date = 1/20/2008 11:59:05 PM | Attr =	]

Nero -> %UserAppData%\Nero ->  [Folder | Created Date = 1/24/2008 1:43:50 PM | Attr =	]

Sun -> %UserAppData%\Sun ->  [Folder | Created Date = 1/11/2008 2:09:43 AM | Attr =	]

Viewpoint -> %UserAppData%\Viewpoint ->  [Folder | Created Date = 1/11/2008 1:32:26 AM | Attr =	]

Ahead -> %LocalAppData%\Ahead ->  [Folder | Created Date = 1/24/2008 2:45:39 PM | Attr =	]

DNA -> %LocalAppData%\DNA ->  [Folder | Created Date = 1/3/2008 12:23:08 PM | Attr =	]

Identities -> %LocalAppData%\Identities ->  [Folder | Created Date = 1/26/2008 2:01:06 AM | Attr =	]

blanklovenotes.pdf -> %UserDocuments%\blanklovenotes.pdf ->  [Ver =  | Size = 13000 bytes | Created Date = 1/25/2008 12:46:13 AM | Attr =	]

clip.mp3 -> %UserDocuments%\clip.mp3 ->  [Ver =  | Size = 3308254 bytes | Created Date = 1/28/2008 9:48:16 PM | Attr =	]

clip.mp3.sfk -> %UserDocuments%\clip.mp3.sfk ->  [Ver =  | Size = 57036 bytes | Created Date = 1/31/2008 9:57:42 PM | Attr =	]

comclip.mp3 -> %UserDocuments%\comclip.mp3 ->  [Ver =  | Size = 10940189 bytes | Created Date = 1/28/2008 10:55:09 PM | Attr =	]

comclip.mp3.sfk -> %UserDocuments%\comclip.mp3.sfk ->  [Ver =  | Size = 79516 bytes | Created Date = 1/31/2008 12:11:47 PM | Attr =	]

komradz.acd -> %UserDocuments%\komradz.acd ->  [Ver =  | Size = 61848 bytes | Created Date = 1/28/2008 11:25:15 PM | Attr =	]

komradz.acd-bak -> %UserDocuments%\komradz.acd-bak ->  [Ver =  | Size = 59376 bytes | Created Date = 1/28/2008 11:25:15 PM | Attr =	]

painacapella.mp3 -> %UserDocuments%\painacapella.mp3 ->  [Ver =  | Size = 11012287 bytes | Created Date = 1/28/2008 7:37:33 PM | Attr =	]

Windows XP Setup Guide.pdf -> %UserDocuments%\Windows XP Setup Guide.pdf ->  [Ver =  | Size = 2178698 bytes | Created Date = 1/3/2008 5:15:39 PM | Attr = R  ]

Word Docs -> %UserDocuments%\Word Docs ->  [Folder | Created Date = 1/7/2008 11:27:43 AM | Attr =	]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/27/2008 12:33:29 AM | Attr =	]

Home Designer 7.0 Training Videos.lnk -> %AllUsersDesktop%\Home Designer 7.0 Training Videos.lnk ->  [Ver =  | Size = 1811 bytes | Created Date = 1/10/2008 8:21:23 PM | Attr =	]

Lexmark Imaging Studio - 3400 Series.LNK -> %AllUsersDesktop%\Lexmark Imaging Studio - 3400 Series.LNK ->  [Ver =  | Size = 752 bytes | Created Date = 1/20/2008 5:11:46 PM | Attr =	]

Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 1/30/2008 9:52:08 PM | Attr =	]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 1/27/2008 2:50:39 PM | Attr =	]

HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/27/2008 2:45:52 PM | Attr =	]

method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 -> %UserDesktop%\method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 ->  [Ver =  | Size = 3163648 bytes | Created Date = 1/27/2008 12:29:58 AM | Attr =	]

Shortcut to Network Connections.lnk -> %UserDesktop%\Shortcut to Network Connections.lnk ->  [Ver =  | Size = 154 bytes | Created Date = 1/3/2008 11:05:33 AM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 1/30/2008 11:56:43 PM | Attr =	]

spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Created Date = 1/30/2008 11:54:32 PM | Attr =	]

Trailer House.plan -> %UserDesktop%\Trailer House.plan ->  [Ver =  | Size = 414319 bytes | Created Date = 1/10/2008 9:41:20 PM | Attr =	]

Trailer House_archive -> %UserDesktop%\Trailer House_archive ->  [Folder | Created Date = 1/10/2008 9:41:20 PM | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2/1/2008 11:52:59 AM | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Created Date = 2/1/2008 11:51:20 AM | Attr =	]

AVSMedia -> %CommonProgramFiles%\AVSMedia ->  [Folder | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 1/11/2008 2:07:30 AM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 1/27/2008 12:32:40 AM | Attr =	]



[Files/Folders - Modified Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 1/31/2008 1:00:06 AM | Attr = RH ]

boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 2/1/2008 10:55:06 AM | Attr = RHS]

Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 1/30/2008 9:38:15 PM | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/30/2008 11:56:38 PM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/1/2008 10:56:49 AM | Attr =	]

avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/3/2008 9:54:38 AM | Attr =	]

avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 1/3/2008 9:54:33 AM | Attr =	]

etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 1/31/2008 12:34:23 AM | Attr =	]

hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 224466 bytes | Modified Date = 1/31/2008 12:34:23 AM | Attr = R  ]

PxHelp20.sys -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/27/2008 1:56:07 PM | Attr =	]

amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 1/8/2008 10:49:12 PM | Attr =	]

BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 1104 bytes | Modified Date = 2/1/2008 10:55:33 AM | Attr =	]

BMXCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 1104 bytes | Modified Date = 2/1/2008 10:55:33 AM | Attr =	]

BMXState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 64 bytes | Modified Date = 2/1/2008 10:55:33 AM | Attr =	]

BMXStateBkp-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXStateBkp-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 64 bytes | Modified Date = 2/1/2008 10:55:33 AM | Attr =	]

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/1/2008 11:03:47 AM | Attr =	]

3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 1/24/2008 1:40:43 PM | Attr =	]

DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]

divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Modified Date = 1/9/2008 5:15:58 AM | Attr =	]

DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 1/9/2008 5:18:18 AM | Attr =	]

divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Modified Date = 1/9/2008 5:18:18 AM | Attr =	]

divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]

divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]

divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]

dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/27/2008 9:18:27 PM | Attr = RHS]

dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]

dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]

drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/27/2008 1:58:57 PM | Attr =	]

drvlox.dll -> %System32%\drvlox.dll ->  [Ver =  | Size = 103936 bytes | Modified Date = 1/22/2008 10:52:39 AM | Attr =	]

drvloxr.dll -> %System32%\drvloxr.dll ->  [Ver =  | Size = 15360 bytes | Modified Date = 1/22/2008 10:52:39 AM | Attr =	]

drvtow.dll -> %System32%\drvtow.dll ->  [Ver =  | Size = 18944 bytes | Modified Date = 1/27/2008 12:27:42 PM | Attr =	]

dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]

dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]

DVCState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\DVCState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 11564 bytes | Modified Date = 2/1/2008 10:55:33 AM | Attr =	]

FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 92680 bytes | Modified Date = 1/5/2008 11:25:48 AM | Attr =	]

ijkmp.ini -> %System32%\ijkmp.ini ->  [Ver =  | Size = 403645 bytes | Modified Date = 2/1/2008 11:53:38 AM | Attr =  HS]

ijkmp.ini2 -> %System32%\ijkmp.ini2 ->  [Ver =  | Size = 403405 bytes | Modified Date = 2/1/2008 11:50:56 AM | Attr =  HS]

LexFiles.ulf -> %System32%\LexFiles.ulf ->  [Ver =  | Size = 33527 bytes | Modified Date = 1/20/2008 5:03:58 PM | Attr =	]

libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 1/9/2008 5:18:00 AM | Attr =	]

nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 1/8/2008 10:49:12 PM | Attr =	]

opnnmli.dll -> %System32%\opnnmli.dll ->  [Ver =  | Size = 39424 bytes | Modified Date = 1/22/2008 10:52:27 AM | Attr =	]

pmkji.dll -> %System32%\pmkji.dll ->  [Ver =  | Size = 331776 bytes | Modified Date = 1/24/2008 10:40:14 AM | Attr =	]

px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 551672 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 129784 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]

pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 66296 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]

pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 120056 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.09a | Size = 518904 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 72440 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 64760 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]

pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 118520 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 187128 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 1628920 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 379640 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Modified Date = 1/9/2008 5:18:12 AM | Attr =	]

ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 1/9/2008 5:18:00 AM | Attr =	]

vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.83a | Size = 88824 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]

winrzf32.dll -> %System32%\winrzf32.dll ->  [Ver =  | Size = 23552 bytes | Modified Date = 1/22/2008 10:52:28 AM | Attr =	]

winver.bat -> %System32%\winver.bat ->  [Ver =  | Size = 145 bytes | Modified Date = 1/27/2008 12:27:48 PM | Attr =	]

wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/30/2008 11:54:02 PM | Attr =	]

ztx86.sys -> %System32%\ztx86.sys ->  [Ver =  | Size = 54764 bytes | Modified Date = 1/22/2008 10:52:44 AM | Attr =	]

ARPR.INI -> %SystemRoot%\ARPR.INI ->  [Ver =  | Size = 890 bytes | Modified Date = 1/3/2008 6:09:33 PM | Attr =	]

assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 1/22/2008 12:58:31 AM | Attr = R S]

30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/1/2008 10:56:22 AM | Attr =   S]

Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 1/24/2008 1:41:19 PM | Attr =	]

Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 1/30/2008 11:56:22 PM | Attr =	]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 1/5/2008 2:18:58 AM | Attr = R S]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/22/2008 12:58:31 AM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1917 bytes | Modified Date = 1/27/2008 12:10:29 AM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/24/2008 1:40:43 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/27/2008 12:33:49 AM | Attr =  HS]

iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 1/14/2008 10:53:31 PM | Attr =	]

Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 1/5/2008 12:35:35 PM | Attr =	]

mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1413 bytes | Modified Date = 1/30/2008 10:15:11 PM | Attr =	]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 1/24/2008 2:47:30 PM | Attr =	]

PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 1/24/2008 12:42:26 PM | Attr =  H ]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/30/2008 9:38:23 PM | Attr =	]

pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 1/31/2008 8:46:43 PM | Attr =	]

RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 1/8/2008 10:46:47 PM | Attr =	]

security -> %SystemRoot%\security ->  [Folder | Modified Date = 1/10/2008 2:21:35 AM | Attr =	]

SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 1/20/2008 4:58:03 PM | Attr =	]

Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 1/11/2008 2:09:43 AM | Attr =	]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2/1/2008 10:55:06 AM | Attr =	]

system32 -> %System32% ->  [Folder | Modified Date = 1/30/2008 10:15:11 PM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/1/2008 10:56:46 AM | Attr =	]

twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 1/20/2008 4:58:22 PM | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 487 bytes | Modified Date = 2/1/2008 10:55:06 AM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 219 bytes | Modified Date = 1/31/2008 12:09:44 AM | Attr =	]

WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/24/2008 1:40:53 PM | Attr =	]

WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 1/8/2008 10:46:34 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/1/2008 10:56:28 AM | Attr =  H ]

hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1307 bytes | Modified Date = 12/20/2007 2:03:21 AM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/10/2008 2:21:33 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/10/2008 2:21:33 AM | Attr =	]

AutoRun.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AutoRun.exe -> Electronic Arts Inc. [Ver = 1.1.0.307 | Size = 663552 bytes | Modified Date = 8/18/2004 3:38:06 AM | Attr =	]

eauninstall.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\eauninstall.exe -> Electronic Arts Inc. [Ver = 1.1.0.307 | Size = 331776 bytes | Modified Date = 8/18/2004 3:38:06 AM | Attr =	]

First15.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\First15.exe -> Macromedia, Inc. [Ver = 6,0,21,0 | Size = 1453843 bytes | Modified Date = 8/17/2004 9:14:06 PM | Attr = R  ]

i4jdel0.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\i4jdel0.exe ->  [Ver =  | Size = 4608 bytes | Modified Date = 1/3/2008 12:21:51 PM | Attr =	]

The Sims 2_uninst.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\The Sims 2_uninst.exe -> EA [Ver = 4, 0, 0, 23 | Size = 86016 bytes | Modified Date = 8/17/2004 9:13:58 PM | Attr =	]

VP6Install.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\VP6Install.exe ->  [Ver =  | Size = 23040 bytes | Modified Date = 8/17/2004 9:14:36 PM | Attr = R  ]

win47.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\win47.exe ->  [Ver =  | Size = 954624 bytes | Modified Date = 1/22/2008 10:52:34 AM | Attr =	]

206 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 

ymdc.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\ymdc.exe -> Yahoo! Inc. [Ver = 2007.03.23.01 | Size = 46088 bytes | Modified Date = 3/23/2007 6:27:14 PM | Attr =	]

4 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp -> 

setup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\setup.exe -> InstallShield Software Corporation [Ver = 7, 01, 100, 1248 | Size = 107512 bytes | Modified Date = 11/7/2003 1:24:32 PM | Attr =	]

AIMinst.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AIMinst.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 1535696 bytes | Modified Date = 12/18/2007 1:27:19 PM | Attr =	]

AIMLang.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AIMLang.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 562160 bytes | Modified Date = 12/18/2007 1:27:20 PM | Attr =	]

alsetup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\alsetup.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 142040 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

aoldlmgr.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\aoldlmgr.exe -> AOL LLC [Ver = 1.0.6.0 | Size = 120368 bytes | Modified Date = 12/18/2007 1:27:26 PM | Attr =	]

bsetutil.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\bsetutil.exe ->  [Ver = 1, 0, 5, 1 | Size = 96608 bytes | Modified Date = 12/18/2007 1:27:30 PM | Attr =	]

migrator.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\migrator.exe ->  [Ver = 0, 0, 0, 2 | Size = 228704 bytes | Modified Date = 12/18/2007 1:27:22 PM | Attr =	]

ocpinst.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\ocpinst.exe -> AOL LLC [Ver = 6.5.7.10 | Size = 5572272 bytes | Modified Date = 12/18/2007 1:27:23 PM | Attr =	]

postproc.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\postproc.exe -> AOL LLC. [Ver = 1, 0, 0, 6 | Size = 36912 bytes | Modified Date = 12/18/2007 1:27:15 PM | Attr =	]

setup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\setup.exe -> AOL LLC. [Ver = 11, 8, 0, 0 | Size = 170848 bytes | Modified Date = 12/18/2007 1:27:14 PM | Attr =	]

tbsetup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\tbsetup.exe -> AOL LLC [Ver = 3.3.15.2 | Size = 383128 bytes | Modified Date = 12/18/2007 1:27:24 PM | Attr =	]

toolbar.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\toolbar.exe -> AOL LLC [Ver = 1.0.19.1 | Size = 1628864 bytes | Modified Date = 12/18/2007 1:27:30 PM | Attr =	]

unagi3.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\unagi3.exe ->  [Ver = 3.0.0.0 | Size = 376568 bytes | Modified Date = 12/18/2007 1:27:24 PM | Attr =	]

Uninstaller.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\Uninstaller.exe ->  [Ver = 1, 0, 0, 1 | Size = 30560 bytes | Modified Date = 12/18/2007 1:27:28 PM | Attr =	]

vwpt.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\vwpt.exe ->  [Ver =  | Size = 2882640 bytes | Modified Date = 12/18/2007 1:27:30 PM | Attr =	]

DivXInstaller.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Div295.tmp\DivXInstaller.exe -> DivX, Inc. [Ver = 6.8.0.6 | Size = 16887272 bytes | Modified Date = 1/15/2008 11:07:51 AM | Attr =	]

SetupX.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\SetupX.exe -> Nero AG [Ver = 1, 8, 3, 0 | Size = 2483496 bytes | Modified Date = 9/26/2007 12:20:32 PM | Attr =	]

NL2WriteThrough.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\NL2WriteThrough.exe -> NERO AG [Ver = 1.0.0.1 | Size = 218408 bytes | Modified Date = 9/26/2007 12:20:21 PM | Attr =	]

WindowsInstaller-KB884016-v2-x86.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\WindowsInstaller-KB884016-v2-x86.exe -> Microsoft Corporation [Ver = 6.1.0006.0 built by: main(hemchans) | Size = 2003176 bytes | Modified Date = 2/9/2007 6:59:27 AM | Attr =	]

wmfdist.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\wmfdist.exe -> Microsoft Corporation [Ver = 9.00.00.2980 | Size = 4085904 bytes | Modified Date = 12/11/2002 1:11:50 PM | Attr =	]

wmfdist95.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\wmfdist95.exe -> Microsoft Corporation [Ver = 10.00.00.3646 | Size = 5649648 bytes | Modified Date = 8/10/2004 5:51:20 PM | Attr =	]

dxsetup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\DirectX\dxsetup.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 484632 bytes | Modified Date = 8/14/2006 9:08:04 AM | Attr =	]

NeroDelTmp.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Setup\NeroDelTmp.exe -> Nero AG [Ver = 1, 8, 3, 0 | Size = 1500456 bytes | Modified Date = 9/26/2007 12:20:22 PM | Attr =	]

