Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Also Infilitrated Red Circle / White X / Ultimate Defender


  • Please log in to reply
13 replies to this topic

#1 goimop

goimop

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 09 February 2008 - 05:07 PM

I want to post my hijack this log but I cannot get the program to run.

I followed these instructions to create this log:
-------------------------------
# Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
# In the Drivers section click on Non-Microsoft.
# Under Additional Scans click the checkboxes in front of the following items to select them:

Reg - BotCheck
File - Additional Folder Scans

# Do not change any other settings.
# Now click the Run Scan button on the toolbar.
# Let it run unhindered until it finishes.
# When the scan is complete Notepad will open with the report file loaded in it.
# Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
---------------------------------

WinPFind35 logfile created on: 2/9/2008 5:05:47 PM
WinPFind35U Version Beta47	 Folder = C:\Documents and Settings\blake\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
 
2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 66.99% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 55.29 Gb Free Space | 59.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: BCOMPUTER
Current User Name: blake
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr =	]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr =	]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr =	]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr =	]
stsystra.exe -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.5515.0  nd596 cp1 | Size = 405504 bytes | Modified Date = 5/10/2007 10:22:32 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr =	]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.0.2007051000 | Size = 624248 bytes | Modified Date = 5/10/2007 10:46:20 PM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 1/15/2008 12:21:02 AM | Attr =	]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr =	]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 12/7/2007 3:08:02 PM | Attr = R  ]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr =	]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr =	]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 8:55:24 AM | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 155716 bytes | Modified Date = 11/17/2007 3:03:00 AM | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 1.5.0.32 | Size = 2051016 bytes | Modified Date = 12/7/2007 3:08:02 PM | Attr = R  ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =	]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/27/2008 3:13:31 PM | Attr =	]
mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 250968 bytes | Modified Date = 1/5/2007 4:22:00 PM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/8/2008 9:16:26 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 2/8/2008 5:12:16 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(0115581202591561mcinstcleanup) McAfee Application Installer Cleanup (0115581202591561) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\011558~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -> File not found
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,214,0 | Size = 341328 bytes | Modified Date = 10/5/2007 5:33:26 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/27/2008 3:13:31 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 8:40:21 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =	]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr =	]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 4:22:18 PM | Attr =	]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr =	]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr =	]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr =	]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr =	]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr =	]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Stopped] ->  -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr =	]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 8:55:24 AM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 155716 bytes | Modified Date = 11/17/2007 3:03:00 AM | Attr =	]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 9.0.0.93 | Size = 88824 bytes | Modified Date = 4/22/2007 8:29:34 PM | Attr =	]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.1.1.53 | Size = 359160 bytes | Modified Date = 4/22/2007 8:29:32 PM | Attr =	]
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> Sonic Solutions [Ver = 9.1.1.55 | Size = 310008 bytes | Modified Date = 4/23/2007 11:43:54 AM | Attr =	]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.1.1.55 | Size = 1010424 bytes | Modified Date = 4/23/2007 11:43:46 AM | Attr =	]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.1.1.55 | Size = 166648 bytes | Modified Date = 4/23/2007 11:43:54 AM | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.100.15.5 | Size = 604928 bytes | Modified Date = 3/16/2007 9:10:46 PM | Attr =	]
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys ->  [Ver =  | Size = 29184 bytes | Modified Date = 2/7/2008 4:44:42 PM | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 5:45:54 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Modified Date = 6/25/2007 2:54:44 PM | Attr =	]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 34184 bytes | Modified Date = 6/25/2007 10:57:10 AM | Attr =	]
(mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 171240 bytes | Modified Date = 6/25/2007 10:57:20 AM | Attr =	]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 32008 bytes | Modified Date = 6/25/2007 10:57:24 AM | Attr =	]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 37480 bytes | Modified Date = 6/25/2007 10:57:28 AM | Attr =	]
(MPFP) MPFP [Kernel | System | Running] -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Modified Date = 3/2/2007 2:16:52 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 6864064 bytes | Modified Date = 11/17/2007 3:03:00 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/23/2007 3:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RimUsb) BlackBerry Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\RimUsb.sys -> Research In Motion Limited [Ver = 3.1.0.1 | Size = 22272 bytes | Modified Date = 11/7/2006 7:02:04 PM | Attr =	]
(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> %System32%\drivers\RimSerial.sys -> Research in Motion Ltd [Ver = 2.1.0.4 | Size = 26496 bytes | Modified Date = 1/18/2007 10:24:58 AM | Attr = R  ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.5515.0  nd596 cp1 | Size = 1222840 bytes | Modified Date = 5/10/2007 10:24:34 AM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.0.2007051000 | Size = 624248 bytes | Modified Date = 5/10/2007 10:46:20 PM | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr =	]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 8495104 bytes | Modified Date = 11/17/2007 3:03:00 AM | Attr =	]
NVHotkey -> %System32%\nvhotkey.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 86016 bytes | Modified Date = 11/17/2007 3:03:00 AM | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 81920 bytes | Modified Date = 11/17/2007 3:03:00 AM | Attr =	]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1626112 bytes | Modified Date = 11/17/2007 3:03:00 AM | Attr =	]
SigmatelSysTrayApp -> C-Major Audio\WDM\stsystra.exe -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 1/15/2008 12:21:02 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 12/7/2007 3:08:02 PM | Attr = R  ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< blake Startup Folder > -> C:\Documents and Settings\blake\Start Menu\Programs\Startup -> 
%UserStartup%\Desktop Manager.lnk -> %ProgramFiles%\Research In Motion\BlackBerry\DesktopMgr.exe -> Research In Motion Limited [Ver = 4.2.2.14 (Release build by absadmin) | Size = 1283608 bytes | Modified Date = 10/2/2007 1:16:42 PM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
cru629.datTS AND SET -> %SystemRoot%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Modified Date = 2/9/2008 4:22:09 PM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{51F6D44C-DF73-45C3-861C-E04949E5EB8A} ->	(Dell Wireless 1390 WLAN Mini-Card) -> 
{A62022B8-6DB7-45DB-B6D0-E50E3EA15268} ->	() -> 
{C7ACF7B2-4462-465A-B0CA-51E48E37D46A} ->	(1394 Net Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 12/7/2007 3:08:02 PM | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 812 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 3024 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 10/27/2006 3:16:48 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/27/2006 3:37:44 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/27/2006 3:03:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 2:17:27 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 1/15/2008 3:22:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 12/7/2007 3:08:02 PM | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
.protected -> %SystemDrive%\.protected ->  [Ver =  | Size = 0 bytes | Created Date = 2/9/2008 3:47:29 PM | Attr =  H ]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Created Date = 1/14/2008 9:05:04 PM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Created Date = 1/14/2008 12:52:04 PM | Attr =  HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/14/2008 9:05:04 PM | Attr =	]
Dell -> %SystemDrive%\Dell ->  [Folder | Created Date = 1/14/2008 9:16:10 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Created Date = 1/14/2008 12:52:59 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145574912 bytes | Created Date = 2/9/2008 4:04:14 PM | Attr =  HS]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/14/2008 9:05:04 PM | Attr = RHS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 455 bytes | Created Date = 1/14/2008 8:56:09 PM | Attr =  H ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/14/2008 9:05:04 PM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Created Date = 1/14/2008 8:24:44 PM | Attr = RH ]
Program Files -> %ProgramFiles% ->  [Folder | Created Date = 1/14/2008 12:54:46 PM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 1/14/2008 8:28:58 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 1/14/2008 12:52:59 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
big5.nls -> %System32%\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 1/14/2008 9:05:56 PM | Attr =	]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 1/14/2008 9:05:56 PM | Attr =	]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 1/14/2008 9:06:02 PM | Attr =	]
chtskf.dll -> %System32%\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 1/14/2008 9:06:06 PM | Attr =	]
c_10001.nls -> %System32%\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 1/14/2008 9:05:57 PM | Attr =	]
c_10002.nls -> %System32%\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 1/14/2008 9:05:57 PM | Attr =	]
c_10003.nls -> %System32%\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/14/2008 9:05:57 PM | Attr =	]
c_10004.nls -> %System32%\dllcache\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:57 PM | Attr =	]
c_10005.nls -> %System32%\dllcache\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:57 PM | Attr =	]
c_10006.nls -> %System32%\dllcache\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
c_10007.nls -> %System32%\dllcache\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:39 PM | Attr =	]
c_10008.nls -> %System32%\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/14/2008 9:05:57 PM | Attr =	]
c_10010.nls -> %System32%\dllcache\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:31 PM | Attr =	]
c_10017.nls -> %System32%\dllcache\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:39 PM | Attr =	]
c_10021.nls -> %System32%\dllcache\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:57 PM | Attr =	]
c_10029.nls -> %System32%\dllcache\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:31 PM | Attr =	]
c_10081.nls -> %System32%\dllcache\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:42 PM | Attr =	]
c_10082.nls -> %System32%\dllcache\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:31 PM | Attr =	]
c_1047.nls -> %System32%\dllcache\c_1047.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:57 PM | Attr =	]
c_1140.nls -> %System32%\dllcache\c_1140.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:57 PM | Attr =	]
c_1141.nls -> %System32%\dllcache\c_1141.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_1142.nls -> %System32%\dllcache\c_1142.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_1143.nls -> %System32%\dllcache\c_1143.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_1144.nls -> %System32%\dllcache\c_1144.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_1145.nls -> %System32%\dllcache\c_1145.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_1146.nls -> %System32%\dllcache\c_1146.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_1147.nls -> %System32%\dllcache\c_1147.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_1148.nls -> %System32%\dllcache\c_1148.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_1149.nls -> %System32%\dllcache\c_1149.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_1361.nls -> %System32%\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_20000.nls -> %System32%\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/14/2008 9:05:58 PM | Attr =	]
c_20001.nls -> %System32%\dllcache\c_20001.nls ->  [Ver =  | Size = 186402 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20002.nls -> %System32%\dllcache\c_20002.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20003.nls -> %System32%\dllcache\c_20003.nls ->  [Ver =  | Size = 185378 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20004.nls -> %System32%\dllcache\c_20004.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20005.nls -> %System32%\dllcache\c_20005.nls ->  [Ver =  | Size = 187938 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20105.nls -> %System32%\dllcache\c_20105.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20106.nls -> %System32%\dllcache\c_20106.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20107.nls -> %System32%\dllcache\c_20107.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20108.nls -> %System32%\dllcache\c_20108.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20127.nls -> %System32%\dllcache\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:29 PM | Attr =	]
c_20269.nls -> %System32%\dllcache\c_20269.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:05:59 PM | Attr =	]
c_20273.nls -> %System32%\dllcache\c_20273.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20277.nls -> %System32%\dllcache\c_20277.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20278.nls -> %System32%\dllcache\c_20278.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20280.nls -> %System32%\dllcache\c_20280.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20284.nls -> %System32%\dllcache\c_20284.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20285.nls -> %System32%\dllcache\c_20285.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20290.nls -> %System32%\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20297.nls -> %System32%\dllcache\c_20297.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20420.nls -> %System32%\dllcache\c_20420.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20423.nls -> %System32%\dllcache\c_20423.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20424.nls -> %System32%\dllcache\c_20424.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20833.nls -> %System32%\dllcache\c_20833.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20838.nls -> %System32%\dllcache\c_20838.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20871.nls -> %System32%\dllcache\c_20871.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20880.nls -> %System32%\dllcache\c_20880.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20924.nls -> %System32%\dllcache\c_20924.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:00 PM | Attr =	]
c_20932.nls -> %System32%\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 1/14/2008 9:06:01 PM | Attr =	]
c_20936.nls -> %System32%\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/14/2008 9:06:01 PM | Attr =	]
c_20949.nls -> %System32%\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/14/2008 9:06:01 PM | Attr =	]
c_21025.nls -> %System32%\dllcache\c_21025.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:01 PM | Attr =	]
c_21027.nls -> %System32%\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:01 PM | Attr =	]
c_28594.nls -> %System32%\dllcache\c_28594.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:34 PM | Attr =	]
c_28595.nls -> %System32%\dllcache\c_28595.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:39 PM | Attr =	]
c_28596.nls -> %System32%\dllcache\c_28596.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:01 PM | Attr =	]
c_28597.nls -> %System32%\dllcache\c_28597.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
c_28599.nls -> %System32%\dllcache\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:42 PM | Attr =	]
c_28603.nls -> %System32%\dllcache\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:45 PM | Attr =	]
