Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Red Circle / White X / Ultimate Defender


  • Please log in to reply
24 replies to this topic

#1 Holy Moses

Holy Moses

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 03 February 2008 - 05:24 PM

My problems are outlined here

http://www.bleepingcomputer.com/forums/ind...mp;#entry731511


I so got slammed by "Ultimate Defender". I'm at my wits end, this thing has done a number on me.

First off, I've got the dreaded red circle with the white X in my system tray telling me "Your computer is infected!" blah blah blah

I CAN NOT open HJT. I've saved it in different folders. I've renamed it. I've done everything and the program will not start. Neither will Kapersky.

Also, when I click on any link on google, I get redirected to a sales screen. I have to hit "back" and then re-click on the link to get to where I want to go. This is for everything I hit on google.

I'm a McAfee subscriber and I've got Ad-Aware, but neither of these programs have done jack crap for me. I've tried about every fix I've seen on the internet, and I've got nothing. I manually cleared the Ultimate Defender listings from the registry, but still nothing helps!

McAfee also says I'm not protected -- when I click the "fix" button, it says "an error occured" and it kicks me back to the main screen.

Lovely -- SuperAntiSpyware won't open either.


HELP!


This is my WinPatrol Hijack log


Log created by WinPatrol version 14.0.2007.1:14.0.2007.1
Scan saved at 4:22:27 PM, on 2/03/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\PROGRAM FILES\Lavasoft\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\bin\APPLEMOBILEDEVICESERVICE.EXE
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\PROGRAM FILES\McAfee\MPF\MpfSrv.exe
C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
C:\PROGRAM FILES\SITEADVISOR\6253\SASERVICE.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\atiptaxx.exe
C:\PROGRAM FILES\CYBERLINK\POWERDVD DX\PDVDDXSRV.EXE
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0 SOS\AVPBEN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRAM FILES\Google\GOOGLETOOLBARNOTIFIER\1.2.1128.5462\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERBen.exe
C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
C:\PROGRAM FILES\McAfee\MSC\mcuimgr.exe
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O1 - Hosts: 127.0.0.
O3 - Toolbar: - {BA52B914-B692-46c4-B683-905236F6F655} -
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh]C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]C:\WINDOWS\system32\WLTRAY.EXE
O4 - HKLM\..\Run: [SiteAdvisor]C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\QTTask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper]C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ATIModeChange]Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA]C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PDVDDXSrv]C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
O4 - HKLM\..\Run: [DLA]C:\WINDOWS\system32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup]C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler]C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [mcagent_exe]C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AVP]C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\AVPBEN.exe
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg]C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [braviax]C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2]C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer]C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]C:\Program Files\SUPERAntiSpyware\SUPERBen.exe
O4 - Global Startup: =C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
O4 - Global Startup: =C:\Documents and Settings\xxxx\Start Menu\Programs\Startup\.protected
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: cru629.dat

O23 - Service: Ad-Aware 2007 Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: Ati HotKey Poller - - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 - - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe -r
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Human Interface Device Access - - C:\WINDOWS\System32\hidserv.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent - McAfee, Inc. - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service - McAfee, Inc. - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: SiteAdvisor Service - - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service - - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16574
MSIE: Internet Explorer (7.00.6000.16574)
79 IE Cookies in Folder: C:\Documents and Settings\xxxx\Cookies\

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [McQcTask.job]c:\Program Files\McAfee\MQC\QcConsol.exe Never
WP31 - Scheduled Tasks: [McDefragTask.job]c:\Program Files\McAfee\MQC\QcConsol.exe Never
WP31 - Scheduled Tasks: [AdwareAlert Scheduled Scan.job]C:\Program Files\AdwareAlert\AdwareAlert.exe Never

WP32 - Hidden File: C:\.protected
WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\.protected
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\Thumbs.db
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Thumbs.db
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [WordPad Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .EML: [Outlook Express Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*

Memory currently in use: 57%
Physical Memory Free: 221,572 KB
Paging File Free: 930,576 KB
Virtual Memory Free: 2,057,972 KB


--
End of file



PLEASE HELP ME!

Edited by OldTimer, 04 June 2008 - 11:37 PM.


BC AdBot (Login to Remove)

 


#2 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 04 February 2008 - 09:25 PM

Resisting bumps, but I'm languishing on page 8.

Thanks! :thumbsup:

#3 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 06 February 2008 - 09:34 AM

Falling into obscurity. Any help would be appreciated. :thumbsup:

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:36 AM

Posted 08 February 2008 - 08:03 PM

Hello Holy Moses and welcome to the BC HijackThis forum. It really doesn't matter where your post is in relationship to the pages. The helpers have their own screen that shows any post that does not have replies to it. By adding your own replies you fell off that screen :thumbsup:

Now, let's use a different scanner and see what we can find.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 February 2008 - 09:11 PM

I'm almost certian this braviax file is the one I need to wipe out. I'm sure we're close to having this nailed down.
WinPFind35 logfile created on: 2/8/2008 8:09:37 PM
WinPFind35U Version Beta47	 Folder = C:\Documents and Settings\xxxx\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
 