UninstallNero.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Setup\UninstallNero.exe -> Nero AG [Ver = 1, 8, 3, 0 | Size = 1598760 bytes | Modified Date = 9/26/2007 12:20:32 PM | Attr =	]

msgr8us.2007.11.30.01.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nsn29.tmp\msgr8us.2007.11.30.01.exe ->  [Ver =  | Size = 404208 bytes | Modified Date = 11/30/2007 6:20:50 PM | Attr =	]

AutoRunGUI.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AutoRunGUI.dll -> Electronic Arts Inc. [Ver = 1.1.0.294 | Size = 598016 bytes | Modified Date = 8/17/2004 9:13:47 PM | Attr =	]

efgfyqrg.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\efgfyqrg.dll ->  [Ver =  | Size = 163840 bytes | Modified Date = 1/31/2008 11:50:30 PM | Attr =  HS]

swt-win32-3347.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\swt-win32-3347.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 1/3/2008 12:16:51 PM | Attr =	]

VP6VFW.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\VP6VFW.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Modified Date = 8/17/2004 9:14:36 PM | Attr = R  ]

206 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 

yvertr.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\yvertr.dll ->  [Ver = 2004, 1, 15, 1 | Size = 42080 bytes | Modified Date = 1/15/2004 1:48:38 PM | Attr =	]

ywiseext.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 11, 2, 1 | Size = 106496 bytes | Modified Date = 11/2/2007 10:25:48 AM | Attr =	]

4 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp -> 

AdobeLM.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\AdobeLM.dll ->  [Ver =  | Size = 3072 bytes | Modified Date = 11/7/2003 1:23:50 PM | Attr =	]

emu.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\emu.dll -> Adobe Systems, Inc. [Ver = 1,0,2,37 | Size = 1177209 bytes | Modified Date = 11/7/2003 1:24:28 PM | Attr =	]

AOLFirewallMgr.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AOLFirewallMgr.dll -> AOL LLC [Ver = 1.3.2.1		   | Size = 95792 bytes | Modified Date = 12/18/2007 1:27:16 PM | Attr =	]

AOLSearch.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AOLSearch.dll -> America Online, Inc. [Ver = 1.0.8.1 | Size = 111968 bytes | Modified Date = 12/18/2007 1:27:27 PM | Attr =	]

gui.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\gui.dll -> AOL LLC [Ver = 10, 5, 0, 0 | Size = 243504 bytes | Modified Date = 12/18/2007 1:27:15 PM | Attr =	]

imappver.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\imappver.dll -> AOL LLC [Ver = 6.5.7.20 | Size = 13664 bytes | Modified Date = 12/18/2007 1:27:21 PM | Attr =	]

instSup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\instSup.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 75104 bytes | Modified Date = 12/18/2007 1:27:23 PM | Attr =	]

ocpchk.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\ocpchk.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 15712 bytes | Modified Date = 12/18/2007 1:27:23 PM | Attr =	]

postinst.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\postinst.dll -> AOL LLC [Ver = 6, 5, 7, 13 | Size = 209248 bytes | Modified Date = 12/18/2007 1:27:16 PM | Attr =	]

ProgUpd.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\ProgUpd.dll -> AOL LLC. [Ver = 1, 0, 1, 0 | Size = 83808 bytes | Modified Date = 12/18/2007 1:27:14 PM | Attr =	]

tbinst.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\tbinst.dll -> AOL LLC [Ver = 3.3.15.2 | Size = 11616 bytes | Modified Date = 12/18/2007 1:27:26 PM | Attr =	]

_Setup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\isp1A2.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 147456 bytes | Modified Date = 1/10/2008 8:19:26 PM | Attr =	]

_Setup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\isp1A8.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 147456 bytes | Modified Date = 1/10/2008 8:21:09 PM | Attr =	]

_Setup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\isp5.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 147456 bytes | Modified Date = 12/22/2007 7:14:01 PM | Attr =	]

AdvrCntr3.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nero.tmp\8.1.1.0_8.10.21_13820\AdvrCntr3.dll -> Nero AG [Ver = 1,1,0, 207 | Size = 3949864 bytes | Modified Date = 9/26/2007 7:37:18 PM | Attr =	]

ShellManager3.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nero.tmp\8.1.1.0_8.10.21_13820\ShellManager3.dll -> Nero AG [Ver = 8.1.1.0 | Size = 1180968 bytes | Modified Date = 9/26/2007 7:37:48 PM | Attr =	]

InstGuru.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\InstGuru.dll -> Nero AG [Ver = 1, 0, 0, 0 | Size = 120112 bytes | Modified Date = 9/26/2007 12:20:18 PM | Attr =	]

DSETUP.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\DirectX\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 74520 bytes | Modified Date = 8/14/2006 9:08:04 AM | Attr =	]

dsetup32.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\DirectX\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2248984 bytes | Modified Date = 8/14/2006 9:08:04 AM | Attr =	]

NPS.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Setup\NPS.dll -> Nero AG [Ver = 1, 8, 3, 0 | Size = 4592936 bytes | Modified Date = 9/26/2007 12:20:22 PM | Attr =	]

System.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nsn29.tmp\System.dll ->  [Ver =  | Size = 9728 bytes | Modified Date = 1/23/2008 7:35:48 AM | Attr =	]

Perflib_Perfdata_15c.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_15c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 10:56:50 AM | Attr =	]

Perflib_Perfdata_4c4.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_4c4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 11:28:28 AM | Attr =	]

Perflib_Perfdata_65c.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_65c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 1:48:52 AM | Attr =	]

Perflib_Perfdata_998.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_998.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 1:48:55 AM | Attr =	]

Perflib_Perfdata_9a0.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_9a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 1:48:55 AM | Attr =	]

Perflib_Perfdata_b50.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_b50.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 11:28:45 AM | Attr =	]

Perflib_Perfdata_c5c.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_c5c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 10:57:00 AM | Attr =	]

Perflib_Perfdata_c64.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_c64.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 10:57:01 AM | Attr =	]

206 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 

Tw10122.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\Tw10122.dat ->  [Ver =  | Size = 3072 bytes | Modified Date = 11/7/2003 1:24:32 PM | Attr =	]

textlang.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Sprint0\textlang.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 1/22/2008 1:00:12 AM | Attr =  H ]

maindir.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\maindir.ini ->  [Ver =  | Size = 58 bytes | Modified Date = 1/23/2008 7:36:53 AM | Attr =	]

setup.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\setup.ini ->  [Ver =  | Size = 3439 bytes | Modified Date = 12/28/2007 9:04:19 PM | Attr =	]

206 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 

Abcpy.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\Abcpy.ini ->  [Ver =  | Size = 5791 bytes | Modified Date = 11/7/2003 1:23:48 PM | Attr =	]

setup.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\setup.ini ->  [Ver =  | Size = 597 bytes | Modified Date = 11/7/2003 1:24:32 PM | Attr =	]

dlconfig.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\dlconfig.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

gui.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\gui.ini ->  [Ver =  | Size = 5495 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

post.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\post.ini ->  [Ver =  | Size = 389 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

postui.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\postui.ini ->  [Ver =  | Size = 1954 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

setup.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\setup.ini ->  [Ver =  | Size = 3300 bytes | Modified Date = 12/18/2007 1:27:32 PM | Attr =	]

desktop.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Sprint0\desktop.ini ->  [Ver =  | Size = 111 bytes | Modified Date = 1/22/2008 1:00:12 AM | Attr =  H ]

win2D.exe -> C:\WINDOWS\Temp\win2D.exe ->  [Ver =  | Size = 954624 bytes | Modified Date = 1/27/2008 12:27:39 PM | Attr =	]

win5F7.exe -> C:\WINDOWS\Temp\win5F7.exe ->  [Ver =  | Size = 954624 bytes | Modified Date = 1/27/2008 9:18:15 PM | Attr =	]

win600.exe -> C:\WINDOWS\Temp\win600.exe ->  [Ver =  | Size = 32256 bytes | Modified Date = 1/27/2008 9:18:16 PM | Attr =	]

win608.exe -> C:\WINDOWS\Temp\win608.exe ->  [Ver = 1, 0, 0, 2 | Size = 31232 bytes | Modified Date = 1/27/2008 9:18:19 PM | Attr =	]

2773 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

index.dat -> C:\WINDOWS\Temp\OuterinfoTemp\index.dat ->  [Ver =  | Size = 298 bytes | Modified Date = 1/27/2008 9:18:21 PM | Attr =	]

3 C:\WINDOWS\Temp\OuterinfoTemp\*.tmp files -> C:\WINDOWS\Temp\OuterinfoTemp\*.tmp -> 

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

AVS4YOU -> %AllUsersAppData%\AVS4YOU ->  [Folder | Modified Date = 1/5/2008 2:19:09 AM | Attr =	]

Azureus -> %AllUsersAppData%\Azureus ->  [Folder | Modified Date = 1/3/2008 12:16:51 PM | Attr =	]

FaxCtr -> %AllUsersAppData%\FaxCtr ->  [Folder | Modified Date = 1/20/2008 5:02:38 PM | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/27/2008 12:33:54 AM | Attr =	]

Nero -> %AllUsersAppData%\Nero ->  [Folder | Modified Date = 1/24/2008 2:51:04 PM | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 1/31/2008 12:33:41 AM | Attr =	]

Yahoo! -> %AllUsersAppData%\Yahoo! ->  [Folder | Modified Date = 1/23/2008 7:57:55 AM | Attr =	]

Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 1/10/2008 11:26:44 PM | Attr =	]

AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Modified Date = 1/26/2008 6:05:07 PM | Attr =	]

AVG7 -> %UserAppData%\AVG7 ->  [Folder | Modified Date = 1/31/2008 11:54:36 AM | Attr =	]

AVSDVDPlayer.m3u -> %UserAppData%\AVSDVDPlayer.m3u ->  [Ver =  | Size = 0 bytes | Modified Date = 1/5/2008 12:19:10 PM | Attr =	]

Azureus -> %UserAppData%\Azureus ->  [Folder | Modified Date = 1/3/2008 12:44:27 PM | Attr =	]

BitTorrent -> %UserAppData%\BitTorrent ->  [Folder | Modified Date = 1/26/2008 11:06:19 PM | Attr =	]

DNA -> %UserAppData%\DNA ->  [Folder | Modified Date = 1/22/2008 10:42:56 AM | Attr =	]

FaxCtr -> %UserAppData%\FaxCtr ->  [Folder | Modified Date = 1/20/2008 11:59:06 PM | Attr =	]

Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 1/26/2008 2:01:06 AM | Attr =   S]

Nero -> %UserAppData%\Nero ->  [Folder | Modified Date = 1/24/2008 1:43:50 PM | Attr =	]

Sun -> %UserAppData%\Sun ->  [Folder | Modified Date = 1/11/2008 2:09:43 AM | Attr =	]

Viewpoint -> %UserAppData%\Viewpoint ->  [Folder | Modified Date = 1/11/2008 1:32:26 AM | Attr =	]

Ahead -> %LocalAppData%\Ahead ->  [Folder | Modified Date = 1/24/2008 2:45:39 PM | Attr =	]

ApplicationHistory -> %LocalAppData%\ApplicationHistory ->  [Folder | Modified Date = 1/31/2008 11:53:50 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 9216 bytes | Modified Date = 1/15/2008 11:01:35 AM | Attr =	]

DNA -> %LocalAppData%\DNA ->  [Folder | Modified Date = 1/3/2008 12:23:08 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 13496 bytes | Modified Date = 1/5/2008 11:28:35 AM | Attr =	]

Identities -> %LocalAppData%\Identities ->  [Folder | Modified Date = 1/26/2008 2:01:06 AM | Attr =	]

My Music -> %AllUsersDocuments%\My Music ->  [Folder | Modified Date = 1/8/2008 10:46:37 PM | Attr = R  ]

ACID Pro 5.0 Projects -> %UserDocuments%\ACID Pro 5.0 Projects ->  [Folder | Modified Date = 1/31/2008 11:53:52 PM | Attr =	]

blanklovenotes.pdf -> %UserDocuments%\blanklovenotes.pdf ->  [Ver =  | Size = 13000 bytes | Modified Date = 1/25/2008 12:46:13 AM | Attr =	]

clip.mp3 -> %UserDocuments%\clip.mp3 ->  [Ver =  | Size = 3308254 bytes | Modified Date = 1/28/2008 9:48:17 PM | Attr =	]

clip.mp3.sfk -> %UserDocuments%\clip.mp3.sfk ->  [Ver =  | Size = 57036 bytes | Modified Date = 1/31/2008 10:01:44 PM | Attr =	]

comclip.mp3 -> %UserDocuments%\comclip.mp3 ->  [Ver =  | Size = 10940189 bytes | Modified Date = 1/31/2008 10:25:12 PM | Attr =	]

comclip.mp3.sfk -> %UserDocuments%\comclip.mp3.sfk ->  [Ver =  | Size = 79516 bytes | Modified Date = 1/31/2008 10:11:42 PM | Attr =	]

Complete Song Folders -> %UserDocuments%\Complete Song Folders ->  [Folder | Modified Date = 1/9/2008 2:21:31 AM | Attr =	]

komradz.acd -> %UserDocuments%\komradz.acd ->  [Ver =  | Size = 61848 bytes | Modified Date = 2/1/2008 12:01:29 AM | Attr =	]

komradz.acd-bak -> %UserDocuments%\komradz.acd-bak ->  [Ver =  | Size = 59376 bytes | Modified Date = 1/31/2008 10:25:02 PM | Attr =	]

Lyrics -> %UserDocuments%\Lyrics ->  [Folder | Modified Date = 1/29/2008 11:40:09 PM | Attr =	]

My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/16/2008 1:44:12 PM | Attr = R  ]

My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/25/2008 10:07:21 PM | Attr = R  ]

painacapella.mp3 -> %UserDocuments%\painacapella.mp3 ->  [Ver =  | Size = 11012287 bytes | Modified Date = 1/28/2008 7:37:37 PM | Attr =	]

Traktor3 -> %UserDocuments%\Traktor3 ->  [Folder | Modified Date = 2/1/2008 11:45:14 AM | Attr =	]

Word Docs -> %UserDocuments%\Word Docs ->  [Folder | Modified Date = 1/12/2008 8:29:53 AM | Attr =	]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/27/2008 12:33:29 AM | Attr =	]

Home Designer 7.0 Training Videos.lnk -> %AllUsersDesktop%\Home Designer 7.0 Training Videos.lnk ->  [Ver =  | Size = 1811 bytes | Modified Date = 1/10/2008 8:21:23 PM | Attr =	]

Lexmark Imaging Studio - 3400 Series.LNK -> %AllUsersDesktop%\Lexmark Imaging Studio - 3400 Series.LNK ->  [Ver =  | Size = 752 bytes | Modified Date = 1/20/2008 5:11:46 PM | Attr =	]

Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 1/30/2008 9:52:08 PM | Attr =	]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 1/27/2008 2:50:39 PM | Attr =	]

HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/27/2008 2:45:52 PM | Attr =	]

method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 -> %UserDesktop%\method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 ->  [Ver =  | Size = 3163648 bytes | Modified Date = 1/27/2008 12:30:02 AM | Attr =	]

Shortcut to Network Connections.lnk -> %UserDesktop%\Shortcut to Network Connections.lnk ->  [Ver =  | Size = 154 bytes | Modified Date = 1/3/2008 11:05:33 AM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 1/30/2008 11:56:43 PM | Attr =	]

spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 1/30/2008 11:54:38 PM | Attr =	]

Trailer House.plan -> %UserDesktop%\Trailer House.plan ->  [Ver =  | Size = 414319 bytes | Modified Date = 1/10/2008 9:41:20 PM | Attr =	]

Trailer House_archive -> %UserDesktop%\Trailer House_archive ->  [Folder | Modified Date = 1/10/2008 9:41:20 PM | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/1/2008 11:52:59 AM | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Modified Date = 2/1/2008 11:51:11 AM | Attr =	]

AVSMedia -> %CommonProgramFiles%\AVSMedia ->  [Folder | Modified Date = 1/22/2008 12:57:48 AM | Attr =	]

Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 1/11/2008 2:07:30 AM | Attr =	]

Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 1/22/2008 12:58:31 AM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/27/2008 12:32:40 AM | Attr =	]



< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:52 PM

Posted 01 February 2008 - 06:30 PM

Hi sko. Looks like vundo. Let's see if we can remove it. Print these directions and then follow the steps below in order.