c_708.nls -> %System32%\dllcache\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:01 PM | Attr =	]
c_720.nls -> %System32%\dllcache\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 9:06:01 PM | Attr =	]
c_737.nls -> %System32%\dllcache\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
c_852.nls -> %System32%\dllcache\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:31 PM | Attr =	]
c_855.nls -> %System32%\dllcache\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:34 PM | Attr =	]
c_857.nls -> %System32%\dllcache\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:42 PM | Attr =	]
c_858.nls -> %System32%\dllcache\c_858.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 9:06:01 PM | Attr =	]
c_862.nls -> %System32%\dllcache\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 9:06:02 PM | Attr =	]
c_864.nls -> %System32%\dllcache\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 9:06:02 PM | Attr =	]
c_866.nls -> %System32%\dllcache\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:34 PM | Attr =	]
c_869.nls -> %System32%\dllcache\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
c_870.nls -> %System32%\dllcache\c_870.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 9:06:02 PM | Attr =	]
c_875.nls -> %System32%\dllcache\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/14/2008 12:54:28 PM | Attr =	]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/14/2008 12:54:28 PM | Attr =	]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/14/2008 12:54:27 PM | Attr =	]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 1/14/2008 9:06:15 PM | Attr =	]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 1/14/2008 9:06:15 PM | Attr =	]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 1/14/2008 9:06:15 PM | Attr =	]
FP4.CAT -> %System32%\dllcache\FP4.CAT ->  [Ver =  | Size = 31281 bytes | Created Date = 1/14/2008 12:54:11 PM | Attr =	]
fpencode.dll -> %System32%\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 1/14/2008 9:06:17 PM | Attr =	]
hanja.lex -> %System32%\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 1/14/2008 9:06:22 PM | Attr =	]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Created Date = 1/14/2008 12:54:11 PM | Attr =	]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 1/14/2008 9:00:42 PM | Attr =	]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 1/14/2008 9:06:29 PM | Attr =	]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Created Date = 1/14/2008 12:54:12 PM | Attr =	]
imekr.lex -> %System32%\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 1/14/2008 9:06:44 PM | Attr =	]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 1/14/2008 9:06:46 PM | Attr =	]
IMS.CAT -> %System32%\dllcache\IMS.CAT ->  [Ver =  | Size = 13753 bytes | Created Date = 1/14/2008 12:54:11 PM | Attr =	]
imscinst.exe -> %System32%\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 1/14/2008 9:06:48 PM | Attr =	]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/14/2008 9:02:19 PM | Attr =	]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 1/14/2008 9:06:54 PM | Attr =	]
ksc.nls -> %System32%\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 1/14/2008 9:06:55 PM | Attr =	]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa ->  [Ver =  | Size = 643717 bytes | Created Date = 1/14/2008 12:54:48 PM | Attr =	]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Created Date = 1/14/2008 12:54:11 PM | Attr =	]
mediactr.cat -> %System32%\dllcache\mediactr.cat ->  [Ver =  | Size = 31965 bytes | Created Date = 1/14/2008 12:54:12 PM | Attr =	]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe ->  [Ver =  | Size = 4639 bytes | Created Date = 1/14/2008 9:02:42 PM | Attr =	]
msinfo.dll -> %System32%\dllcache\msinfo.dll ->  [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 1/14/2008 9:02:23 PM | Attr =	]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT ->  [Ver =  | Size = 9581 bytes | Created Date = 1/14/2008 12:54:11 PM | Attr =	]
msn7.cat -> %System32%\dllcache\msn7.cat ->  [Ver =  | Size = 24209 bytes | Created Date = 1/14/2008 12:54:12 PM | Attr =	]
msn9.cat -> %System32%\dllcache\msn9.cat ->  [Ver =  | Size = 11651 bytes | Created Date = 1/14/2008 12:54:12 PM | Attr =	]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT ->  [Ver =  | Size = 7245 bytes | Created Date = 1/14/2008 12:54:12 PM | Attr =	]
MW770.CAT -> %System32%\dllcache\MW770.CAT ->  [Ver =  | Size = 37484 bytes | Created Date = 1/14/2008 12:54:11 PM | Attr =	]
netfx.cat -> %System32%\dllcache\netfx.cat ->  [Ver =  | Size = 141702 bytes | Created Date = 1/14/2008 12:54:12 PM | Attr =	]
nls302en.lex -> %System32%\dllcache\nls302en.lex ->  [Ver =  | Size = 4399505 bytes | Created Date = 1/14/2008 9:03:47 PM | Attr =	]
NT5.CAT -> %System32%\dllcache\NT5.CAT ->  [Ver =  | Size = 2012670 bytes | Created Date = 1/14/2008 12:54:10 PM | Attr =	]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 797189 bytes | Created Date = 1/14/2008 12:54:11 PM | Attr =	]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT ->  [Ver =  | Size = 504678 bytes | Created Date = 1/14/2008 12:54:10 PM | Attr =	]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT ->  [Ver =  | Size = 1086058 bytes | Created Date = 1/14/2008 12:54:11 PM | Attr =	]
nv4_disp.dll -> %System32%\dllcache\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 5742720 bytes | Created Date = 1/14/2008 8:21:18 PM | Attr =	]
nv4_mini.sys -> %System32%\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 6864064 bytes | Created Date = 1/14/2008 8:21:18 PM | Attr =	]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7382 bytes | Created Date = 1/14/2008 12:54:12 PM | Attr =	]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 1/14/2008 8:59:52 PM | Attr =	]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 1/14/2008 9:07:12 PM | Attr =	]
prc.nls -> %System32%\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/14/2008 9:07:14 PM | Attr =	]
prcp.nls -> %System32%\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/14/2008 9:07:14 PM | Attr =	]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa ->  [Ver =  | Size = 605050 bytes | Created Date = 1/14/2008 12:54:49 PM | Attr =	]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 1/14/2008 9:07:18 PM | Attr =	]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/14/2008 9:07:18 PM | Attr =	]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/14/2008 9:07:18 PM | Attr =	]
sam.sdf -> %System32%\dllcache\sam.sdf ->  [Ver =  | Size = 888 bytes | Created Date = 1/14/2008 12:54:49 PM | Attr =	]
sam.spd -> %System32%\dllcache\sam.spd ->  [Ver =  | Size = 1685606 bytes | Created Date = 1/14/2008 12:54:49 PM | Attr =	]
sonypvu1.sys -> %System32%\dllcache\sonypvu1.sys -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Created Date = 2/3/2008 11:24:51 AM | Attr =	]
SP2.CAT -> %System32%\dllcache\SP2.CAT ->  [Ver =  | Size = 1042903 bytes | Created Date = 1/14/2008 12:54:11 PM | Attr =	]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/14/2008 12:54:27 PM | Attr =	]
srframe.mmf -> %System32%\dllcache\srframe.mmf ->  [Ver =  | Size = 984 bytes | Created Date = 1/14/2008 9:03:00 PM | Attr =	]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat ->  [Ver =  | Size = 110116 bytes | Created Date = 1/14/2008 12:54:12 PM | Attr =	]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat ->  [Ver =  | Size = 7334 bytes | Created Date = 1/14/2008 12:54:12 PM | Attr =	]
xjis.nls -> %System32%\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 1/14/2008 9:07:43 PM | Attr =	]
BCMWL5.SYS -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.100.15.5 | Size = 604928 bytes | Created Date = 1/14/2008 11:04:04 PM | Attr =	]
disdn -> %System32%\drivers\disdn ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
.protected -> %System32%\drivers\etc\.protected ->  [Ver =  | Size = 0 bytes | Created Date = 2/9/2008 3:47:29 PM | Attr =  H ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Created Date = 2/9/2008 3:20:31 PM | Attr =	]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 34184 bytes | Created Date = 2/9/2008 3:20:37 PM | Attr =	]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 171240 bytes | Created Date = 2/9/2008 3:20:32 PM | Attr =	]
mferkdk.sys -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 32008 bytes | Created Date = 2/9/2008 3:20:38 PM | Attr =	]
mfesmfk.sys -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 37480 bytes | Created Date = 2/9/2008 3:20:37 PM | Attr =	]
Mpfp.sys -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Created Date = 2/9/2008 3:20:20 PM | Attr =	]
nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 6864064 bytes | Created Date = 1/14/2008 8:21:18 PM | Attr =	]
RimSerial.sys -> %System32%\drivers\RimSerial.sys -> Research in Motion Ltd [Ver = 2.1.0.4 | Size = 26496 bytes | Created Date = 1/14/2008 8:54:29 PM | Attr = R  ]
SONYPVU1.SYS -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Created Date = 2/3/2008 11:24:51 AM | Attr =	]
sthda.sys -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.5515.0  nd596 cp1 | Size = 1222840 bytes | Created Date = 1/14/2008 9:16:38 PM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Created Date = 1/14/2008 12:52:01 PM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Created Date = 1/14/2008 9:05:01 PM | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Created Date = 1/14/2008 8:18:23 PM | Attr =	]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT ->  [Ver =  | Size = 1688 bytes | Created Date = 1/14/2008 12:54:24 PM | Attr =	]
bopomofo.uce -> %System32%\bopomofo.uce ->  [Ver =  | Size = 22984 bytes | Created Date = 1/14/2008 9:00:31 PM | Attr =	]
braviax.exe -> %System32%\braviax.exe ->  [Ver =  | Size = 11264 bytes | Created Date = 2/9/2008 4:04:05 PM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Created Date = 1/14/2008 12:53:57 PM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Created Date = 1/14/2008 12:53:57 PM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/14/2008 9:04:05 PM | Attr = RH ]
Com -> %System32%\Com ->  [Folder | Created Date = 1/14/2008 8:59:43 PM | Attr =	]
config -> %System32%\config ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
Config.MPF -> %System32%\Config.MPF ->  [Ver =  | Size = 3380 bytes | Created Date = 2/9/2008 3:32:05 PM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Created Date = 1/14/2008 9:05:04 PM | Attr =	]
cru629.dat -> %System32%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Created Date = 2/5/2008 5:00:37 PM | Attr =	]
c_10006.nls -> %System32%\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
c_10007.nls -> %System32%\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:39 PM | Attr =	]
c_10010.nls -> %System32%\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:31 PM | Attr =	]
c_10017.nls -> %System32%\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:39 PM | Attr =	]
c_10029.nls -> %System32%\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:31 PM | Attr =	]
c_10081.nls -> %System32%\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:42 PM | Attr =	]
c_10082.nls -> %System32%\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:31 PM | Attr =	]
c_20127.nls -> %System32%\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:29 PM | Attr =	]
C_28594.NLS -> %System32%\C_28594.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:34 PM | Attr =	]
C_28595.NLS -> %System32%\C_28595.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:39 PM | Attr =	]
C_28597.NLS -> %System32%\C_28597.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
c_28599.nls -> %System32%\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:42 PM | Attr =	]
c_28603.nls -> %System32%\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:45 PM | Attr =	]
c_737.nls -> %System32%\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
c_852.nls -> %System32%\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:31 PM | Attr =	]
c_855.nls -> %System32%\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:34 PM | Attr =	]
c_857.nls -> %System32%\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:42 PM | Attr =	]
c_866.nls -> %System32%\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:34 PM | Attr =	]
c_869.nls -> %System32%\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
c_875.nls -> %System32%\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/14/2008 12:54:36 PM | Attr =	]
d3d8caps.dat -> %System32%\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Created Date = 1/14/2008 11:03:07 PM | Attr =	]
desktop.ini -> %System32%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/14/2008 9:03:08 PM | Attr =	]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/14/2008 12:54:28 PM | Attr =	]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/14/2008 12:54:28 PM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Created Date = 1/14/2008 9:03:39 PM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
DRM -> %System32%\DRM ->  [Folder | Created Date = 1/23/2008 1:07:34 PM | Attr =	]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Created Date = 1/14/2008 9:29:08 PM | Attr =	]
dumphive.exe -> %System32%\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 2/9/2008 3:40:09 PM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Created Date = 1/14/2008 9:01:30 PM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Created Date = 1/14/2008 11:36:13 PM | Attr =	]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/14/2008 12:54:27 PM | Attr =	]
export -> %System32%\export ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 312376 bytes | Created Date = 1/14/2008 12:52:58 PM | Attr =	]
gb2312.uce -> %System32%\gb2312.uce ->  [Ver =  | Size = 24006 bytes | Created Date = 1/14/2008 9:00:31 PM | Attr =	]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 1/14/2008 9:00:42 PM | Attr =	]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 1/14/2008 8:59:51 PM | Attr =	]
ias -> %System32%\ias ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
ideograf.uce -> %System32%\ideograf.uce ->  [Ver =  | Size = 60458 bytes | Created Date = 1/14/2008 9:00:31 PM | Attr =	]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 2/9/2008 3:40:09 PM | Attr =	]
IME -> %System32%\IME ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/14/2008 9:02:19 PM | Attr =	]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/27/2008 12:04:34 PM | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/27/2008 12:04:34 PM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/27/2008 12:04:34 PM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/27/2008 12:04:34 PM | Attr =	]
kanji_1.uce -> %System32%\kanji_1.uce ->  [Ver =  | Size = 6948 bytes | Created Date = 1/14/2008 9:00:32 PM | Attr =	]
kanji_2.uce -> %System32%\kanji_2.uce ->  [Ver =  | Size = 8484 bytes | Created Date = 1/14/2008 9:00:32 PM | Attr =	]
keystone.exe -> %System32%\keystone.exe ->  [Ver =  | Size = 425984 bytes | Created Date = 1/14/2008 8:21:18 PM | Attr =	]
korean.uce -> %System32%\korean.uce ->  [Ver =  | Size = 12876 bytes | Created Date = 1/14/2008 9:00:32 PM | Attr =	]
LogFiles -> %System32%\LogFiles ->  [Folder | Created Date = 1/14/2008 9:08:05 PM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/14/2008 9:04:09 PM | Attr = RH ]
Macromed -> %System32%\Macromed ->  [Folder | Created Date = 1/14/2008 9:02:45 PM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Created Date = 1/14/2008 10:44:10 PM | Attr =   S]
mlfcache.dat -> %System32%\mlfcache.dat ->  [Ver =  | Size = 66880 bytes | Created Date = 1/26/2008 10:19:19 PM | Attr =  H ]
MsDtc -> %System32%\MsDtc ->  [Folder | Created Date = 1/14/2008 8:59:46 PM | Attr =	]
msdtcprf.h -> %System32%\msdtcprf.h ->  [Ver =  | Size = 768 bytes | Created Date = 1/14/2008 9:00:27 PM | Attr =	]
msdtcprf.ini -> %System32%\msdtcprf.ini ->  [Ver =  | Size = 1931 bytes | Created Date = 1/14/2008 9:00:27 PM | Attr =	]
mui -> %System32%\mui ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/14/2008 9:04:05 PM | Attr = RH ]
npp -> %System32%\npp ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Created Date = 1/14/2008 9:05:01 PM | Attr =	]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 5742720 bytes | Created Date = 1/14/2008 8:21:18 PM | Attr =	]
nvapi.dll -> %System32%\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 368640 bytes | Created Date = 1/14/2008 8:21:18 PM | Attr =	]
nvappbar.exe -> %System32%\nvappbar.exe ->  [Ver =  | Size = 442368 bytes | Created Date = 1/14/2008 8:21:18 PM | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 134756 bytes | Created Date = 1/14/2008 8:22:16 PM | Attr =	]
nvcod.dll -> %System32%\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35  | Size = 36864 bytes | Created Date = 1/14/2008 8:21:18 PM | Attr =	]
nvcodins.dll -> %System32%\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35  | Size = 36864 bytes | Created Date = 1/14/2008 8:21:18 PM | Attr =	]
nvcpl.cpl -> %System32%\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.4.200.19 | Size = 413696 bytes | Created Date = 1/14/2008 8:21:19 PM | Attr =	]
nvcpl.dll -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 8495104 bytes | Created Date = 1/14/2008 8:21:19 PM | Attr =	]
nvcplui.exe -> %System32%\nvcplui.exe -> NVIDIA Corporation [Ver = 1.4.200.19 | Size = 753664 bytes | Created Date = 1/14/2008 8:21:19 PM | Attr =	]
nvcpluir.dll -> %System32%\nvcpluir.dll -> NVIDIA Corporation [Ver = 1.4.200.19 | Size = 1073152 bytes | Created Date = 1/14/2008 8:21:19 PM | Attr =	]