510.98 Mb Total Physical Memory | 341.46 Mb Available Physical Memory | 66.82% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 63.46 Gb Free Space | 85.16% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DELL5100
Current User Name: xxxx
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 323584 bytes | Modified Date = 7/29/2003 2:11:36 PM | Attr =	]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE ->  [Ver =  | Size = 18944 bytes | Modified Date = 12/19/2005 9:08:42 AM | Attr =	]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1200128 bytes | Modified Date = 12/19/2005 9:08:40 AM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr =	]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 3:08:06 AM | Attr =	]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 8:15:18 PM | Attr =	]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr =	]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr =	]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 1/31/2008 7:49:12 AM | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 10:33:14 PM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 12:48:02 PM | Attr =	]
wltray.exe -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 9:08:42 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr =	]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5028 | Size = 335872 bytes | Modified Date = 7/29/2003 1:30:00 PM | Attr =	]
pdvddxsrv.exe -> %ProgramFiles%\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 118784 bytes | Modified Date = 10/20/2006 5:23:38 PM | Attr =	]
dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.12a | Size = 122940 bytes | Modified Date = 11/7/2005 5:20:00 AM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 4:50:18 PM | Attr =	]
winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 14, 0, 2007, 1 | Size = 316728 bytes | Modified Date = 1/26/2008 11:38:16 PM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/26/2008 1:04:31 AM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr =	]
superben.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERBen.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =	]
mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> McAfee, Inc. [Ver = 8,0,226,0 | Size = 265040 bytes | Modified Date = 7/13/2007 7:14:56 AM | Attr =	]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 2:16:16 AM | Attr =	]
mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 361800 bytes | Modified Date = 7/25/2007 2:15:50 AM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 2/8/2008 5:12:16 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 323584 bytes | Modified Date = 7/29/2003 2:11:36 PM | Attr =	]
(AVP) Kaspersky Anti-Virus 6.0 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2008 1:04:29 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =	]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 3:08:06 AM | Attr =	]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 8:15:18 PM | Attr =	]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 2:16:16 AM | Attr =	]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr =	]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Stopped] ->  -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 1:41:52 AM | Attr =	]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr =	]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 1/31/2008 7:49:12 AM | Attr =	]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6371 | Size = 587264 bytes | Modified Date = 7/29/2003 2:13:32 PM | Attr =	]
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.10.40.0 | Size = 424320 bytes | Modified Date = 11/2/2005 1:24:34 PM | Attr =	]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.52.0.0 built by: WinDDK | Size = 44544 bytes | Modified Date = 8/17/2006 8:55:16 AM | Attr = R  ]
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys ->  [Ver =  | Size = 29184 bytes | Modified Date = 2/2/2008 11:08:36 PM | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %System32%\drivers\cercsr6.sys -> Adaptec, Inc. [Ver = 4.1.0.7405 | Size = 39904 bytes | Modified Date = 12/13/2004 3:14:00 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %System32%\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.12a | Size = 25628 bytes | Modified Date = 11/7/2005 5:20:00 AM | Attr =	]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %System32%\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.02a | Size = 5660 bytes | Modified Date = 11/18/2005 12:02:50 PM | Attr =	]
(DLADResN) DLADResN [File_System | Auto | Running] -> %System32%\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.12a | Size = 2496 bytes | Modified Date = 11/7/2005 5:20:00 AM | Attr =	]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %System32%\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.12a | Size = 86652 bytes | Modified Date = 11/7/2005 5:20:00 AM | Attr =	]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %System32%\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.12a | Size = 14684 bytes | Modified Date = 11/7/2005 5:20:00 AM | Attr =	]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %System32%\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.12a | Size = 6364 bytes | Modified Date = 11/7/2005 5:20:00 AM | Attr =	]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %System32%\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.02a | Size = 22684 bytes | Modified Date = 11/18/2005 12:02:10 PM | Attr =	]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %System32%\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.12a | Size = 94332 bytes | Modified Date = 11/7/2005 5:20:00 AM | Attr =	]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %System32%\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.12a | Size = 87036 bytes | Modified Date = 11/7/2005 5:20:00 AM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 3:30:00 AM | Attr =	]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %System32%\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 5:20:00 AM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Modified Date = 7/24/2007 7:40:36 AM | Attr =	]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Modified Date = 7/21/2007 9:08:24 AM | Attr =	]
(mfehidk) McAfee Inc. [Kernel | System | Running] -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Modified Date = 7/21/2007 9:08:24 AM | Attr =	]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Modified Date = 7/24/2007 12:02:36 PM | Attr =	]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 7/21/2007 9:08:24 AM | Attr =	]
(MPFP) MPFP [Kernel | System | Running] -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Modified Date = 7/13/2007 9:20:24 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(OMCI) OMCI [Kernel | System | Running] -> %System32%\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 8/22/2001 8:42:58 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.27a | Size = 20576 bytes | Modified Date = 1/26/2005 2:03:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\stac97.sys -> SigmaTel, Inc. [Ver = 5.10.3952 | Size = 264440 bytes | Modified Date = 11/15/2004 3:37:52 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 3/8/2006 12:35:10 PM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> system32\drivers\UIUSys.sys -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr =	]
ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 9/4/2001 4:24:26 PM | Attr =	]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5028 | Size = 335872 bytes | Modified Date = 7/29/2003 1:30:00 PM | Attr =	]
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\AVPBEN.exe -> Kaspersky Lab [Ver = 6.0.3.837 | Size = 231952 bytes | Modified Date = 11/19/2007 2:40:50 PM | Attr =	]
Broadcom Wireless Manager UI -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 9:08:42 AM | Attr =	]
DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.12a | Size = 122940 bytes | Modified Date = 11/7/2005 5:20:00 AM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 4:50:42 PM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 4:50:18 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr =	]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 10:33:14 PM | Attr =	]
PDVDDXSrv -> %ProgramFiles%\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 118784 bytes | Modified Date = 10/20/2006 5:23:38 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 3:27:36 PM | Attr =	]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe ->  [Ver =  | Size = 36640 bytes | Modified Date = 8/24/2007 3:57:48 PM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 12:48:02 PM | Attr =	]
WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 14, 0, 2007, 1 | Size = 316728 bytes | Modified Date = 1/26/2008 11:38:16 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
braviax -> %System32%\braviax.exe ->  [Ver =  | Size = 11264 bytes | Modified Date = 2/3/2008 2:21:53 PM | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERBen.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/26/2008 1:04:31 AM | Attr =	]
Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
 -> %AllUsersStartup%\.pro -> File not found
< xxxx Startup Folder > -> C:\Documents and Settings\xxxx\Start Menu\Programs\Startup -> 
 -> %UserStartup%\.pro -> File not found
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
cru629.datts and Set -> %SystemRoot%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Modified Date = 2/6/2008 9:31:56 PM | Attr =	]
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/26/2008 1:04:28 AM | Attr = R  ]
{BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/26/2008 1:04:28 AM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2008, 1, 16, 1 | Size = 3667272 bytes | Modified Date = 1/16/2008 10:45:46 AM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{C1B3C795-A288-47FC-90BC-1BD812EBF451} ->	(Dell TrueMobile 1300 WLAN Mini-PCI Card) -> 
{D3D079AF-856D-41A4-AEF5-C2AF5C197642} ->	(1394 Net Adapter) -> 
{D443AA2E-5A5E-40D2-A5C4-2F967D15D20C} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 868 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 450 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 6:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 6:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 1/15/2008 3:22:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 8:15:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
.protected -> %SystemDrive%\.protected ->  [Ver =  | Size = 0 bytes | Created Date = 2/2/2008 11:11:24 PM | Attr =  H ]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 6:58:24 PM | Attr =	]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2/3/2008 10:21:48 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Created Date = 1/25/2008 12:53:02 PM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 2/3/2008 1:46:40 PM | Attr =  HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 6:58:24 PM | Attr =	]
DELL -> %SystemDrive%\DELL ->  [Folder | Created Date = 1/25/2008 6:58:50 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Created Date = 1/25/2008 12:53:37 PM | Attr =	]
HJT -> %SystemDrive%\HJT ->  [Folder | Created Date = 2/3/2008 1:15:52 PM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 6:58:24 PM | Attr = RHS]
KAV -> %SystemDrive%\KAV ->  [Folder | Created Date = 2/3/2008 1:20:54 AM | Attr =	]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 6:58:24 PM | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Created Date = 1/25/2008 12:54:41 PM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 1/25/2008 7:06:48 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 1/25/2008 12:53:36 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
ati2dvag.dll -> %System32%\dllcache\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6371 | Size = 302592 bytes | Created Date = 1/25/2008 10:53:02 PM | Attr =	]
ati2mtag.sys -> %System32%\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6371 | Size = 587264 bytes | Created Date = 1/25/2008 10:53:02 PM | Attr =	]
ati3d1ag.dll -> %System32%\dllcache\ati3d1ag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.3844 | Size = 848640 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
ati3duag.dll -> %System32%\dllcache\ati3duag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.0182 | Size = 1086240 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
big5.nls -> %System32%\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 1/25/2008 6:59:09 PM | Attr =	]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 1/25/2008 6:59:09 PM | Attr =	]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 1/25/2008 6:59:15 PM | Attr =	]
chtskf.dll -> %System32%\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 1/25/2008 6:59:18 PM | Attr =	]
c_10001.nls -> %System32%\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 1/25/2008 6:59:09 PM | Attr =	]
c_10002.nls -> %System32%\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 1/25/2008 6:59:09 PM | Attr =	]
c_10003.nls -> %System32%\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/25/2008 6:59:09 PM | Attr =	]
c_10004.nls -> %System32%\dllcache\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_10005.nls -> %System32%\dllcache\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_10006.nls -> %System32%\dllcache\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
c_10007.nls -> %System32%\dllcache\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:37 PM | Attr =	]
c_10008.nls -> %System32%\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_10010.nls -> %System32%\dllcache\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:32 PM | Attr =	]
c_10017.nls -> %System32%\dllcache\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:37 PM | Attr =	]
c_10021.nls -> %System32%\dllcache\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_10029.nls -> %System32%\dllcache\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:32 PM | Attr =	]
c_10081.nls -> %System32%\dllcache\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:39 PM | Attr =	]
c_10082.nls -> %System32%\dllcache\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:32 PM | Attr =	]