Step #1

Open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {89A1E40D-0254-4F99-B9AE-B60A2D8754A9} [HKEY_LOCAL_MACHINE] -> %System32%\opnnmli.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> opnnmli -> %System32%\opnnmli.dll
YY -> winrzf32 -> %System32%\winrzf32.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {89A1E40D-0254-4F99-B9AE-B60A2D8754A9} [HKEY_LOCAL_MACHINE] -> %System32%\opnnmli.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {B5ED7008-9FA3-431E-AF39-A5276CEC9F71} [HKEY_LOCAL_MACHINE] -> %System32%\pmkji.dll [Reg Error: Value  does not exist or could not be read.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\pmkji -> %System32%\pmkji.dll
< BotCheck > -> 
NY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> 
NY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTornado\btdownloadgui.exe -> C:\Program Files\BitTornado\btdownloadgui.exe [C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Disabled:DNA]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk]
NY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> 
[Files/Folders - Created Within 30 days]
NY -> drvlox.dll -> %System32%\drvlox.dll
NY -> drvloxr.dll -> %System32%\drvloxr.dll
NY -> drvtow.dll -> %System32%\drvtow.dll
NY -> ijkmp.ini -> %System32%\ijkmp.ini
NY -> ijkmp.ini2 -> %System32%\ijkmp.ini2
NY -> opnnmli.dll -> %System32%\opnnmli.dll
NY -> pmkji.dll -> %System32%\pmkji.dll
NY -> winrzf32.dll -> %System32%\winrzf32.dll
NY -> ztx86.sys -> %System32%\ztx86.sys
[Files/Folders - Modified Within 30 days]
NY -> drvlox.dll -> %System32%\drvlox.dll
NY -> drvloxr.dll -> %System32%\drvloxr.dll
NY -> drvtow.dll -> %System32%\drvtow.dll
NY -> ijkmp.ini -> %System32%\ijkmp.ini
NY -> ijkmp.ini2 -> %System32%\ijkmp.ini2
NY -> opnnmli.dll -> %System32%\opnnmli.dll
NY -> pmkji.dll -> %System32%\pmkji.dll
NY -> winrzf32.dll -> %System32%\winrzf32.dll
NY -> ztx86.sys -> %System32%\ztx86.sys
NY -> 30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> textlang.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Sprint0\textlang.dat
[Empty Temp Folders]
[Start Explorer]

Save the document to your desktop as wpf35.txt and close Notepad.

Step #2

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Close SUPERAntiSpyware, we will come back to it later on.
Step #3

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Step #4

Start SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #5

Now start WinPFind35U. Open Notepad and then open the wpf35.txt file that you saved to your desktop. Copy/paste the contents of the Notepad file into the WinPFind35u textbox where it says Paste Fix Here and click the Run Fix button.

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot the computer normally.

Step #6

Post the following back here:
  • the VundoFix log (c:\vundofix.txt)
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u\MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
  • a new WinPFind35U report with the following options:
    • Under Additional Scans] click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 sko

sko
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 02 February 2008 - 02:29 AM

for some reason when i try to run the fix it freezes up, ive tried 4 different times and waiting about 20 minutes on each but here is the logs for the other two


VundoFix V6.7.7

Checking Java version...

Scan started at 12:02:41 AM 2/2/2008

Listing files found while scanning....

C:\windows\system32\drvloxr.dll
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\opnnmli.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\winrzf32.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvloxr.dll
C:\windows\system32\drvloxr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\ijkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnnmli.dll
C:\WINDOWS\system32\opnnmli.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winrzf32.dll
C:\WINDOWS\system32\winrzf32.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\opnnmli.dll
C:\WINDOWS\system32\opnnmli.dll Could not be deleted.

Performing Repairs to the registry.
Done!


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/02/2008 at 00:58 AM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 00:34:19

Memory items scanned : 488
Memory threats detected : 1
Registry items scanned : 4906
Registry threats detected : 29
File items scanned : 41924
File threats detected : 25

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\OPNNMLI.DLL
C:\WINDOWS\SYSTEM32\OPNNMLI.DLL
HKLM\Software\Classes\CLSID\{280E91D2-F749-4688-BC64-76896187B1DD}
HKCR\CLSID\{280E91D2-F749-4688-BC64-76896187B1DD}
HKCR\CLSID\{280E91D2-F749-4688-BC64-76896187B1DD}\InprocServer32
HKCR\CLSID\{280E91D2-F749-4688-BC64-76896187B1DD}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTSQP.DLL
HKLM\Software\Classes\CLSID\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}
HKCR\CLSID\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}
HKCR\CLSID\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}\InprocServer32
HKCR\CLSID\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{280E91D2-F749-4688-BC64-76896187B1DD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}
HKCR\CLSID\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}
C:\VUNDOFIX BACKUPS\OPNNMLI.DLL.BAD

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{D1FF698E-F829-4AC4-A309-E25D9024B3F8}
HKCR\CLSID\{D1FF698E-F829-4AC4-A309-E25D9024B3F8}
HKCR\CLSID\{D1FF698E-F829-4AC4-A309-E25D9024B3F8}\InprocServer32
HKCR\CLSID\{D1FF698E-F829-4AC4-A309-E25D9024B3F8}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PMKJI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1FF698E-F829-4AC4-A309-E25D9024B3F8}

Adware.Tracking Cookie
C:\Documents and Settings\Josh's Super Box\Cookies\josh's super box@adredired[2].txt
C:\Documents and Settings\Josh's Super Box\Cookies\josh's super box@atwola[1].txt
C:\Documents and Settings\Josh's Super Box\Cookies\josh's super box@cdn.atwola[1].txt
C:\Documents and Settings\Josh's Super Box\Cookies\josh's super box@html[1].txt
C:\Documents and Settings\Josh's Super Box\Cookies\josh's super box@atdmt[1].txt
C:\Documents and Settings\Josh's Super Box\Cookies\josh's super box@advertising[2].txt
C:\Documents and Settings\Josh's Super Box\Cookies\josh's super box@doubleclick[1].txt
C:\Documents and Settings\Josh's Super Box\Cookies\josh's super box@trustedantivirus[1].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
C:\WINDOWS\TEMP\WIN608.EXE

Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId

Adware.OuterInfo-Installer
C:\DOCUMENTS AND SETTINGS\JOSH'S SUPER BOX\LOCAL SETTINGS\TEMP\WIN47.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{75337243-B1F6-40F9-BEAA-AF9B2723021F}\RP75\A0020842.EXE
C:\WINDOWS\TEMP\WIN2D.EXE
C:\WINDOWS\TEMP\WIN5F7.EXE

Trojan.Downloader-ClickSpring/NDrv
C:\SYSTEM VOLUME INFORMATION\_RESTORE{75337243-B1F6-40F9-BEAA-AF9B2723021F}\RP75\A0020841.DLL

Adware.E404 Helper/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{75337243-B1F6-40F9-BEAA-AF9B2723021F}\RP76\A0021011.DLL

Malware.WinAntiSpyware-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{75337243-B1F6-40F9-BEAA-AF9B2723021F}\RP80\A0021647.DLL
C:\VUNDOFIX BACKUPS\DRVLOXR.DLL.BAD

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{75337243-B1F6-40F9-BEAA-AF9B2723021F}\RP80\A0021648.DLL

Trojan.Unclassified/Packed-Win
C:\SYSTEM VOLUME INFORMATION\_RESTORE{75337243-B1F6-40F9-BEAA-AF9B2723021F}\RP80\A0021649.DLL
C:\VUNDOFIX BACKUPS\WINRZF32.DLL.BAD

Trojan.Unclassified/DRV-Slice
C:\WINDOWS\SYSTEM32\DRVLOX.DLL

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:52 PM

Posted 02 February 2008 - 08:09 AM

Hi sko. If WPF35 would not complete then the machine is still infected. I still need the new WPF35 scan (see Step #6 in my previous post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 sko

sko
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 02 February 2008 - 12:04 PM

WinPFind35 logfile created on: 2/2/2008 11:02:39 AM

WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Josh's Super Box\Desktop\WinPFind35u

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

 

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.61% Memory free

3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.11% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 75.13 Gb Total Space | 62.27 Gb Free Space | 82.88% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 97.65 Gb Total Space | 97.59 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Drive F: | 292.97 Gb Total Space | 292.90 Gb Free Space | 99.97% Space Free | Partition Type: NTFS



Computer Name: JOSH

Current User Name: Josh's Super Box

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user





[Processes - Non-Microsoft Only]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/26/2006 11:57:00 PM | Attr =	]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/26/2006 11:57:00 PM | Attr =	]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.1.1.4 | Size = 16062464 bytes | Modified Date = 12/18/2006 9:12:00 PM | Attr = R  ]

cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]

cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 28 | Size = 16384 bytes | Modified Date = 5/24/2005 2:28:18 AM | Attr =	]

reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =	]

emupatchmixdsp.exe -> %ProgramFiles%\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe -> EMU Systems [Ver = 1.71.01.0032 | Size = 581755 bytes | Modified Date = 5/4/2005 4:27:44 AM | Attr =	]

avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/31/2007 2:18:30 AM | Attr =	]

avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/31/2007 2:18:31 AM | Attr =	]

avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/3/2008 9:54:37 AM | Attr =	]

lxcycoms.exe -> %System32%\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 4:28:55 AM | Attr =	]

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/28/2007 1:11:50 PM | Attr =	]

viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 3:38:08 PM | Attr =	]

cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]

cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]

winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 12:38:16 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/26/2006 11:57:00 PM | Attr =	]

(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe ->  [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 12/27/2006 12:22:00 PM | Attr =	]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/31/2007 2:18:30 AM | Attr =	]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/31/2007 2:18:31 AM | Attr =	]

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/3/2008 9:54:37 AM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr =	]

(lxcy_device) lxcy_device [Win32_Own | Auto | Running] -> %System32%\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 4:28:55 AM | Attr =	]

(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 3:38:08 PM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 4:43:00 AM | Attr = R  ]

ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe ->  [Ver =  | Size = 90112 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]

CTHelper -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 28 | Size = 16384 bytes | Modified Date = 5/24/2005 2:28:18 AM | Attr =	]

LXCYCATS -> %System32%\spool\drivers\w32x86\3\lxcytime.dll -> Lexmark International Inc. [Ver = 1.32.0.0 | Size = 106496 bytes | Modified Date = 11/21/2006 11:27:06 AM | Attr =	]

RTHDCPL -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.1.1.4 | Size = 16062464 bytes | Modified Date = 12/18/2006 9:12:00 PM | Attr = R  ]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

SetDefaultMIDI -> %SystemRoot%\MIDIDEF.EXE -> Creative Technology Ltd [Ver = 2, 9, 0, 5 | Size = 25088 bytes | Modified Date = 5/24/2005 2:17:46 AM | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =	]

< Josh's Super Box Startup Folder > -> C:\Documents and Settings\Josh's Super Box\Start Menu\Programs\Startup -> 

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]

AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 110592 bytes | Modified Date = 12/26/2006 11:58:00 PM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

< HOSTS File > (224466 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 

33 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4184 domain(s) found. -> 

32 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr =	]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 12:37:24 PM | Attr = R  ]

{49375DFF-2A0E-465A-984A-3CA1324F5A22} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{4DEE268A-69AE-42D9-A1D5-93FDDD48733D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]

{F10587E9-0E47-4CBE-84AE-7DD20B8684CC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Helper\superfindout.dll [e404mgr Class] -> File not found

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 12:37:24 PM | Attr = R  ]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 12:37:24 PM | Attr = R  ]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 12:56:24 PM | Attr =	]

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{02402D66-A0A1-4974-97CD-3F0930461DFE} ->	(Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 







[Files/Folders - Created Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 1/22/2008 10:52:39 AM | Attr = RH ]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2/2/2008 12:02:41 AM | Attr =	]

tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/27/2008 1:58:57 PM | Attr =	]

AC3ACM.acm -> %System32%\AC3ACM.acm -> fccHandler [Ver = 0, 7, 0, 0 | Size = 81920 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

alf2cd.acm -> %System32%\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]

DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 1/9/2008 5:18:18 AM | Attr =	]

divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Created Date = 1/9/2008 5:18:18 AM | Attr =	]

divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]

divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]

divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]

dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]

dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]

drvtow.dll -> %System32%\drvtow.dll ->  [Ver =  | Size = 18944 bytes | Created Date = 1/27/2008 12:27:42 PM | Attr =	]

dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]

dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]

IM31IMG.DIL -> %System32%\IM31IMG.DIL -> Data Techniques, Inc. [Ver =  7.20  | Size = 49152 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

IM31XPNG.DEL -> %System32%\IM31XPNG.DEL -> Data Techniques, Inc. [Ver =  7.20  | Size = 98304 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

IM31XTIF.DEL -> %System32%\IM31XTIF.DEL -> Data Techniques, Inc. [Ver =  7.20  | Size = 69632 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

IMGMAN32.DLL -> %System32%\IMGMAN32.DLL -> Data Techniques, Inc. [Ver =  7.20  | Size = 339968 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

IMHOST32.DLL -> %System32%\IMHOST32.DLL -> Data Techniques, Inc. [Ver =  7.20  | Size = 98345 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]

javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]

javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]

javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]

LexFiles.ulf -> %System32%\LexFiles.ulf ->  [Ver =  | Size = 33527 bytes | Created Date = 1/20/2008 5:01:28 PM | Attr =	]

libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 1/9/2008 5:18:00 AM | Attr =	]

lxcy.loc -> %System32%\lxcy.loc ->  [Ver =  | Size = 1834 bytes | Created Date = 1/20/2008 5:01:28 PM | Attr =	]

lxcycfg.exe -> %System32%\lxcycfg.exe ->   [Ver = 6.4.29.0 | Size = 381616 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycoin.dll -> %System32%\lxcycoin.dll ->  [Ver =  | Size = 344064 bytes | Created Date = 1/20/2008 5:03:43 PM | Attr =	]

lxcycomc.dll -> %System32%\lxcycomc.dll ->   [Ver = 6.4.29.0 | Size = 684032 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycomm.dll -> %System32%\lxcycomm.dll ->   [Ver = 6.4.29.0 | Size = 421888 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycoms.exe -> %System32%\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycu.dll -> %System32%\lxcycu.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 77824 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycub.dll -> %System32%\lxcycub.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 86016 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcycur.dll -> %System32%\lxcycur.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 36864 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]

lxcyhbn3.dll -> %System32%\lxcyhbn3.dll ->   [Ver = 6.4.29.0 | Size = 696320 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyhcp.dll -> %System32%\lxcyhcp.dll ->   [Ver = 6.4.29.0 | Size = 323584 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyhelp.chm -> %System32%\lxcyhelp.chm ->  [Ver =  | Size = 581173 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyiesc.dll -> %System32%\lxcyiesc.dll ->   [Ver = 6.4.29.0 | Size = 397312 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyih.exe -> %System32%\lxcyih.exe ->   [Ver = 6.4.29.0 | Size = 385712 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyinpa.dll -> %System32%\lxcyinpa.dll ->   [Ver = 6.4.29.0 | Size = 413696 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyins.dll -> %System32%\lxcyins.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 176128 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyinsb.dll -> %System32%\lxcyinsb.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 200704 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyinsr.dll -> %System32%\lxcyinsr.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 106496 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcyinst.dll -> %System32%\lxcyinst.dll ->  [Ver =  | Size = 274432 bytes | Created Date = 1/20/2008 5:01:32 PM | Attr =	]

lxcyjswr.dll -> %System32%\lxcyjswr.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 147456 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcylmpm.dll -> %System32%\lxcylmpm.dll ->   [Ver = 6.4.29.0 | Size = 585728 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcypmui.dll -> %System32%\lxcypmui.dll ->   [Ver = 6.4.29.0 | Size = 643072 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]

lxcypplc.dll -> %System32%\lxcypplc.dll ->   [Ver = 6.4.29.0 | Size = 94208 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyprox.dll -> %System32%\lxcyprox.dll ->   [Ver = 6.4.29.0 | Size = 163840 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyserv.dll -> %System32%\lxcyserv.dll ->   [Ver = 6.4.29.0 | Size = 1224704 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyusb1.dll -> %System32%\lxcyusb1.dll ->   [Ver = 6.4.29.0 | Size = 995328 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyutil.dll -> %System32%\lxcyutil.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 462848 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]

lxcyvs.dll -> %System32%\lxcyvs.dll ->  [Ver =  | Size = 40960 bytes | Created Date = 1/20/2008 5:03:45 PM | Attr =	]

LXPMONRC.DLL -> %System32%\LXPMONRC.DLL -> Lexmark International, Inc. [Ver = 0.1.35.8 | Size = 12288 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]

LXPMONUI.DLL -> %System32%\LXPMONUI.DLL ->  [Ver = 0.1.35.8 | Size = 32768 bytes | Created Date = 1/20/2008 5:03:00 PM | Attr =	]

LXPRMON.DLL -> %System32%\LXPRMON.DLL ->  [Ver = 0.1.35.8 | Size = 45056 bytes | Created Date = 1/20/2008 5:03:00 PM | Attr =	]

mcdvd_32.dll -> %System32%\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

pqstv.ini -> %System32%\pqstv.ini ->  [Ver =  | Size = 387461 bytes | Created Date = 2/2/2008 12:25:44 AM | Attr =  HS]

pqstv.ini2 -> %System32%\pqstv.ini2 ->  [Ver =  | Size = 387344 bytes | Created Date = 2/2/2008 12:25:44 AM | Attr =  HS]

qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Created Date = 1/9/2008 5:18:12 AM | Attr =	]

Scg726.acm -> %System32%\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 1/9/2008 5:18:00 AM | Attr =	]

tsccvid.dll -> %System32%\tsccvid.dll -> TechSmith Corporation [Ver = 2.0.4 | Size = 110592 bytes | Created Date = 1/10/2008 8:21:25 PM | Attr =	]

vct3216.acm -> %System32%\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

vp6vfw.dll -> %System32%\vp6vfw.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Created Date = 1/22/2008 10:59:32 AM | Attr = R  ]

winver.bat -> %System32%\winver.bat ->  [Ver =  | Size = 145 bytes | Created Date = 1/27/2008 12:27:48 PM | Attr =	]

xvid.ax -> %System32%\xvid.ax ->  [Ver =  | Size = 53248 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

xvidcore.dll -> %System32%\xvidcore.dll ->  [Ver =  | Size = 524288 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

xvidvfw.dll -> %System32%\xvidvfw.dll ->  [Ver =  | Size = 139264 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

ztx86.sys -> %System32%\ztx86.sys ->  [Ver =  | Size = 54764 bytes | Created Date = 1/22/2008 10:52:44 AM | Attr =	]