nvdisp.nvu -> %System32%\nvdisp.nvu ->  [Ver =  | Size = 17527 bytes | Created Date = 1/14/2008 8:22:12 PM | Attr =	]
nvdisps.dll -> %System32%\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 6340608 bytes | Created Date = 1/14/2008 8:21:19 PM | Attr =	]
nvdispsr.dll -> %System32%\nvdispsr.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 5509120 bytes | Created Date = 1/14/2008 8:21:19 PM | Attr =	]
nvdspsch.exe -> %System32%\nvdspsch.exe ->  [Ver =  | Size = 1339392 bytes | Created Date = 1/14/2008 8:21:19 PM | Attr =	]
nvexpbar.dll -> %System32%\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.4.200.19 | Size = 307200 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvgames.dll -> %System32%\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 3325952 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvgamesr.dll -> %System32%\nvgamesr.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 3166208 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvhotkey.dll -> %System32%\nvhotkey.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 86016 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nview.dll -> %System32%\nview.dll ->  [Ver =  | Size = 1474560 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvmccs.dll -> %System32%\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 229376 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvmccsrs.dll -> %System32%\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 45056 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvmccss.dll -> %System32%\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 188416 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvmccssr.dll -> %System32%\nvmccssr.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 458752 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvmctray.dll -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 81920 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvmobls.dll -> %System32%\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 1146880 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvmoblsr.dll -> %System32%\nvmoblsr.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 2854912 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvModes.001 -> %System32%\nvModes.001 ->  [Ver =  | Size = 52659 bytes | Created Date = 1/14/2008 8:22:29 PM | Attr =	]
nvModes.dat -> %System32%\nvModes.dat ->  [Ver =  | Size = 52659 bytes | Created Date = 1/14/2008 8:22:29 PM | Attr =	]
nvoglnt.dll -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 6701056 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvrsde.dll -> %System32%\nvrsde.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 278528 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvrses.dll -> %System32%\nvrses.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 282624 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvrsesm.dll -> %System32%\nvrsesm.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 274432 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvrsfr.dll -> %System32%\nvrsfr.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 282624 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvrsit.dll -> %System32%\nvrsit.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 278528 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvrsja.dll -> %System32%\nvrsja.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 266240 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvrsko.dll -> %System32%\nvrsko.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 258048 bytes | Created Date = 1/14/2008 8:21:20 PM | Attr =	]
nvrspl.dll -> %System32%\nvrspl.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 253952 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvrsptb.dll -> %System32%\nvrsptb.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 266240 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvrsru.dll -> %System32%\nvrsru.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 270336 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvrszhc.dll -> %System32%\nvrszhc.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 225280 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvrszht.dll -> %System32%\nvrszht.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 126976 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvshell.dll -> %System32%\nvshell.dll ->  [Ver =  | Size = 466944 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 155716 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvtuicpl.cpl -> %System32%\nvtuicpl.cpl ->  [Ver =  | Size = 73728 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56  | Size = 356352 bytes | Created Date = 1/14/2008 8:22:12 PM | Attr =	]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56  | Size = 356352 bytes | Created Date = 1/14/2008 8:21:32 PM | Attr =	]
nvvitvs.dll -> %System32%\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 3547136 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvvitvsr.dll -> %System32%\nvvitvsr.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 3629056 bytes | Created Date = 1/14/2008 8:21:21 PM | Attr =	]
nvwddi.dll -> %System32%\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 81920 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwdmcpl.dll -> %System32%\nvwdmcpl.dll ->  [Ver =  | Size = 1703936 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwimg.dll -> %System32%\nvwimg.dll ->  [Ver =  | Size = 1019904 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrsde.dll -> %System32%\nvwrsde.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 311296 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrses.dll -> %System32%\nvwrses.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 335872 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrsesm.dll -> %System32%\nvwrsesm.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 327680 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrsfr.dll -> %System32%\nvwrsfr.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 327680 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrsit.dll -> %System32%\nvwrsit.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 323584 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrsja.dll -> %System32%\nvwrsja.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 212992 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrsko.dll -> %System32%\nvwrsko.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 196608 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrspl.dll -> %System32%\nvwrspl.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 294912 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrsptb.dll -> %System32%\nvwrsptb.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 319488 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrsru.dll -> %System32%\nvwrsru.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 315392 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrszhc.dll -> %System32%\nvwrszhc.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 163840 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwrszht.dll -> %System32%\nvwrszht.dll -> NVIDIA Corporation [Ver = 6.14.10.11131 | Size = 167936 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwsapps.xml -> %System32%\nvwsapps.xml ->  [Ver =  | Size = 18019 bytes | Created Date = 1/14/2008 8:22:16 PM | Attr =	]
nvwss.dll -> %System32%\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 2363392 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nvwssr.dll -> %System32%\nvwssr.dll -> NVIDIA Corporation [Ver = 6.14.11.5683 | Size = 2441216 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/14/2008 9:04:05 PM | Attr = RH ]
nwiz.exe -> %System32%\nwiz.exe ->  [Ver =  | Size = 1626112 bytes | Created Date = 1/14/2008 8:21:22 PM | Attr =	]
oobe -> %System32%\oobe ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 389346 bytes | Created Date = 1/14/2008 12:54:53 PM | Attr =	]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 1/15/2008 12:21:05 AM | Attr =	]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 1/15/2008 12:21:06 AM | Attr =	]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 1/15/2008 12:21:06 AM | Attr =	]
pool.bin -> %System32%\pool.bin ->  [Ver =  | Size = 256 bytes | Created Date = 1/14/2008 9:04:31 PM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Created Date = 1/14/2008 9:21:33 PM | Attr =	]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2/9/2008 3:40:09 PM | Attr =	]
ras -> %System32%\ras ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Created Date = 1/14/2008 8:54:31 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Created Date = 1/14/2008 9:02:20 PM | Attr =	]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2846 | Size = 185688 bytes | Created Date = 1/15/2008 12:21:19 AM | Attr =	]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/14/2008 9:04:05 PM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
shiftjis.uce -> %System32%\shiftjis.uce ->  [Ver =  | Size = 16740 bytes | Created Date = 1/14/2008 9:00:32 PM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Created Date = 1/14/2008 8:06:38 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/14/2008 12:54:27 PM | Attr =	]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 2/9/2008 3:40:09 PM | Attr =	]
st325602.dll -> %System32%\st325602.dll -> IDT, Inc. [Ver = 1.0.5602.0  nd649 cp1 built by: WinDDK | Size = 146944 bytes | Created Date = 1/14/2008 9:16:37 PM | Attr =	]
stacapi.dll -> %System32%\stacapi.dll -> SigmaTel, Inc. [Ver = 1.0.5515.0  nd596 cp1 | Size = 270336 bytes | Created Date = 1/14/2008 9:16:37 PM | Attr =	]
stacgui.cpl -> %System32%\stacgui.cpl -> SigmaTel, Inc. [Ver = 1.0.5515.0  nd596 cp1 | Size = 4952064 bytes | Created Date = 1/14/2008 9:17:39 PM | Attr =	]
stlang.dll -> %System32%\stlang.dll -> SigmaTel, Inc. [Ver = 1.0.5469.0  nd575 cp1 | Size = 1601536 bytes | Created Date = 1/14/2008 9:17:40 PM | Attr =	]
subrange.uce -> %System32%\subrange.uce ->  [Ver =  | Size = 93702 bytes | Created Date = 1/14/2008 9:00:32 PM | Attr =	]
tslabels.h -> %System32%\tslabels.h ->  [Ver =  | Size = 3286 bytes | Created Date = 1/14/2008 9:00:28 PM | Attr =	]
tslabels.ini -> %System32%\tslabels.ini ->  [Ver =  | Size = 13223 bytes | Created Date = 1/14/2008 9:00:28 PM | Attr =	]
users32.dat -> %System32%\users32.dat ->  [Ver =  | Size = 6656 bytes | Created Date = 2/5/2008 5:00:49 PM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
usrlogon.cmd -> %System32%\usrlogon.cmd ->  [Ver =  | Size = 1161 bytes | Created Date = 1/14/2008 9:00:29 PM | Attr =	]
VACFix.exe -> %System32%\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 85504 bytes | Created Date = 2/9/2008 3:40:09 PM | Attr =	]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 2/9/2008 3:40:09 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/14/2008 9:04:09 PM | Attr = RH ]
winistr.exe -> %System32%\winistr.exe ->  [Ver =  | Size = 98713 bytes | Created Date = 2/9/2008 3:45:25 PM | Attr =	]
wins -> %System32%\wins ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
wmimgmt.msc -> %System32%\wmimgmt.msc ->  [Ver =  | Size = 63488 bytes | Created Date = 1/14/2008 9:00:18 PM | Attr =	]
wpa.bak -> %System32%\wpa.bak ->  [Ver =  | Size = 13646 bytes | Created Date = 1/14/2008 8:44:25 PM | Attr =	]
WS2Fix.exe -> %System32%\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 2/9/2008 3:40:09 PM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/14/2008 9:04:05 PM | Attr = RH ]
xircom -> %System32%\xircom ->  [Folder | Created Date = 1/14/2008 9:05:33 PM | Attr =	]
ZIMF.DLL -> %System32%\ZIMF.DLL -> Zenographics, Inc. [Ver = 5, 70, 616, 0 | Size = 61440 bytes | Created Date = 1/28/2008 9:44:40 AM | Attr =	]
ZSHP1020.CHM -> %System32%\ZSHP1020.CHM ->  [Ver =  | Size = 10632 bytes | Created Date = 1/28/2008 9:44:40 AM | Attr =	]
ZTAG.DLL -> %System32%\ZTAG.DLL -> Zenographics, Inc. [Ver = 5, 60, 1210, 0 | Size = 53248 bytes | Created Date = 1/28/2008 9:44:40 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 1/14/2008 9:05:19 PM | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Created Date = 1/14/2008 9:22:09 PM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp ->  [Ver =  | Size = 1272 bytes | Created Date = 1/14/2008 9:00:33 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Created Date = 1/14/2008 9:07:52 PM | Attr =   S]
braviax.exe -> %SystemRoot%\braviax.exe ->  [Ver =  | Size = 11264 bytes | Created Date = 2/9/2008 4:04:05 PM | Attr =	]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp ->  [Ver =  | Size = 17062 bytes | Created Date = 1/14/2008 9:00:33 PM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Created Date = 1/14/2008 9:05:04 PM | Attr =	]
cru629.dat -> %SystemRoot%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Created Date = 2/5/2008 5:00:37 PM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
desktop.ini -> %SystemRoot%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/14/2008 9:03:08 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Created Date = 1/14/2008 9:04:09 PM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp ->  [Ver =  | Size = 16730 bytes | Created Date = 1/14/2008 9:00:33 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr = R S]
ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Created Date = 1/14/2008 8:50:09 PM | Attr =  HS]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp ->  [Ver =  | Size = 17336 bytes | Created Date = 1/14/2008 9:00:33 PM | Attr =	]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp ->  [Ver =  | Size = 26582 bytes | Created Date = 1/14/2008 9:00:33 PM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Created Date = 1/14/2008 12:54:53 PM | Attr =  HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 2/3/2008 11:58:27 PM | Attr =	]
java -> %SystemRoot%\java ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 2/9/2008 4:22:20 PM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1588 bytes | Created Date = 1/14/2008 9:02:01 PM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 1/14/2008 8:19:21 PM | Attr =	]
nview -> %SystemRoot%\nview ->  [Folder | Created Date = 1/14/2008 8:22:12 PM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Created Date = 1/14/2008 12:54:52 PM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 1/14/2008 9:04:10 PM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 1/14/2008 11:40:02 PM | Attr =  H ]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp ->  [Ver =  | Size = 65954 bytes | Created Date = 1/14/2008 9:00:33 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 1/14/2008 10:44:11 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 2/7/2008 4:48:09 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 1/14/2008 9:32:08 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 1/14/2008 9:32:08 PM | Attr =  H ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Created Date = 1/14/2008 8:55:36 PM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Created Date = 1/14/2008 9:01:14 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 1/14/2008 10:43:58 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp ->  [Ver =  | Size = 17362 bytes | Created Date = 1/14/2008 9:00:34 PM | Attr =	]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp ->  [Ver =  | Size = 26680 bytes | Created Date = 1/14/2008 9:00:34 PM | Attr =	]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp ->  [Ver =  | Size = 65832 bytes | Created Date = 1/14/2008 9:00:34 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Created Date = 1/14/2008 8:25:28 PM | Attr =	]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp ->  [Ver =  | Size = 65978 bytes | Created Date = 1/14/2008 9:00:33 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 1/14/2008 10:44:13 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Created Date = 1/14/2008 9:02:46 PM | Attr =	]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.5515.0  nd596 cp1 | Size = 405504 bytes | Created Date = 1/14/2008 9:17:42 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 1/16/2008 12:26:53 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
system32 -> %System32% ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Created Date = 1/14/2008 9:02:54 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Created Date = 1/14/2008 9:01:18 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Created Date = 1/14/2008 9:01:18 PM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr = R  ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/14/2008 9:04:05 PM | Attr = RH ]
winnt.bmp -> %SystemRoot%\winnt.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 1/14/2008 9:03:08 PM | Attr =  HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 1/14/2008 9:03:08 PM | Attr =  HS]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Created Date = 1/14/2008 12:40:27 PM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Created Date = 1/14/2008 9:05:00 PM | Attr =	]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp ->  [Ver =  | Size = 9522 bytes | Created Date = 1/14/2008 9:00:34 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Created Date = 1/14/2008 9:29:18 PM | Attr =	]