c_1047.nls -> %System32%\dllcache\c_1047.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_1140.nls -> %System32%\dllcache\c_1140.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_1141.nls -> %System32%\dllcache\c_1141.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_1142.nls -> %System32%\dllcache\c_1142.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_1143.nls -> %System32%\dllcache\c_1143.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_1144.nls -> %System32%\dllcache\c_1144.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:10 PM | Attr =	]
c_1145.nls -> %System32%\dllcache\c_1145.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_1146.nls -> %System32%\dllcache\c_1146.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_1147.nls -> %System32%\dllcache\c_1147.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_1148.nls -> %System32%\dllcache\c_1148.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_1149.nls -> %System32%\dllcache\c_1149.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_1361.nls -> %System32%\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_20000.nls -> %System32%\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_20001.nls -> %System32%\dllcache\c_20001.nls ->  [Ver =  | Size = 186402 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_20002.nls -> %System32%\dllcache\c_20002.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_20003.nls -> %System32%\dllcache\c_20003.nls ->  [Ver =  | Size = 185378 bytes | Created Date = 1/25/2008 6:59:11 PM | Attr =	]
c_20004.nls -> %System32%\dllcache\c_20004.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20005.nls -> %System32%\dllcache\c_20005.nls ->  [Ver =  | Size = 187938 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20105.nls -> %System32%\dllcache\c_20105.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20106.nls -> %System32%\dllcache\c_20106.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20107.nls -> %System32%\dllcache\c_20107.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20108.nls -> %System32%\dllcache\c_20108.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20127.nls -> %System32%\dllcache\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:31 PM | Attr =	]
c_20269.nls -> %System32%\dllcache\c_20269.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20273.nls -> %System32%\dllcache\c_20273.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20277.nls -> %System32%\dllcache\c_20277.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20278.nls -> %System32%\dllcache\c_20278.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20280.nls -> %System32%\dllcache\c_20280.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20284.nls -> %System32%\dllcache\c_20284.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20285.nls -> %System32%\dllcache\c_20285.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20290.nls -> %System32%\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:12 PM | Attr =	]
c_20297.nls -> %System32%\dllcache\c_20297.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20420.nls -> %System32%\dllcache\c_20420.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20423.nls -> %System32%\dllcache\c_20423.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20424.nls -> %System32%\dllcache\c_20424.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20833.nls -> %System32%\dllcache\c_20833.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20838.nls -> %System32%\dllcache\c_20838.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20871.nls -> %System32%\dllcache\c_20871.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20880.nls -> %System32%\dllcache\c_20880.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20924.nls -> %System32%\dllcache\c_20924.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20932.nls -> %System32%\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20936.nls -> %System32%\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_20949.nls -> %System32%\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_21025.nls -> %System32%\dllcache\c_21025.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:13 PM | Attr =	]
c_21027.nls -> %System32%\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:14 PM | Attr =	]
c_28594.nls -> %System32%\dllcache\c_28594.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:34 PM | Attr =	]
c_28595.nls -> %System32%\dllcache\c_28595.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:37 PM | Attr =	]
c_28596.nls -> %System32%\dllcache\c_28596.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:14 PM | Attr =	]
c_28597.nls -> %System32%\dllcache\c_28597.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
c_28599.nls -> %System32%\dllcache\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:39 PM | Attr =	]
c_28603.nls -> %System32%\dllcache\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:40 PM | Attr =	]
c_708.nls -> %System32%\dllcache\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:14 PM | Attr =	]
c_720.nls -> %System32%\dllcache\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 6:59:14 PM | Attr =	]
c_737.nls -> %System32%\dllcache\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
c_852.nls -> %System32%\dllcache\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:32 PM | Attr =	]
c_855.nls -> %System32%\dllcache\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:34 PM | Attr =	]
c_857.nls -> %System32%\dllcache\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:39 PM | Attr =	]
c_858.nls -> %System32%\dllcache\c_858.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 6:59:14 PM | Attr =	]
c_862.nls -> %System32%\dllcache\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 6:59:14 PM | Attr =	]
c_864.nls -> %System32%\dllcache\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 6:59:14 PM | Attr =	]
c_866.nls -> %System32%\dllcache\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:34 PM | Attr =	]
c_869.nls -> %System32%\dllcache\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
c_870.nls -> %System32%\dllcache\c_870.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 6:59:14 PM | Attr =	]
c_875.nls -> %System32%\dllcache\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/25/2008 12:54:30 PM | Attr =	]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/25/2008 12:54:30 PM | Attr =	]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/25/2008 12:54:30 PM | Attr =	]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 1/25/2008 6:59:27 PM | Attr =	]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 1/25/2008 6:59:27 PM | Attr =	]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 1/25/2008 6:59:27 PM | Attr =	]
FP4.CAT -> %System32%\dllcache\FP4.CAT ->  [Ver =  | Size = 31281 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
fpencode.dll -> %System32%\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 1/25/2008 6:59:29 PM | Attr =	]
hanja.lex -> %System32%\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 1/25/2008 6:59:32 PM | Attr =	]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 1/25/2008 6:54:25 PM | Attr =	]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 1/25/2008 6:59:37 PM | Attr =	]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
imekr.lex -> %System32%\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 1/25/2008 6:59:44 PM | Attr =	]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 1/25/2008 6:59:46 PM | Attr =	]
IMS.CAT -> %System32%\dllcache\IMS.CAT ->  [Ver =  | Size = 13753 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
imscinst.exe -> %System32%\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 1/25/2008 6:59:47 PM | Attr =	]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/25/2008 6:55:52 PM | Attr =	]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 1/25/2008 6:59:53 PM | Attr =	]
ksc.nls -> %System32%\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 1/25/2008 6:59:54 PM | Attr =	]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa ->  [Ver =  | Size = 643717 bytes | Created Date = 1/25/2008 12:54:42 PM | Attr =	]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe ->  [Ver =  | Size = 4639 bytes | Created Date = 1/25/2008 6:56:04 PM | Attr =	]
msinfo.dll -> %System32%\dllcache\msinfo.dll ->  [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 1/25/2008 6:55:54 PM | Attr =	]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT ->  [Ver =  | Size = 9581 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
msn7.cat -> %System32%\dllcache\msn7.cat ->  [Ver =  | Size = 24209 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
msn9.cat -> %System32%\dllcache\msn9.cat ->  [Ver =  | Size = 11651 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT ->  [Ver =  | Size = 7245 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
MW770.CAT -> %System32%\dllcache\MW770.CAT ->  [Ver =  | Size = 37484 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
nls302en.lex -> %System32%\dllcache\nls302en.lex ->  [Ver =  | Size = 4399505 bytes | Created Date = 1/25/2008 6:56:46 PM | Attr =	]
NT5.CAT -> %System32%\dllcache\NT5.CAT ->  [Ver =  | Size = 2012670 bytes | Created Date = 1/25/2008 12:54:16 PM | Attr =	]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 797189 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT ->  [Ver =  | Size = 382952 bytes | Created Date = 1/25/2008 12:54:16 PM | Attr =	]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT ->  [Ver =  | Size = 1086058 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7710 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 1/25/2008 6:54:01 PM | Attr =	]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 1/25/2008 7:00:11 PM | Attr =	]
prc.nls -> %System32%\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/25/2008 7:00:12 PM | Attr =	]
prcp.nls -> %System32%\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/25/2008 7:00:12 PM | Attr =	]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa ->  [Ver =  | Size = 605050 bytes | Created Date = 1/25/2008 12:54:42 PM | Attr =	]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 1/25/2008 7:00:17 PM | Attr =	]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/25/2008 7:00:17 PM | Attr =	]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/25/2008 7:00:17 PM | Attr =	]
sam.sdf -> %System32%\dllcache\sam.sdf ->  [Ver =  | Size = 888 bytes | Created Date = 1/25/2008 12:54:43 PM | Attr =	]
sam.spd -> %System32%\dllcache\sam.spd ->  [Ver =  | Size = 1685606 bytes | Created Date = 1/25/2008 12:54:43 PM | Attr =	]
sonypvu1.sys -> %System32%\dllcache\sonypvu1.sys -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Created Date = 2/2/2008 2:30:28 PM | Attr =	]
SP2.CAT -> %System32%\dllcache\SP2.CAT ->  [Ver =  | Size = 1042903 bytes | Created Date = 1/25/2008 12:54:16 PM | Attr =	]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/25/2008 12:54:30 PM | Attr =	]
srframe.mmf -> %System32%\dllcache\srframe.mmf ->  [Ver =  | Size = 984 bytes | Created Date = 1/25/2008 6:56:15 PM | Attr =	]
startoc.cat -> %System32%\dllcache\startoc.cat ->  [Ver =  | Size = 168806 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat ->  [Ver =  | Size = 7334 bytes | Created Date = 1/25/2008 12:54:17 PM | Attr =	]
xjis.nls -> %System32%\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 1/25/2008 7:00:42 PM | Attr =	]
1028_DELL_INS_5100.MRK -> %System32%\drivers\1028_DELL_INS_5100.MRK ->  [Ver =  | Size = 5 bytes | Created Date = 1/25/2008 10:01:23 PM | Attr =	]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6371 | Size = 587264 bytes | Created Date = 1/25/2008 10:53:02 PM | Attr =	]
bcm4sbxp.sys -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.52.0.0 built by: WinDDK | Size = 44544 bytes | Created Date = 1/25/2008 9:40:49 PM | Attr = R  ]
BCMWL5.SYS -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.10.40.0 | Size = 424320 bytes | Created Date = 1/25/2008 9:41:37 PM | Attr =	]
BCMWLNPF.SYS -> %System32%\drivers\BCMWLNPF.SYS -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 33664 bytes | Created Date = 1/25/2008 9:41:28 PM | Attr =	]
DELL_INS_5100.MRK -> %System32%\drivers\DELL_INS_5100.MRK ->  [Ver =  | Size = 5 bytes | Created Date = 1/25/2008 10:01:23 PM | Attr =	]
disdn -> %System32%\drivers\disdn ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
DLACDBHM.SYS -> %System32%\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.02a | Size = 5660 bytes | Created Date = 1/25/2008 11:02:02 PM | Attr =	]
DLARTL_N.SYS -> %System32%\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.02a | Size = 22684 bytes | Created Date = 1/25/2008 11:02:02 PM | Attr =	]
DRVMCDB.SYS -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Created Date = 1/25/2008 11:02:05 PM | Attr =	]
DRVNDDM.SYS -> %System32%\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Created Date = 1/25/2008 11:02:05 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
.protected -> %System32%\drivers\etc\.protected ->  [Ver =  | Size = 0 bytes | Created Date = 2/2/2008 11:11:24 PM | Attr =  H ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Created Date = 1/25/2008 10:17:59 PM | Attr =	]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Created Date = 1/25/2008 10:18:01 PM | Attr =	]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Created Date = 1/25/2008 10:17:59 PM | Attr =	]
mferkdk.sys -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Created Date = 1/25/2008 10:18:02 PM | Attr =	]
mfesmfk.sys -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Created Date = 1/25/2008 10:18:02 PM | Attr =	]
Mpfp.sys -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Created Date = 1/25/2008 10:17:53 PM | Attr =	]
omci.sys -> %System32%\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Created Date = 1/25/2008 7:12:19 PM | Attr =	]
SONYPVU1.SYS -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Created Date = 2/2/2008 2:30:28 PM | Attr =	]
stac97.sys -> %System32%\drivers\stac97.sys -> SigmaTel, Inc. [Ver = 5.10.3952 | Size = 264440 bytes | Created Date = 1/25/2008 10:52:10 PM | Attr =	]