ARPR.INI -> %SystemRoot%\ARPR.INI ->  [Ver =  | Size = 890 bytes | Created Date = 1/3/2008 6:07:46 PM | Attr =	]

iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 1/14/2008 10:53:57 PM | Attr =	]

Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 1/5/2008 12:35:35 PM | Attr =	]

30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1413 bytes | Created Date = 1/11/2008 2:06:56 AM | Attr =	]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Created Date = 1/24/2008 2:46:47 PM | Attr =	]

PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 1/24/2008 12:42:26 PM | Attr =  H ]

pss -> %SystemRoot%\pss ->  [Folder | Created Date = 1/31/2008 8:37:19 PM | Attr =	]

Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 1/11/2008 2:09:43 AM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 219 bytes | Created Date = 1/27/2008 2:50:00 PM | Attr =	]

WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx ->  [Ver =  | Size = 156910 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

AVS4YOU -> %AllUsersAppData%\AVS4YOU ->  [Folder | Created Date = 1/5/2008 2:19:09 AM | Attr =	]

Azureus -> %AllUsersAppData%\Azureus ->  [Folder | Created Date = 1/3/2008 12:16:51 PM | Attr =	]

FaxCtr -> %AllUsersAppData%\FaxCtr ->  [Folder | Created Date = 1/20/2008 5:02:38 PM | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/27/2008 12:33:23 AM | Attr =	]

Nero -> %AllUsersAppData%\Nero ->  [Folder | Created Date = 1/24/2008 1:41:24 PM | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 1/27/2008 1:56:41 PM | Attr =	]

SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/2/2008 12:00:28 AM | Attr =	]

Yahoo! -> %AllUsersAppData%\Yahoo! ->  [Folder | Created Date = 1/23/2008 7:57:55 AM | Attr =	]

AVSDVDPlayer.m3u -> %UserAppData%\AVSDVDPlayer.m3u ->  [Ver =  | Size = 0 bytes | Created Date = 1/5/2008 12:19:10 PM | Attr =	]

Azureus -> %UserAppData%\Azureus ->  [Folder | Created Date = 1/3/2008 12:16:50 PM | Attr =	]

BitTorrent -> %UserAppData%\BitTorrent ->  [Folder | Created Date = 1/3/2008 12:23:17 PM | Attr =	]

DNA -> %UserAppData%\DNA ->  [Folder | Created Date = 1/3/2008 12:23:07 PM | Attr =	]

FaxCtr -> %UserAppData%\FaxCtr ->  [Folder | Created Date = 1/20/2008 11:59:05 PM | Attr =	]

Nero -> %UserAppData%\Nero ->  [Folder | Created Date = 1/24/2008 1:43:50 PM | Attr =	]

Sun -> %UserAppData%\Sun ->  [Folder | Created Date = 1/11/2008 2:09:43 AM | Attr =	]

SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/2/2008 12:00:21 AM | Attr =	]

Viewpoint -> %UserAppData%\Viewpoint ->  [Folder | Created Date = 1/11/2008 1:32:26 AM | Attr =	]

Ahead -> %LocalAppData%\Ahead ->  [Folder | Created Date = 1/24/2008 2:45:39 PM | Attr =	]

DNA -> %LocalAppData%\DNA ->  [Folder | Created Date = 1/3/2008 12:23:08 PM | Attr =	]

Identities -> %LocalAppData%\Identities ->  [Folder | Created Date = 1/26/2008 2:01:06 AM | Attr =	]

blanklovenotes.pdf -> %UserDocuments%\blanklovenotes.pdf ->  [Ver =  | Size = 13000 bytes | Created Date = 1/25/2008 12:46:13 AM | Attr =	]

clip.mp3 -> %UserDocuments%\clip.mp3 ->  [Ver =  | Size = 3308254 bytes | Created Date = 1/28/2008 9:48:16 PM | Attr =	]

clip.mp3.sfk -> %UserDocuments%\clip.mp3.sfk ->  [Ver =  | Size = 57036 bytes | Created Date = 1/31/2008 9:57:42 PM | Attr =	]

comclip.mp3 -> %UserDocuments%\comclip.mp3 ->  [Ver =  | Size = 10940189 bytes | Created Date = 1/28/2008 10:55:09 PM | Attr =	]

comclip.mp3.sfk -> %UserDocuments%\comclip.mp3.sfk ->  [Ver =  | Size = 79516 bytes | Created Date = 1/31/2008 12:11:47 PM | Attr =	]

komradz.acd -> %UserDocuments%\komradz.acd ->  [Ver =  | Size = 61848 bytes | Created Date = 1/28/2008 11:25:15 PM | Attr =	]

komradz.acd-bak -> %UserDocuments%\komradz.acd-bak ->  [Ver =  | Size = 59376 bytes | Created Date = 1/28/2008 11:25:15 PM | Attr =	]

painacapella.mp3 -> %UserDocuments%\painacapella.mp3 ->  [Ver =  | Size = 11012287 bytes | Created Date = 1/28/2008 7:37:33 PM | Attr =	]

Windows XP Setup Guide.pdf -> %UserDocuments%\Windows XP Setup Guide.pdf ->  [Ver =  | Size = 2178698 bytes | Created Date = 1/3/2008 5:15:39 PM | Attr = R  ]

Word Docs -> %UserDocuments%\Word Docs ->  [Folder | Created Date = 1/7/2008 11:27:43 AM | Attr =	]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/27/2008 12:33:29 AM | Attr =	]

Home Designer 7.0 Training Videos.lnk -> %AllUsersDesktop%\Home Designer 7.0 Training Videos.lnk ->  [Ver =  | Size = 1811 bytes | Created Date = 1/10/2008 8:21:23 PM | Attr =	]

Lexmark Imaging Studio - 3400 Series.LNK -> %AllUsersDesktop%\Lexmark Imaging Studio - 3400 Series.LNK ->  [Ver =  | Size = 752 bytes | Created Date = 1/20/2008 5:11:46 PM | Attr =	]

Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 1/30/2008 9:52:08 PM | Attr =	]

SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 2/2/2008 12:00:23 AM | Attr =	]

HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/27/2008 2:45:52 PM | Attr =	]

method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 -> %UserDesktop%\method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 ->  [Ver =  | Size = 3163648 bytes | Created Date = 1/27/2008 12:29:58 AM | Attr =	]

Shortcut to Network Connections.lnk -> %UserDesktop%\Shortcut to Network Connections.lnk ->  [Ver =  | Size = 154 bytes | Created Date = 1/3/2008 11:05:33 AM | Attr =	]

spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Created Date = 1/30/2008 11:54:32 PM | Attr =	]

SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Created Date = 2/1/2008 11:59:46 PM | Attr =	]

Trailer House.plan -> %UserDesktop%\Trailer House.plan ->  [Ver =  | Size = 414319 bytes | Created Date = 1/10/2008 9:41:20 PM | Attr =	]

Trailer House_archive -> %UserDesktop%\Trailer House_archive ->  [Folder | Created Date = 1/10/2008 9:41:20 PM | Attr =	]

VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 2/2/2008 12:02:15 AM | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2/1/2008 11:52:59 AM | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Created Date = 2/1/2008 11:51:20 AM | Attr =	]

AVSMedia -> %CommonProgramFiles%\AVSMedia ->  [Folder | Created Date = 1/5/2008 2:18:55 AM | Attr =	]

Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 1/11/2008 2:07:30 AM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 1/27/2008 12:32:40 AM | Attr =	]



[Files/Folders - Modified Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 1/31/2008 1:00:06 AM | Attr = RH ]

boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 2/2/2008 1:39:16 AM | Attr = RHS]

Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 1/30/2008 9:38:15 PM | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/2/2008 3:25:49 AM | Attr =	]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2/2/2008 12:17:18 AM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/2/2008 10:59:56 AM | Attr =	]

etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 1/31/2008 12:34:23 AM | Attr =	]

hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 224466 bytes | Modified Date = 1/31/2008 12:34:23 AM | Attr = R  ]

PxHelp20.sys -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/27/2008 1:56:07 PM | Attr =	]

amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 1/8/2008 10:49:12 PM | Attr =	]

BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 1104 bytes | Modified Date = 2/2/2008 4:12:31 AM | Attr =	]

BMXCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 1104 bytes | Modified Date = 2/2/2008 4:12:31 AM | Attr =	]

BMXState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 64 bytes | Modified Date = 2/2/2008 4:12:31 AM | Attr =	]

BMXStateBkp-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXStateBkp-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 64 bytes | Modified Date = 2/2/2008 4:12:31 AM | Attr =	]

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/2/2008 3:34:39 AM | Attr =	]

3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 1/24/2008 1:40:43 PM | Attr =	]

DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]

divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Modified Date = 1/9/2008 5:15:58 AM | Attr =	]

DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 1/9/2008 5:18:18 AM | Attr =	]

divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Modified Date = 1/9/2008 5:18:18 AM | Attr =	]

divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]

divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]

divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]

dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/27/2008 9:18:27 PM | Attr = RHS]

dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]

dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]

drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/27/2008 1:58:57 PM | Attr =	]

drvtow.dll -> %System32%\drvtow.dll ->  [Ver =  | Size = 18944 bytes | Modified Date = 1/27/2008 12:27:42 PM | Attr =	]

dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]

dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]

DVCState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\DVCState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 11564 bytes | Modified Date = 2/2/2008 4:12:31 AM | Attr =	]

FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 92680 bytes | Modified Date = 1/5/2008 11:25:48 AM | Attr =	]

LexFiles.ulf -> %System32%\LexFiles.ulf ->  [Ver =  | Size = 33527 bytes | Modified Date = 1/20/2008 5:03:58 PM | Attr =	]

libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 1/9/2008 5:18:00 AM | Attr =	]

nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 1/8/2008 10:49:12 PM | Attr =	]

pqstv.ini -> %System32%\pqstv.ini ->  [Ver =  | Size = 387461 bytes | Modified Date = 2/2/2008 1:02:34 AM | Attr =  HS]

pqstv.ini2 -> %System32%\pqstv.ini2 ->  [Ver =  | Size = 387344 bytes | Modified Date = 2/2/2008 1:02:13 AM | Attr =  HS]

px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 551672 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 129784 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]

pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 66296 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]

pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 120056 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.09a | Size = 518904 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 72440 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 64760 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]

pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 118520 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 187128 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 1628920 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 379640 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]

qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Modified Date = 1/9/2008 5:18:12 AM | Attr =	]

ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 1/9/2008 5:18:00 AM | Attr =	]

vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.83a | Size = 88824 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]

winver.bat -> %System32%\winver.bat ->  [Ver =  | Size = 145 bytes | Modified Date = 1/27/2008 12:27:48 PM | Attr =	]

wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/30/2008 11:54:02 PM | Attr =	]

ztx86.sys -> %System32%\ztx86.sys ->  [Ver =  | Size = 54764 bytes | Modified Date = 1/22/2008 10:52:44 AM | Attr =	]

ARPR.INI -> %SystemRoot%\ARPR.INI ->  [Ver =  | Size = 890 bytes | Modified Date = 1/3/2008 6:09:33 PM | Attr =	]

assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 1/22/2008 12:58:31 AM | Attr = R S]

30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/2/2008 10:59:33 AM | Attr =   S]

Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 1/24/2008 1:41:19 PM | Attr =	]

Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 1/30/2008 11:56:22 PM | Attr =	]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 1/5/2008 2:18:58 AM | Attr = R S]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/22/2008 12:58:31 AM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1917 bytes | Modified Date = 1/27/2008 12:10:29 AM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/24/2008 1:40:43 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/2/2008 12:00:26 AM | Attr =  HS]

iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 1/14/2008 10:53:31 PM | Attr =	]

Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 1/5/2008 12:35:35 PM | Attr =	]

mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1413 bytes | Modified Date = 1/30/2008 10:15:11 PM | Attr =	]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 1/24/2008 2:47:30 PM | Attr =	]

PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 1/24/2008 12:42:26 PM | Attr =  H ]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/2/2008 3:28:28 AM | Attr =	]

pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 1/31/2008 8:46:43 PM | Attr =	]

RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 1/8/2008 10:46:47 PM | Attr =	]

security -> %SystemRoot%\security ->  [Folder | Modified Date = 1/10/2008 2:21:35 AM | Attr =	]

SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 1/20/2008 4:58:03 PM | Attr =	]

Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 1/11/2008 2:09:43 AM | Attr =	]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2/2/2008 1:39:16 AM | Attr =	]

system32 -> %System32% ->  [Folder | Modified Date = 2/2/2008 1:03:35 AM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/2/2008 3:26:23 AM | Attr =	]

twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 1/20/2008 4:58:22 PM | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 487 bytes | Modified Date = 2/2/2008 1:39:16 AM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 219 bytes | Modified Date = 1/31/2008 12:09:44 AM | Attr =	]

WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/24/2008 1:40:53 PM | Attr =	]

WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 1/8/2008 10:46:34 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/2/2008 10:59:37 AM | Attr =  H ]

hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1307 bytes | Modified Date = 12/20/2007 2:03:21 AM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/10/2008 2:21:33 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/10/2008 2:21:33 AM | Attr =	]

AutoRun.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AutoRun.exe -> Electronic Arts Inc. [Ver = 1.1.0.307 | Size = 663552 bytes | Modified Date = 8/18/2004 3:38:06 AM | Attr =	]

eauninstall.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\eauninstall.exe -> Electronic Arts Inc. [Ver = 1.1.0.307 | Size = 331776 bytes | Modified Date = 8/18/2004 3:38:06 AM | Attr =	]

First15.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\First15.exe -> Macromedia, Inc. [Ver = 6,0,21,0 | Size = 1453843 bytes | Modified Date = 8/17/2004 9:14:06 PM | Attr = R  ]

i4jdel0.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\i4jdel0.exe ->  [Ver =  | Size = 4608 bytes | Modified Date = 1/3/2008 12:21:51 PM | Attr =	]

SSUPDATE.EXE -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr =	]

The Sims 2_uninst.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\The Sims 2_uninst.exe -> EA [Ver = 4, 0, 0, 23 | Size = 86016 bytes | Modified Date = 8/17/2004 9:13:58 PM | Attr =	]

VP6Install.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\VP6Install.exe ->  [Ver =  | Size = 23040 bytes | Modified Date = 8/17/2004 9:14:36 PM | Attr = R  ]

208 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 

ymdc.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\ymdc.exe -> Yahoo! Inc. [Ver = 2007.03.23.01 | Size = 46088 bytes | Modified Date = 3/23/2007 6:27:14 PM | Attr =	]

4 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp -> 

setup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\setup.exe -> InstallShield Software Corporation [Ver = 7, 01, 100, 1248 | Size = 107512 bytes | Modified Date = 11/7/2003 1:24:32 PM | Attr =	]

AIMinst.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AIMinst.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 1535696 bytes | Modified Date = 12/18/2007 1:27:19 PM | Attr =	]

AIMLang.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AIMLang.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 562160 bytes | Modified Date = 12/18/2007 1:27:20 PM | Attr =	]

alsetup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\alsetup.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 142040 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

aoldlmgr.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\aoldlmgr.exe -> AOL LLC [Ver = 1.0.6.0 | Size = 120368 bytes | Modified Date = 12/18/2007 1:27:26 PM | Attr =	]

bsetutil.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\bsetutil.exe ->  [Ver = 1, 0, 5, 1 | Size = 96608 bytes | Modified Date = 12/18/2007 1:27:30 PM | Attr =	]

migrator.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\migrator.exe ->  [Ver = 0, 0, 0, 2 | Size = 228704 bytes | Modified Date = 12/18/2007 1:27:22 PM | Attr =	]

ocpinst.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\ocpinst.exe -> AOL LLC [Ver = 6.5.7.10 | Size = 5572272 bytes | Modified Date = 12/18/2007 1:27:23 PM | Attr =	]

postproc.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\postproc.exe -> AOL LLC. [Ver = 1, 0, 0, 6 | Size = 36912 bytes | Modified Date = 12/18/2007 1:27:15 PM | Attr =	]

setup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\setup.exe -> AOL LLC. [Ver = 11, 8, 0, 0 | Size = 170848 bytes | Modified Date = 12/18/2007 1:27:14 PM | Attr =	]

tbsetup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\tbsetup.exe -> AOL LLC [Ver = 3.3.15.2 | Size = 383128 bytes | Modified Date = 12/18/2007 1:27:24 PM | Attr =	]

toolbar.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\toolbar.exe -> AOL LLC [Ver = 1.0.19.1 | Size = 1628864 bytes | Modified Date = 12/18/2007 1:27:30 PM | Attr =	]

unagi3.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\unagi3.exe ->  [Ver = 3.0.0.0 | Size = 376568 bytes | Modified Date = 12/18/2007 1:27:24 PM | Attr =	]

Uninstaller.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\Uninstaller.exe ->  [Ver = 1, 0, 0, 1 | Size = 30560 bytes | Modified Date = 12/18/2007 1:27:28 PM | Attr =	]

vwpt.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\vwpt.exe ->  [Ver =  | Size = 2882640 bytes | Modified Date = 12/18/2007 1:27:30 PM | Attr =	]

DivXInstaller.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Div295.tmp\DivXInstaller.exe -> DivX, Inc. [Ver = 6.8.0.6 | Size = 16887272 bytes | Modified Date = 1/15/2008 11:07:51 AM | Attr =	]