desktop.ini -> %SystemRoot%\tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Created Date = 1/14/2008 9:02:54 PM | Attr = RH ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 366 bytes | Created Date = 2/9/2008 3:19:51 PM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 368 bytes | Created Date = 2/9/2008 3:19:51 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Created Date = 1/14/2008 10:44:11 PM | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Created Date = 1/14/2008 11:05:56 PM | Attr =	]
AOL -> %AllUsersAppData%\AOL ->  [Folder | Created Date = 1/14/2008 8:56:35 PM | Attr =	]
AOL OCP -> %AllUsersAppData%\AOL OCP ->  [Folder | Created Date = 1/14/2008 8:56:35 PM | Attr =	]
Apple -> %AllUsersAppData%\Apple ->  [Folder | Created Date = 1/14/2008 9:28:49 PM | Attr =	]
Apple Computer -> %AllUsersAppData%\Apple Computer ->  [Folder | Created Date = 1/14/2008 9:29:33 PM | Attr =	]
Azureus -> %AllUsersAppData%\Azureus ->  [Folder | Created Date = 1/27/2008 12:11:40 PM | Attr =	]
desktop.ini -> %AllUsersAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/14/2008 12:54:13 PM | Attr =  HS]
ezsid.dat -> %AllUsersAppData%\ezsid.dat ->  [Ver =  | Size = 32 bytes | Created Date = 1/16/2008 12:30:56 PM | Attr =	]
FLEXnet -> %AllUsersAppData%\FLEXnet ->  [Folder | Created Date = 1/27/2008 3:13:37 PM | Attr =	]
InstallShield -> %AllUsersAppData%\InstallShield ->  [Folder | Created Date = 1/14/2008 9:01:18 PM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 2/6/2008 3:33:12 AM | Attr =	]
McAfee -> %AllUsersAppData%\McAfee ->  [Folder | Created Date = 1/14/2008 8:28:23 PM | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Created Date = 1/14/2008 12:53:51 PM | Attr =   S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help ->  [Folder | Created Date = 1/14/2008 8:25:06 PM | Attr =	]
nView_Profiles -> %AllUsersAppData%\nView_Profiles ->  [Folder | Created Date = 1/14/2008 11:40:06 PM | Attr =	]
QTSBandwidthCache -> %AllUsersAppData%\QTSBandwidthCache ->  [Ver =  | Size = 1365 bytes | Created Date = 1/15/2008 2:18:09 PM | Attr =	]
Roxio -> %AllUsersAppData%\Roxio ->  [Folder | Created Date = 1/14/2008 8:58:36 PM | Attr =	]
Skype -> %AllUsersAppData%\Skype ->  [Folder | Created Date = 1/16/2008 12:28:27 PM | Attr =	]
Sonic -> %AllUsersAppData%\Sonic ->  [Folder | Created Date = 1/14/2008 9:01:12 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 2/9/2008 3:40:21 PM | Attr =	]
Viewpoint -> %AllUsersAppData%\Viewpoint ->  [Folder | Created Date = 1/14/2008 8:56:47 PM | Attr =	]
Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage ->  [Folder | Created Date = 1/14/2008 10:45:48 PM | Attr =	]
acccore -> %UserAppData%\acccore ->  [Folder | Created Date = 1/14/2008 8:57:51 PM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Created Date = 1/14/2008 9:02:16 PM | Attr =	]
Apple Computer -> %UserAppData%\Apple Computer ->  [Folder | Created Date = 1/14/2008 9:31:00 PM | Attr =	]
Azureus -> %UserAppData%\Azureus ->  [Folder | Created Date = 1/27/2008 12:11:36 PM | Attr =	]
Blackberry Desktop -> %UserAppData%\Blackberry Desktop ->  [Folder | Created Date = 1/14/2008 8:54:02 PM | Attr =	]
desktop.ini -> %UserAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/14/2008 10:45:27 PM | Attr =  HS]
Identities -> %UserAppData%\Identities ->  [Folder | Created Date = 1/14/2008 10:45:35 PM | Attr =	]
Macromedia -> %UserAppData%\Macromedia ->  [Folder | Created Date = 1/14/2008 8:12:31 PM | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Created Date = 1/14/2008 10:45:27 PM | Attr =   S]
Move Networks -> %UserAppData%\Move Networks ->  [Folder | Created Date = 2/2/2008 1:58:52 AM | Attr =	]
Mozilla -> %UserAppData%\Mozilla ->  [Folder | Created Date = 1/14/2008 8:19:19 PM | Attr =	]
Real -> %UserAppData%\Real ->  [Folder | Created Date = 1/15/2008 12:20:22 AM | Attr =	]
Research In Motion -> %UserAppData%\Research In Motion ->  [Folder | Created Date = 1/14/2008 9:04:32 PM | Attr =	]
Roxio -> %UserAppData%\Roxio ->  [Folder | Created Date = 1/27/2008 2:34:42 PM | Attr =	]
SiteAdvisor -> %UserAppData%\SiteAdvisor ->  [Folder | Created Date = 2/9/2008 3:09:18 PM | Attr =	]
Skype -> %UserAppData%\Skype ->  [Folder | Created Date = 1/16/2008 12:29:50 PM | Attr =	]
skypePM -> %UserAppData%\skypePM ->  [Folder | Created Date = 1/16/2008 12:30:56 PM | Attr =	]
Sun -> %UserAppData%\Sun ->  [Folder | Created Date = 1/16/2008 12:26:53 PM | Attr =	]
U3 -> %UserAppData%\U3 ->  [Folder | Created Date = 2/6/2008 2:10:15 AM | Attr =	]
Windows Desktop Search -> %UserAppData%\Windows Desktop Search ->  [Folder | Created Date = 1/14/2008 11:38:43 PM | Attr =	]
WinRAR -> %UserAppData%\WinRAR ->  [Folder | Created Date = 1/27/2008 2:35:12 PM | Attr =	]
Adobe -> %LocalAppData%\Adobe ->  [Folder | Created Date = 1/14/2008 11:06:25 PM | Attr =	]
AOL -> %LocalAppData%\AOL ->  [Folder | Created Date = 1/14/2008 8:57:30 PM | Attr =	]
AOL OCP -> %LocalAppData%\AOL OCP ->  [Folder | Created Date = 1/14/2008 8:57:33 PM | Attr =	]
Apple -> %LocalAppData%\Apple ->  [Folder | Created Date = 1/14/2008 9:29:17 PM | Attr =	]
Apple Computer -> %LocalAppData%\Apple Computer ->  [Folder | Created Date = 1/14/2008 9:28:06 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 9216 bytes | Created Date = 1/14/2008 11:21:40 PM | Attr =	]
FeedDemon -> %LocalAppData%\FeedDemon ->  [Folder | Created Date = 1/27/2008 6:10:55 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 84760 bytes | Created Date = 1/14/2008 9:50:04 PM | Attr =	]
Google -> %LocalAppData%\Google ->  [Folder | Created Date = 1/15/2008 12:21:09 AM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 4959888 bytes | Created Date = 1/22/2008 4:43:22 PM | Attr =  H ]
Identities -> %LocalAppData%\Identities ->  [Folder | Created Date = 1/14/2008 11:38:47 PM | Attr =	]
keyfile3.drm -> %LocalAppData%\keyfile3.drm ->  [Ver =  | Size = 4096 bytes | Created Date = 1/23/2008 11:54:21 PM | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Created Date = 1/14/2008 10:45:27 PM | Attr =	]
Microsoft Help -> %LocalAppData%\Microsoft Help ->  [Folder | Created Date = 1/14/2008 8:25:11 PM | Attr =	]
Mozilla -> %LocalAppData%\Mozilla ->  [Folder | Created Date = 1/14/2008 8:19:19 PM | Attr =	]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/14/2008 12:54:13 PM | Attr =  HS]
mcafee_cq9765_en-us_3132007.exe -> %AllUsersDocuments%\mcafee_cq9765_en-us_3132007.exe ->  [Ver =  | Size = 28433776 bytes | Created Date = 2/9/2008 3:10:44 PM | Attr =	]
My Music -> %AllUsersDocuments%\My Music ->  [Folder | Created Date = 1/14/2008 9:01:06 PM | Attr = R  ]
My Pictures -> %AllUsersDocuments%\My Pictures ->  [Folder | Created Date = 1/14/2008 9:01:55 PM | Attr = R  ]
My Videos -> %AllUsersDocuments%\My Videos ->  [Folder | Created Date = 1/14/2008 8:59:24 PM | Attr = R  ]
!bCurrent -> %UserDocuments%\!bCurrent ->  [Folder | Created Date = 1/14/2008 11:10:16 PM | Attr =	]
!c TRAVEL -> %UserDocuments%\!c TRAVEL ->  [Folder | Created Date = 1/14/2008 11:12:10 PM | Attr =	]
!dBUS -> %UserDocuments%\!dBUS ->  [Folder | Created Date = 1/14/2008 11:12:13 PM | Attr =	]
Azureus Downloads -> %UserDocuments%\Azureus Downloads ->  [Folder | Created Date = 1/27/2008 12:12:22 PM | Attr =	]
Cell Phone -> %UserDocuments%\Cell Phone ->  [Folder | Created Date = 1/14/2008 11:09:54 PM | Attr =	]
desktop.ini -> %UserDocuments%\desktop.ini ->  [Ver =  | Size = 76 bytes | Created Date = 1/14/2008 10:45:30 PM | Attr =  HS]
DND ARCHIVE -> %UserDocuments%\DND ARCHIVE ->  [Folder | Created Date = 1/14/2008 11:10:23 PM | Attr =	]
Moera Matrix Suppl Info.pdf -> %UserDocuments%\Moera Matrix Suppl Info.pdf ->  [Ver =  | Size = 45064 bytes | Created Date = 1/27/2008 4:34:45 PM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Created Date = 1/14/2008 10:45:30 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Created Date = 1/14/2008 10:45:30 PM | Attr = R  ]
My Scans -> %UserDocuments%\My Scans ->  [Folder | Created Date = 1/14/2008 11:12:13 PM | Attr =	]
OneNote Notebooks -> %UserDocuments%\OneNote Notebooks ->  [Folder | Created Date = 1/15/2008 10:54:15 PM | Attr =	]
Personal -> %UserDocuments%\Personal ->  [Folder | Created Date = 1/14/2008 11:12:23 PM | Attr =	]
Purdue -> %UserDocuments%\Purdue ->  [Folder | Created Date = 1/14/2008 11:12:39 PM | Attr =	]
Sites -> %UserDocuments%\Sites ->  [Folder | Created Date = 1/14/2008 11:12:47 PM | Attr =	]
Stationary and Networking -> %UserDocuments%\Stationary and Networking ->  [Folder | Created Date = 1/14/2008 11:13:42 PM | Attr =	]
THINK EQUITY.docx -> %UserDocuments%\THINK EQUITY.docx ->  [Ver =  | Size = 12720 bytes | Created Date = 2/5/2008 3:29:16 PM | Attr =	]
Thinkpac.net -> %UserDocuments%\Thinkpac.net ->  [Folder | Created Date = 1/14/2008 11:10:11 PM | Attr =	]
tuition.pdf -> %UserDocuments%\tuition.pdf ->  [Ver =  | Size = 25730 bytes | Created Date = 1/14/2008 11:10:23 PM | Attr =	]
Updater5 -> %UserDocuments%\Updater5 ->  [Folder | Created Date = 1/27/2008 3:15:03 PM | Attr =	]
Vault Career Guides -> %UserDocuments%\Vault Career Guides ->  [Folder | Created Date = 1/14/2008 11:10:22 PM | Attr =	]
zzzSpring2007.lnk -> %UserDocuments%\zzzSpring2007.lnk ->  [Ver =  | Size = 498 bytes | Created Date = 1/27/2008 7:29:51 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 2/6/2008 3:33:16 AM | Attr =	]
McAfee Security Center.lnk -> %AllUsersDesktop%\McAfee Security Center.lnk ->  [Ver =  | Size = 671 bytes | Created Date = 2/9/2008 3:25:19 PM | Attr =	]
4.docx -> %UserDesktop%\4.docx ->  [Ver =  | Size = 18499 bytes | Created Date = 1/14/2008 9:08:29 PM | Attr =	]
451 -> %UserDesktop%\451 ->  [Folder | Created Date = 2/6/2008 2:10:05 AM | Attr =	]
5 Goals 3 Months 1.docx -> %UserDesktop%\5 Goals 3 Months 1.docx ->  [Ver =  | Size = 12437 bytes | Created Date = 1/29/2008 11:25:24 PM | Attr =	]
aaw2007.exe -> %UserDesktop%\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Created Date = 2/5/2008 6:53:17 PM | Attr =	]
app answers.docx -> %UserDesktop%\app answers.docx ->  [Ver =  | Size = 12710 bytes | Created Date = 1/15/2008 10:34:49 PM | Attr =	]
Blackout BLAZERS -> %UserDesktop%\Blackout BLAZERS ->  [Folder | Created Date = 2/4/2008 10:39:19 PM | Attr =	]
Blake PART.pptx -> %UserDesktop%\Blake PART.pptx ->  [Ver =  | Size = 172751 bytes | Created Date = 2/6/2008 1:30:08 PM | Attr =	]
blakeSAUNDERS Resume.pdf -> %UserDesktop%\blakeSAUNDERS Resume.pdf ->  [Ver =  | Size = 108176 bytes | Created Date = 2/1/2008 12:17:02 PM | Attr =	]
blakeSAUNDERS Transcript.pdf -> %UserDesktop%\blakeSAUNDERS Transcript.pdf ->  [Ver =  | Size = 31767 bytes | Created Date = 1/14/2008 9:08:30 PM | Attr =	]
Bloomington Recommendations and Course of Actions.doc -> %UserDesktop%\Bloomington Recommendations and Course of Actions.doc ->  [Ver =  | Size = 34816 bytes | Created Date = 2/6/2008 1:31:03 PM | Attr =	]
Book1.xlsx -> %UserDesktop%\Book1.xlsx ->  [Ver =  | Size = 9625 bytes | Created Date = 2/2/2008 1:11:45 AM | Attr =	]
ClassesandAvailability.xls -> %UserDesktop%\ClassesandAvailability.xls ->  [Ver =  | Size = 33792 bytes | Created Date = 1/14/2008 9:08:30 PM | Attr =	]
Codecs6030_allin1.exe -> %UserDesktop%\Codecs6030_allin1.exe -> http://www.codecpack.com [Ver = 6.0.3.0 | Size = 10050902 bytes | Created Date = 2/3/2008 11:56:25 PM | Attr =	]
CURRENT STUFF -> %UserDesktop%\CURRENT STUFF ->  [Folder | Created Date = 1/14/2008 9:08:30 PM | Attr =	]
Desktop -> %UserDesktop%\Desktop ->  [Folder | Created Date = 1/14/2008 9:08:29 PM | Attr =	]
Downloads -> %UserDesktop%\Downloads ->  [Folder | Created Date = 1/14/2008 9:18:28 PM | Attr =	]
EM COrr -> %UserDesktop%\EM COrr ->  [Folder | Created Date = 1/14/2008 9:18:37 PM | Attr =	]
FIND A JOB -> %UserDesktop%\FIND A JOB ->  [Folder | Created Date = 1/14/2008 9:18:37 PM | Attr =	]
Full page fax print.pdf -> %UserDesktop%\Full page fax print.pdf ->  [Ver =  | Size = 191383 bytes | Created Date = 1/31/2008 5:16:40 PM | Attr =	]
HijackThis.exe -> %UserDesktop%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Created Date = 2/9/2008 5:04:11 PM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1373 bytes | Created Date = 2/9/2008 4:42:36 PM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 2/9/2008 4:42:24 PM | Attr =	]
Homework 2.ppt -> %UserDesktop%\Homework 2.ppt ->  [Ver =  | Size = 754688 bytes | Created Date = 1/16/2008 12:59:46 PM | Attr =	]
housing.docx -> %UserDesktop%\housing.docx ->  [Ver =  | Size = 139490 bytes | Created Date = 2/6/2008 12:25:05 PM | Attr =	]
Investment Bank Contacts.doc -> %UserDesktop%\Investment Bank Contacts.doc ->  [Ver =  | Size = 33280 bytes | Created Date = 2/1/2008 12:41:00 AM | Attr =	]
Investment Banking.xls -> %UserDesktop%\Investment Banking.xls ->  [Ver =  | Size = 22528 bytes | Created Date = 1/31/2008 10:32:00 PM | Attr =	]
Investment Banks - Real Estate.doc -> %UserDesktop%\Investment Banks - Real Estate.doc ->  [Ver =  | Size = 31744 bytes | Created Date = 2/3/2008 10:17:00 AM | Attr =	]
iPhoto Library -> %UserDesktop%\iPhoto Library ->  [Folder | Created Date = 1/14/2008 9:18:40 PM | Attr =	]
Janraury 24.docx -> %UserDesktop%\Janraury 24.docx ->  [Ver =  | Size = 11678 bytes | Created Date = 1/23/2008 5:53:13 PM | Attr =	]
lj1020-HB-pnp-winxp2kv32-en.exe -> %UserDesktop%\lj1020-HB-pnp-winxp2kv32-en.exe ->  [Ver =  | Size = 5031560 bytes | Created Date = 1/28/2008 9:33:15 AM | Attr =	]
lkasdf -> %UserDesktop%\lkasdf ->  [Folder | Created Date = 2/6/2008 11:52:59 AM | Attr =	]
mcafee_cq9765_en-us_3132007.exe -> %UserDesktop%\mcafee_cq9765_en-us_3132007.exe ->  [Ver =  | Size = 28433776 bytes | Created Date = 2/9/2008 2:59:23 PM | Attr =	]
MGMT 412 Spring 2008 syllabus.pdf -> %UserDesktop%\MGMT 412 Spring 2008 syllabus.pdf ->  [Ver =  | Size = 37024 bytes | Created Date = 1/14/2008 11:02:04 PM | Attr =	]
MGMT 451 Case 1 FINAL DRAFT A.docx -> %UserDesktop%\MGMT 451 Case 1 FINAL DRAFT A.docx ->  [Ver =  | Size = 19269 bytes | Created Date = 2/4/2008 7:49:27 PM | Attr =	]
MGMT 451 Case 1 FINAL DRAFT A.pptx -> %UserDesktop%\MGMT 451 Case 1 FINAL DRAFT A.pptx ->  [Ver =  | Size = 576623 bytes | Created Date = 2/6/2008 2:10:57 AM | Attr =	]
MGMT 451 Case 1 FINAL.pptx -> %UserDesktop%\MGMT 451 Case 1 FINAL.pptx ->  [Ver =  | Size = 576592 bytes | Created Date = 2/6/2008 1:29:00 PM | Attr =	]
MGMT 451 Charts.pptx -> %UserDesktop%\MGMT 451 Charts.pptx ->  [Ver =  | Size = 132752 bytes | Created Date = 2/6/2008 12:48:39 PM | Attr =	]
Mgmt 451 Spring 2008 02 - Shinkle - Group Assignments & Case Info rev 1.ppt -> %UserDesktop%\Mgmt 451 Spring 2008 02 - Shinkle - Group Assignments & Case Info rev 1.ppt ->  [Ver =  | Size = 101376 bytes | Created Date = 2/2/2008 9:32:16 AM | Attr =	]
MGMT 451 Strategic Analysis HW Templates rev 3.ppt -> %UserDesktop%\MGMT 451 Strategic Analysis HW Templates rev 3.ppt ->  [Ver =  | Size = 439296 bytes | Created Date = 1/29/2008 11:07:06 PM | Attr =	]
Moerae Matrix - IFF 1-31-08.pdf -> %UserDesktop%\Moerae Matrix - IFF 1-31-08.pdf ->  [Ver =  | Size = 233362 bytes | Created Date = 2/5/2008 7:06:00 PM | Attr =	]
MORGAN STANLEY -> %UserDesktop%\MORGAN STANLEY ->  [Folder | Created Date = 1/31/2008 3:24:51 PM | Attr =	]
No Country For Old Men.avi -> %UserDesktop%\No Country For Old Men.avi ->  [Ver =  | Size = 734181376 bytes | Created Date = 2/3/2008 11:47:49 PM | Attr =	]
Nuclear Technology.docx -> %UserDesktop%\Nuclear Technology.docx ->  [Ver =  | Size = 13372 bytes | Created Date = 2/2/2008 9:46:19 PM | Attr =	]
NY Dorm.pdf -> %UserDesktop%\NY Dorm.pdf ->  [Ver =  | Size = 30648 bytes | Created Date = 2/6/2008 4:51:04 PM | Attr =	]
NYU PAYMENT.pdf -> %UserDesktop%\NYU PAYMENT.pdf ->  [Ver =  | Size = 31416 bytes | Created Date = 2/6/2008 4:50:36 PM | Attr =	]
Part1.pdf -> %UserDesktop%\Part1.pdf ->  [Ver =  | Size = 41829 bytes | Created Date = 1/31/2008 9:09:04 PM | Attr =	]
Part2.pdf -> %UserDesktop%\Part2.pdf ->  [Ver =  | Size = 108168 bytes | Created Date = 1/31/2008 9:09:43 PM | Attr =	]
PEARLStreet -> %UserDesktop%\PEARLStreet ->  [Folder | Created Date = 1/14/2008 9:19:24 PM | Attr =	]
Practice Questions - EU Hypothesis.doc -> %UserDesktop%\Practice Questions - EU Hypothesis.doc ->  [Ver =  | Size = 55296 bytes | Created Date = 1/14/2008 9:08:30 PM | Attr =	]
Private Equity HUB - What a Coincidence...pdf -> %UserDesktop%\Private Equity HUB - What a Coincidence...pdf ->  [Ver =  | Size = 136744 bytes | Created Date = 2/7/2008 2:23:46 PM | Attr =	]
RECO.pdf -> %UserDesktop%\RECO.pdf ->  [Ver =  | Size = 1008567 bytes | Created Date = 1/31/2008 9:10:32 PM | Attr =	]
Rothschild European Graduate Recruitment.tif -> %UserDesktop%\Rothschild European Graduate Recruitment.tif ->  [Ver =  | Size = 219082 bytes | Created Date = 1/15/2008 10:53:37 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 2/9/2008 3:40:28 PM | Attr =	]
spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Created Date = 2/9/2008 3:37:46 PM | Attr =	]
Summit Data.docx -> %UserDesktop%\Summit Data.docx ->  [Ver =  | Size = 25858 bytes | Created Date = 1/14/2008 11:34:10 PM | Attr =	]
Switzerland Pictures -> %UserDesktop%\Switzerland Pictures ->  [Folder | Created Date = 1/14/2008 9:19:27 PM | Attr =	]
tony -> %UserDesktop%\tony ->  [Folder | Created Date = 2/4/2008 10:33:32 PM | Attr =	]
UTAH Summit -> %UserDesktop%\UTAH Summit ->  [Folder | Created Date = 2/3/2008 10:27:01 AM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2/9/2008 4:18:04 PM | Attr =	]
WRT54Gv5v6_v1.02.2_fw.bin -> %UserDesktop%\WRT54Gv5v6_v1.02.2_fw.bin ->  [Ver =  | Size = 1682896 bytes | Created Date = 2/3/2008 11:53:18 PM | Attr =	]
desktop.ini -> %AllUsersStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 1/14/2008 12:54:13 PM | Attr =  HS]
