Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virusheat


  • Please log in to reply
14 replies to this topic

#1 keep22goal

keep22goal

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 25 February 2008 - 12:05 PM

I have been trying to manually delete it from how it said to do it from some other sites but have been having trouble. Here is my Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:57 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202852047062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8879 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:10 PM

Posted 06 March 2008 - 12:28 PM

Hello keep22goal and welcome to the BC HijackThis forum. I don't see much in that log. Let's see what else we can find.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 keep22goal

keep22goal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 08 March 2008 - 03:08 PM

Here it is. After running the scan, some websites(including bleeping computer) don't run exactly right and you can't see all the graphics and stuff like that. Anyways here is the scan:

WinPFind35 logfile created on: 3/8/2008 2:47:45 PM
WinPFind35U Version 1.0.4.0	 Folder = C:\Documents and Settings\David\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.36 Mb Total Physical Memory | 667.61 Mb Available Physical Memory | 65.75% Memory free
2.39 Gb Paging File | 2.03 Gb Available in Paging File | 84.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 59.26 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive D: | 7.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 232.83 Gb Total Space | 127.96 Gb Free Space | 54.96% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TUFTS-1C11D0E5D
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.0.4 | Size = 643072 bytes | Modified Date = 2/21/2007 11:28:36 AM | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 11, 1, 0, 9 | Size = 983040 bytes | Modified Date = 2/21/2007 11:16:48 AM | Attr =	]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 11.1.0.4 | Size = 294912 bytes | Modified Date = 2/21/2007 11:19:40 AM | Attr =	]
wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE ->  [Ver =  | Size = 20480 bytes | Modified Date = 3/16/2007 6:10:46 PM | Attr =	]
bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1253376 bytes | Modified Date = 3/16/2007 6:10:42 PM | Attr =	]
avinitnt.exe -> %ProgramFiles%\Authentium\Command AntiVirus\avinitnt.exe -> Authentium, Inc. [Ver = 4,93,9,60821 | Size = 161072 bytes | Modified Date = 12/5/2007 3:46:40 PM | Attr = R  ]
dvpapi.exe -> %CommonProgramFiles%\Authentium\AntiVirus\dvpapi.exe -> Authentium, Inc. [Ver = 4,94,107,521 | Size = 177448 bytes | Modified Date = 11/27/2007 2:02:46 PM | Attr = R  ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.0.0   | Size = 327680 bytes | Modified Date = 2/21/2007 11:10:00 AM | Attr =	]
schscnt.exe -> %ProgramFiles%\Authentium\Command AntiVirus\schscnt.exe -> Authentium, Inc. [Ver = 4,94,107,521 | Size = 173360 bytes | Modified Date = 12/5/2007 3:47:02 PM | Attr = R  ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]
wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 3/16/2007 6:10:46 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 77824 bytes | Modified Date = 9/15/2006 4:50:22 PM | Attr =	]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 118784 bytes | Modified Date = 9/15/2006 4:54:22 PM | Attr =	]
avtray.exe -> %ProgramFiles%\Authentium\Command AntiVirus\avtray.exe -> Authentium, Inc. [Ver = 4,94,107,521 | Size = 144688 bytes | Modified Date = 12/5/2007 3:46:48 PM | Attr = R  ]
dvprpt.exe -> %ProgramFiles%\Authentium\Command AntiVirus\dvprpt.exe -> Authentium, Inc. [Ver = 4,94,107,521 | Size = 206128 bytes | Modified Date = 12/5/2007 3:46:54 PM | Attr = R  ]
untray.exe -> %ProgramFiles%\Authentium\Command AntiVirus\untray.exe -> Authentium, Inc. [Ver = 4,94,107,530 | Size = 140592 bytes | Modified Date = 12/5/2007 3:47:06 PM | Attr = R  ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 11.1.0.5   | Size = 819200 bytes | Modified Date = 2/21/2007 11:19:58 AM | Attr =	]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 11.1.0.2 | Size = 970752 bytes | Modified Date = 2/21/2007 11:17:42 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 11:15:06 AM | Attr =	]