SynTP.sys -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Created Date = 1/25/2008 9:40:01 PM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Created Date = 1/25/2008 12:52:58 PM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6371 | Size = 302592 bytes | Created Date = 1/25/2008 10:53:02 PM | Attr =	]
ati2evxx.dll -> %System32%\ati2evxx.dll ->  [Ver =  | Size = 86016 bytes | Created Date = 1/25/2008 10:53:02 PM | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 323584 bytes | Created Date = 1/25/2008 10:53:02 PM | Attr =	]
Ati2mdxx.exe -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Created Date = 1/25/2008 10:53:02 PM | Attr =	]
ati3d1ag.dll -> %System32%\ati3d1ag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.3844 | Size = 848640 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
ati3d2ag.dll -> %System32%\ati3d2ag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.3844 | Size = 1036288 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
ati3duag.dll -> %System32%\ati3duag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.0182 | Size = 1086240 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
ATIDDC.DLL -> %System32%\ATIDDC.DLL ->  ATI Technologies Inc. [Ver = 6.14.10.4 | Size = 73728 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
atiiiexx.dll -> %System32%\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.3009 | Size = 229376 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
atioglxx.dll -> %System32%\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.3842 | Size = 4796416 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
atipdlxx.dll -> %System32%\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2481 | Size = 81920 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
atitvo32.dll -> %System32%\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4000 | Size = 17408 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
ativcoxx.dll -> %System32%\ativcoxx.dll -> ATI Technologies, Inc. [Ver = 6.13.10.0005 | Size = 24064 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT ->  [Ver =  | Size = 1688 bytes | Created Date = 1/25/2008 12:54:28 PM | Attr =	]
bcm1xsup.dll -> %System32%\bcm1xsup.dll ->  [Ver =  | Size = 757760 bytes | Created Date = 1/25/2008 9:41:30 PM | Attr =	]
BCMLogon.dll -> %System32%\BCMLogon.dll -> Broadcom Corporation [Ver = 4.10.47.3 | Size = 667648 bytes | Created Date = 1/25/2008 9:41:37 PM | Attr =	]
BCMWLCPL.CPL -> %System32%\BCMWLCPL.CPL -> Dell Inc. [Ver = 4.10.47.3 | Size = 3096576 bytes | Created Date = 1/25/2008 9:41:10 PM | Attr =	]
bcmwlpkt.dll -> %System32%\bcmwlpkt.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 69632 bytes | Created Date = 1/25/2008 9:41:28 PM | Attr =	]
BCMWLTRY.EXE -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1200128 bytes | Created Date = 1/25/2008 9:41:28 PM | Attr =	]
bcmwlu00.exe -> %System32%\bcmwlu00.exe -> Dell Inc. [Ver = 4.10.47.3 | Size = 253952 bytes | Created Date = 1/25/2008 9:41:28 PM | Attr =	]
bopomofo.uce -> %System32%\bopomofo.uce ->  [Ver =  | Size = 22984 bytes | Created Date = 1/25/2008 6:54:19 PM | Attr =	]
braviax.exe -> %System32%\braviax.exe ->  [Ver =  | Size = 11264 bytes | Created Date = 2/3/2008 10:12:02 AM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Created Date = 1/25/2008 12:54:05 PM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Created Date = 1/25/2008 12:54:05 PM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 6:57:04 PM | Attr = RH ]
Com -> %System32%\Com ->  [Folder | Created Date = 1/25/2008 6:53:56 PM | Attr =	]
config -> %System32%\config ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Config.MPF -> %System32%\Config.MPF ->  [Ver =  | Size = 9748 bytes | Created Date = 1/25/2008 10:42:18 PM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Created Date = 1/25/2008 6:58:24 PM | Attr =	]
cru629.dat -> %System32%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Created Date = 2/3/2008 11:18:32 AM | Attr =	]
c_10006.nls -> %System32%\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
c_10007.nls -> %System32%\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:37 PM | Attr =	]
c_10010.nls -> %System32%\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:32 PM | Attr =	]
c_10017.nls -> %System32%\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:37 PM | Attr =	]
c_10029.nls -> %System32%\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:32 PM | Attr =	]
c_10081.nls -> %System32%\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:39 PM | Attr =	]
c_10082.nls -> %System32%\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:32 PM | Attr =	]
c_20127.nls -> %System32%\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:31 PM | Attr =	]
C_28594.NLS -> %System32%\C_28594.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:34 PM | Attr =	]
C_28595.NLS -> %System32%\C_28595.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:37 PM | Attr =	]
C_28597.NLS -> %System32%\C_28597.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
c_28599.nls -> %System32%\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:39 PM | Attr =	]
c_28603.nls -> %System32%\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:40 PM | Attr =	]
c_737.nls -> %System32%\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
c_852.nls -> %System32%\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:32 PM | Attr =	]
c_855.nls -> %System32%\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:34 PM | Attr =	]
c_857.nls -> %System32%\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:39 PM | Attr =	]
c_866.nls -> %System32%\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:34 PM | Attr =	]
c_869.nls -> %System32%\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
c_875.nls -> %System32%\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 12:54:35 PM | Attr =	]
d3d9caps.dat -> %System32%\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Created Date = 1/25/2008 10:58:39 PM | Attr =	]
desktop.ini -> %System32%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/25/2008 6:56:21 PM | Attr =	]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/25/2008 12:54:30 PM | Attr =	]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/25/2008 12:54:30 PM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Created Date = 1/25/2008 6:56:40 PM | Attr =	]
DLA -> %System32%\DLA ->  [Folder | Created Date = 1/25/2008 11:02:01 PM | Attr =	]
DLAAPI_W.DLL -> %System32%\DLAAPI_W.DLL -> Sonic Solutions [Ver = 5.20.12a | Size = 61500 bytes | Created Date = 1/25/2008 11:02:01 PM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Created Date = 1/25/2008 10:33:54 PM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Created Date = 1/25/2008 6:55:34 PM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Created Date = 1/25/2008 10:28:21 PM | Attr =	]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/25/2008 12:54:30 PM | Attr =	]
export -> %System32%\export ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 105416 bytes | Created Date = 1/25/2008 12:53:36 PM | Attr =	]
gb2312.uce -> %System32%\gb2312.uce ->  [Ver =  | Size = 24006 bytes | Created Date = 1/25/2008 6:54:19 PM | Attr =	]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 1/25/2008 6:54:25 PM | Attr =	]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 1/25/2008 6:54:01 PM | Attr =	]
ias -> %System32%\ias ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
ideograf.uce -> %System32%\ideograf.uce ->  [Ver =  | Size = 60458 bytes | Created Date = 1/25/2008 6:54:19 PM | Attr =	]
IME -> %System32%\IME ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/25/2008 6:55:52 PM | Attr =	]
kanji_1.uce -> %System32%\kanji_1.uce ->  [Ver =  | Size = 6948 bytes | Created Date = 1/25/2008 6:54:19 PM | Attr =	]
kanji_2.uce -> %System32%\kanji_2.uce ->  [Ver =  | Size = 8484 bytes | Created Date = 1/25/2008 6:54:19 PM | Attr =	]
korean.uce -> %System32%\korean.uce ->  [Ver =  | Size = 12876 bytes | Created Date = 1/25/2008 6:54:19 PM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/25/2008 6:57:10 PM | Attr = RH ]
Macromed -> %System32%\Macromed ->  [Folder | Created Date = 1/25/2008 6:56:06 PM | Attr =	]
mcgdmgr.dll -> %System32%\mcgdmgr.dll -> Networks Associates Technology, Inc [Ver = 1, 0, 0, 16 | Size = 270336 bytes | Created Date = 1/25/2008 9:28:00 PM | Attr =	]
mcinsctl.dll -> %System32%\mcinsctl.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 0, 74 | Size = 348160 bytes | Created Date = 1/25/2008 9:28:00 PM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Created Date = 1/25/2008 7:01:47 PM | Attr =   S]
MsDtc -> %System32%\MsDtc ->  [Folder | Created Date = 1/25/2008 6:53:58 PM | Attr =	]
msdtcprf.h -> %System32%\msdtcprf.h ->  [Ver =  | Size = 768 bytes | Created Date = 1/25/2008 6:54:16 PM | Attr =	]
msdtcprf.ini -> %System32%\msdtcprf.ini ->  [Ver =  | Size = 1931 bytes | Created Date = 1/25/2008 6:54:16 PM | Attr =	]
mui -> %System32%\mui ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 6:57:04 PM | Attr = RH ]
nod32se.exe -> %System32%\nod32se.exe ->  [Ver =  | Size = 16384 bytes | Created Date = 2/2/2008 11:41:30 PM | Attr =	]
npp -> %System32%\npp ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 6:57:04 PM | Attr = RH ]
Odbcjet.cnt -> %System32%\Odbcjet.cnt ->  [Ver =  | Size = 7348 bytes | Created Date = 1/25/2008 7:12:22 PM | Attr =	]
Odbcjet.hlp -> %System32%\Odbcjet.hlp ->  [Ver =  | Size = 171967 bytes | Created Date = 1/25/2008 7:12:22 PM | Attr =	]
Oemdspif.dll -> %System32%\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.14.0008 | Size = 73728 bytes | Created Date = 1/25/2008 10:53:03 PM | Attr =	]
oobe -> %System32%\oobe ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 458522 bytes | Created Date = 1/25/2008 12:54:45 PM | Attr =	]
preflib.dll -> %System32%\preflib.dll ->  [Ver =  | Size = 86016 bytes | Created Date = 1/25/2008 9:41:30 PM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Created Date = 1/25/2008 9:52:36 PM | Attr =	]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Created Date = 1/10/2008 3:27:44 PM | Attr =	]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Created Date = 1/10/2008 3:27:46 PM | Attr =	]
ras -> %System32%\ras ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Created Date = 1/25/2008 9:38:58 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Created Date = 1/25/2008 6:55:53 PM | Attr =	]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 6:57:04 PM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
shiftjis.uce -> %System32%\shiftjis.uce ->  [Ver =  | Size = 16740 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Created Date = 1/25/2008 9:48:33 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/25/2008 12:54:30 PM | Attr =	]
stac97.cpl -> %System32%\stac97.cpl -> SigmaTel Inc. [Ver = 1, 0, 0, 12 | Size = 102481 bytes | Created Date = 1/25/2008 10:52:10 PM | Attr =	]
subrange.uce -> %System32%\subrange.uce ->  [Ver =  | Size = 93702 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
suspend.bin -> %System32%\suspend.bin ->  [Ver =  | Size = 80 bytes | Created Date = 2/2/2008 11:41:34 PM | Attr =	]
suspend.exe -> %System32%\suspend.exe ->  [Ver =  | Size = 16384 bytes | Created Date = 2/2/2008 11:41:34 PM | Attr =	]
SynCOM.dll -> %System32%\SynCOM.dll -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 82014 bytes | Created Date = 1/25/2008 9:40:01 PM | Attr =	]
SynCtrl.dll -> %System32%\SynCtrl.dll -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 114688 bytes | Created Date = 1/25/2008 9:40:01 PM | Attr =	]
SynTPAPI.dll -> %System32%\SynTPAPI.dll -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 94299 bytes | Created Date = 1/25/2008 9:40:01 PM | Attr =	]
SynTPCo2.dll -> %System32%\SynTPCo2.dll -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 81920 bytes | Created Date = 1/25/2008 9:40:01 PM | Attr =	]
SynTPFcs.dll -> %System32%\SynTPFcs.dll -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 69723 bytes | Created Date = 1/25/2008 9:40:01 PM | Attr =	]
Thumbs.db -> %System32%\Thumbs.db ->  [Ver =  | Size = 5120 bytes | Created Date = 2/3/2008 11:04:53 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 3240 bytes | Created Date = 2/3/2008 12:41:23 AM | Attr =	]
tslabels.h -> %System32%\tslabels.h ->  [Ver =  | Size = 3286 bytes | Created Date = 1/25/2008 6:54:17 PM | Attr =	]
tslabels.ini -> %System32%\tslabels.ini ->  [Ver =  | Size = 13223 bytes | Created Date = 1/25/2008 6:54:17 PM | Attr =	]
users32.dat -> %System32%\users32.dat ->  [Ver =  | Size = 6656 bytes | Created Date = 2/2/2008 11:09:51 PM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
usrlogon.cmd -> %System32%\usrlogon.cmd ->  [Ver =  | Size = 1161 bytes | Created Date = 1/25/2008 6:54:18 PM | Attr =	]
vmm32 -> %System32%\vmm32 ->  [Folder | Created Date = 1/25/2008 9:57:28 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/25/2008 6:57:10 PM | Attr = RH ]
winivstr.exe -> %System32%\winivstr.exe ->  [Ver =  | Size = 160568 bytes | Created Date = 2/3/2008 4:20:08 PM | Attr =	]
wins -> %System32%\wins ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
WLBCGCBPRO731.DLL -> %System32%\WLBCGCBPRO731.DLL -> BCGSoft Ltd [Ver = 7, 31, 0, 0 | Size = 2129920 bytes | Created Date = 1/25/2008 9:41:30 PM | Attr =	]
WLTRAY.EXE -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Created Date = 1/25/2008 9:41:30 PM | Attr =	]
wltrynt.dll -> %System32%\wltrynt.dll -> Broadcom Corporation [Ver = 4.10.47.3 | Size = 44032 bytes | Created Date = 1/25/2008 9:41:30 PM | Attr =	]
WLTRYSVC.EXE -> %System32%\WLTRYSVC.EXE ->  [Ver =  | Size = 18944 bytes | Created Date = 1/25/2008 9:41:30 PM | Attr =	]
wmimgmt.msc -> %System32%\wmimgmt.msc ->  [Ver =  | Size = 63488 bytes | Created Date = 1/25/2008 6:54:11 PM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 6:57:04 PM | Attr = RH ]
xircom -> %System32%\xircom ->  [Folder | Created Date = 1/25/2008 6:58:53 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 1/25/2008 6:58:40 PM | Attr =  H ]
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Created Date = 1/25/2008 9:52:54 PM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 1/25/2008 10:26:39 PM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 1/25/2008 10:26:27 PM | Attr =  H ]