Windows Desktop Search.lnk -> %AllUsersStartup%\Windows Desktop Search.lnk ->  [Ver =  | Size = 1787 bytes | Created Date = 1/14/2008 11:36:47 PM | Attr =	]
Desktop Manager.lnk -> %UserStartup%\Desktop Manager.lnk ->  [Ver =  | Size = 1837 bytes | Created Date = 1/14/2008 8:53:56 PM | Attr =	]
desktop.ini -> %UserStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 1/14/2008 10:45:27 PM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Created Date = 1/14/2008 11:05:44 PM | Attr =	]
AOL -> %CommonProgramFiles%\AOL ->  [Folder | Created Date = 1/14/2008 8:56:16 PM | Attr =	]
Apple -> %CommonProgramFiles%\Apple ->  [Folder | Created Date = 1/14/2008 9:28:49 PM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Created Date = 1/14/2008 8:30:16 PM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Created Date = 1/14/2008 8:21:24 PM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 1/27/2008 12:03:38 PM | Attr =	]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared ->  [Folder | Created Date = 1/27/2008 3:13:30 PM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Created Date = 1/14/2008 8:29:00 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Created Date = 1/14/2008 12:54:47 PM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Created Date = 1/14/2008 9:02:53 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Created Date = 1/14/2008 12:54:52 PM | Attr =	]
Real -> %CommonProgramFiles%\Real ->  [Folder | Created Date = 1/15/2008 12:21:00 AM | Attr =	]
Research In Motion -> %CommonProgramFiles%\Research In Motion ->  [Folder | Created Date = 1/14/2008 8:53:40 PM | Attr =	]
Roxio Shared -> %CommonProgramFiles%\Roxio Shared ->  [Folder | Created Date = 1/14/2008 8:58:29 PM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Created Date = 1/14/2008 9:02:57 PM | Attr =	]
Skype -> %CommonProgramFiles%\Skype ->  [Folder | Created Date = 1/16/2008 12:28:36 PM | Attr =	]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared ->  [Folder | Created Date = 1/14/2008 8:58:34 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Created Date = 1/14/2008 12:54:48 PM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Created Date = 1/14/2008 9:02:00 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2/6/2008 3:32:53 AM | Attr =	]
xing shared -> %CommonProgramFiles%\xing shared ->  [Folder | Created Date = 1/15/2008 12:21:26 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
.protected -> %SystemDrive%\.protected ->  [Ver =  | Size = 0 bytes | Modified Date = 2/9/2008 3:47:29 PM | Attr =  H ]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Modified Date = 1/14/2008 9:05:04 PM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 2/9/2008 3:43:44 PM | Attr =  HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/14/2008 9:05:04 PM | Attr =	]
Dell -> %SystemDrive%\Dell ->  [Folder | Modified Date = 1/14/2008 9:16:10 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/9/2008 3:15:27 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145574912 bytes | Modified Date = 2/9/2008 4:22:13 PM | Attr =  HS]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/14/2008 9:05:04 PM | Attr = RHS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 455 bytes | Modified Date = 1/14/2008 8:57:30 PM | Attr =  H ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/14/2008 9:05:04 PM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Modified Date = 1/14/2008 8:24:44 PM | Attr = RH ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/9/2008 4:42:35 PM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 1/14/2008 8:28:58 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/14/2008 10:44:12 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/9/2008 4:24:36 PM | Attr =	]
beep.sys -> %System32%\dllcache\beep.sys ->  [Ver =  | Size = 29184 bytes | Modified Date = 2/7/2008 4:44:42 PM | Attr =	]
beep.sys -> %System32%\drivers\beep.sys ->  [Ver =  | Size = 29184 bytes | Modified Date = 2/7/2008 4:44:42 PM | Attr =	]
disdn -> %System32%\drivers\disdn ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2/9/2008 3:47:29 PM | Attr =	]
.protected -> %System32%\drivers\etc\.protected ->  [Ver =  | Size = 0 bytes | Modified Date = 2/9/2008 3:47:29 PM | Attr =  H ]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 734 bytes | Modified Date = 2/9/2008 3:59:58 PM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Modified Date = 1/14/2008 9:07:52 PM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Modified Date = 1/14/2008 12:42:32 PM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 1/14/2008 9:05:01 PM | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 1/14/2008 8:18:23 PM | Attr =	]
braviax.exe -> %System32%\braviax.exe ->  [Ver =  | Size = 11264 bytes | Modified Date = 2/9/2008 4:22:09 PM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1/26/2008 11:01:11 PM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/9/2008 4:12:17 PM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/14/2008 9:04:05 PM | Attr = RH ]
Com -> %System32%\Com ->  [Folder | Modified Date = 1/14/2008 10:50:26 PM | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 1/14/2008 8:32:02 PM | Attr =	]
Config.MPF -> %System32%\Config.MPF ->  [Ver =  | Size = 3380 bytes | Modified Date = 2/9/2008 4:25:19 PM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 1/14/2008 9:05:04 PM | Attr =	]
cru629.dat -> %System32%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Modified Date = 2/9/2008 4:22:09 PM | Attr =	]
d3d8caps.dat -> %System32%\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Modified Date = 1/14/2008 11:03:07 PM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 1/14/2008 9:03:39 PM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2/7/2008 4:46:34 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2/9/2008 4:12:52 PM | Attr =	]
DRM -> %System32%\DRM ->  [Folder | Modified Date = 1/23/2008 1:07:35 PM | Attr =	]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Modified Date = 1/28/2008 9:44:39 AM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Modified Date = 1/14/2008 9:01:30 PM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 1/14/2008 11:36:20 PM | Attr =	]
export -> %System32%\export ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 312376 bytes | Modified Date = 1/27/2008 4:40:56 PM | Attr =	]
ias -> %System32%\ias ->  [Folder | Modified Date = 1/14/2008 12:42:43 PM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Modified Date = 1/14/2008 12:43:37 PM | Attr =	]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 2/8/2008 10:37:47 AM | Attr =	]
IME -> %System32%\IME ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
LogFiles -> %System32%\LogFiles ->  [Folder | Modified Date = 1/14/2008 9:08:05 PM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/14/2008 9:04:09 PM | Attr = RH ]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 1/14/2008 9:02:45 PM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Modified Date = 1/14/2008 10:44:10 PM | Attr =   S]
mlfcache.dat -> %System32%\mlfcache.dat ->  [Ver =  | Size = 66880 bytes | Modified Date = 1/26/2008 10:19:19 PM | Attr =  H ]
MsDtc -> %System32%\MsDtc ->  [Folder | Modified Date = 1/14/2008 9:01:12 PM | Attr =	]
mui -> %System32%\mui ->  [Folder | Modified Date = 1/14/2008 11:36:14 PM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/14/2008 9:04:05 PM | Attr = RH ]
npp -> %System32%\npp ->  [Folder | Modified Date = 1/14/2008 12:50:33 PM | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 1/14/2008 9:05:01 PM | Attr =	]
nvModes.001 -> %System32%\nvModes.001 ->  [Ver =  | Size = 52659 bytes | Modified Date = 2/9/2008 4:23:31 PM | Attr =	]
nvModes.dat -> %System32%\nvModes.dat ->  [Ver =  | Size = 52659 bytes | Modified Date = 2/5/2008 12:51:21 PM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/14/2008 9:04:05 PM | Attr = RH ]
oobe -> %System32%\oobe ->  [Folder | Modified Date = 1/14/2008 9:03:27 PM | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 48292 bytes | Modified Date = 2/9/2008 4:27:29 PM | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 336120 bytes | Modified Date = 2/9/2008 4:27:29 PM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 389346 bytes | Modified Date = 2/9/2008 4:27:29 PM | Attr =	]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 1/15/2008 12:21:05 AM | Attr =	]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 1/15/2008 12:21:06 AM | Attr =	]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 1/15/2008 12:21:06 AM | Attr =	]
pool.bin -> %System32%\pool.bin ->  [Ver =  | Size = 256 bytes | Modified Date = 2/9/2008 4:24:29 PM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Modified Date = 1/14/2008 9:21:33 PM | Attr =	]
ras -> %System32%\ras ->  [Folder | Modified Date = 1/14/2008 12:44:23 PM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 1/14/2008 8:54:31 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/14/2008 10:44:11 PM | Attr =	]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2846 | Size = 185688 bytes | Modified Date = 1/15/2008 12:21:19 AM | Attr =	]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/14/2008 9:04:05 PM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Modified Date = 1/14/2008 12:51:48 PM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Modified Date = 1/14/2008 8:06:38 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Modified Date = 1/14/2008 8:58:56 PM | Attr =	]
users32.dat -> %System32%\users32.dat ->  [Ver =  | Size = 6656 bytes | Modified Date = 2/9/2008 4:22:45 PM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 1/14/2008 12:51:34 PM | Attr =	]
VACFix.exe -> %System32%\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 85504 bytes | Modified Date = 2/8/2008 11:55:49 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 1/14/2008 9:08:17 PM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/14/2008 9:04:09 PM | Attr = RH ]
winistr.exe -> %System32%\winistr.exe ->  [Ver =  | Size = 98713 bytes | Modified Date = 2/9/2008 3:45:27 PM | Attr =	]
wins -> %System32%\wins ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
wpa.bak -> %System32%\wpa.bak ->  [Ver =  | Size = 13646 bytes | Modified Date = 1/14/2008 8:44:24 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 2/9/2008 4:23:47 PM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/14/2008 9:04:05 PM | Attr = RH ]
xircom -> %System32%\xircom ->  [Folder | Modified Date = 1/14/2008 9:05:33 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/16/2008 3:01:37 AM | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 1/14/2008 9:22:10 PM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 1/14/2008 12:51:21 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/9/2008 4:22:20 PM | Attr =   S]
braviax.exe -> %SystemRoot%\braviax.exe ->  [Ver =  | Size = 11264 bytes | Modified Date = 2/9/2008 4:22:09 PM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 1/14/2008 9:05:04 PM | Attr =	]
cru629.dat -> %SystemRoot%\cru629.dat ->  [Ver =  | Size = 6144 bytes | Modified Date = 2/9/2008 4:22:09 PM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 1/14/2008 9:00:49 PM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 1/14/2008 10:58:32 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/15/2008 12:26:35 AM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 1/14/2008 12:51:11 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 1/27/2008 3:03:52 PM | Attr = R S]
ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Modified Date = 1/14/2008 8:50:09 PM | Attr =  HS]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/14/2008 8:22:16 PM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 1/14/2008 9:05:33 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/9/2008 4:13:45 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/7/2008 4:29:35 PM | Attr =  HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 2/3/2008 11:57:57 PM | Attr =	]
java -> %SystemRoot%\java ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 1/14/2008 12:51:08 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2/9/2008 4:22:20 PM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1588 bytes | Modified Date = 1/16/2008 12:35:58 PM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 1/15/2008 6:46:19 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 1/14/2008 12:51:11 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 1/14/2008 8:19:21 PM | Attr =	]
nview -> %SystemRoot%\nview ->  [Folder | Modified Date = 1/14/2008 8:22:16 PM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Modified Date = 1/14/2008 9:04:52 PM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 1/14/2008 9:04:10 PM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Modified Date = 1/14/2008 9:02:28 PM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 1/14/2008 12:50:53 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 1/14/2008 11:40:02 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/9/2008 4:47:55 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2/7/2008 4:51:23 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 1/14/2008 9:32:08 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/9/2008 4:23:11 PM | Attr =  H ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 1/14/2008 8:56:04 PM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 1/14/2008 9:04:49 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 1/14/2008 10:43:58 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 1/14/2008 12:40:27 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/9/2008 3:26:31 PM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 1/14/2008 8:25:46 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 1/14/2008 8:06:42 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 1/14/2008 9:03:49 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 1/16/2008 12:26:53 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 1/14/2008 12:54:27 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2/9/2008 3:43:44 PM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2/9/2008 4:41:58 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/9/2008 3:19:51 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/9/2008 4:52:37 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 1/14/2008 12:45:10 PM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Modified Date = 1/14/2008 9:01:18 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Modified Date = 1/14/2008 9:01:18 PM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 1/14/2008 9:04:12 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 552 bytes | Modified Date = 2/9/2008 3:43:44 PM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/14/2008 9:04:05 PM | Attr = RH ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/27/2008 3:04:55 PM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 1/14/2008 8:55:55 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/2/2008 9:53:03 AM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 366 bytes | Modified Date = 2/9/2008 3:27:35 PM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 368 bytes | Modified Date = 2/9/2008 3:27:35 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/9/2008 4:22:29 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 11436 bytes | Modified Date = 2/9/2008 4:25:08 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 11436 bytes | Modified Date = 2/9/2008 4:25:08 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8408 bytes | Modified Date = 1/15/2008 12:35:17 PM | Attr =	]
Perflib_Perfdata_bfc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_bfc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/9/2008 4:04:57 PM | Attr =	]
Perflib_Perfdata_ca0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_ca0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/9/2008 4:24:31 PM | Attr =	]
4 C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Modified Date = 1/27/2008 3:29:35 PM | Attr =	]
AOL -> %AllUsersAppData%\AOL ->  [Folder | Modified Date = 1/14/2008 8:56:35 PM | Attr =	]
AOL OCP -> %AllUsersAppData%\AOL OCP ->  [Folder | Modified Date = 1/14/2008 8:56:35 PM | Attr =	]
Apple -> %AllUsersAppData%\Apple ->  [Folder | Modified Date = 1/14/2008 9:28:49 PM | Attr =	]
Apple Computer -> %AllUsersAppData%\Apple Computer ->  [Folder | Modified Date = 1/14/2008 9:30:34 PM | Attr =	]
Azureus -> %AllUsersAppData%\Azureus ->  [Folder | Modified Date = 1/27/2008 12:11:40 PM | Attr =	]
desktop.ini -> %AllUsersAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/14/2008 12:54:13 PM | Attr =  HS]
ezsid.dat -> %AllUsersAppData%\ezsid.dat ->  [Ver =  | Size = 32 bytes | Modified Date = 1/16/2008 12:30:56 PM | Attr =	]
FLEXnet -> %AllUsersAppData%\FLEXnet ->  [Folder | Modified Date = 2/4/2008 5:09:58 PM | Attr =	]
InstallShield -> %AllUsersAppData%\InstallShield ->  [Folder | Modified Date = 1/14/2008 9:01:18 PM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 2/6/2008 3:33:45 AM | Attr =	]
McAfee -> %AllUsersAppData%\McAfee ->  [Folder | Modified Date = 1/14/2008 8:42:58 PM | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Modified Date = 1/23/2008 1:07:33 PM | Attr =   S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help ->  [Folder | Modified Date = 1/23/2008 11:26:24 AM | Attr =	]
nView_Profiles -> %AllUsersAppData%\nView_Profiles ->  [Folder | Modified Date = 1/14/2008 11:40:06 PM | Attr =	]