SetupX.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\SetupX.exe -> Nero AG [Ver = 1, 8, 3, 0 | Size = 2483496 bytes | Modified Date = 9/26/2007 12:20:32 PM | Attr =	]

NL2WriteThrough.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\NL2WriteThrough.exe -> NERO AG [Ver = 1.0.0.1 | Size = 218408 bytes | Modified Date = 9/26/2007 12:20:21 PM | Attr =	]

WindowsInstaller-KB884016-v2-x86.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\WindowsInstaller-KB884016-v2-x86.exe -> Microsoft Corporation [Ver = 6.1.0006.0 built by: main(hemchans) | Size = 2003176 bytes | Modified Date = 2/9/2007 6:59:27 AM | Attr =	]

wmfdist.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\wmfdist.exe -> Microsoft Corporation [Ver = 9.00.00.2980 | Size = 4085904 bytes | Modified Date = 12/11/2002 1:11:50 PM | Attr =	]

wmfdist95.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\wmfdist95.exe -> Microsoft Corporation [Ver = 10.00.00.3646 | Size = 5649648 bytes | Modified Date = 8/10/2004 5:51:20 PM | Attr =	]

dxsetup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\DirectX\dxsetup.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 484632 bytes | Modified Date = 8/14/2006 9:08:04 AM | Attr =	]

NeroDelTmp.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Setup\NeroDelTmp.exe -> Nero AG [Ver = 1, 8, 3, 0 | Size = 1500456 bytes | Modified Date = 9/26/2007 12:20:22 PM | Attr =	]

UninstallNero.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Setup\UninstallNero.exe -> Nero AG [Ver = 1, 8, 3, 0 | Size = 1598760 bytes | Modified Date = 9/26/2007 12:20:32 PM | Attr =	]

msgr8us.2007.11.30.01.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nsn29.tmp\msgr8us.2007.11.30.01.exe ->  [Ver =  | Size = 404208 bytes | Modified Date = 11/30/2007 6:20:50 PM | Attr =	]

AutoRunGUI.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AutoRunGUI.dll -> Electronic Arts Inc. [Ver = 1.1.0.294 | Size = 598016 bytes | Modified Date = 8/17/2004 9:13:47 PM | Attr =	]

efgfyqrg.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\efgfyqrg.dll ->  [Ver =  | Size = 163840 bytes | Modified Date = 1/31/2008 11:50:30 PM | Attr =  HS]

qghmfiiq.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\qghmfiiq.dll ->  [Ver =  | Size = 163840 bytes | Modified Date = 2/1/2008 11:46:28 PM | Attr =  HS]

swt-win32-3347.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\swt-win32-3347.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 1/3/2008 12:16:51 PM | Attr =	]

VP6VFW.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\VP6VFW.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Modified Date = 8/17/2004 9:14:36 PM | Attr = R  ]

xmxodllq.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\xmxodllq.dll ->  [Ver =  | Size = 163840 bytes | Modified Date = 2/2/2008 12:29:01 AM | Attr =  HS]

208 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 

yvertr.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\yvertr.dll ->  [Ver = 2004, 1, 15, 1 | Size = 42080 bytes | Modified Date = 1/15/2004 1:48:38 PM | Attr =	]

ywiseext.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 11, 2, 1 | Size = 106496 bytes | Modified Date = 11/2/2007 10:25:48 AM | Attr =	]

4 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp -> 

AdobeLM.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\AdobeLM.dll ->  [Ver =  | Size = 3072 bytes | Modified Date = 11/7/2003 1:23:50 PM | Attr =	]

emu.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\emu.dll -> Adobe Systems, Inc. [Ver = 1,0,2,37 | Size = 1177209 bytes | Modified Date = 11/7/2003 1:24:28 PM | Attr =	]

AOLFirewallMgr.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AOLFirewallMgr.dll -> AOL LLC [Ver = 1.3.2.1		   | Size = 95792 bytes | Modified Date = 12/18/2007 1:27:16 PM | Attr =	]

AOLSearch.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AOLSearch.dll -> America Online, Inc. [Ver = 1.0.8.1 | Size = 111968 bytes | Modified Date = 12/18/2007 1:27:27 PM | Attr =	]

gui.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\gui.dll -> AOL LLC [Ver = 10, 5, 0, 0 | Size = 243504 bytes | Modified Date = 12/18/2007 1:27:15 PM | Attr =	]

imappver.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\imappver.dll -> AOL LLC [Ver = 6.5.7.20 | Size = 13664 bytes | Modified Date = 12/18/2007 1:27:21 PM | Attr =	]

instSup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\instSup.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 75104 bytes | Modified Date = 12/18/2007 1:27:23 PM | Attr =	]

ocpchk.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\ocpchk.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 15712 bytes | Modified Date = 12/18/2007 1:27:23 PM | Attr =	]

postinst.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\postinst.dll -> AOL LLC [Ver = 6, 5, 7, 13 | Size = 209248 bytes | Modified Date = 12/18/2007 1:27:16 PM | Attr =	]

ProgUpd.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\ProgUpd.dll -> AOL LLC. [Ver = 1, 0, 1, 0 | Size = 83808 bytes | Modified Date = 12/18/2007 1:27:14 PM | Attr =	]

tbinst.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\tbinst.dll -> AOL LLC [Ver = 3.3.15.2 | Size = 11616 bytes | Modified Date = 12/18/2007 1:27:26 PM | Attr =	]

_Setup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\isp1A2.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 147456 bytes | Modified Date = 1/10/2008 8:19:26 PM | Attr =	]

_Setup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\isp1A8.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 147456 bytes | Modified Date = 1/10/2008 8:21:09 PM | Attr =	]

_Setup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\isp5.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 147456 bytes | Modified Date = 12/22/2007 7:14:01 PM | Attr =	]

AdvrCntr3.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nero.tmp\8.1.1.0_8.10.21_13820\AdvrCntr3.dll -> Nero AG [Ver = 1,1,0, 207 | Size = 3949864 bytes | Modified Date = 9/26/2007 7:37:18 PM | Attr =	]

ShellManager3.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nero.tmp\8.1.1.0_8.10.21_13820\ShellManager3.dll -> Nero AG [Ver = 8.1.1.0 | Size = 1180968 bytes | Modified Date = 9/26/2007 7:37:48 PM | Attr =	]

InstGuru.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\InstGuru.dll -> Nero AG [Ver = 1, 0, 0, 0 | Size = 120112 bytes | Modified Date = 9/26/2007 12:20:18 PM | Attr =	]

DSETUP.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\DirectX\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 74520 bytes | Modified Date = 8/14/2006 9:08:04 AM | Attr =	]

dsetup32.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\DirectX\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2248984 bytes | Modified Date = 8/14/2006 9:08:04 AM | Attr =	]

NPS.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Setup\NPS.dll -> Nero AG [Ver = 1, 8, 3, 0 | Size = 4592936 bytes | Modified Date = 9/26/2007 12:20:22 PM | Attr =	]

System.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nsn29.tmp\System.dll ->  [Ver =  | Size = 9728 bytes | Modified Date = 1/23/2008 7:35:48 AM | Attr =	]

Perflib_Perfdata_470.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_470.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 8:12:56 PM | Attr =	]

Perflib_Perfdata_4c4.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_4c4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 11:28:28 AM | Attr =	]

Perflib_Perfdata_65c.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_65c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 1:48:52 AM | Attr =	]

Perflib_Perfdata_7c.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_7c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 10:59:54 AM | Attr =	]

Perflib_Perfdata_7fc.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_7fc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:03:52 AM | Attr =	]

Perflib_Perfdata_90.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_90.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:10:03 AM | Attr =	]

Perflib_Perfdata_998.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_998.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 1:48:55 AM | Attr =	]

Perflib_Perfdata_9a0.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_9a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 1:48:55 AM | Attr =	]

Perflib_Perfdata_a74.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_a74.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 8:13:00 PM | Attr =	]

Perflib_Perfdata_a7c.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_a7c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 8:13:00 PM | Attr =	]

Perflib_Perfdata_b50.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_b50.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 11:28:45 AM | Attr =	]

Perflib_Perfdata_b78.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_b78.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:10:16 AM | Attr =	]

Perflib_Perfdata_b98.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_b98.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:10:16 AM | Attr =	]

Perflib_Perfdata_ba4.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_ba4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:04:06 AM | Attr =	]

Perflib_Perfdata_bec.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_bec.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 11:00:08 AM | Attr =	]

Perflib_Perfdata_bf0.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_bf0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:04:06 AM | Attr =	]

Perflib_Perfdata_bf4.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_bf4.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2/2/2008 11:00:07 AM | Attr =	]

208 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 

Tw10122.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\Tw10122.dat ->  [Ver =  | Size = 3072 bytes | Modified Date = 11/7/2003 1:24:32 PM | Attr =	]

textlang.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Sprint0\textlang.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 1/22/2008 1:00:12 AM | Attr =  H ]

maindir.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\maindir.ini ->  [Ver =  | Size = 58 bytes | Modified Date = 1/23/2008 7:36:53 AM | Attr =	]

setup.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\setup.ini ->  [Ver =  | Size = 3439 bytes | Modified Date = 12/28/2007 9:04:19 PM | Attr =	]

208 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 

Abcpy.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\Abcpy.ini ->  [Ver =  | Size = 5791 bytes | Modified Date = 11/7/2003 1:23:48 PM | Attr =	]

setup.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\setup.ini ->  [Ver =  | Size = 597 bytes | Modified Date = 11/7/2003 1:24:32 PM | Attr =	]

dlconfig.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\dlconfig.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

gui.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\gui.ini ->  [Ver =  | Size = 5495 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

post.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\post.ini ->  [Ver =  | Size = 389 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

postui.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\postui.ini ->  [Ver =  | Size = 1954 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]

setup.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\setup.ini ->  [Ver =  | Size = 3300 bytes | Modified Date = 12/18/2007 1:27:32 PM | Attr =	]

desktop.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Sprint0\desktop.ini ->  [Ver =  | Size = 111 bytes | Modified Date = 1/22/2008 1:00:12 AM | Attr =  H ]

win600.exe -> C:\WINDOWS\Temp\win600.exe ->  [Ver =  | Size = 32256 bytes | Modified Date = 1/27/2008 9:18:16 PM | Attr =	]

2884 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

index.dat -> C:\WINDOWS\Temp\OuterinfoTemp\index.dat ->  [Ver =  | Size = 298 bytes | Modified Date = 1/27/2008 9:18:21 PM | Attr =	]

3 C:\WINDOWS\Temp\OuterinfoTemp\*.tmp files -> C:\WINDOWS\Temp\OuterinfoTemp\*.tmp -> 

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

AVS4YOU -> %AllUsersAppData%\AVS4YOU ->  [Folder | Modified Date = 1/5/2008 2:19:09 AM | Attr =	]

Azureus -> %AllUsersAppData%\Azureus ->  [Folder | Modified Date = 1/3/2008 12:16:51 PM | Attr =	]

FaxCtr -> %AllUsersAppData%\FaxCtr ->  [Folder | Modified Date = 1/20/2008 5:02:38 PM | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/27/2008 12:33:54 AM | Attr =	]

Nero -> %AllUsersAppData%\Nero ->  [Folder | Modified Date = 1/24/2008 2:51:04 PM | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/2/2008 2:08:20 AM | Attr =	]

SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/2/2008 12:00:28 AM | Attr =	]

Yahoo! -> %AllUsersAppData%\Yahoo! ->  [Folder | Modified Date = 1/23/2008 7:57:55 AM | Attr =	]

Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 1/10/2008 11:26:44 PM | Attr =	]

AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Modified Date = 1/26/2008 6:05:07 PM | Attr =	]

AVG7 -> %UserAppData%\AVG7 ->  [Folder | Modified Date = 1/31/2008 11:54:36 AM | Attr =	]

AVSDVDPlayer.m3u -> %UserAppData%\AVSDVDPlayer.m3u ->  [Ver =  | Size = 0 bytes | Modified Date = 1/5/2008 12:19:10 PM | Attr =	]

Azureus -> %UserAppData%\Azureus ->  [Folder | Modified Date = 1/3/2008 12:44:27 PM | Attr =	]

BitTorrent -> %UserAppData%\BitTorrent ->  [Folder | Modified Date = 1/26/2008 11:06:19 PM | Attr =	]

DNA -> %UserAppData%\DNA ->  [Folder | Modified Date = 1/22/2008 10:42:56 AM | Attr =	]

FaxCtr -> %UserAppData%\FaxCtr ->  [Folder | Modified Date = 1/20/2008 11:59:06 PM | Attr =	]

Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 1/26/2008 2:01:06 AM | Attr =   S]

Nero -> %UserAppData%\Nero ->  [Folder | Modified Date = 1/24/2008 1:43:50 PM | Attr =	]

Sun -> %UserAppData%\Sun ->  [Folder | Modified Date = 1/11/2008 2:09:43 AM | Attr =	]

SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/2/2008 12:00:21 AM | Attr =	]

Viewpoint -> %UserAppData%\Viewpoint ->  [Folder | Modified Date = 1/11/2008 1:32:26 AM | Attr =	]

Ahead -> %LocalAppData%\Ahead ->  [Folder | Modified Date = 1/24/2008 2:45:39 PM | Attr =	]

ApplicationHistory -> %LocalAppData%\ApplicationHistory ->  [Folder | Modified Date = 1/31/2008 11:53:50 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 9216 bytes | Modified Date = 1/15/2008 11:01:35 AM | Attr =	]

DNA -> %LocalAppData%\DNA ->  [Folder | Modified Date = 1/3/2008 12:23:08 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 13496 bytes | Modified Date = 1/5/2008 11:28:35 AM | Attr =	]

Identities -> %LocalAppData%\Identities ->  [Folder | Modified Date = 1/26/2008 2:01:06 AM | Attr =	]

My Music -> %AllUsersDocuments%\My Music ->  [Folder | Modified Date = 1/8/2008 10:46:37 PM | Attr = R  ]

ACID Pro 5.0 Projects -> %UserDocuments%\ACID Pro 5.0 Projects ->  [Folder | Modified Date = 1/31/2008 11:53:52 PM | Attr =	]

blanklovenotes.pdf -> %UserDocuments%\blanklovenotes.pdf ->  [Ver =  | Size = 13000 bytes | Modified Date = 1/25/2008 12:46:13 AM | Attr =	]

clip.mp3 -> %UserDocuments%\clip.mp3 ->  [Ver =  | Size = 3308254 bytes | Modified Date = 1/28/2008 9:48:17 PM | Attr =	]

clip.mp3.sfk -> %UserDocuments%\clip.mp3.sfk ->  [Ver =  | Size = 57036 bytes | Modified Date = 1/31/2008 10:01:44 PM | Attr =	]

comclip.mp3 -> %UserDocuments%\comclip.mp3 ->  [Ver =  | Size = 10940189 bytes | Modified Date = 1/31/2008 10:25:12 PM | Attr =	]

comclip.mp3.sfk -> %UserDocuments%\comclip.mp3.sfk ->  [Ver =  | Size = 79516 bytes | Modified Date = 1/31/2008 10:11:42 PM | Attr =	]

Complete Song Folders -> %UserDocuments%\Complete Song Folders ->  [Folder | Modified Date = 1/9/2008 2:21:31 AM | Attr =	]

komradz.acd -> %UserDocuments%\komradz.acd ->  [Ver =  | Size = 61848 bytes | Modified Date = 2/1/2008 12:01:29 AM | Attr =	]

komradz.acd-bak -> %UserDocuments%\komradz.acd-bak ->  [Ver =  | Size = 59376 bytes | Modified Date = 1/31/2008 10:25:02 PM | Attr =	]

Lyrics -> %UserDocuments%\Lyrics ->  [Folder | Modified Date = 2/2/2008 3:59:48 AM | Attr =	]

My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/16/2008 1:44:12 PM | Attr = R  ]

My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/25/2008 10:07:21 PM | Attr = R  ]

painacapella.mp3 -> %UserDocuments%\painacapella.mp3 ->  [Ver =  | Size = 11012287 bytes | Modified Date = 1/28/2008 7:37:37 PM | Attr =	]

Traktor3 -> %UserDocuments%\Traktor3 ->  [Folder | Modified Date = 2/1/2008 11:45:14 AM | Attr =	]

Word Docs -> %UserDocuments%\Word Docs ->  [Folder | Modified Date = 1/12/2008 8:29:53 AM | Attr =	]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/27/2008 12:33:29 AM | Attr =	]

Home Designer 7.0 Training Videos.lnk -> %AllUsersDesktop%\Home Designer 7.0 Training Videos.lnk ->  [Ver =  | Size = 1811 bytes | Modified Date = 1/10/2008 8:21:23 PM | Attr =	]

Lexmark Imaging Studio - 3400 Series.LNK -> %AllUsersDesktop%\Lexmark Imaging Studio - 3400 Series.LNK ->  [Ver =  | Size = 752 bytes | Modified Date = 1/20/2008 5:11:46 PM | Attr =	]

Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 1/30/2008 9:52:08 PM | Attr =	]

SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 2/2/2008 12:00:23 AM | Attr =	]

HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/27/2008 2:45:52 PM | Attr =	]

method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 -> %UserDesktop%\method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 ->  [Ver =  | Size = 3163648 bytes | Modified Date = 1/27/2008 12:30:02 AM | Attr =	]