.protected -> %SystemRoot%\.protected ->  [Ver =  | Size = 0 bytes | Created Date = 2/3/2008 4:20:51 PM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Created Date = 1/25/2008 11:07:55 PM | Attr = R S]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp ->  [Ver =  | Size = 1272 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Created Date = 1/25/2008 7:00:49 PM | Attr =   S]
braviax.exe -> %SystemRoot%\braviax.exe ->  [Ver =  | Size = 11264 bytes | Created Date = 2/3/2008 11:11:19 AM | Attr =	]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp ->  [Ver =  | Size = 17062 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 6:58:24 PM | Attr =	]
cru629.dat -> %SystemRoot%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Created Date = 2/2/2008 11:09:32 PM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
dell -> %SystemRoot%\dell ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
desktop.ini -> %SystemRoot%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/25/2008 6:56:21 PM | Attr =	]
DLA.EXE -> %SystemRoot%\DLA.EXE -> Sonic Solutions [Ver = 5.20.12a | Size = 94263 bytes | Created Date = 1/25/2008 11:02:01 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Created Date = 1/25/2008 6:57:10 PM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp ->  [Ver =  | Size = 16730 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr = R S]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp ->  [Ver =  | Size = 17336 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp ->  [Ver =  | Size = 26582 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 1/25/2008 10:26:54 PM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 1/25/2008 10:29:01 PM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Created Date = 1/25/2008 12:54:45 PM | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Created Date = 1/25/2008 11:06:28 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 2/1/2008 9:38:40 PM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
msdownld.tmp -> %SystemRoot%\msdownld.tmp ->  [Folder | Created Date = 1/25/2008 10:52:06 PM | Attr =  H ]
mui -> %SystemRoot%\mui ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 1/25/2008 10:24:46 PM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Created Date = 1/25/2008 12:54:44 PM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 1/25/2008 6:57:10 PM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp ->  [Ver =  | Size = 65954 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 1/25/2008 7:01:47 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 1/26/2008 12:35:16 AM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 1/25/2008 10:36:58 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 1/25/2008 10:36:58 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Created Date = 1/25/2008 6:55:14 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 1/25/2008 7:01:35 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp ->  [Ver =  | Size = 17362 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp ->  [Ver =  | Size = 26680 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp ->  [Ver =  | Size = 65832 bytes | Created Date = 1/25/2008 6:54:21 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp ->  [Ver =  | Size = 65978 bytes | Created Date = 1/25/2008 6:54:20 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 1/25/2008 7:01:49 PM | Attr =	]
speed.reg -> %SystemRoot%\speed.reg ->  [Ver =  | Size = 666 bytes | Created Date = 1/25/2008 10:00:44 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Created Date = 1/25/2008 6:56:07 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 2/2/2008 11:08:23 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
system32 -> %System32% ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Created Date = 1/25/2008 6:56:11 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 7168 bytes | Created Date = 2/3/2008 11:04:55 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Created Date = 1/25/2008 6:55:20 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Created Date = 1/25/2008 6:55:20 PM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 1/25/2008 10:28:22 PM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr = R  ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 6:57:04 PM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 175 bytes | Created Date = 1/25/2008 11:02:01 PM | Attr =	]
winnt.bmp -> %SystemRoot%\winnt.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 1/25/2008 6:56:21 PM | Attr =  HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 1/25/2008 6:56:21 PM | Attr =  HS]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Created Date = 1/25/2008 12:47:25 PM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Created Date = 1/25/2008 6:58:15 PM | Attr =	]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp ->  [Ver =  | Size = 9522 bytes | Created Date = 1/25/2008 6:54:21 PM | Attr =	]
AdwareAlert Scheduled Scan.job -> %SystemRoot%\tasks\AdwareAlert Scheduled Scan.job ->  [Ver =  | Size = 504 bytes | Created Date = 1/26/2008 1:08:41 AM | Attr =	]
desktop.ini -> %SystemRoot%\tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Created Date = 1/25/2008 6:56:11 PM | Attr = RH ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 348 bytes | Created Date = 1/25/2008 10:17:44 PM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 340 bytes | Created Date = 1/25/2008 10:17:42 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Created Date = 1/25/2008 7:01:47 PM | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Created Date = 1/26/2008 1:02:43 AM | Attr =	]
Apple -> %AllUsersAppData%\Apple ->  [Folder | Created Date = 1/25/2008 10:33:03 PM | Attr =	]
Apple Computer -> %AllUsersAppData%\Apple Computer ->  [Folder | Created Date = 1/25/2008 10:34:38 PM | Attr =	]
Dell -> %AllUsersAppData%\Dell ->  [Folder | Created Date = 1/25/2008 10:58:37 PM | Attr =	]
desktop.ini -> %AllUsersAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/25/2008 12:54:18 PM | Attr =  HS]
Google -> %AllUsersAppData%\Google ->  [Folder | Created Date = 1/26/2008 1:04:32 AM | Attr =	]
Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Created Date = 2/3/2008 9:58:13 AM | Attr =	]
InstallShield -> %AllUsersAppData%\InstallShield ->  [Folder | Created Date = 1/25/2008 11:06:04 PM | Attr =	]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Created Date = 2/3/2008 1:21:40 AM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/26/2008 6:16:01 PM | Attr =	]
McAfee -> %AllUsersAppData%\McAfee ->  [Folder | Created Date = 1/25/2008 10:09:26 PM | Attr =	]
McAfee.com -> %AllUsersAppData%\McAfee.com ->  [Folder | Created Date = 1/25/2008 9:28:11 PM | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Created Date = 1/25/2008 12:53:59 PM | Attr =   S]
SiteAdvisor -> %AllUsersAppData%\SiteAdvisor ->  [Folder | Created Date = 1/25/2008 10:19:47 PM | Attr =	]
SITEguard -> %AllUsersAppData%\SITEguard ->  [Folder | Created Date = 2/3/2008 11:16:09 AM | Attr =	]
Sonic -> %AllUsersAppData%\Sonic ->  [Folder | Created Date = 1/25/2008 11:04:56 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 2/3/2008 2:01:06 PM | Attr =	]
STOPzilla! -> %AllUsersAppData%\STOPzilla! ->  [Folder | Created Date = 2/3/2008 11:15:18 AM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/3/2008 2:15:43 PM | Attr =	]
Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage ->  [Folder | Created Date = 1/25/2008 10:14:01 PM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Created Date = 1/25/2008 11:17:31 PM | Attr =	]
AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Created Date = 1/26/2008 12:54:48 AM | Attr =	]
AdwareAlert -> %UserAppData%\AdwareAlert ->  [Folder | Created Date = 1/26/2008 1:08:41 AM | Attr =	]
Apple Computer -> %UserAppData%\Apple Computer ->  [Folder | Created Date = 1/25/2008 10:37:09 PM | Attr =	]
desktop.ini -> %UserAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/25/2008 7:03:04 PM | Attr =  HS]
Google -> %UserAppData%\Google ->  [Folder | Created Date = 1/26/2008 1:03:50 AM | Attr =	]
Identities -> %UserAppData%\Identities ->  [Folder | Created Date = 1/25/2008 7:03:12 PM | Attr =	]
Jasc Software Inc -> %UserAppData%\Jasc Software Inc ->  [Folder | Created Date = 1/25/2008 7:18:47 PM | Attr =	]
Macromedia -> %UserAppData%\Macromedia ->  [Folder | Created Date = 1/25/2008 11:17:33 PM | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Created Date = 1/25/2008 7:03:03 PM | Attr =   S]
SiteAdvisor -> %UserAppData%\SiteAdvisor ->  [Folder | Created Date = 1/25/2008 10:19:47 PM | Attr =	]
Sun -> %UserAppData%\Sun ->  [Folder | Created Date = 2/2/2008 11:08:22 PM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/3/2008 2:15:03 PM | Attr =	]
Ultimate Defender -> %UserAppData%\Ultimate Defender ->  [Folder | Created Date = 2/3/2008 4:20:45 PM | Attr =	]
Uniblue -> %UserAppData%\Uniblue ->  [Folder | Created Date = 2/3/2008 12:25:58 AM | Attr =	]
WinPatrol -> %UserAppData%\WinPatrol ->  [Folder | Created Date = 2/3/2008 4:21:48 PM | Attr =	]
Adobe -> %LocalAppData%\Adobe ->  [Folder | Created Date = 1/26/2008 12:54:47 AM | Attr =	]
Apple -> %LocalAppData%\Apple ->  [Folder | Created Date = 1/25/2008 10:34:13 PM | Attr =	]
Apple Computer -> %LocalAppData%\Apple Computer ->  [Folder | Created Date = 1/25/2008 10:32:34 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 3584 bytes | Created Date = 1/25/2008 11:30:40 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 12328 bytes | Created Date = 1/25/2008 7:03:38 PM | Attr =	]
Google -> %LocalAppData%\Google ->  [Folder | Created Date = 1/26/2008 1:12:03 AM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 1575158 bytes | Created Date = 1/25/2008 7:04:18 PM | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Created Date = 1/25/2008 7:03:03 PM | Attr =	]
PowerDVD DX -> %LocalAppData%\PowerDVD DX ->  [Folder | Created Date = 1/25/2008 10:58:37 PM | Attr =	]
{3248F0A6-6813-11D6-A77B-00B0D0150060} -> %LocalAppData%\{3248F0A6-6813-11D6-A77B-00B0D0150060} ->  [Folder | Created Date = 1/25/2008 9:58:19 PM | Attr =	]
{64A3A4F2-B792-11D6-A78A-00B0D0160040} -> %LocalAppData%\{64A3A4F2-B792-11D6-A78A-00B0D0160040} ->  [Folder | Created Date = 2/3/2008 9:56:51 AM | Attr =	]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/25/2008 12:54:18 PM | Attr =  HS]
My Music -> %AllUsersDocuments%\My Music ->  [Folder | Created Date = 1/25/2008 6:54:41 PM | Attr = R  ]
My Pictures -> %AllUsersDocuments%\My Pictures ->  [Folder | Created Date = 1/25/2008 6:55:36 PM | Attr = R  ]
2001 Elantra GLS.doc -> %UserDocuments%\2001 Elantra GLS.doc ->  [Ver =  | Size = 24064 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Addresses.doc -> %UserDocuments%\Addresses.doc ->  [Ver =  | Size = 24576 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Advantage Number 7E488V0.doc -> %UserDocuments%\Advantage Number 7E488V0.doc ->  [Ver =  | Size = 24064 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Application.doc -> %UserDocuments%\Application.doc ->  [Ver =  | Size = 20480 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
xxxx's_Beard_RIP.pps -> %UserDocuments%\xxxx's_Beard_RIP.pps ->  [Ver =  | Size = 189952 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Braly - Resume.doc -> %UserDocuments%\Braly - Resume.doc ->  [Ver =  | Size = 49152 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
desktop.ini -> %UserDocuments%\desktop.ini ->  [Ver =  | Size = 80 bytes | Created Date = 1/25/2008 7:03:07 PM | Attr =  HS]
Direct TV Rebate Form.pdf -> %UserDocuments%\Direct TV Rebate Form.pdf ->  [Ver =  | Size = 78932 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Expenses -> %UserDocuments%\Expenses ->  [Folder | Created Date = 1/25/2008 11:27:16 PM | Attr =	]
Foundation phone numbers.doc -> %UserDocuments%\Foundation phone numbers.doc ->  [Ver =  | Size = 24064 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
George W Bush Docs -> %UserDocuments%\George W Bush Docs ->  [Folder | Created Date = 1/25/2008 11:27:16 PM | Attr =	]
H2 Song.doc -> %UserDocuments%\H2 Song.doc ->  [Ver =  | Size = 25088 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
How to Manage your own practice.doc -> %UserDocuments%\How to Manage your own practice.doc ->  [Ver =  | Size = 38400 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Life without regulation.doc -> %UserDocuments%\Life without regulation.doc ->  [Ver =  | Size = 26112 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Loans -> %UserDocuments%\Loans ->  [Folder | Created Date = 1/25/2008 11:27:43 PM | Attr =	]
My Data Sources -> %UserDocuments%\My Data Sources ->  [Folder | Created Date = 1/25/2008 11:27:43 PM | Attr =   S]
My eBooks -> %UserDocuments%\My eBooks ->  [Folder | Created Date = 1/25/2008 11:27:43 PM | Attr =	]
My Google Gadgets -> %UserDocuments%\My Google Gadgets ->  [Folder | Created Date = 1/25/2008 11:22:09 PM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Created Date = 1/25/2008 7:03:07 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Created Date = 1/25/2008 7:03:07 PM | Attr = R  ]
My PSP8 Files -> %UserDocuments%\My PSP8 Files ->  [Folder | Created Date = 1/25/2008 7:18:47 PM | Attr =	]
My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Created Date = 1/25/2008 11:26:30 PM | Attr =	]
My Videos -> %UserDocuments%\My Videos ->  [Folder | Created Date = 1/25/2008 10:58:18 PM | Attr = R  ]
Nebraska.doc -> %UserDocuments%\Nebraska.doc ->  [Ver =  | Size = 26112 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
New Lifters.doc -> %UserDocuments%\New Lifters.doc ->  [Ver =  | Size = 1927168 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Political -> %UserDocuments%\Political ->  [Folder | Created Date = 1/25/2008 11:26:36 PM | Attr =	]
Repair List.xls -> %UserDocuments%\Repair List.xls ->  [Ver =  | Size = 16384 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Saedra -> %UserDocuments%\Saedra ->  [Folder | Created Date = 1/25/2008 11:26:38 PM | Attr =	]