QTSBandwidthCache -> %AllUsersAppData%\QTSBandwidthCache ->  [Ver =  | Size = 1365 bytes | Modified Date = 1/15/2008 2:18:09 PM | Attr =	]
Roxio -> %AllUsersAppData%\Roxio ->  [Folder | Modified Date = 1/14/2008 9:04:58 PM | Attr =	]
Skype -> %AllUsersAppData%\Skype ->  [Folder | Modified Date = 1/16/2008 12:28:39 PM | Attr =	]
Sonic -> %AllUsersAppData%\Sonic ->  [Folder | Modified Date = 1/14/2008 9:01:12 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/9/2008 3:49:13 PM | Attr =	]
Viewpoint -> %AllUsersAppData%\Viewpoint ->  [Folder | Modified Date = 1/14/2008 8:56:47 PM | Attr =	]
Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage ->  [Folder | Modified Date = 1/14/2008 10:45:48 PM | Attr =	]
acccore -> %UserAppData%\acccore ->  [Folder | Modified Date = 1/14/2008 8:57:51 PM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 1/27/2008 3:13:40 PM | Attr =	]
Apple Computer -> %UserAppData%\Apple Computer ->  [Folder | Modified Date = 1/28/2008 12:17:16 PM | Attr =	]
Azureus -> %UserAppData%\Azureus ->  [Folder | Modified Date = 1/29/2008 7:26:18 PM | Attr =	]
Blackberry Desktop -> %UserAppData%\Blackberry Desktop ->  [Folder | Modified Date = 1/14/2008 10:04:45 PM | Attr =	]
desktop.ini -> %UserAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/14/2008 12:54:13 PM | Attr =  HS]
Identities -> %UserAppData%\Identities ->  [Folder | Modified Date = 1/14/2008 10:45:35 PM | Attr =	]
Macromedia -> %UserAppData%\Macromedia ->  [Folder | Modified Date = 1/14/2008 8:12:31 PM | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 2/6/2008 1:30:36 PM | Attr =   S]
Move Networks -> %UserAppData%\Move Networks ->  [Folder | Modified Date = 2/2/2008 5:37:57 PM | Attr =	]
Mozilla -> %UserAppData%\Mozilla ->  [Folder | Modified Date = 1/14/2008 8:19:19 PM | Attr =	]
Real -> %UserAppData%\Real ->  [Folder | Modified Date = 1/15/2008 12:23:06 AM | Attr =	]
Research In Motion -> %UserAppData%\Research In Motion ->  [Folder | Modified Date = 1/14/2008 9:04:32 PM | Attr =	]
Roxio -> %UserAppData%\Roxio ->  [Folder | Modified Date = 1/27/2008 2:35:07 PM | Attr =	]
SiteAdvisor -> %UserAppData%\SiteAdvisor ->  [Folder | Modified Date = 2/9/2008 3:09:18 PM | Attr =	]
Skype -> %UserAppData%\Skype ->  [Folder | Modified Date = 2/9/2008 4:56:08 PM | Attr =	]
skypePM -> %UserAppData%\skypePM ->  [Folder | Modified Date = 2/9/2008 4:04:53 PM | Attr =	]
Sun -> %UserAppData%\Sun ->  [Folder | Modified Date = 1/16/2008 12:26:53 PM | Attr =	]
U3 -> %UserAppData%\U3 ->  [Folder | Modified Date = 2/6/2008 2:11:31 AM | Attr =	]
Windows Desktop Search -> %UserAppData%\Windows Desktop Search ->  [Folder | Modified Date = 1/14/2008 11:38:43 PM | Attr =	]
WinRAR -> %UserAppData%\WinRAR ->  [Folder | Modified Date = 1/27/2008 2:35:12 PM | Attr =	]
Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 1/14/2008 11:07:28 PM | Attr =	]
AOL -> %LocalAppData%\AOL ->  [Folder | Modified Date = 1/14/2008 8:57:30 PM | Attr =	]
AOL OCP -> %LocalAppData%\AOL OCP ->  [Folder | Modified Date = 1/14/2008 8:57:33 PM | Attr =	]
Apple -> %LocalAppData%\Apple ->  [Folder | Modified Date = 1/14/2008 9:29:17 PM | Attr =	]
Apple Computer -> %LocalAppData%\Apple Computer ->  [Folder | Modified Date = 1/14/2008 9:31:00 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 9216 bytes | Modified Date = 1/30/2008 9:41:44 PM | Attr =	]
FeedDemon -> %LocalAppData%\FeedDemon ->  [Folder | Modified Date = 1/27/2008 6:10:55 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 84760 bytes | Modified Date = 1/27/2008 5:07:58 PM | Attr =	]
Google -> %LocalAppData%\Google ->  [Folder | Modified Date = 1/26/2008 10:18:59 PM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 4959888 bytes | Modified Date = 2/9/2008 4:03:33 PM | Attr =  H ]
Identities -> %LocalAppData%\Identities ->  [Folder | Modified Date = 1/14/2008 11:38:47 PM | Attr =	]
keyfile3.drm -> %LocalAppData%\keyfile3.drm ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/23/2008 11:54:21 PM | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 1/23/2008 1:07:33 PM | Attr =	]
Microsoft Help -> %LocalAppData%\Microsoft Help ->  [Folder | Modified Date = 1/14/2008 8:25:11 PM | Attr =	]
Mozilla -> %LocalAppData%\Mozilla ->  [Folder | Modified Date = 1/14/2008 8:19:19 PM | Attr =	]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/14/2008 12:54:13 PM | Attr =  HS]
mcafee_cq9765_en-us_3132007.exe -> %AllUsersDocuments%\mcafee_cq9765_en-us_3132007.exe ->  [Ver =  | Size = 28433776 bytes | Modified Date = 2/9/2008 3:02:11 PM | Attr =	]
My Music -> %AllUsersDocuments%\My Music ->  [Folder | Modified Date = 1/14/2008 9:03:09 PM | Attr = R  ]
My Pictures -> %AllUsersDocuments%\My Pictures ->  [Folder | Modified Date = 1/14/2008 9:03:08 PM | Attr = R  ]
My Videos -> %AllUsersDocuments%\My Videos ->  [Folder | Modified Date = 1/14/2008 8:59:24 PM | Attr = R  ]
!bCurrent -> %UserDocuments%\!bCurrent ->  [Folder | Modified Date = 1/31/2008 12:53:36 PM | Attr =	]
!c TRAVEL -> %UserDocuments%\!c TRAVEL ->  [Folder | Modified Date = 1/27/2008 7:42:11 PM | Attr =	]
!dBUS -> %UserDocuments%\!dBUS ->  [Folder | Modified Date = 1/14/2008 11:14:12 PM | Attr =	]
Azureus Downloads -> %UserDocuments%\Azureus Downloads ->  [Folder | Modified Date = 1/28/2008 7:50:14 PM | Attr =	]
Cell Phone -> %UserDocuments%\Cell Phone ->  [Folder | Modified Date = 1/14/2008 11:10:16 PM | Attr =	]
desktop.ini -> %UserDocuments%\desktop.ini ->  [Ver =  | Size = 76 bytes | Modified Date = 1/14/2008 10:45:43 PM | Attr =  HS]
DND ARCHIVE -> %UserDocuments%\DND ARCHIVE ->  [Folder | Modified Date = 1/14/2008 11:11:49 PM | Attr =	]
Moera Matrix Suppl Info.pdf -> %UserDocuments%\Moera Matrix Suppl Info.pdf ->  [Ver =  | Size = 45064 bytes | Modified Date = 1/27/2008 4:34:45 PM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/14/2008 9:32:14 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 2/4/2008 10:32:01 PM | Attr = R  ]
My Scans -> %UserDocuments%\My Scans ->  [Folder | Modified Date = 1/14/2008 11:12:23 PM | Attr =	]
OneNote Notebooks -> %UserDocuments%\OneNote Notebooks ->  [Folder | Modified Date = 1/15/2008 10:54:18 PM | Attr =	]
Personal -> %UserDocuments%\Personal ->  [Folder | Modified Date = 2/3/2008 2:01:01 PM | Attr =	]
Purdue -> %UserDocuments%\Purdue ->  [Folder | Modified Date = 1/14/2008 11:12:47 PM | Attr =	]
Sites -> %UserDocuments%\Sites ->  [Folder | Modified Date = 1/14/2008 11:13:29 PM | Attr =	]
Stationary and Networking -> %UserDocuments%\Stationary and Networking ->  [Folder | Modified Date = 1/31/2008 3:51:40 PM | Attr =	]
THINK EQUITY.docx -> %UserDocuments%\THINK EQUITY.docx ->  [Ver =  | Size = 12720 bytes | Modified Date = 2/6/2008 10:18:00 AM | Attr =	]
Thinkpac.net -> %UserDocuments%\Thinkpac.net ->  [Folder | Modified Date = 1/14/2008 11:10:22 PM | Attr =	]
tuition.pdf -> %UserDocuments%\tuition.pdf ->  [Ver =  | Size = 25730 bytes | Modified Date = 1/14/2008 10:50:56 AM | Attr =	]
Updater5 -> %UserDocuments%\Updater5 ->  [Folder | Modified Date = 1/27/2008 3:15:03 PM | Attr =	]
Vault Career Guides -> %UserDocuments%\Vault Career Guides ->  [Folder | Modified Date = 1/14/2008 11:10:23 PM | Attr =	]
zzzSpring2007.lnk -> %UserDocuments%\zzzSpring2007.lnk ->  [Ver =  | Size = 498 bytes | Modified Date = 1/27/2008 7:29:51 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 2/6/2008 3:33:16 AM | Attr =	]
McAfee Security Center.lnk -> %AllUsersDesktop%\McAfee Security Center.lnk ->  [Ver =  | Size = 671 bytes | Modified Date = 2/9/2008 3:25:19 PM | Attr =	]
451 -> %UserDesktop%\451 ->  [Folder | Modified Date = 2/6/2008 12:26:15 PM | Attr =	]
5 Goals 3 Months 1.docx -> %UserDesktop%\5 Goals 3 Months 1.docx ->  [Ver =  | Size = 12437 bytes | Modified Date = 2/4/2008 12:15:22 AM | Attr =	]
aaw2007.exe -> %UserDesktop%\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/5/2008 7:04:53 PM | Attr =	]
app answers.docx -> %UserDesktop%\app answers.docx ->  [Ver =  | Size = 12710 bytes | Modified Date = 1/15/2008 10:54:19 PM | Attr =	]
Blackout BLAZERS -> %UserDesktop%\Blackout BLAZERS ->  [Folder | Modified Date = 2/4/2008 10:39:22 PM | Attr =	]
Blake PART.pptx -> %UserDesktop%\Blake PART.pptx ->  [Ver =  | Size = 172751 bytes | Modified Date = 2/6/2008 1:30:08 PM | Attr =	]
blakeSAUNDERS Resume.pdf -> %UserDesktop%\blakeSAUNDERS Resume.pdf ->  [Ver =  | Size = 108176 bytes | Modified Date = 2/1/2008 12:17:02 PM | Attr =	]
Bloomington Recommendations and Course of Actions.doc -> %UserDesktop%\Bloomington Recommendations and Course of Actions.doc ->  [Ver =  | Size = 34816 bytes | Modified Date = 2/6/2008 11:05:48 AM | Attr =	]
Book1.xlsx -> %UserDesktop%\Book1.xlsx ->  [Ver =  | Size = 9625 bytes | Modified Date = 2/2/2008 1:11:46 AM | Attr =	]
ClassesandAvailability.xls -> %UserDesktop%\ClassesandAvailability.xls ->  [Ver =  | Size = 33792 bytes | Modified Date = 1/13/2008 7:44:12 PM | Attr =	]
Codecs6030_allin1.exe -> %UserDesktop%\Codecs6030_allin1.exe -> http://www.codecpack.com [Ver = 6.0.3.0 | Size = 10050902 bytes | Modified Date = 2/3/2008 11:57:56 PM | Attr =	]
CURRENT STUFF -> %UserDesktop%\CURRENT STUFF ->  [Folder | Modified Date = 1/14/2008 9:18:22 PM | Attr =	]
Desktop -> %UserDesktop%\Desktop ->  [Folder | Modified Date = 1/15/2008 7:45:26 PM | Attr =	]
Downloads -> %UserDesktop%\Downloads ->  [Folder | Modified Date = 2/1/2008 1:00:09 AM | Attr =	]
EM COrr -> %UserDesktop%\EM COrr ->  [Folder | Modified Date = 1/14/2008 9:18:37 PM | Attr =	]
FIND A JOB -> %UserDesktop%\FIND A JOB ->  [Folder | Modified Date = 2/2/2008 1:24:22 AM | Attr =	]
Full page fax print.pdf -> %UserDesktop%\Full page fax print.pdf ->  [Ver =  | Size = 191383 bytes | Modified Date = 1/31/2008 5:16:40 PM | Attr =	]
HijackThis.exe -> %UserDesktop%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 2/9/2008 5:04:11 PM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1373 bytes | Modified Date = 2/9/2008 5:04:11 PM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/9/2008 4:42:32 PM | Attr =	]
Homework 2.ppt -> %UserDesktop%\Homework 2.ppt ->  [Ver =  | Size = 754688 bytes | Modified Date = 1/16/2008 12:59:48 PM | Attr =	]
housing.docx -> %UserDesktop%\housing.docx ->  [Ver =  | Size = 139490 bytes | Modified Date = 2/6/2008 10:02:47 PM | Attr =	]
Investment Bank Contacts.doc -> %UserDesktop%\Investment Bank Contacts.doc ->  [Ver =  | Size = 33280 bytes | Modified Date = 2/1/2008 12:41:00 AM | Attr =	]
Investment Banking.xls -> %UserDesktop%\Investment Banking.xls ->  [Ver =  | Size = 22528 bytes | Modified Date = 2/1/2008 12:51:39 AM | Attr =	]
Investment Banks - Real Estate.doc -> %UserDesktop%\Investment Banks - Real Estate.doc ->  [Ver =  | Size = 31744 bytes | Modified Date = 2/3/2008 10:17:00 AM | Attr =	]
iPhoto Library -> %UserDesktop%\iPhoto Library ->  [Folder | Modified Date = 1/14/2008 9:18:40 PM | Attr =	]
Janraury 24.docx -> %UserDesktop%\Janraury 24.docx ->  [Ver =  | Size = 11678 bytes | Modified Date = 1/23/2008 11:30:49 PM | Attr =	]
lj1020-HB-pnp-winxp2kv32-en.exe -> %UserDesktop%\lj1020-HB-pnp-winxp2kv32-en.exe ->  [Ver =  | Size = 5031560 bytes | Modified Date = 1/28/2008 9:33:29 AM | Attr =	]
lkasdf -> %UserDesktop%\lkasdf ->  [Folder | Modified Date = 2/6/2008 11:54:08 AM | Attr =	]
mcafee_cq9765_en-us_3132007.exe -> %UserDesktop%\mcafee_cq9765_en-us_3132007.exe ->  [Ver =  | Size = 28433776 bytes | Modified Date = 2/9/2008 3:02:11 PM | Attr =	]
MGMT 412 Spring 2008 syllabus.pdf -> %UserDesktop%\MGMT 412 Spring 2008 syllabus.pdf ->  [Ver =  | Size = 37024 bytes | Modified Date = 1/14/2008 11:02:02 PM | Attr =	]
MGMT 451 Case 1 FINAL DRAFT A.docx -> %UserDesktop%\MGMT 451 Case 1 FINAL DRAFT A.docx ->  [Ver =  | Size = 19269 bytes | Modified Date = 2/6/2008 2:35:51 PM | Attr =	]
MGMT 451 Case 1 FINAL DRAFT A.pptx -> %UserDesktop%\MGMT 451 Case 1 FINAL DRAFT A.pptx ->  [Ver =  | Size = 576623 bytes | Modified Date = 2/6/2008 1:27:32 PM | Attr =	]
MGMT 451 Case 1 FINAL.pptx -> %UserDesktop%\MGMT 451 Case 1 FINAL.pptx ->  [Ver =  | Size = 576592 bytes | Modified Date = 2/6/2008 1:29:01 PM | Attr =	]
MGMT 451 Charts.pptx -> %UserDesktop%\MGMT 451 Charts.pptx ->  [Ver =  | Size = 132752 bytes | Modified Date = 2/6/2008 1:30:27 PM | Attr =	]
Mgmt 451 Spring 2008 02 - Shinkle - Group Assignments & Case Info rev 1.ppt -> %UserDesktop%\Mgmt 451 Spring 2008 02 - Shinkle - Group Assignments & Case Info rev 1.ppt ->  [Ver =  | Size = 101376 bytes | Modified Date = 2/2/2008 9:32:14 AM | Attr =	]
MGMT 451 Strategic Analysis HW Templates rev 3.ppt -> %UserDesktop%\MGMT 451 Strategic Analysis HW Templates rev 3.ppt ->  [Ver =  | Size = 439296 bytes | Modified Date = 1/29/2008 11:07:12 PM | Attr =	]
Moerae Matrix - IFF 1-31-08.pdf -> %UserDesktop%\Moerae Matrix - IFF 1-31-08.pdf ->  [Ver =  | Size = 233362 bytes | Modified Date = 2/5/2008 7:06:00 PM | Attr =	]
MORGAN STANLEY -> %UserDesktop%\MORGAN STANLEY ->  [Folder | Modified Date = 1/31/2008 3:26:01 PM | Attr =	]
No Country For Old Men.avi -> %UserDesktop%\No Country For Old Men.avi ->  [Ver =  | Size = 734181376 bytes | Modified Date = 2/3/2008 7:42:00 AM | Attr =	]
Nuclear Technology.docx -> %UserDesktop%\Nuclear Technology.docx ->  [Ver =  | Size = 13372 bytes | Modified Date = 2/2/2008 9:46:20 PM | Attr =	]
NY Dorm.pdf -> %UserDesktop%\NY Dorm.pdf ->  [Ver =  | Size = 30648 bytes | Modified Date = 2/6/2008 4:51:04 PM | Attr =	]
NYU PAYMENT.pdf -> %UserDesktop%\NYU PAYMENT.pdf ->  [Ver =  | Size = 31416 bytes | Modified Date = 2/6/2008 4:50:36 PM | Attr =	]
Part1.pdf -> %UserDesktop%\Part1.pdf ->  [Ver =  | Size = 41829 bytes | Modified Date = 1/31/2008 9:09:04 PM | Attr =	]
Part2.pdf -> %UserDesktop%\Part2.pdf ->  [Ver =  | Size = 108168 bytes | Modified Date = 1/31/2008 9:09:43 PM | Attr =	]
PEARLStreet -> %UserDesktop%\PEARLStreet ->  [Folder | Modified Date = 1/31/2008 12:42:56 PM | Attr =	]
Private Equity HUB - What a Coincidence...pdf -> %UserDesktop%\Private Equity HUB - What a Coincidence...pdf ->  [Ver =  | Size = 136744 bytes | Modified Date = 2/7/2008 2:23:46 PM | Attr =	]
Rothschild European Graduate Recruitment.tif -> %UserDesktop%\Rothschild European Graduate Recruitment.tif ->  [Ver =  | Size = 219082 bytes | Modified Date = 1/15/2008 10:53:41 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 2/9/2008 3:40:28 PM | Attr =	]
spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 2/9/2008 3:39:03 PM | Attr =	]
Summit Data.docx -> %UserDesktop%\Summit Data.docx ->  [Ver =  | Size = 25858 bytes | Modified Date = 1/15/2008 7:40:25 PM | Attr =	]
Switzerland Pictures -> %UserDesktop%\Switzerland Pictures ->  [Folder | Modified Date = 1/14/2008 9:19:38 PM | Attr =	]
tony -> %UserDesktop%\tony ->  [Folder | Modified Date = 2/4/2008 10:33:37 PM | Attr =	]
UTAH Summit -> %UserDesktop%\UTAH Summit ->  [Folder | Modified Date = 2/3/2008 10:27:03 AM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/9/2008 4:41:58 PM | Attr =	]
WRT54Gv5v6_v1.02.2_fw.bin -> %UserDesktop%\WRT54Gv5v6_v1.02.2_fw.bin ->  [Ver =  | Size = 1682896 bytes | Modified Date = 2/3/2008 11:53:28 PM | Attr =	]
desktop.ini -> %AllUsersStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 1/14/2008 9:05:10 PM | Attr =  HS]
Windows Desktop Search.lnk -> %AllUsersStartup%\Windows Desktop Search.lnk ->  [Ver =  | Size = 1787 bytes | Modified Date = 1/14/2008 11:36:47 PM | Attr =	]
Desktop Manager.lnk -> %UserStartup%\Desktop Manager.lnk ->  [Ver =  | Size = 1837 bytes | Modified Date = 1/14/2008 8:53:56 PM | Attr =	]
desktop.ini -> %UserStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 1/14/2008 9:05:10 PM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 1/27/2008 3:13:40 PM | Attr =	]
AOL -> %CommonProgramFiles%\AOL ->  [Folder | Modified Date = 1/14/2008 8:56:17 PM | Attr =	]
Apple -> %CommonProgramFiles%\Apple ->  [Folder | Modified Date = 1/14/2008 9:28:49 PM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Modified Date = 1/14/2008 8:30:16 PM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 1/14/2008 8:58:33 PM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 1/27/2008 12:03:38 PM | Attr =	]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared ->  [Folder | Modified Date = 1/27/2008 3:13:30 PM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Modified Date = 2/9/2008 3:20:27 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 1/14/2008 8:30:57 PM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Modified Date = 1/14/2008 9:02:53 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Modified Date = 1/14/2008 12:54:52 PM | Attr =	]
Real -> %CommonProgramFiles%\Real ->  [Folder | Modified Date = 1/15/2008 12:21:23 AM | Attr =	]
Research In Motion -> %CommonProgramFiles%\Research In Motion ->  [Folder | Modified Date = 1/14/2008 8:53:54 PM | Attr =	]
Roxio Shared -> %CommonProgramFiles%\Roxio Shared ->  [Folder | Modified Date = 1/14/2008 8:59:23 PM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Modified Date = 1/14/2008 9:02:58 PM | Attr =	]
Skype -> %CommonProgramFiles%\Skype ->  [Folder | Modified Date = 1/16/2008 12:28:37 PM | Attr =	]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared ->  [Folder | Modified Date = 1/14/2008 9:00:51 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Modified Date = 1/14/2008 12:54:48 PM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 1/14/2008 10:50:49 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/6/2008 3:32:53 AM | Attr =	]
xing shared -> %CommonProgramFiles%\xing shared ->  [Folder | Modified Date = 1/15/2008 12:21:26 AM | Attr =	]