Shortcut to Network Connections.lnk -> %UserDesktop%\Shortcut to Network Connections.lnk ->  [Ver =  | Size = 154 bytes | Modified Date = 1/3/2008 11:05:33 AM | Attr =	]

spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 1/30/2008 11:54:38 PM | Attr =	]

SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Modified Date = 2/1/2008 11:59:50 PM | Attr =	]

Trailer House.plan -> %UserDesktop%\Trailer House.plan ->  [Ver =  | Size = 414319 bytes | Modified Date = 1/10/2008 9:41:20 PM | Attr =	]

Trailer House_archive -> %UserDesktop%\Trailer House_archive ->  [Folder | Modified Date = 1/10/2008 9:41:20 PM | Attr =	]

VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2/2/2008 12:02:12 AM | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/2/2008 1:06:53 AM | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Modified Date = 2/1/2008 11:51:11 AM | Attr =	]

AVSMedia -> %CommonProgramFiles%\AVSMedia ->  [Folder | Modified Date = 1/22/2008 12:57:48 AM | Attr =	]

Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 1/11/2008 2:07:30 AM | Attr =	]

Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 1/22/2008 12:58:31 AM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/2/2008 12:00:09 AM | Attr =	]



< End of report >


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:52 PM

Posted 02 February 2008 - 04:49 PM

Hi sko. Let's go for round 2. Follow the steps below in order.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

files to delete:
c:\system32\drvtow.dll
c:\system32\pqstv.ini
c:\system32\pqstv.ini2
c:\system32\winver.bat
c:\system32\ztx86.sys
c:\windows\system32\wininit.ini
c:\windows\system32\imsins.BAK

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {49375DFF-2A0E-465A-984A-3CA1324F5A22} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4DEE268A-69AE-42D9-A1D5-93FDDD48733D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Helper\superfindout.dll [e404mgr Class]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]
[Files/Folders - Created Within 30 days]
YN -> drvtow.dll -> %System32%\drvtow.dll
YN -> pqstv.ini -> %System32%\pqstv.ini
YN -> pqstv.ini2 -> %System32%\pqstv.ini2
YN -> winver.bat -> %System32%\winver.bat
YN -> ztx86.sys -> %System32%\ztx86.sys
YN -> wininit.ini -> %SystemRoot%\wininit.ini
[Files/Folders - Modified Within 30 days]
YN -> drvtow.dll -> %System32%\drvtow.dll
YN -> pqstv.ini -> %System32%\pqstv.ini
YN -> pqstv.ini2 -> %System32%\pqstv.ini2
YN -> ztx86.sys -> %System32%\ztx86.sys
YN -> imsins.BAK -> %SystemRoot%\imsins.BAK
YN -> wininit.ini -> %SystemRoot%\wininit.ini

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #4

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (in the WinPFind35u folder)
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 sko

sko
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 03 February 2008 - 01:42 AM

this is all im getting after i put that code in avenger but here are both logs


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\seuyyuwg

*******************

Script file located at: \??\C:\Program Files\yabyadmh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at c:\Avenger

*******************

Beginning to process script file:



Could not open file c:\system32\drvtow.dll for deletion
Deletion of file c:\system32\drvtow.dll failed!

Could not process line:
c:\system32\drvtow.dll
Status: 0xc000003a



Could not open file c:\system32\pqstv.ini for deletion
Deletion of file c:\system32\pqstv.ini failed!

Could not process line:
c:\system32\pqstv.ini
Status: 0xc000003a



Could not open file c:\system32\pqstv.ini2 for deletion
Deletion of file c:\system32\pqstv.ini2 failed!

Could not process line:
c:\system32\pqstv.ini2
Status: 0xc000003a



Could not open file c:\system32\winver.bat for deletion
Deletion of file c:\system32\winver.bat failed!

Could not process line:
c:\system32\winver.bat
Status: 0xc000003a



Could not open file c:\system32\ztx86.sys for deletion
Deletion of file c:\system32\ztx86.sys failed!

Could not process line:
c:\system32\ztx86.sys
Status: 0xc000003a



File c:\windows\system32\wininit.ini not found!
Deletion of file c:\windows\system32\wininit.ini failed!

Could not process line:
c:\windows\system32\wininit.ini
Status: 0xc0000034



File c:\windows\system32\imsins.BAK not found!
Deletion of file c:\windows\system32\imsins.BAK failed!

Could not process line:
c:\windows\system32\imsins.BAK
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


WinPFind35 logfile created on: 2/3/2008 1:10:50 AM
WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Josh's Super Box\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
 