Saedra's Presentation.ppt -> %UserDocuments%\Saedra's Presentation.ppt ->  [Ver =  | Size = 9821184 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =	]
Taxes -> %UserDocuments%\Taxes ->  [Folder | Created Date = 1/25/2008 11:26:40 PM | Attr =	]
Temp -> %UserDocuments%\Temp ->  [Folder | Created Date = 1/25/2008 10:13:42 PM | Attr =	]
The Dirty List.doc -> %UserDocuments%\The Dirty List.doc ->  [Ver =  | Size = 62976 bytes | Created Date = 1/25/2008 11:27:16 PM | Attr =	]
Things for xmas.doc -> %UserDocuments%\Things for xmas.doc ->  [Ver =  | Size = 19968 bytes | Created Date = 1/25/2008 11:27:16 PM | Attr =	]
Townes Van Zandt Lyrics -> %UserDocuments%\Townes Van Zandt Lyrics ->  [Folder | Created Date = 1/25/2008 11:26:48 PM | Attr =	]
TV Owners Manual -> %UserDocuments%\TV Owners Manual ->  [Folder | Created Date = 1/25/2008 11:26:48 PM | Attr =	]
westlaw password.doc -> %UserDocuments%\westlaw password.doc ->  [Ver =  | Size = 28160 bytes | Created Date = 1/25/2008 11:27:16 PM | Attr =	]
~$esume2.doc -> %UserDocuments%\~$esume2.doc ->  [Ver =  | Size = 162 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =  H ]
~$ference number.doc -> %UserDocuments%\~$ference number.doc ->  [Ver =  | Size = 162 bytes | Created Date = 1/25/2008 11:27:15 PM | Attr =  H ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/26/2008 6:16:08 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/26/2008 6:16:07 PM | Attr =	]
Google Earth.lnk -> %AllUsersDesktop%\Google Earth.lnk ->  [Ver =  | Size = 1836 bytes | Created Date = 1/26/2008 1:04:01 AM | Attr =	]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk ->  [Ver =  | Size = 1804 bytes | Created Date = 1/25/2008 10:36:49 PM | Attr =	]
Rome - Total War.lnk -> %AllUsersDesktop%\Rome - Total War.lnk ->  [Ver =  | Size = 1848 bytes | Created Date = 2/1/2008 9:31:07 PM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 740 bytes | Created Date = 2/3/2008 2:15:04 PM | Attr =	]
UltimateBet.lnk -> %AllUsersDesktop%\UltimateBet.lnk ->  [Ver =  | Size = 1532 bytes | Created Date = 1/26/2008 6:11:16 PM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 2/3/2008 1:01:52 AM | Attr =	]
SmitfraudFix -> %UserDesktop%\SmitfraudFix ->  [Folder | Created Date = 2/3/2008 12:40:52 AM | Attr =	]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe ->  [Ver =  | Size = 1212360 bytes | Created Date = 2/3/2008 12:38:04 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
smitRem -> %UserDesktop%\smitRem ->  [Folder | Created Date = 2/3/2008 10:00:34 AM | Attr =	]
smitRem.exe -> %UserDesktop%\smitRem.exe ->  [Ver =  | Size = 383836 bytes | Created Date = 2/3/2008 9:53:55 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\smitRem.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2/8/2008 8:08:30 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478741 bytes | Created Date = 2/8/2008 8:08:15 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
.protected -> %AllUsersStartup%\.protected ->  [Ver =  | Size = 0 bytes | Created Date = 2/3/2008 4:20:51 PM | Attr =  H ]
desktop.ini -> %AllUsersStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 1/25/2008 12:54:18 PM | Attr =  HS]
.protected -> %UserStartup%\.protected ->  [Ver =  | Size = 0 bytes | Created Date = 2/3/2008 4:20:51 PM | Attr =  H ]
desktop.ini -> %UserStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 1/25/2008 7:03:04 PM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Created Date = 1/26/2008 12:54:36 AM | Attr =	]
Apple -> %CommonProgramFiles%\Apple ->  [Folder | Created Date = 1/25/2008 10:33:04 PM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Created Date = 1/25/2008 7:12:14 PM | Attr =	]
iS3 -> %CommonProgramFiles%\iS3 ->  [Folder | Created Date = 2/3/2008 11:15:18 AM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Created Date = 1/25/2008 10:17:26 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Created Date = 1/25/2008 12:54:41 PM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Created Date = 1/25/2008 6:56:10 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Created Date = 1/25/2008 12:54:44 PM | Attr =	]
Roxio Shared -> %CommonProgramFiles%\Roxio Shared ->  [Folder | Created Date = 1/25/2008 11:03:32 PM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Created Date = 1/25/2008 6:56:13 PM | Attr =	]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared ->  [Folder | Created Date = 1/25/2008 11:00:06 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Created Date = 1/25/2008 12:54:42 PM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Created Date = 1/25/2008 6:55:41 PM | Attr =	]
TiVo Shared -> %CommonProgramFiles%\TiVo Shared ->  [Folder | Created Date = 1/25/2008 11:03:39 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 1/26/2008 6:15:38 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
.protected -> %SystemDrive%\.protected ->  [Ver =  | Size = 0 bytes | Modified Date = 2/3/2008 4:20:51 PM | Attr =  H ]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 6:58:24 PM | Attr =	]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2/3/2008 10:21:48 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 1/26/2008 1:09:33 AM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/3/2008 2:15:07 PM | Attr =  HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 6:58:24 PM | Attr =	]
DELL -> %SystemDrive%\DELL ->  [Folder | Modified Date = 1/25/2008 7:13:39 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/3/2008 10:21:23 AM | Attr =	]
HJT -> %SystemDrive%\HJT ->  [Folder | Modified Date = 2/3/2008 1:15:59 PM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 6:58:24 PM | Attr = RHS]
KAV -> %SystemDrive%\KAV ->  [Folder | Modified Date = 2/3/2008 1:20:54 AM | Attr =	]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 6:58:24 PM | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/3/2008 4:21:31 PM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 1/25/2008 7:06:48 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/25/2008 7:01:49 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/8/2008 8:29:20 AM | Attr =	]
beep.sys -> %System32%\dllcache\beep.sys ->  [Ver =  | Size = 29184 bytes | Modified Date = 2/2/2008 11:08:36 PM | Attr =	]
1028_DELL_INS_5100.MRK -> %System32%\drivers\1028_DELL_INS_5100.MRK ->  [Ver =  | Size = 5 bytes | Modified Date = 1/25/2008 10:01:23 PM | Attr =	]
beep.sys -> %System32%\drivers\beep.sys ->  [Ver =  | Size = 29184 bytes | Modified Date = 2/2/2008 11:08:36 PM | Attr =	]
DELL_INS_5100.MRK -> %System32%\drivers\DELL_INS_5100.MRK ->  [Ver =  | Size = 5 bytes | Modified Date = 1/25/2008 10:01:23 PM | Attr =	]
disdn -> %System32%\drivers\disdn ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2/2/2008 11:11:24 PM | Attr =	]
.protected -> %System32%\drivers\etc\.protected ->  [Ver =  | Size = 0 bytes | Modified Date = 2/3/2008 4:20:54 PM | Attr =  H ]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 734 bytes | Modified Date = 2/3/2008 10:39:52 AM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Modified Date = 1/25/2008 7:00:54 PM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Modified Date = 1/25/2008 12:48:22 PM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
braviax.exe -> %System32%\braviax.exe ->  [Ver =  | Size = 11264 bytes | Modified Date = 2/3/2008 2:21:53 PM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1/25/2008 10:02:08 PM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/8/2008 6:02:17 PM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 6:57:04 PM | Attr = RH ]
Com -> %System32%\Com ->  [Folder | Modified Date = 1/25/2008 10:58:51 PM | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 1/25/2008 10:28:27 PM | Attr =	]
Config.MPF -> %System32%\Config.MPF ->  [Ver =  | Size = 9748 bytes | Modified Date = 2/8/2008 8:30:05 AM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 1/25/2008 6:58:24 PM | Attr =	]
cru629.dat -> %System32%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Modified Date = 2/6/2008 9:31:56 PM | Attr =	]
d3d9caps.dat -> %System32%\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 1/25/2008 10:58:40 PM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 1/25/2008 10:52:49 PM | Attr =	]
DLA -> %System32%\DLA ->  [Folder | Modified Date = 1/25/2008 11:13:28 PM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2/2/2008 11:09:36 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2/3/2008 1:46:41 PM | Attr =	]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Modified Date = 1/25/2008 10:33:54 PM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Modified Date = 1/25/2008 6:55:34 PM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 1/25/2008 10:29:13 PM | Attr =	]
export -> %System32%\export ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 105416 bytes | Modified Date = 1/25/2008 11:13:23 PM | Attr =	]
ias -> %System32%\ias ->  [Folder | Modified Date = 1/25/2008 6:57:51 PM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Modified Date = 1/25/2008 12:48:48 PM | Attr =	]
IME -> %System32%\IME ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/25/2008 6:57:10 PM | Attr = RH ]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 1/25/2008 6:56:06 PM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Modified Date = 1/25/2008 7:01:47 PM | Attr =   S]
MsDtc -> %System32%\MsDtc ->  [Folder | Modified Date = 1/25/2008 6:55:12 PM | Attr =	]
mui -> %System32%\mui ->  [Folder | Modified Date = 1/25/2008 11:06:38 PM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 6:57:04 PM | Attr = RH ]
nod32se.exe -> %System32%\nod32se.exe ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/7/2008 10:11:41 PM | Attr =	]
npp -> %System32%\npp ->  [Folder | Modified Date = 1/25/2008 12:52:21 PM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 6:57:04 PM | Attr = RH ]
oobe -> %System32%\oobe ->  [Folder | Modified Date = 1/25/2008 6:56:32 PM | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 58998 bytes | Modified Date = 2/8/2008 8:33:38 AM | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 392864 bytes | Modified Date = 2/8/2008 8:33:38 AM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 458522 bytes | Modified Date = 2/8/2008 8:33:38 AM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Modified Date = 1/25/2008 9:52:36 PM | Attr =	]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 1/10/2008 3:27:44 PM | Attr =	]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 1/10/2008 3:27:46 PM | Attr =	]
ras -> %System32%\ras ->  [Folder | Modified Date = 1/25/2008 12:49:13 PM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 1/25/2008 9:38:58 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 2/3/2008 10:54:21 AM | Attr =	]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 6:57:04 PM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Modified Date = 1/25/2008 12:52:51 PM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Modified Date = 1/25/2008 9:48:33 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Modified Date = 1/25/2008 6:53:19 PM | Attr =	]
suspend.bin -> %System32%\suspend.bin ->  [Ver =  | Size = 80 bytes | Modified Date = 2/7/2008 10:11:44 PM | Attr =	]
suspend.exe -> %System32%\suspend.exe ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/7/2008 10:11:44 PM | Attr =	]
Thumbs.db -> %System32%\Thumbs.db ->  [Ver =  | Size = 5120 bytes | Modified Date = 2/3/2008 11:04:53 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 3240 bytes | Modified Date = 2/3/2008 10:39:55 AM | Attr =	]
users32.dat -> %System32%\users32.dat ->  [Ver =  | Size = 6656 bytes | Modified Date = 2/8/2008 8:29:23 AM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 1/25/2008 12:52:45 PM | Attr =	]
vmm32 -> %System32%\vmm32 ->  [Folder | Modified Date = 1/25/2008 9:57:28 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 1/25/2008 6:58:53 PM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/25/2008 6:57:10 PM | Attr = RH ]
winivstr.exe -> %System32%\winivstr.exe ->  [Ver =  | Size = 160568 bytes | Modified Date = 2/3/2008 4:20:10 PM | Attr =	]
wins -> %System32%\wins ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/2/2008 11:18:20 PM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 6:57:04 PM | Attr = RH ]
xircom -> %System32%\xircom ->  [Folder | Modified Date = 1/25/2008 6:58:53 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/26/2008 6:16:45 PM | Attr =  H ]
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 1/25/2008 9:53:03 PM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 1/25/2008 10:26:39 PM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 1/25/2008 10:26:27 PM | Attr =  H ]
.protected -> %SystemRoot%\.protected ->  [Ver =  | Size = 0 bytes | Modified Date = 2/3/2008 4:20:54 PM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 1/25/2008 12:52:39 PM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 1/26/2008 11:05:16 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/8/2008 8:29:13 AM | Attr =   S]
braviax.exe -> %SystemRoot%\braviax.exe ->  [Ver =  | Size = 11264 bytes | Modified Date = 2/7/2008 7:59:35 AM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 6:58:24 PM | Attr =	]
cru629.dat -> %SystemRoot%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Modified Date = 2/6/2008 9:31:56 PM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 1/25/2008 6:54:30 PM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/3/2008 1:52:06 AM | Attr =	]
dell -> %SystemRoot%\dell ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/25/2008 11:06:01 PM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 1/25/2008 11:03:47 PM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/25/2008 10:39:27 PM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 1/25/2008 10:27:59 PM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 1/25/2008 10:29:01 PM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 1/25/2008 6:58:53 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/2/2008 11:19:57 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/3/2008 2:15:07 PM | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 1/25/2008 10:28:13 PM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 1/26/2008 11:04:15 AM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2/3/2008 1:52:06 AM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 1/25/2008 11:13:20 PM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