< End of report >


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 17 February 2008 - 08:16 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum goimop
My name is Richie and i'll be helping you to fix your problems.

Please follow the instructions in the link below for the downloading and running of ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not got it installed.
Post the log from ComboFix when you've finished.

Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply if it ran successfully.
Posted Image
Posted Image

#3 goimop

goimop
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 18 February 2008 - 06:41 PM

I couldn't get combofix to run. i tried both changing the name of the file and also starting it in windows safe mode.

Here is the log from hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:41 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\blake\Desktop\CURRENT STUFF\malware solve\abc.bat

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cru629.dat
O23 - Service: McAfee Application Installer Cleanup (0115581202591561) (0115581202591561mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\011558~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9868 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 18 February 2008 - 06:46 PM

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, DSS will open two Notepads: main.txt and extra.txt
* Use Save As to save both Notepad files to your Desktop and post them in your next reply.

*Note*
Post all reports/logs directly into this topic,not as attachments or inside code boxes,thanks.
Posted Image
Posted Image

#5 goimop

goimop
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 18 February 2008 - 09:53 PM

main.txt
Deckard's System Scanner v20071014.68
Run by blake on 2008-02-18 20:19:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-19 01:19:20 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-18 20:23:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\blake\Desktop\a.exe
C:\Program Files\McAfee\MPF\MC\MpfAlert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: cru629.dat
O23 - Service: McAfee Application Installer Cleanup (0115581202591561) (0115581202591561mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\011558~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 11684 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 0115581202591561mcinstcleanup (McAfee Application Installer Cleanup (0115581202591561)) - c:\windows\temp\011558~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&277104FA&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&277104FA&0&0102
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01CC1028&REV_02\4&378EDFA4&0&00E2
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01CC1028&REV_02\4&378EDFA4&0&00E2
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Biometric Coprocessor
Device ID: USB\VID_0483&PID_2016\6&174C1FE6&0&1
Manufacturer:
Name: Biometric Coprocessor
PNP Device ID: USB\VID_0483&PID_2016\6&174C1FE6&0&1
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CC1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CC1028&REV_01\3&61AAA01&0&FB
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-02-09 15:27:35 368 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-09 15:27:35 366 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-02-02 09:53:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-18 and 2008-02-18 -----------------------------