2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.59% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.13 Gb Total Space | 62.26 Gb Free Space | 82.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 97.65 Gb Total Space | 97.59 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 292.97 Gb Total Space | 292.90 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: JOSH
Current User Name: Josh's Super Box
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/26/2006 11:57:00 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/26/2006 11:57:00 PM | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/31/2007 2:18:30 AM | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/31/2007 2:18:31 AM | Attr =	]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/3/2008 9:54:37 AM | Attr =	]
lxcycoms.exe -> %System32%\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 4:28:55 AM | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 3:38:08 PM | Attr =	]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.1.1.4 | Size = 16062464 bytes | Modified Date = 12/18/2006 9:12:00 PM | Attr = R  ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]
cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 28 | Size = 16384 bytes | Modified Date = 5/24/2005 2:28:18 AM | Attr =	]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =	]
emupatchmixdsp.exe -> %ProgramFiles%\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe -> EMU Systems [Ver = 1.71.01.0032 | Size = 581755 bytes | Modified Date = 5/4/2005 4:27:44 AM | Attr =	]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/28/2007 1:11:50 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 12:38:16 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/26/2006 11:57:00 PM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe ->  [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 12/27/2006 12:22:00 PM | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/31/2007 2:18:30 AM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/31/2007 2:18:31 AM | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/3/2008 9:54:37 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr =	]
(lxcy_device) lxcy_device [Win32_Own | Auto | Running] -> %System32%\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 4:28:55 AM | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 3:38:08 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6660 | Size = 1918464 bytes | Modified Date = 12/27/2006 12:04:00 AM | Attr =	]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 12/31/2007 2:18:33 AM | Attr =	]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 12/31/2007 2:18:35 AM | Attr =	]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 12/31/2007 2:18:35 AM | Attr =	]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/3/2008 9:54:38 AM | Attr =	]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 12/31/2007 2:18:41 AM | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %System32%\drivers\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 503296 bytes | Modified Date = 5/24/2005 2:20:14 AM | Attr = R  ]
(ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 435712 bytes | Modified Date = 5/24/2005 2:21:02 AM | Attr = R  ]
(ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 7168 bytes | Modified Date = 5/24/2005 2:21:04 AM | Attr = R  ]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 145408 bytes | Modified Date = 5/24/2005 2:20:20 AM | Attr = R  ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 10:07:18 PM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 10:07:18 PM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %System32%\drivers\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 76800 bytes | Modified Date = 5/24/2005 2:20:18 AM | Attr = R  ]
(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> D:\INSTALL\GMSIPCI.SYS -> File not found
(ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ha10kx2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1102-2.05.0540 | Size = 744448 bytes | Modified Date = 5/24/2005 2:20:32 AM | Attr = R  ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 4:07:18 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5345 built by: WinDDK | Size = 4405248 bytes | Modified Date = 12/21/2006 2:26:00 AM | Attr = R  ]
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Boot | Running] -> %System32%\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.0 built by: WinDDK | Size = 27648 bytes | Modified Date = 10/28/2005 10:11:00 AM | Attr = R  ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %System32%\drivers\ASACPI.sys ->  [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 8/13/2004 4:56:20 AM | Attr = R  ]
(ncsmdcnk) ncsmdcnk [Kernel | Boot | Stopped] -> %System32%\drivers\hnyblufr.sys -> File not found
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1102-2.05.0540 | Size = 115712 bytes | Modified Date = 5/24/2005 2:20:26 AM | Attr = R  ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 4/1/2004 3:30:46 PM | Attr =	]
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\drivers\pfmodnt.sys -> Creative Technology Ltd. [Ver = 3.0.0.11 | Size = 9216 bytes | Modified Date = 5/24/2005 2:28:46 AM | Attr = R  ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 3/25/2002 2:02:14 PM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/27/2008 1:56:07 PM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %System32%\drivers\yk51x86.sys -> Marvell [Ver = 8.27.3.3 built by: WinDDK | Size = 232064 bytes | Modified Date = 5/6/2005 7:27:00 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 4:43:00 AM | Attr = R  ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe ->  [Ver =  | Size = 90112 bytes | Modified Date = 9/25/2006 8:12:20 AM | Attr =	]
CTHelper -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 28 | Size = 16384 bytes | Modified Date = 5/24/2005 2:28:18 AM | Attr =	]
LXCYCATS -> %System32%\spool\drivers\w32x86\3\lxcytime.dll -> Lexmark International Inc. [Ver = 1.32.0.0 | Size = 106496 bytes | Modified Date = 11/21/2006 11:27:06 AM | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.1.1.4 | Size = 16062464 bytes | Modified Date = 12/18/2006 9:12:00 PM | Attr = R  ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SetDefaultMIDI -> %SystemRoot%\MIDIDEF.EXE -> Creative Technology Ltd [Ver = 2, 9, 0, 5 | Size = 25088 bytes | Modified Date = 5/24/2005 2:17:46 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =	]
< Josh's Super Box Startup Folder > -> C:\Documents and Settings\Josh's Super Box\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 110592 bytes | Modified Date = 12/26/2006 11:58:00 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (224466 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4184 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr =	]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 12:37:24 PM | Attr = R  ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 12:37:24 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 12:37:24 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 12:56:24 PM | Attr =	]
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{02402D66-A0A1-4974-97CD-3F0930461DFE} ->	(Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 1/22/2008 10:52:39 AM | Attr = RH ]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2/3/2008 12:36:14 AM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2/2/2008 12:02:41 AM | Attr =	]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/27/2008 1:58:57 PM | Attr =	]
AC3ACM.acm -> %System32%\AC3ACM.acm -> fccHandler [Ver = 0, 7, 0, 0 | Size = 81920 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
alf2cd.acm -> %System32%\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]
DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 1/9/2008 5:18:18 AM | Attr =	]
divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Created Date = 1/9/2008 5:18:18 AM | Attr =	]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]
dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]
dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]
dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]
IM31IMG.DIL -> %System32%\IM31IMG.DIL -> Data Techniques, Inc. [Ver =  7.20  | Size = 49152 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]
IM31XPNG.DEL -> %System32%\IM31XPNG.DEL -> Data Techniques, Inc. [Ver =  7.20  | Size = 98304 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]
IM31XTIF.DEL -> %System32%\IM31XTIF.DEL -> Data Techniques, Inc. [Ver =  7.20  | Size = 69632 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]
IMGMAN32.DLL -> %System32%\IMGMAN32.DLL -> Data Techniques, Inc. [Ver =  7.20  | Size = 339968 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]
IMHOST32.DLL -> %System32%\IMHOST32.DLL -> Data Techniques, Inc. [Ver =  7.20  | Size = 98345 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/11/2008 2:08:16 AM | Attr =	]
LexFiles.ulf -> %System32%\LexFiles.ulf ->  [Ver =  | Size = 33527 bytes | Created Date = 1/20/2008 5:01:28 PM | Attr =	]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 1/9/2008 5:18:00 AM | Attr =	]
lxcy.loc -> %System32%\lxcy.loc ->  [Ver =  | Size = 1834 bytes | Created Date = 1/20/2008 5:01:28 PM | Attr =	]
lxcycfg.exe -> %System32%\lxcycfg.exe ->   [Ver = 6.4.29.0 | Size = 381616 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]
lxcycoin.dll -> %System32%\lxcycoin.dll ->  [Ver =  | Size = 344064 bytes | Created Date = 1/20/2008 5:03:43 PM | Attr =	]
lxcycomc.dll -> %System32%\lxcycomc.dll ->   [Ver = 6.4.29.0 | Size = 684032 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]
lxcycomm.dll -> %System32%\lxcycomm.dll ->   [Ver = 6.4.29.0 | Size = 421888 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]
lxcycoms.exe -> %System32%\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]
lxcycu.dll -> %System32%\lxcycu.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 77824 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]
lxcycub.dll -> %System32%\lxcycub.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 86016 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]
lxcycur.dll -> %System32%\lxcycur.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 36864 bytes | Created Date = 1/20/2008 5:01:29 PM | Attr =	]
lxcyhbn3.dll -> %System32%\lxcyhbn3.dll ->   [Ver = 6.4.29.0 | Size = 696320 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]
lxcyhcp.dll -> %System32%\lxcyhcp.dll ->   [Ver = 6.4.29.0 | Size = 323584 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]
lxcyhelp.chm -> %System32%\lxcyhelp.chm ->  [Ver =  | Size = 581173 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]
lxcyiesc.dll -> %System32%\lxcyiesc.dll ->   [Ver = 6.4.29.0 | Size = 397312 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]
lxcyih.exe -> %System32%\lxcyih.exe ->   [Ver = 6.4.29.0 | Size = 385712 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]
lxcyinpa.dll -> %System32%\lxcyinpa.dll ->   [Ver = 6.4.29.0 | Size = 413696 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]
lxcyins.dll -> %System32%\lxcyins.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 176128 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]
lxcyinsb.dll -> %System32%\lxcyinsb.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 200704 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]
lxcyinsr.dll -> %System32%\lxcyinsr.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 106496 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]
lxcyinst.dll -> %System32%\lxcyinst.dll ->  [Ver =  | Size = 274432 bytes | Created Date = 1/20/2008 5:01:32 PM | Attr =	]
lxcyjswr.dll -> %System32%\lxcyjswr.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 147456 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]
lxcylmpm.dll -> %System32%\lxcylmpm.dll ->   [Ver = 6.4.29.0 | Size = 585728 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]
lxcypmui.dll -> %System32%\lxcypmui.dll ->   [Ver = 6.4.29.0 | Size = 643072 bytes | Created Date = 1/20/2008 5:01:30 PM | Attr =	]
lxcypplc.dll -> %System32%\lxcypplc.dll ->   [Ver = 6.4.29.0 | Size = 94208 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]
lxcyprox.dll -> %System32%\lxcyprox.dll ->   [Ver = 6.4.29.0 | Size = 163840 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]
lxcyserv.dll -> %System32%\lxcyserv.dll ->   [Ver = 6.4.29.0 | Size = 1224704 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]
lxcyusb1.dll -> %System32%\lxcyusb1.dll ->   [Ver = 6.4.29.0 | Size = 995328 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]
lxcyutil.dll -> %System32%\lxcyutil.dll -> Lexmark International, Inc. [Ver = 0.0.7.0 | Size = 462848 bytes | Created Date = 1/20/2008 5:01:31 PM | Attr =	]
lxcyvs.dll -> %System32%\lxcyvs.dll ->  [Ver =  | Size = 40960 bytes | Created Date = 1/20/2008 5:03:45 PM | Attr =	]
LXPMONRC.DLL -> %System32%\LXPMONRC.DLL -> Lexmark International, Inc. [Ver = 0.1.35.8 | Size = 12288 bytes | Created Date = 1/20/2008 5:02:40 PM | Attr =	]
LXPMONUI.DLL -> %System32%\LXPMONUI.DLL ->  [Ver = 0.1.35.8 | Size = 32768 bytes | Created Date = 1/20/2008 5:03:00 PM | Attr =	]
LXPRMON.DLL -> %System32%\LXPRMON.DLL ->  [Ver = 0.1.35.8 | Size = 45056 bytes | Created Date = 1/20/2008 5:03:00 PM | Attr =	]
mcdvd_32.dll -> %System32%\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Created Date = 1/9/2008 5:18:12 AM | Attr =	]
Scg726.acm -> %System32%\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 1/9/2008 5:18:00 AM | Attr =	]
tsccvid.dll -> %System32%\tsccvid.dll -> TechSmith Corporation [Ver = 2.0.4 | Size = 110592 bytes | Created Date = 1/10/2008 8:21:25 PM | Attr =	]
vct3216.acm -> %System32%\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
vp6vfw.dll -> %System32%\vp6vfw.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Created Date = 1/22/2008 10:59:32 AM | Attr = R  ]
xvid.ax -> %System32%\xvid.ax ->  [Ver =  | Size = 53248 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
xvidcore.dll -> %System32%\xvidcore.dll ->  [Ver =  | Size = 524288 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
xvidvfw.dll -> %System32%\xvidvfw.dll ->  [Ver =  | Size = 139264 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
ztx86.sys -> %System32%\ztx86.sys ->  [Ver =  | Size = 54764 bytes | Created Date = 1/22/2008 10:52:44 AM | Attr =	]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 1/14/2008 10:53:57 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 1/5/2008 12:35:35 PM | Attr =	]
30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1413 bytes | Created Date = 1/11/2008 2:06:56 AM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Created Date = 1/24/2008 2:46:47 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 1/24/2008 12:42:26 PM | Attr =  H ]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 1/31/2008 8:37:19 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 1/11/2008 2:09:43 AM | Attr =	]
WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx ->  [Ver =  | Size = 156910 bytes | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
AVS4YOU -> %AllUsersAppData%\AVS4YOU ->  [Folder | Created Date = 1/5/2008 2:19:09 AM | Attr =	]
FaxCtr -> %AllUsersAppData%\FaxCtr ->  [Folder | Created Date = 1/20/2008 5:02:38 PM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/27/2008 12:33:23 AM | Attr =	]
Nero -> %AllUsersAppData%\Nero ->  [Folder | Created Date = 1/24/2008 1:41:24 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 1/27/2008 1:56:41 PM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/2/2008 12:00:28 AM | Attr =	]
Yahoo! -> %AllUsersAppData%\Yahoo! ->  [Folder | Created Date = 1/23/2008 7:57:55 AM | Attr =	]
AVSDVDPlayer.m3u -> %UserAppData%\AVSDVDPlayer.m3u ->  [Ver =  | Size = 0 bytes | Created Date = 1/5/2008 12:19:10 PM | Attr =	]
FaxCtr -> %UserAppData%\FaxCtr ->  [Folder | Created Date = 1/20/2008 11:59:05 PM | Attr =	]
Nero -> %UserAppData%\Nero ->  [Folder | Created Date = 1/24/2008 1:43:50 PM | Attr =	]
Sun -> %UserAppData%\Sun ->  [Folder | Created Date = 1/11/2008 2:09:43 AM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/2/2008 12:00:21 AM | Attr =	]
Viewpoint -> %UserAppData%\Viewpoint ->  [Folder | Created Date = 1/11/2008 1:32:26 AM | Attr =	]
Ahead -> %LocalAppData%\Ahead ->  [Folder | Created Date = 1/24/2008 2:45:39 PM | Attr =	]
Identities -> %LocalAppData%\Identities ->  [Folder | Created Date = 1/26/2008 2:01:06 AM | Attr =	]
blanklovenotes.pdf -> %UserDocuments%\blanklovenotes.pdf ->  [Ver =  | Size = 13000 bytes | Created Date = 1/25/2008 12:46:13 AM | Attr =	]
clip.mp3 -> %UserDocuments%\clip.mp3 ->  [Ver =  | Size = 3308254 bytes | Created Date = 1/28/2008 9:48:16 PM | Attr =	]
clip.mp3.sfk -> %UserDocuments%\clip.mp3.sfk ->  [Ver =  | Size = 57036 bytes | Created Date = 1/31/2008 9:57:42 PM | Attr =	]
comclip.mp3 -> %UserDocuments%\comclip.mp3 ->  [Ver =  | Size = 10940189 bytes | Created Date = 1/28/2008 10:55:09 PM | Attr =	]
comclip.mp3.sfk -> %UserDocuments%\comclip.mp3.sfk ->  [Ver =  | Size = 79516 bytes | Created Date = 1/31/2008 12:11:47 PM | Attr =	]
komradz.acd -> %UserDocuments%\komradz.acd ->  [Ver =  | Size = 61848 bytes | Created Date = 1/28/2008 11:25:15 PM | Attr =	]
komradz.acd-bak -> %UserDocuments%\komradz.acd-bak ->  [Ver =  | Size = 59376 bytes | Created Date = 1/28/2008 11:25:15 PM | Attr =	]
painacapella.mp3 -> %UserDocuments%\painacapella.mp3 ->  [Ver =  | Size = 11012287 bytes | Created Date = 1/28/2008 7:37:33 PM | Attr =	]
Word Docs -> %UserDocuments%\Word Docs ->  [Folder | Created Date = 1/7/2008 11:27:43 AM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/27/2008 12:33:29 AM | Attr =	]
Home Designer 7.0 Training Videos.lnk -> %AllUsersDesktop%\Home Designer 7.0 Training Videos.lnk ->  [Ver =  | Size = 1811 bytes | Created Date = 1/10/2008 8:21:23 PM | Attr =	]
Lexmark Imaging Studio - 3400 Series.LNK -> %AllUsersDesktop%\Lexmark Imaging Studio - 3400 Series.LNK ->  [Ver =  | Size = 752 bytes | Created Date = 1/20/2008 5:11:46 PM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 1/30/2008 9:52:08 PM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 2/2/2008 12:00:23 AM | Attr =	]
avenger -> %UserDesktop%\avenger ->  [Folder | Created Date = 2/3/2008 12:23:37 AM | Attr =	]
avenger.zip -> %UserDesktop%\avenger.zip ->  [Ver =  | Size = 127378 bytes | Created Date = 2/3/2008 12:23:17 AM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/27/2008 2:45:52 PM | Attr =	]
method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 -> %UserDesktop%\method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 ->  [Ver =  | Size = 3163648 bytes | Created Date = 1/27/2008 12:29:58 AM | Attr =	]
spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Created Date = 1/30/2008 11:54:32 PM | Attr =	]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Created Date = 2/1/2008 11:59:46 PM | Attr =	]
Trailer House.plan -> %UserDesktop%\Trailer House.plan ->  [Ver =  | Size = 414319 bytes | Created Date = 1/10/2008 9:41:20 PM | Attr =	]
Trailer House_archive -> %UserDesktop%\Trailer House_archive ->  [Folder | Created Date = 1/10/2008 9:41:20 PM | Attr =	]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 2/2/2008 12:02:15 AM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2/1/2008 11:52:59 AM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Created Date = 2/1/2008 11:51:20 AM | Attr =	]
AVSMedia -> %CommonProgramFiles%\AVSMedia ->  [Folder | Created Date = 1/5/2008 2:18:55 AM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 1/11/2008 2:07:30 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 1/27/2008 12:32:40 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 1/31/2008 1:00:06 AM | Attr = RH ]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2/3/2008 12:36:14 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 2/2/2008 1:39:16 AM | Attr = RHS]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/3/2008 12:31:54 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/3/2008 12:35:26 AM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2/2/2008 12:17:18 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/3/2008 1:08:13 AM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 1/31/2008 12:34:23 AM | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 224466 bytes | Modified Date = 1/31/2008 12:34:23 AM | Attr = R  ]
PxHelp20.sys -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/27/2008 1:56:07 PM | Attr =	]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 1/8/2008 10:49:12 PM | Attr =	]
BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 1104 bytes | Modified Date = 2/3/2008 1:06:45 AM | Attr =	]
BMXCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXCtrlState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 1104 bytes | Modified Date = 2/3/2008 1:06:45 AM | Attr =	]
BMXState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 64 bytes | Modified Date = 2/3/2008 1:06:45 AM | Attr =	]
BMXStateBkp-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\BMXStateBkp-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 64 bytes | Modified Date = 2/3/2008 1:06:45 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/2/2008 3:34:39 AM | Attr =	]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 1/24/2008 1:40:43 PM | Attr =	]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]
divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Modified Date = 1/9/2008 5:15:58 AM | Attr =	]
DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 1/9/2008 5:18:18 AM | Attr =	]
divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Modified Date = 1/9/2008 5:18:18 AM | Attr =	]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/27/2008 9:18:27 PM | Attr = RHS]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]
dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2/3/2008 12:36:14 AM | Attr =	]
dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]
dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]
DVCState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx -> %System32%\DVCState-{00000001-00000000-00000002-00001102-00000008-40021102}.rfx ->  [Ver =  | Size = 11564 bytes | Modified Date = 2/3/2008 1:06:45 AM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 92680 bytes | Modified Date = 1/5/2008 11:25:48 AM | Attr =	]
LexFiles.ulf -> %System32%\LexFiles.ulf ->  [Ver =  | Size = 33527 bytes | Modified Date = 1/20/2008 5:03:58 PM | Attr =	]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 1/9/2008 5:18:00 AM | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 1/8/2008 10:49:12 PM | Attr =	]
px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 551672 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 129784 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]
pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 66296 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]
pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 120056 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.09a | Size = 518904 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 72440 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 64760 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]
pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 118520 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 187128 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 1628920 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 379640 bytes | Modified Date = 1/9/2008 5:18:08 AM | Attr =	]
qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Modified Date = 1/9/2008 5:18:12 AM | Attr =	]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 1/9/2008 5:18:00 AM | Attr =	]
vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.83a | Size = 88824 bytes | Modified Date = 1/9/2008 5:18:06 AM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/30/2008 11:54:02 PM | Attr =	]
ztx86.sys -> %System32%\ztx86.sys ->  [Ver =  | Size = 54764 bytes | Modified Date = 1/22/2008 10:52:44 AM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 1/22/2008 12:58:31 AM | Attr = R S]
30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/3/2008 1:07:33 AM | Attr =   S]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 1/24/2008 1:41:19 PM | Attr =	]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 1/30/2008 11:56:22 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 1/5/2008 2:18:58 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/22/2008 12:58:31 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/24/2008 1:40:43 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/2/2008 12:00:26 AM | Attr =  HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 1/14/2008 10:53:31 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 1/5/2008 12:35:35 PM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1413 bytes | Modified Date = 1/30/2008 10:15:11 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 1/24/2008 2:47:30 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 1/24/2008 12:42:26 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/3/2008 12:23:52 AM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 1/31/2008 8:46:43 PM | Attr =	]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 1/8/2008 10:46:47 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 1/10/2008 2:21:35 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 1/20/2008 4:58:03 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 1/11/2008 2:09:43 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2/2/2008 1:39:16 AM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2/3/2008 1:06:23 AM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/3/2008 1:08:15 AM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 1/20/2008 4:58:22 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 487 bytes | Modified Date = 2/2/2008 1:39:16 AM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/24/2008 1:40:53 PM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 1/8/2008 10:46:34 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/3/2008 1:07:36 AM | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1307 bytes | Modified Date = 12/20/2007 2:03:21 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/10/2008 2:21:33 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/10/2008 2:21:33 AM | Attr =	]
AutoRun.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AutoRun.exe -> Electronic Arts Inc. [Ver = 1.1.0.307 | Size = 663552 bytes | Modified Date = 8/18/2004 3:38:06 AM | Attr =	]
eauninstall.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\eauninstall.exe -> Electronic Arts Inc. [Ver = 1.1.0.307 | Size = 331776 bytes | Modified Date = 8/18/2004 3:38:06 AM | Attr =	]
First15.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\First15.exe -> Macromedia, Inc. [Ver = 6,0,21,0 | Size = 1453843 bytes | Modified Date = 8/17/2004 9:14:06 PM | Attr = R  ]
i4jdel0.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\i4jdel0.exe ->  [Ver =  | Size = 4608 bytes | Modified Date = 1/3/2008 12:21:51 PM | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr =	]
The Sims 2_uninst.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\The Sims 2_uninst.exe -> EA [Ver = 4, 0, 0, 23 | Size = 86016 bytes | Modified Date = 8/17/2004 9:13:58 PM | Attr =	]
VP6Install.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\VP6Install.exe ->  [Ver =  | Size = 23040 bytes | Modified Date = 8/17/2004 9:14:36 PM | Attr = R  ]
208 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 
ymdc.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\ymdc.exe -> Yahoo! Inc. [Ver = 2007.03.23.01 | Size = 46088 bytes | Modified Date = 3/23/2007 6:27:14 PM | Attr =	]
4 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp -> 
setup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\setup.exe -> InstallShield Software Corporation [Ver = 7, 01, 100, 1248 | Size = 107512 bytes | Modified Date = 11/7/2003 1:24:32 PM | Attr =	]
AIMinst.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AIMinst.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 1535696 bytes | Modified Date = 12/18/2007 1:27:19 PM | Attr =	]
AIMLang.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AIMLang.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 562160 bytes | Modified Date = 12/18/2007 1:27:20 PM | Attr =	]
alsetup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\alsetup.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 142040 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]
aoldlmgr.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\aoldlmgr.exe -> AOL LLC [Ver = 1.0.6.0 | Size = 120368 bytes | Modified Date = 12/18/2007 1:27:26 PM | Attr =	]
bsetutil.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\bsetutil.exe ->  [Ver = 1, 0, 5, 1 | Size = 96608 bytes | Modified Date = 12/18/2007 1:27:30 PM | Attr =	]
migrator.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\migrator.exe ->  [Ver = 0, 0, 0, 2 | Size = 228704 bytes | Modified Date = 12/18/2007 1:27:22 PM | Attr =	]
ocpinst.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\ocpinst.exe -> AOL LLC [Ver = 6.5.7.10 | Size = 5572272 bytes | Modified Date = 12/18/2007 1:27:23 PM | Attr =	]
postproc.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\postproc.exe -> AOL LLC. [Ver = 1, 0, 0, 6 | Size = 36912 bytes | Modified Date = 12/18/2007 1:27:15 PM | Attr =	]
setup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\setup.exe -> AOL LLC. [Ver = 11, 8, 0, 0 | Size = 170848 bytes | Modified Date = 12/18/2007 1:27:14 PM | Attr =	]
tbsetup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\tbsetup.exe -> AOL LLC [Ver = 3.3.15.2 | Size = 383128 bytes | Modified Date = 12/18/2007 1:27:24 PM | Attr =	]
toolbar.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\toolbar.exe -> AOL LLC [Ver = 1.0.19.1 | Size = 1628864 bytes | Modified Date = 12/18/2007 1:27:30 PM | Attr =	]
unagi3.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\unagi3.exe ->  [Ver = 3.0.0.0 | Size = 376568 bytes | Modified Date = 12/18/2007 1:27:24 PM | Attr =	]
Uninstaller.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\Uninstaller.exe ->  [Ver = 1, 0, 0, 1 | Size = 30560 bytes | Modified Date = 12/18/2007 1:27:28 PM | Attr =	]
vwpt.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\vwpt.exe ->  [Ver =  | Size = 2882640 bytes | Modified Date = 12/18/2007 1:27:30 PM | Attr =	]
DivXInstaller.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Div295.tmp\DivXInstaller.exe -> DivX, Inc. [Ver = 6.8.0.6 | Size = 16887272 bytes | Modified Date = 1/15/2008 11:07:51 AM | Attr =	]
SetupX.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\SetupX.exe -> Nero AG [Ver = 1, 8, 3, 0 | Size = 2483496 bytes | Modified Date = 9/26/2007 12:20:32 PM | Attr =	]
NL2WriteThrough.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\NL2WriteThrough.exe -> NERO AG [Ver = 1.0.0.1 | Size = 218408 bytes | Modified Date = 9/26/2007 12:20:21 PM | Attr =	]
WindowsInstaller-KB884016-v2-x86.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\WindowsInstaller-KB884016-v2-x86.exe -> Microsoft Corporation [Ver = 6.1.0006.0 built by: main(hemchans) | Size = 2003176 bytes | Modified Date = 2/9/2007 6:59:27 AM | Attr =	]
wmfdist.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\wmfdist.exe -> Microsoft Corporation [Ver = 9.00.00.2980 | Size = 4085904 bytes | Modified Date = 12/11/2002 1:11:50 PM | Attr =	]
wmfdist95.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\wmfdist95.exe -> Microsoft Corporation [Ver = 10.00.00.3646 | Size = 5649648 bytes | Modified Date = 8/10/2004 5:51:20 PM | Attr =	]
dxsetup.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\DirectX\dxsetup.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 484632 bytes | Modified Date = 8/14/2006 9:08:04 AM | Attr =	]
NeroDelTmp.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Setup\NeroDelTmp.exe -> Nero AG [Ver = 1, 8, 3, 0 | Size = 1500456 bytes | Modified Date = 9/26/2007 12:20:22 PM | Attr =	]
UninstallNero.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Setup\UninstallNero.exe -> Nero AG [Ver = 1, 8, 3, 0 | Size = 1598760 bytes | Modified Date = 9/26/2007 12:20:32 PM | Attr =	]
msgr8us.2007.11.30.01.exe -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nsn29.tmp\msgr8us.2007.11.30.01.exe ->  [Ver =  | Size = 404208 bytes | Modified Date = 11/30/2007 6:20:50 PM | Attr =	]
AutoRunGUI.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AutoRunGUI.dll -> Electronic Arts Inc. [Ver = 1.1.0.294 | Size = 598016 bytes | Modified Date = 8/17/2004 9:13:47 PM | Attr =	]
efgfyqrg.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\efgfyqrg.dll ->  [Ver =  | Size = 163840 bytes | Modified Date = 1/31/2008 11:50:30 PM | Attr =  HS]
qghmfiiq.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\qghmfiiq.dll ->  [Ver =  | Size = 163840 bytes | Modified Date = 2/1/2008 11:46:28 PM | Attr =  HS]
swt-win32-3347.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\swt-win32-3347.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 1/3/2008 12:16:51 PM | Attr =	]
VP6VFW.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\VP6VFW.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Modified Date = 8/17/2004 9:14:36 PM | Attr = R  ]
xmxodllq.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\xmxodllq.dll ->  [Ver =  | Size = 163840 bytes | Modified Date = 2/2/2008 12:29:01 AM | Attr =  HS]
208 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 
yvertr.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\yvertr.dll ->  [Ver = 2004, 1, 15, 1 | Size = 42080 bytes | Modified Date = 1/15/2004 1:48:38 PM | Attr =	]
ywiseext.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 11, 2, 1 | Size = 106496 bytes | Modified Date = 11/2/2007 10:25:48 AM | Attr =	]
4 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\0587195\*.tmp -> 
AdobeLM.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\AdobeLM.dll ->  [Ver =  | Size = 3072 bytes | Modified Date = 11/7/2003 1:23:50 PM | Attr =	]
emu.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\emu.dll -> Adobe Systems, Inc. [Ver = 1,0,2,37 | Size = 1177209 bytes | Modified Date = 11/7/2003 1:24:28 PM | Attr =	]
AOLFirewallMgr.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AOLFirewallMgr.dll -> AOL LLC [Ver = 1.3.2.1		   | Size = 95792 bytes | Modified Date = 12/18/2007 1:27:16 PM | Attr =	]
AOLSearch.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\AOLSearch.dll -> America Online, Inc. [Ver = 1.0.8.1 | Size = 111968 bytes | Modified Date = 12/18/2007 1:27:27 PM | Attr =	]
gui.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\gui.dll -> AOL LLC [Ver = 10, 5, 0, 0 | Size = 243504 bytes | Modified Date = 12/18/2007 1:27:15 PM | Attr =	]
imappver.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\imappver.dll -> AOL LLC [Ver = 6.5.7.20 | Size = 13664 bytes | Modified Date = 12/18/2007 1:27:21 PM | Attr =	]
instSup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\instSup.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 75104 bytes | Modified Date = 12/18/2007 1:27:23 PM | Attr =	]
ocpchk.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\ocpchk.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 15712 bytes | Modified Date = 12/18/2007 1:27:23 PM | Attr =	]
postinst.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\postinst.dll -> AOL LLC [Ver = 6, 5, 7, 13 | Size = 209248 bytes | Modified Date = 12/18/2007 1:27:16 PM | Attr =	]
ProgUpd.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\ProgUpd.dll -> AOL LLC. [Ver = 1, 0, 1, 0 | Size = 83808 bytes | Modified Date = 12/18/2007 1:27:14 PM | Attr =	]
tbinst.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\tbinst.dll -> AOL LLC [Ver = 3.3.15.2 | Size = 11616 bytes | Modified Date = 12/18/2007 1:27:26 PM | Attr =	]
_Setup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\isp1A2.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 147456 bytes | Modified Date = 1/10/2008 8:19:26 PM | Attr =	]
_Setup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\isp1A8.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 147456 bytes | Modified Date = 1/10/2008 8:21:09 PM | Attr =	]
_Setup.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\isp5.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 147456 bytes | Modified Date = 12/22/2007 7:14:01 PM | Attr =	]
AdvrCntr3.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nero.tmp\8.1.1.0_8.10.21_13820\AdvrCntr3.dll -> Nero AG [Ver = 1,1,0, 207 | Size = 3949864 bytes | Modified Date = 9/26/2007 7:37:18 PM | Attr =	]
ShellManager3.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nero.tmp\8.1.1.0_8.10.21_13820\ShellManager3.dll -> Nero AG [Ver = 8.1.1.0 | Size = 1180968 bytes | Modified Date = 9/26/2007 7:37:48 PM | Attr =	]
InstGuru.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\InstGuru.dll -> Nero AG [Ver = 1, 0, 0, 0 | Size = 120112 bytes | Modified Date = 9/26/2007 12:20:18 PM | Attr =	]
DSETUP.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\DirectX\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 74520 bytes | Modified Date = 8/14/2006 9:08:04 AM | Attr =	]
dsetup32.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Data\Redist\DirectX\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2248984 bytes | Modified Date = 8/14/2006 9:08:04 AM | Attr =	]
NPS.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\NERO13820\Setup\NPS.dll -> Nero AG [Ver = 1, 8, 3, 0 | Size = 4592936 bytes | Modified Date = 9/26/2007 12:20:22 PM | Attr =	]
System.dll -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\nsn29.tmp\System.dll ->  [Ver =  | Size = 9728 bytes | Modified Date = 1/23/2008 7:35:48 AM | Attr =	]
Perflib_Perfdata_470.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_470.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 8:12:56 PM | Attr =	]
Perflib_Perfdata_4c4.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_4c4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 11:28:28 AM | Attr =	]
Perflib_Perfdata_65c.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_65c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 1:48:52 AM | Attr =	]
Perflib_Perfdata_7a0.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_7a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/3/2008 1:08:22 AM | Attr =	]
Perflib_Perfdata_7fc.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_7fc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:03:52 AM | Attr =	]
Perflib_Perfdata_90.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_90.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:10:03 AM | Attr =	]
Perflib_Perfdata_988.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_988.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/3/2008 1:08:24 AM | Attr =	]
Perflib_Perfdata_990.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_990.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/3/2008 1:08:24 AM | Attr =	]
Perflib_Perfdata_998.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_998.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 1:48:55 AM | Attr =	]
Perflib_Perfdata_9a0.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_9a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/5/2008 1:48:55 AM | Attr =	]
Perflib_Perfdata_a74.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_a74.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 8:13:00 PM | Attr =	]
Perflib_Perfdata_a7c.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_a7c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 8:13:00 PM | Attr =	]
Perflib_Perfdata_b78.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_b78.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:10:16 AM | Attr =	]
Perflib_Perfdata_b98.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_b98.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:10:16 AM | Attr =	]
Perflib_Perfdata_ba4.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_ba4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:04:06 AM | Attr =	]
Perflib_Perfdata_bf0.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Perflib_Perfdata_bf0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 1:04:06 AM | Attr =	]
208 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 
Tw10122.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\Tw10122.dat ->  [Ver =  | Size = 3072 bytes | Modified Date = 11/7/2003 1:24:32 PM | Attr =	]
textlang.dat -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Sprint0\textlang.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 1/22/2008 1:00:12 AM | Attr =  H ]
maindir.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\maindir.ini ->  [Ver =  | Size = 58 bytes | Modified Date = 1/23/2008 7:36:53 AM | Attr =	]
setup.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\setup.ini ->  [Ver =  | Size = 3439 bytes | Modified Date = 12/28/2007 9:04:19 PM | Attr =	]
208 C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\*.tmp -> 
Abcpy.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\Abcpy.ini ->  [Ver =  | Size = 5791 bytes | Modified Date = 11/7/2003 1:23:48 PM | Attr =	]
setup.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Adobe Photoshop CS v8.0\setup.ini ->  [Ver =  | Size = 597 bytes | Modified Date = 11/7/2003 1:24:32 PM | Attr =	]
dlconfig.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\dlconfig.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]
gui.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\gui.ini ->  [Ver =  | Size = 5495 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]
post.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\post.ini ->  [Ver =  | Size = 389 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]
postui.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\postui.ini ->  [Ver =  | Size = 1954 bytes | Modified Date = 12/18/2007 1:27:31 PM | Attr =	]
setup.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\AIM_6.5.7.20\setup.ini ->  [Ver =  | Size = 3300 bytes | Modified Date = 12/18/2007 1:27:32 PM | Attr =	]
desktop.ini -> C:\Documents and Settings\Josh's Super Box\Local Settings\Temp\Sprint0\desktop.ini ->  [Ver =  | Size = 111 bytes | Modified Date = 1/22/2008 1:00:12 AM | Attr =  H ]
win600.exe -> C:\WINDOWS\Temp\win600.exe ->  [Ver =  | Size = 32256 bytes | Modified Date = 1/27/2008 9:18:16 PM | Attr =	]
2884 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
index.dat -> C:\WINDOWS\Temp\OuterinfoTemp\index.dat ->  [Ver =  | Size = 298 bytes | Modified Date = 1/27/2008 9:18:21 PM | Attr =	]
3 C:\WINDOWS\Temp\OuterinfoTemp\*.tmp files -> C:\WINDOWS\Temp\OuterinfoTemp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AVS4YOU -> %AllUsersAppData%\AVS4YOU ->  [Folder | Modified Date = 1/5/2008 2:19:09 AM | Attr =	]
FaxCtr -> %AllUsersAppData%\FaxCtr ->  [Folder | Modified Date = 1/20/2008 5:02:38 PM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/27/2008 12:33:54 AM | Attr =	]
Nero -> %AllUsersAppData%\Nero ->  [Folder | Modified Date = 1/24/2008 2:51:04 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/2/2008 2:08:20 AM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/2/2008 12:00:28 AM | Attr =	]
Yahoo! -> %AllUsersAppData%\Yahoo! ->  [Folder | Modified Date = 1/23/2008 7:57:55 AM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 1/10/2008 11:26:44 PM | Attr =	]
AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Modified Date = 1/26/2008 6:05:07 PM | Attr =	]
AVG7 -> %UserAppData%\AVG7 ->  [Folder | Modified Date = 1/31/2008 11:54:36 AM | Attr =	]
AVSDVDPlayer.m3u -> %UserAppData%\AVSDVDPlayer.m3u ->  [Ver =  | Size = 0 bytes | Modified Date = 1/5/2008 12:19:10 PM | Attr =	]
BitTorrent -> %UserAppData%\BitTorrent ->  [Folder | Modified Date = 1/26/2008 11:06:19 PM | Attr =	]
DNA -> %UserAppData%\DNA ->  [Folder | Modified Date = 1/22/2008 10:42:56 AM | Attr =	]
FaxCtr -> %UserAppData%\FaxCtr ->  [Folder | Modified Date = 1/20/2008 11:59:06 PM | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 1/26/2008 2:01:06 AM | Attr =   S]
Nero -> %UserAppData%\Nero ->  [Folder | Modified Date = 1/24/2008 1:43:50 PM | Attr =	]
Sun -> %UserAppData%\Sun ->  [Folder | Modified Date = 1/11/2008 2:09:43 AM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/2/2008 12:00:21 AM | Attr =	]
Viewpoint -> %UserAppData%\Viewpoint ->  [Folder | Modified Date = 1/11/2008 1:32:26 AM | Attr =	]
Ahead -> %LocalAppData%\Ahead ->  [Folder | Modified Date = 1/24/2008 2:45:39 PM | Attr =	]
ApplicationHistory -> %LocalAppData%\ApplicationHistory ->  [Folder | Modified Date = 1/31/2008 11:53:50 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 9216 bytes | Modified Date = 1/15/2008 11:01:35 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 13496 bytes | Modified Date = 1/5/2008 11:28:35 AM | Attr =	]
Identities -> %LocalAppData%\Identities ->  [Folder | Modified Date = 1/26/2008 2:01:06 AM | Attr =	]
My Music -> %AllUsersDocuments%\My Music ->  [Folder | Modified Date = 1/8/2008 10:46:37 PM | Attr = R  ]
ACID Pro 5.0 Projects -> %UserDocuments%\ACID Pro 5.0 Projects ->  [Folder | Modified Date = 1/31/2008 11:53:52 PM | Attr =	]
blanklovenotes.pdf -> %UserDocuments%\blanklovenotes.pdf ->  [Ver =  | Size = 13000 bytes | Modified Date = 1/25/2008 12:46:13 AM | Attr =	]
clip.mp3 -> %UserDocuments%\clip.mp3 ->  [Ver =  | Size = 3308254 bytes | Modified Date = 1/28/2008 9:48:17 PM | Attr =	]
clip.mp3.sfk -> %UserDocuments%\clip.mp3.sfk ->  [Ver =  | Size = 57036 bytes | Modified Date = 1/31/2008 10:01:44 PM | Attr =	]
comclip.mp3 -> %UserDocuments%\comclip.mp3 ->  [Ver =  | Size = 10940189 bytes | Modified Date = 1/31/2008 10:25:12 PM | Attr =	]
comclip.mp3.sfk -> %UserDocuments%\comclip.mp3.sfk ->  [Ver =  | Size = 79516 bytes | Modified Date = 1/31/2008 10:11:42 PM | Attr =	]
Complete Song Folders -> %UserDocuments%\Complete Song Folders ->  [Folder | Modified Date = 1/9/2008 2:21:31 AM | Attr =	]
komradz.acd -> %UserDocuments%\komradz.acd ->  [Ver =  | Size = 61848 bytes | Modified Date = 2/1/2008 12:01:29 AM | Attr =	]
komradz.acd-bak -> %UserDocuments%\komradz.acd-bak ->  [Ver =  | Size = 59376 bytes | Modified Date = 1/31/2008 10:25:02 PM | Attr =	]
Lyrics -> %UserDocuments%\Lyrics ->  [Folder | Modified Date = 2/2/2008 3:59:48 AM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/16/2008 1:44:12 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/25/2008 10:07:21 PM | Attr = R  ]
painacapella.mp3 -> %UserDocuments%\painacapella.mp3 ->  [Ver =  | Size = 11012287 bytes | Modified Date = 1/28/2008 7:37:37 PM | Attr =	]
Traktor3 -> %UserDocuments%\Traktor3 ->  [Folder | Modified Date = 2/1/2008 11:45:14 AM | Attr =	]
Word Docs -> %UserDocuments%\Word Docs ->  [Folder | Modified Date = 1/12/2008 8:29:53 AM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/27/2008 12:33:29 AM | Attr =	]
Home Designer 7.0 Training Videos.lnk -> %AllUsersDesktop%\Home Designer 7.0 Training Videos.lnk ->  [Ver =  | Size = 1811 bytes | Modified Date = 1/10/2008 8:21:23 PM | Attr =	]
Lexmark Imaging Studio - 3400 Series.LNK -> %AllUsersDesktop%\Lexmark Imaging Studio - 3400 Series.LNK ->  [Ver =  | Size = 752 bytes | Modified Date = 1/20/2008 5:11:46 PM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 1/30/2008 9:52:08 PM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 2/2/2008 12:00:23 AM | Attr =	]
avenger -> %UserDesktop%\avenger ->  [Folder | Modified Date = 2/3/2008 12:23:37 AM | Attr =	]
avenger.zip -> %UserDesktop%\avenger.zip ->  [Ver =  | Size = 127378 bytes | Modified Date = 2/3/2008 12:22:53 AM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/27/2008 2:45:52 PM | Attr =	]
method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 -> %UserDesktop%\method_man_ft._lauryn_hill_-_say_(diy_dj_3k_acapella).mp3 ->  [Ver =  | Size = 3163648 bytes | Modified Date = 1/27/2008 12:30:02 AM | Attr =	]
spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 1/30/2008 11:54:38 PM | Attr =	]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Modified Date = 2/1/2008 11:59:50 PM | Attr =	]
Trailer House.plan -> %UserDesktop%\Trailer House.plan ->  [Ver =  | Size = 414319 bytes | Modified Date = 1/10/2008 9:41:20 PM | Attr =	]
Trailer House_archive -> %UserDesktop%\Trailer House_archive ->  [Folder | Modified Date = 1/10/2008 9:41:20 PM | Attr =	]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2/2/2008 12:02:12 AM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/2/2008 1:06:53 AM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Modified Date = 2/1/2008 11:51:11 AM | Attr =	]
AVSMedia -> %CommonProgramFiles%\AVSMedia ->  [Folder | Modified Date = 1/22/2008 12:57:48 AM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 1/11/2008 2:07:30 AM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 1/22/2008 12:58:31 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/2/2008 12:00:09 AM | Attr =	]