msdownld.tmp -> %SystemRoot%\msdownld.tmp ->  [Folder | Modified Date = 1/25/2008 10:52:24 PM | Attr =  H ]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 1/25/2008 10:24:46 PM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Modified Date = 1/25/2008 6:58:05 PM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 1/25/2008 6:57:10 PM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Modified Date = 2/2/2008 11:19:57 PM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 1/25/2008 12:52:30 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/8/2008 8:09:05 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 1/26/2008 12:36:15 AM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 1/25/2008 10:37:21 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/8/2008 8:29:25 AM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 1/25/2008 6:58:02 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 1/25/2008 7:01:35 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 1/25/2008 6:58:52 PM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 1/25/2008 12:47:25 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 1/25/2008 7:04:21 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 1/25/2008 10:11:48 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 1/25/2008 6:56:46 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 2/2/2008 11:08:23 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 1/25/2008 12:54:30 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 1/26/2008 1:09:33 AM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2/8/2008 8:33:38 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/26/2008 1:08:41 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/8/2008 8:07:34 PM | Attr =	]
Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 7168 bytes | Modified Date = 2/3/2008 11:04:55 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 1/25/2008 12:49:38 PM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Modified Date = 1/25/2008 6:55:20 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Modified Date = 1/25/2008 6:55:20 PM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 1/25/2008 10:28:22 PM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 2/3/2008 11:04:54 AM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 477 bytes | Modified Date = 1/26/2008 1:09:33 AM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 6:57:04 PM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 175 bytes | Modified Date = 1/25/2008 11:06:19 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2/3/2008 1:46:53 PM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 2/1/2008 9:17:17 PM | Attr =	]
AdwareAlert Scheduled Scan.job -> %SystemRoot%\tasks\AdwareAlert Scheduled Scan.job ->  [Ver =  | Size = 504 bytes | Modified Date = 2/6/2008 3:00:00 AM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 348 bytes | Modified Date = 1/25/2008 10:17:44 PM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 340 bytes | Modified Date = 1/25/2008 10:17:43 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/8/2008 8:29:18 AM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 15026 bytes | Modified Date = 2/8/2008 8:30:08 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 15026 bytes | Modified Date = 2/8/2008 8:30:08 AM | Attr =	]
Perflib_Perfdata_2e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2e4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/8/2008 9:01:23 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Modified Date = 1/26/2008 1:03:18 AM | Attr =	]
Apple -> %AllUsersAppData%\Apple ->  [Folder | Modified Date = 1/25/2008 10:33:03 PM | Attr =	]
Apple Computer -> %AllUsersAppData%\Apple Computer ->  [Folder | Modified Date = 1/25/2008 10:36:15 PM | Attr =	]
Dell -> %AllUsersAppData%\Dell ->  [Folder | Modified Date = 1/25/2008 10:58:37 PM | Attr =	]
desktop.ini -> %AllUsersAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/25/2008 12:54:18 PM | Attr =  HS]
Google -> %AllUsersAppData%\Google ->  [Folder | Modified Date = 1/26/2008 1:04:32 AM | Attr =	]
Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Modified Date = 2/3/2008 9:58:13 AM | Attr =	]
InstallShield -> %AllUsersAppData%\InstallShield ->  [Folder | Modified Date = 1/25/2008 11:06:04 PM | Attr =	]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Modified Date = 2/8/2008 8:29:28 AM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/26/2008 6:17:07 PM | Attr =	]
McAfee -> %AllUsersAppData%\McAfee ->  [Folder | Modified Date = 1/25/2008 10:39:41 PM | Attr =	]
McAfee.com -> %AllUsersAppData%\McAfee.com ->  [Folder | Modified Date = 1/25/2008 10:39:45 PM | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Modified Date = 2/2/2008 11:41:37 PM | Attr =   S]
SiteAdvisor -> %AllUsersAppData%\SiteAdvisor ->  [Folder | Modified Date = 1/25/2008 10:20:23 PM | Attr =	]
SITEguard -> %AllUsersAppData%\SITEguard ->  [Folder | Modified Date = 2/3/2008 12:26:45 PM | Attr =	]
Sonic -> %AllUsersAppData%\Sonic ->  [Folder | Modified Date = 1/25/2008 11:04:57 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/3/2008 2:01:13 PM | Attr =	]
STOPzilla! -> %AllUsersAppData%\STOPzilla! ->  [Folder | Modified Date = 2/3/2008 1:46:41 PM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/3/2008 2:15:43 PM | Attr =	]
Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage ->  [Folder | Modified Date = 1/25/2008 10:14:01 PM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 1/26/2008 1:05:04 AM | Attr =	]
AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Modified Date = 1/26/2008 12:54:48 AM | Attr =	]
AdwareAlert -> %UserAppData%\AdwareAlert ->  [Folder | Modified Date = 1/26/2008 10:27:29 AM | Attr =	]
Apple Computer -> %UserAppData%\Apple Computer ->  [Folder | Modified Date = 1/25/2008 10:37:09 PM | Attr =	]
desktop.ini -> %UserAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/25/2008 12:54:18 PM | Attr =  HS]
Google -> %UserAppData%\Google ->  [Folder | Modified Date = 1/26/2008 1:15:13 AM | Attr =	]
Identities -> %UserAppData%\Identities ->  [Folder | Modified Date = 1/25/2008 7:03:12 PM | Attr =	]
Jasc Software Inc -> %UserAppData%\Jasc Software Inc ->  [Folder | Modified Date = 1/25/2008 7:18:47 PM | Attr =	]
Macromedia -> %UserAppData%\Macromedia ->  [Folder | Modified Date = 1/25/2008 11:17:33 PM | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 1/25/2008 10:24:46 PM | Attr =   S]
SiteAdvisor -> %UserAppData%\SiteAdvisor ->  [Folder | Modified Date = 1/26/2008 11:58:34 PM | Attr =	]
Sun -> %UserAppData%\Sun ->  [Folder | Modified Date = 2/2/2008 11:08:22 PM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/3/2008 2:15:03 PM | Attr =	]
Ultimate Defender -> %UserAppData%\Ultimate Defender ->  [Folder | Modified Date = 2/3/2008 4:20:45 PM | Attr =	]
Uniblue -> %UserAppData%\Uniblue ->  [Folder | Modified Date = 2/3/2008 12:25:58 AM | Attr =	]
WinPatrol -> %UserAppData%\WinPatrol ->  [Folder | Modified Date = 2/3/2008 4:21:48 PM | Attr =	]
Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 2/6/2008 9:42:05 PM | Attr =	]
Apple -> %LocalAppData%\Apple ->  [Folder | Modified Date = 1/25/2008 10:34:13 PM | Attr =	]
Apple Computer -> %LocalAppData%\Apple Computer ->  [Folder | Modified Date = 1/25/2008 10:37:09 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 3584 bytes | Modified Date = 2/3/2008 11:04:55 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 12328 bytes | Modified Date = 1/25/2008 7:03:38 PM | Attr =	]
Google -> %LocalAppData%\Google ->  [Folder | Modified Date = 1/26/2008 1:15:13 AM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 1575158 bytes | Modified Date = 2/7/2008 10:37:18 PM | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2/3/2008 2:03:15 PM | Attr =	]
PowerDVD DX -> %LocalAppData%\PowerDVD DX ->  [Folder | Modified Date = 1/25/2008 10:58:37 PM | Attr =	]
{3248F0A6-6813-11D6-A77B-00B0D0150060} -> %LocalAppData%\{3248F0A6-6813-11D6-A77B-00B0D0150060} ->  [Folder | Modified Date = 1/25/2008 9:58:19 PM | Attr =	]
{64A3A4F2-B792-11D6-A78A-00B0D0160040} -> %LocalAppData%\{64A3A4F2-B792-11D6-A78A-00B0D0160040} ->  [Folder | Modified Date = 2/3/2008 9:56:57 AM | Attr =	]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/25/2008 12:54:18 PM | Attr =  HS]
My Music -> %AllUsersDocuments%\My Music ->  [Folder | Modified Date = 1/25/2008 6:56:21 PM | Attr = R  ]
My Pictures -> %AllUsersDocuments%\My Pictures ->  [Folder | Modified Date = 1/25/2008 6:56:21 PM | Attr = R  ]
desktop.ini -> %UserDocuments%\desktop.ini ->  [Ver =  | Size = 80 bytes | Modified Date = 1/25/2008 10:39:36 PM | Attr =  HS]
Expenses -> %UserDocuments%\Expenses ->  [Folder | Modified Date = 1/25/2008 11:27:16 PM | Attr =	]
George W Bush Docs -> %UserDocuments%\George W Bush Docs ->  [Folder | Modified Date = 1/25/2008 11:27:17 PM | Attr =	]
Loans -> %UserDocuments%\Loans ->  [Folder | Modified Date = 1/25/2008 11:27:43 PM | Attr =	]
My Data Sources -> %UserDocuments%\My Data Sources ->  [Folder | Modified Date = 1/25/2008 11:27:43 PM | Attr =   S]
My eBooks -> %UserDocuments%\My eBooks ->  [Folder | Modified Date = 1/25/2008 11:27:43 PM | Attr =	]
My Google Gadgets -> %UserDocuments%\My Google Gadgets ->  [Folder | Modified Date = 1/25/2008 11:22:09 PM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/25/2008 11:17:13 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/25/2008 11:42:36 PM | Attr = R  ]
My PSP8 Files -> %UserDocuments%\My PSP8 Files ->  [Folder | Modified Date = 1/25/2008 7:18:47 PM | Attr =	]
My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Modified Date = 1/25/2008 11:26:30 PM | Attr =	]
My Videos -> %UserDocuments%\My Videos ->  [Folder | Modified Date = 1/25/2008 11:30:39 PM | Attr = R  ]
Political -> %UserDocuments%\Political ->  [Folder | Modified Date = 1/25/2008 11:26:38 PM | Attr =	]
Saedra -> %UserDocuments%\Saedra ->  [Folder | Modified Date = 1/25/2008 11:26:39 PM | Attr =	]
Taxes -> %UserDocuments%\Taxes ->  [Folder | Modified Date = 1/25/2008 11:26:40 PM | Attr =	]
Temp -> %UserDocuments%\Temp ->  [Folder | Modified Date = 2/3/2008 4:19:45 PM | Attr =	]
Townes Van Zandt Lyrics -> %UserDocuments%\Townes Van Zandt Lyrics ->  [Folder | Modified Date = 1/25/2008 11:26:48 PM | Attr =	]
TV Owners Manual -> %UserDocuments%\TV Owners Manual ->  [Folder | Modified Date = 1/25/2008 11:26:48 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/26/2008 6:16:08 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/26/2008 6:16:07 PM | Attr =	]
Google Earth.lnk -> %AllUsersDesktop%\Google Earth.lnk ->  [Ver =  | Size = 1836 bytes | Modified Date = 1/26/2008 1:04:01 AM | Attr =	]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk ->  [Ver =  | Size = 1804 bytes | Modified Date = 1/25/2008 10:36:49 PM | Attr =	]
Rome - Total War.lnk -> %AllUsersDesktop%\Rome - Total War.lnk ->  [Ver =  | Size = 1848 bytes | Modified Date = 2/1/2008 9:31:07 PM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 740 bytes | Modified Date = 2/3/2008 2:22:42 PM | Attr =	]
UltimateBet.lnk -> %AllUsersDesktop%\UltimateBet.lnk ->  [Ver =  | Size = 1532 bytes | Modified Date = 1/26/2008 6:11:16 PM | Attr =	]
avenger.exe -> %UserDesktop%\avenger.exe ->  [Ver =  | Size = 130048 bytes | Modified Date = 2/3/2008 10:17:18 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avenger.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/3/2008 9:35:14 AM | Attr =	]
SmitfraudFix -> %UserDesktop%\SmitfraudFix ->  [Folder | Modified Date = 2/3/2008 10:41:13 AM | Attr =	]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe ->  [Ver =  | Size = 1212360 bytes | Modified Date = 2/3/2008 10:35:45 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
smitRem -> %UserDesktop%\smitRem ->  [Folder | Modified Date = 2/3/2008 10:03:50 AM | Attr =	]
smitRem.exe -> %UserDesktop%\smitRem.exe ->  [Ver =  | Size = 383836 bytes | Modified Date = 2/3/2008 9:54:01 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\smitRem.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/8/2008 8:08:30 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478741 bytes | Modified Date = 2/8/2008 8:08:24 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
.protected -> %AllUsersStartup%\.protected ->  [Ver =  | Size = 0 bytes | Modified Date = 2/3/2008 4:20:51 PM | Attr =  H ]
desktop.ini -> %AllUsersStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 1/25/2008 6:58:30 PM | Attr =  HS]
.protected -> %UserStartup%\.protected ->  [Ver =  | Size = 0 bytes | Modified Date = 2/3/2008 4:20:51 PM | Attr =  H ]
desktop.ini -> %UserStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 1/25/2008 6:58:30 PM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 1/26/2008 1:02:48 AM | Attr =	]
Apple -> %CommonProgramFiles%\Apple ->  [Folder | Modified Date = 1/25/2008 10:33:04 PM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 1/25/2008 11:06:00 PM | Attr =	]
iS3 -> %CommonProgramFiles%\iS3 ->  [Folder | Modified Date = 2/3/2008 11:15:18 AM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Modified Date = 1/26/2008 10:43:26 AM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 1/25/2008 7:03:18 PM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Modified Date = 1/25/2008 6:56:10 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Modified Date = 1/25/2008 12:54:44 PM | Attr =	]
Roxio Shared -> %CommonProgramFiles%\Roxio Shared ->  [Folder | Modified Date = 1/25/2008 11:03:55 PM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Modified Date = 1/25/2008 6:56:13 PM | Attr =	]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared ->  [Folder | Modified Date = 1/25/2008 11:01:35 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Modified Date = 1/25/2008 12:54:42 PM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 1/25/2008 10:59:19 PM | Attr =	]
TiVo Shared -> %CommonProgramFiles%\TiVo Shared ->  [Folder | Modified Date = 1/25/2008 11:03:39 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/3/2008 2:14:52 PM | Attr =	]