2008-02-18 20:15:22 0 d-------- C:\Program Files\Common Files\Java
2008-02-18 19:47:28 0 d-------- C:\Documents and Settings\blake\.SunDownloadManager
2008-02-18 18:36:25 3503 --a------ C:\Start_.cmd
2008-02-18 18:36:25 0 d-------- C:\327882R2FWJFW
2008-02-18 18:06:28 0 dr-hs---- C:\cmdcons
2008-02-18 18:06:26 0 d-------- C:\WINDOWS\setup.pss
2008-02-18 18:06:09 0 d-------- C:\WINDOWS\setupupd
2008-02-16 22:45:57 11264 --a------ C:\WINDOWS\braviax.exe
2008-02-13 00:08:46 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-13 00:08:46 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-02-13 00:08:46 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-02-13 00:08:45 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-02-13 00:08:45 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-02-13 00:08:45 0 d-------- C:\Program Files\AVSMedia
2008-02-10 10:07:55 0 d-------- C:\Program Files\DivX
2008-02-09 16:42:35 0 d-------- C:\Program Files\Trend Micro
2008-02-09 16:05:05 0 d-------- C:\Program Files\SystemDefender
2008-02-09 16:04:05 11264 --a------ C:\WINDOWS\system32\braviax.exe
2008-02-09 15:40:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-09 15:40:09 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-09 15:40:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-09 15:40:09 85504 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-09 15:40:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-09 15:40:09 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-09 15:40:09 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-09 15:40:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-09 15:15:28 0 d--h----- C:\Documents and Settings\Administrator.BCOMPUTER\Templates
2008-02-09 15:15:28 0 dr------- C:\Documents and Settings\Administrator.BCOMPUTER\Start Menu
2008-02-09 15:15:28 0 dr-h----- C:\Documents and Settings\Administrator.BCOMPUTER\SendTo
2008-02-09 15:15:28 0 d--h----- C:\Documents and Settings\Administrator.BCOMPUTER\Recent
2008-02-09 15:15:28 0 d--h----- C:\Documents and Settings\Administrator.BCOMPUTER\PrintHood
2008-02-09 15:15:28 524288 --ah----- C:\Documents and Settings\Administrator.BCOMPUTER\NTUSER.DAT
2008-02-09 15:15:28 0 d--h----- C:\Documents and Settings\Administrator.BCOMPUTER\NetHood
2008-02-09 15:15:28 0 d-------- C:\Documents and Settings\Administrator.BCOMPUTER\My Documents
2008-02-09 15:15:28 0 d--h----- C:\Documents and Settings\Administrator.BCOMPUTER\Local Settings
2008-02-09 15:15:28 0 d-------- C:\Documents and Settings\Administrator.BCOMPUTER\Favorites
2008-02-09 15:15:28 0 d-------- C:\Documents and Settings\Administrator.BCOMPUTER\Desktop
2008-02-09 15:15:28 0 d---s---- C:\Documents and Settings\Administrator.BCOMPUTER\Cookies
2008-02-09 15:15:28 0 dr-h----- C:\Documents and Settings\Administrator.BCOMPUTER\Application Data
2008-02-09 15:15:28 0 d---s---- C:\Documents and Settings\Administrator.BCOMPUTER\Application Data\Microsoft
2008-02-09 15:09:18 0 d-------- C:\Documents and Settings\blake\Application Data\SiteAdvisor
2008-02-09 15:04:33 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-02-09 14:25:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-09 14:25:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-09 14:25:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-09 14:25:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-09 14:25:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-09 14:25:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-09 14:25:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-09 14:25:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-09 14:25:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-09 14:25:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-09 14:25:29 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-02-09 14:25:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-09 14:25:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-09 14:25:28 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-07 16:48:09 0 d-------- C:\WINDOWS\pss
2008-02-06 03:33:12 0 d-------- C:\Program Files\Lavasoft
2008-02-06 03:33:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-06 03:32:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 02:10:15 0 d-------- C:\Documents and Settings\blake\Application Data\U3
2008-02-05 17:00:49 6656 --a------ C:\WINDOWS\system32\users32.dat
2008-02-05 17:00:37 6144 --a------ C:\WINDOWS\system32\cru629.dat
2008-02-05 17:00:37 6144 --a------ C:\WINDOWS\cru629.dat
2008-02-03 23:58:27 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-03 23:58:20 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-02-02 01:58:52 0 d-------- C:\Documents and Settings\blake\Application Data\Move Networks
2008-01-28 09:39:25 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-27 15:13:37 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-27 15:13:30 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-27 14:35:12 0 d-------- C:\Documents and Settings\blake\Application Data\WinRAR
2008-01-27 14:34:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-01-27 14:34:42 0 d-------- C:\Documents and Settings\blake\Application Data\Roxio
2008-01-27 12:55:32 0 d-------- C:\Program Files\iPod
2008-01-27 12:11:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-27 12:11:36 0 d-------- C:\Documents and Settings\blake\Application Data\Azureus
2008-01-27 12:05:46 0 d-------- C:\Program Files\Azureus
2008-01-27 12:03:41 0 d-------- C:\Program Files\Java
2008-01-26 22:19:19 66880 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-24 14:00:41 0 d-------- C:\Program Files\FeedStation
2008-01-24 14:00:35 0 d-------- C:\Program Files\FeedDemon
2008-01-23 13:07:34 0 d-------- C:\WINDOWS\system32\DRM


-- Find3M Report ---------------------------------------------------------------

2008-02-18 20:15:22 0 d-------- C:\Program Files\Common Files
2008-02-18 19:48:38 0 d-------- C:\Documents and Settings\blake\Application Data\Skype
2008-02-18 18:32:33 256 --a------ C:\WINDOWS\system32\pool.bin
2008-02-18 18:32:33 0 d-------- C:\Documents and Settings\blake\Application Data\skypePM
2008-02-12 23:52:46 52659 --a------ C:\WINDOWS\system32\nvModes.dat
2008-02-10 10:08:04 1722 --a------ C:\WINDOWS\mozver.dat
2008-02-09 16:12:16 0 d-------- C:\Program Files\McAfee
2008-02-09 15:20:27 0 d-------- C:\Program Files\Common Files\McAfee
2008-01-30 20:12:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-28 12:17:16 0 d-------- C:\Documents and Settings\blake\Application Data\Apple Computer
2008-01-27 15:13:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-27 15:13:40 0 d-------- C:\Documents and Settings\blake\Application Data\Adobe
2008-01-27 12:56:08 0 d-------- C:\Program Files\iTunes
2008-01-27 12:52:50 0 d-------- C:\Program Files\QuickTime
2008-01-16 12:28:40 0 d-------- C:\Program Files\Skype
2008-01-16 12:28:37 0 d-------- C:\Program Files\Common Files\Skype
2008-01-16 12:26:53 0 d-------- C:\Documents and Settings\blake\Application Data\Sun
2008-01-15 12:49:20 0 d-------- C:\Program Files\Picasa2
2008-01-15 12:49:03 0 d-------- C:\Program Files\Google
2008-01-15 00:23:06 0 d-------- C:\Documents and Settings\blake\Application Data\Real
2008-01-15 00:21:26 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-15 00:21:23 0 d-------- C:\Program Files\Common Files\Real
2008-01-15 00:20:59 0 d-------- C:\Program Files\Real
2008-01-14 23:38:43 0 d-------- C:\Documents and Settings\blake\Application Data\Windows Desktop Search
2008-01-14 23:36:19 0 d-------- C:\Program Files\Windows Desktop Search
2008-01-14 23:03:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-14 22:51:47 0 d-------- C:\Program Files\Messenger
2008-01-14 22:46:33 0 d-------- C:\Program Files\MSXML 4.0
2008-01-14 22:45:35 0 d-------- C:\Documents and Settings\blake\Application Data\Identities
2008-01-14 22:04:45 0 d-------- C:\Documents and Settings\blake\Application Data\Blackberry Desktop
2008-01-14 21:29:16 0 d-------- C:\Program Files\Apple Software Update
2008-01-14 21:28:49 0 d-------- C:\Program Files\Common Files\Apple
2008-01-14 21:16:33 0 d-------- C:\Program Files\SigmaTel
2008-01-14 21:05:33 0 d-------- C:\Program Files\microsoft frontpage
2008-01-14 21:05:04 0 -rahs---- C:\MSDOS.SYS
2008-01-14 21:05:04 0 -rahs---- C:\IO.SYS
2008-01-14 21:05:04 0 --a------ C:\CONFIG.SYS
2008-01-14 21:05:04 0 --a------ C:\AUTOEXEC.BAT
2008-01-14 21:04:32 0 d-------- C:\Documents and Settings\blake\Application Data\Research In Motion
2008-01-14 21:04:00 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-14 21:02:53 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-14 21:02:38 0 d-------- C:\Program Files\Movie Maker
2008-01-14 21:01:30 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-14 21:00:54 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-14 21:00:51 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-14 21:00:42 0 d-------- C:\Program Files\Windows NT
2008-01-14 20:59:23 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-14 20:59:03 0 d-------- C:\Program Files\Roxio
2008-01-14 20:58:33 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-14 20:57:51 0 d-------- C:\Documents and Settings\blake\Application Data\acccore
2008-01-14 20:57:30 0 d-------- C:\Program Files\AIM6
2008-01-14 20:56:48 0 d-------- C:\Program Files\Viewpoint
2008-01-14 20:56:17 0 d-------- C:\Program Files\Common Files\AOL
2008-01-14 20:53:54 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-01-14 20:53:24 0 d-------- C:\Program Files\Research In Motion
2008-01-14 20:31:01 0 d-------- C:\Program Files\Microsoft Works
2008-01-14 20:30:49 0 d-------- C:\Program Files\MSBuild
2008-01-14 20:29:24 0 d-------- C:\Program Files\McAfee.com
2008-01-14 20:19:34 0 d-------- C:\Program Files\Online Services
2008-01-14 20:19:21 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-14 20:19:19 0 d-------- C:\Documents and Settings\blake\Application Data\Mozilla
2008-01-14 20:12:31 0 d-------- C:\Documents and Settings\blake\Application Data\Macromedia
2008-01-14 12:54:52 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-14 12:54:48 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-14 12:54:13 62 --ahs---- C:\Documents and Settings\blake\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [02/28/2006 07:00 AM C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/17/2007 03:03 AM]
"nwiz"="nwiz.exe" [11/17/2007 03:03 AM C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [11/17/2007 03:03 AM C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/17/2007 03:03 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/15/2008 12:21 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"braviax"="braviax.exe" [02/18/2008 06:24 PM C:\WINDOWS\system32\braviax.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [12/07/2007 03:08 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\blake\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [10/2/2007 1:16:42 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^blake^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\blake\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
braviax.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16ced2e8-da6b-11dc-bbfa-001641903674}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ddecb2e-d274-11dc-bbe8-001641903674}]
AutoRun\command- E:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-02-18 20:23:32 ------------













extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
CPU 1: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2046.11 MiB / 1438.45 MiB
Pagefile Memory (total/avail): 3939.09 MiB / 3446.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.68 MiB

C: is Fixed (NTFS) - 93.16 GiB total, 54.48 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS721010G9SA00 - 93.16 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 93.16 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\blake\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\blake
LOGONSERVER=\\BCOMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\blake\LOCALS~1\Temp
TMP=C:\DOCUME~1\blake\LOCALS~1\Temp
USERDOMAIN=BCOMPUTER
USERNAME=blake
USERPROFILE=C:\Documents and Settings\blake
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

blake (admin)
Administrator.BCOMPUTER (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVS DVD Player version 2.4 --> "C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FeedDemon --> "C:\Program Files\FeedDemon\unins000.exe"
FeedStation --> "C:\Program Files\FeedStation\unins000.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\blake\Desktop\CURRENT STUFF\malware solve\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1209 / Error
Event Submitted/Written: 02/18/2008 05:42:10 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pictureviewer.exe, version 7.4.0.91, faulting module quicktime.qts, version 7.4.0.91, fault address 0x009efeeb.
Processing media-specific event for [pictureviewer.exe!ws!]

Event Record #/Type1207 / Error
Event Submitted/Written: 02/18/2008 05:34:12 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.20121, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1080 / Error
Event Submitted/Written: 02/12/2008 01:14:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module wmvcore.dll, version 10.0.0.4054, fault address 0x000106cc.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1079 / Error
Event Submitted/Written: 02/12/2008 01:13:47 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1072 / Error
Event Submitted/Written: 02/11/2008 02:17:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module quicktime.qts, version 7.4.0.91, fault address 0x001514d4.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4108 / Warning
Event Submitted/Written: 02/18/2008 08:22:00 PM
Event ID/Source: 2 / HidBth
Event Description:
Bluetooth HID device (00:50:f2:e2:fe:97) either went out of range or became unresponsive.

Event Record #/Type4096 / Error
Event Submitted/Written: 02/18/2008 06:58:51 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{51F6D44C-DF73-45C3-8.
The master browser is stopping or an election is being forced.

Event Record #/Type4085 / Error
Event Submitted/Written: 02/18/2008 06:48:26 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type4084 / Error
Event Submitted/Written: 02/18/2008 06:48:26 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type4083 / Warning
Event Submitted/Written: 02/18/2008 06:48:26 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0016CF3F049D. The IP address being used is 169.254.40.104.



-- End of Deckard's System Scanner: finished at 2008-02-18 20:23:32 ------------

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 19 February 2008 - 05:49 AM

AV: McAfee VirusScan v (McAfee) Disabled

According to Deckard,McAfee VirusScan is disabled,if thats correct please enable it.


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
Read this article:
http://www.clickz.com/news/article.php/3561546
You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player



Please disable Spybot S&D’s protection,or it will interfere.
You can enable it after you're clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\327882R2FWJFW
C:\WINDOWS\braviax.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\cru629.dat
C:\WINDOWS\system32\users32.dat
C:\Program Files\SystemDefender


Return to OTMoveIt, right click on the "Paste Custom List of Files/Folders to Move" window under the "yellow" bar at the bottom,and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt by clicking on the "Exit" button.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Copy and paste ALL the following text in the code box below into Notepad.
Click on Start/All Programs/Accessories/Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the information into the registry,then restart your pc.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]


Please download Malwarebytes Anti-Malware:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Posted Image
Posted Image

#7 goimop

goimop
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 19 February 2008 - 06:16 PM

Okay one step at a time...

antivirus is disabled being disabled by this "program" so I cannot reactivate it.

OTMoveIt LOG
-------------------------------------------
[Custom Input]
< C:\327882R2FWJFW >
C:\327882R2FWJFW moved successfully.
< C:\WINDOWS\braviax.exe >
C:\WINDOWS\braviax.exe moved successfully.
< C:\WINDOWS\system32\braviax.exe >
C:\WINDOWS\system32\braviax.exe moved successfully.
< C:\WINDOWS\system32\cru629.dat >
C:\WINDOWS\system32\cru629.dat moved successfully.
< C:\WINDOWS\cru629.dat >
C:\WINDOWS\cru629.dat moved successfully.
< C:\WINDOWS\system32\users32.dat >
C:\WINDOWS\system32\users32.dat moved successfully.
< C:\Program Files\SystemDefender >
C:\Program Files\SystemDefender moved successfully.

OTMoveIt2 v1.0.20 log created on 02192008_181455

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 19 February 2008 - 07:17 PM

Great,carry on with the remaining steps if you will please.
Posted Image
Posted Image

#9 goimop

goimop
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 19 February 2008 - 09:48 PM

Malwarebytes' Anti-Malware 1.04
Database version: 381

Scan type: Quick Scan
Objects scanned: 28336
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\cru629.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\users32.dat (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 20 February 2008 - 04:27 AM

Post a new Hijackthis log,let me know how your pc is running now please.
Posted Image
Posted Image

#11 goimop

goimop
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 20 February 2008 - 01:01 PM

This malware will not leave my computer...

here is a new hijackthis log - thanks richie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:52 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\pdfprevhndlrshim.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\blake\Desktop\CURRENT STUFF\malware solve\abc.bat
C:\WINDOWS\system32\SearchProtocolHost.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cru629.dat
O23 - Service: McAfee Application Installer Cleanup (0115581202591561) (0115581202591561mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\011558~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 9699 bytes

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 20 February 2008 - 01:54 PM

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

* You might want to print/copy the following as you need to be in Safe Mode from here on.

* Please then reboot your computer into Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.It does not provide an option to clean/disinfect,i need to see the scan results.
• Now click on the Save as Text button.
• Save the file to your desktop.
• Copy and paste the contents of that file into your next reply.

If the above link doesn't work,try this:
http://www.kaspersky.com/kos/english/kavwebscan.html

Also post a new Hijackthis log please.
Posted Image
Posted Image

#13 goimop

goimop
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 26 February 2008 - 01:50 PM

Problem Solved - Updated McAfee was able to turn eradicate infection and turn its auto monitoring back on.

Thanks for your help.

Blake

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 26 February 2008 - 03:03 PM

Can you post the SDFix and Kaspersky webscan reults,and a new Hijackthis log into your next reply.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users