< End of report >

Edited by sko, 03 February 2008 - 02:13 AM.


#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:52 PM

Posted 03 February 2008 - 12:16 PM

Hi sko. My fault. Try Avenger again with this input:
files to delete:
c:\windows\system32\drvtow.dll
c:\windows\system32\pqstv.ini
c:\windows\system32\pqstv.ini2
c:\windows\system32\winver.bat
c:\windows\system32\ztx86.sys
c:\windows\system32\wininit.ini
c:\windows\system32\imsins.BAK

It looks like all of them are already gone except for the ztx86.sys, This should take care of that also. Just post the Avenger log back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 sko

sko
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 03 February 2008 - 02:31 PM

same thing i was getting last night

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lxbfhnnj

*******************

Script file located at: \??\C:\WINDOWS\system32\ryhmcgbh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\windows\system32\drvtow.dll not found!
Deletion of file c:\windows\system32\drvtow.dll failed!

Could not process line:
c:\windows\system32\drvtow.dll
Status: 0xc0000034



File c:\windows\system32\pqstv.ini not found!
Deletion of file c:\windows\system32\pqstv.ini failed!

Could not process line:
c:\windows\system32\pqstv.ini
Status: 0xc0000034



File c:\windows\system32\pqstv.ini2 not found!
Deletion of file c:\windows\system32\pqstv.ini2 failed!

Could not process line:
c:\windows\system32\pqstv.ini2
Status: 0xc0000034



File c:\windows\system32\winver.bat not found!
Deletion of file c:\windows\system32\winver.bat failed!

Could not process line:
c:\windows\system32\winver.bat
Status: 0xc0000034

File c:\windows\system32\ztx86.sys deleted successfully.


File c:\windows\system32\wininit.ini not found!
Deletion of file c:\windows\system32\wininit.ini failed!

Could not process line:
c:\windows\system32\wininit.ini
Status: 0xc0000034



File c:\windows\system32\imsins.BAK not found!
Deletion of file c:\windows\system32\imsins.BAK failed!

Could not process line:
c:\windows\system32\imsins.BAK
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:52 PM

Posted 03 February 2008 - 03:23 PM

Hi sko. This one is different. As I said, none of the files appeared to be present except for the ztx86.sys file. As expected. none of them were except for the ztx86.sys file and Avenger took care of that:

File c:\windows\system32\ztx86.sys deleted successfully.

Everything is right with the world now lol. How are things running? Any more issues? If not, then run the system for a couple of days and get back to me and we can do some final cleanup.

Cheers.

OT

Edited by OldTimer, 03 February 2008 - 03:24 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 sko

sko
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 03 February 2008 - 05:15 PM

It seems to be working like new again, thanks for your help, one thing i noticed the other night is when I go to shut down my pc it will says Netbroadcaster or somthing along those lines wouldnt respond, I think it was part of one of the viruses but not sure

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:52 PM

Posted 03 February 2008 - 06:38 PM

Hi sko. If that was prior to the final fix today then that could very well be. Is it still doing that after the last Avenger fix from today?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 sko

sko
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 04 February 2008 - 05:12 PM

Everything seems to be like new, i love it lol. What would you recommend I download as far as virus programs and what not to try and prevent this from happening again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users