< End of report >

Edited by OldTimer, 04 June 2008 - 11:35 PM.


#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:36 AM

Posted 09 February 2008 - 12:58 AM

Hi Holy Moses. Let's try the easy way first.

First, we need to disable a couple of programs so they do not block the fixes.

To disable WinPatrol do this:
  • Right click the running icon of Winpatrol, and choose exit.
To disable TeaTimer do this:
  • Start Spybot-S&D.
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools and then click on Resident.
  • Uncheck Resident TeaTimer and choose OK for any further prompts.
  • Restart your computer.
Now follow the steps below in order:

Step #1
  • Update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> braviax -> %System32%\braviax.exe
YN -> Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YN ->  -> %AllUsersStartup%\.pro
< xxxx Startup Folder > -> C:\Documents and Settings\xxxx\Start Menu\Programs\Startup
YN ->  -> %UserStartup%\.pro
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> cru629.datts and Set -> %SystemRoot%\cru629.dat
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value  does not exist or could not be read.]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value  does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> .protected -> %SystemDrive%\.protected
NY -> .protected -> %System32%\drivers\etc\.protected
NY -> braviax.exe -> %System32%\braviax.exe
NY -> cru629.dat -> %System32%\cru629.dat
NY -> winivstr.exe -> %System32%\winivstr.exe
NY -> .protected -> %SystemRoot%\.protected
NY -> braviax.exe -> %SystemRoot%\braviax.exe
NY -> cru629.dat -> %SystemRoot%\cru629.dat
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> .protected -> %UserStartup%\.protected
[Files/Folders - Modified Within 30 days]
NY -> beep.sys -> %System32%\dllcache\beep.sys
NY -> beep.sys -> %System32%\drivers\beep.sys
NY -> .protected -> %System32%\drivers\etc\.protected
NY -> braviax.exe -> %System32%\braviax.exe
NY -> cru629.dat -> %System32%\cru629.dat
NY -> .protected -> %SystemRoot%\.protected
NY -> braviax.exe -> %SystemRoot%\braviax.exe
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> .protected -> %AllUsersStartup%\.protected
NY -> .protected -> %UserStartup%\.protected
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report with the same options as before.
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

Edited by OldTimer, 04 June 2008 - 11:39 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 09 February 2008 - 10:11 AM

I followed the steps, but every time I get to where I run the script, I get a blue screen o'death telling me there was an error with my beep.sys file. I've tried twice, the procedure of it makes sense, but my computer barfs on me at the critical time. :thumbsup:

#8 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 09 February 2008 - 10:26 AM

The error the blue screen gives is

driver_unloaded_without_cancelling_pending_operation

or something like that.

It's referencing the beep.sys file.

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:36 AM

Posted 09 February 2008 - 12:09 PM

Hi Holy Moses. Try running the fix in Safe Mode.

To start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
See if that helps. The service should not be loaded at that time.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 09 February 2008 - 01:34 PM

Hi Holy Moses. Try running the fix in Safe Mode.

To start in Safe Mode Using the F8 method:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
See if that helps. The service should not be loaded at that time.

Cheers.

OT




Blue Death Screen -- "Page_Fault_in_Nonpaged_area"

:thumbsup:

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:36 AM

Posted 09 February 2008 - 02:40 PM

Hi Holy Moses. Try this:

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Now we will need to manually disable the driver. Please do the following:
  • Click Start, click Run, type Services.msc, and then click Ok.
  • Locate the beep service and right click it and then click the Properties option.
  • On the properties tab, in the Service Status area click teh Stop button.
  • In the Startup section select Disable from the drop-down list.
  • Click the Apply and then the Ok button.
  • If you are prompted to reboot go ahead and reboot normally. Otherwise manually reboot normally.
Try running the fix again.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 09 February 2008 - 04:23 PM

Hi Holy Moses. Try this:

Start in Safe Mode Using the F8 method:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Now we will need to manually disable the driver. Please do the following:[list]
[*]Click Start, click Run, type Services.msc, and then click Ok.
[*]Locate the beep service and right click it and then click the Properties option.


OK -- well maybe I wasn't clear about the most recent blue screen error. It didn't mention the Beep.sys file. I followed your instructions here, and beep.sys was not running, so I guess running in safe mode is not enabling it like I believe you intended.

This is frustrating because I really feel like we're close to having this one licked. What's happening is that I'll run the script, it'll run, and then a few seconds later I get the blue screen with the error that says

Page_Fault_in_Nonpaged_area

I got no idea on that one.

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:36 AM

Posted 09 February 2008 - 04:48 PM

Hi Holy Moses. Look in the c:\windows]system32\drivers folder and see if the file beep.sys is there. If so, it should only be about 4k for the legitimate version. If it's 29k then it is the infected version and we'll need something else to remove it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 09 February 2008 - 08:07 PM

Hi Holy Moses. Look in the c:\windows]system32\drivers folder and see if the file beep.sys is there. If so, it should only be about 4k for the legitimate version. If it's 29k then it is the infected version and we'll need something else to remove it.

Cheers.

OT



No beep.sys file at all. Wait a second...... You know what? My McAfee just told me that it removed a trojan and the red circle with the white X is now gone. I'm gonna cross my fingers and hope this worked out, but we might be clear. Lemme check some stuff and I'll post back if we're still suckin.

Thanks

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:36 AM

Posted 09 February 2008 - 10:26 PM

Hi Holy Moses. Let me know. You can also post back a new WinPFind35 log with the original options I gave you and I can take a look thorugh it to see if any or the registry entries or files are left.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users