btdna.exe -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/28/2008 12:41:51 AM | Attr =	]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 2:17:27 AM | Attr =	]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 11.1.0.7 | Size = 487424 bytes | Modified Date = 2/21/2007 11:13:26 AM | Attr =	]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 12:16:08 PM | Attr =	]
pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 9, 0, 0 | Size = 217088 bytes | Modified Date = 1/20/2008 2:05:37 AM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.4.0 | Size = 311296 bytes | Modified Date = 3/8/2008 12:04:54 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(avinitnt) avinitnt [Win32_Own | Auto | Running] -> %ProgramFiles%\Authentium\Command AntiVirus\avinitnt.exe -> Authentium, Inc. [Ver = 4,93,9,60821 | Size = 161072 bytes | Modified Date = 12/5/2007 3:46:40 PM | Attr = R  ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr =	]
(dvpapi) dvpapi [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Authentium\AntiVirus\dvpapi.exe -> Authentium, Inc. [Ver = 4,94,107,521 | Size = 177448 bytes | Modified Date = 11/27/2007 2:02:46 PM | Attr = R  ]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.0.4 | Size = 643072 bytes | Modified Date = 2/21/2007 11:28:36 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.0.0   | Size = 327680 bytes | Modified Date = 2/21/2007 11:10:00 AM | Attr =	]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 11, 1, 0, 9 | Size = 983040 bytes | Modified Date = 2/21/2007 11:16:48 AM | Attr =	]
(schscnt) schscnt [Win32_Own | Auto | Running] -> %ProgramFiles%\Authentium\Command AntiVirus\schscnt.exe -> Authentium, Inc. [Ver = 4,94,107,521 | Size = 173360 bytes | Modified Date = 12/5/2007 3:47:02 PM | Attr = R  ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 11.1.0.4 | Size = 294912 bytes | Modified Date = 2/21/2007 11:19:40 AM | Attr =	]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 3/8/2008 4:39:21 AM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.6.0.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.6.0.0 | Size = 21425 bytes | Modified Date = 2/12/2008 4:13:04 PM | Attr =	]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 7.86.0.0 built by: WinDDK | Size = 121472 bytes | Modified Date = 8/23/2004 2:49:30 PM | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(CSS DVP) Dynamic Virus Protection [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Css-Dvp.sys -> Authentium, Inc [Ver = 4.94.907.1120 | Size = 835792 bytes | Modified Date = 11/26/2007 4:33:52 PM | Attr =	]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 6:07:18 PM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 6:07:18 PM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(GTIPCI21) GTIPCI21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gtipci21.sys -> Texas Instruments [Ver = 1.0.1.19 | Size = 88192 bytes | Modified Date = 4/6/2006 3:49:00 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 208384 bytes | Modified Date = 5/3/2005 3:08:50 PM | Attr =	]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.SYS -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 1033728 bytes | Modified Date = 5/3/2005 3:09:28 PM | Attr =	]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4693 | Size = 1173468 bytes | Modified Date = 9/15/2006 5:16:48 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 12:04:14 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 11, 1, 0, 0 | Size = 12416 bytes | Modified Date = 2/21/2007 11:16:12 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.4255 | Size = 273168 bytes | Modified Date = 3/10/2005 4:56:06 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.33 Driver | Size = 2209408 bytes | Modified Date = 2/8/2007 1:51:16 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 705408 bytes | Modified Date = 5/3/2005 3:08:44 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr =	]
avtray -> %ProgramFiles%\Authentium\Command AntiVirus\avtray.exe -> Authentium, Inc. [Ver = 4,94,107,521 | Size = 144688 bytes | Modified Date = 12/5/2007 3:46:48 PM | Attr = R  ]
Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 3/16/2007 6:10:46 PM | Attr =	]
CSAV_CheckViruses -> %ProgramFiles%\Authentium\Command AntiVirus\vchk.exe -> Authentium, Inc. [Ver = 4,94,107,521 | Size = 75056 bytes | Modified Date = 12/5/2007 3:47:06 PM | Attr = R  ]
dvprpt -> %ProgramFiles%\Authentium\Command AntiVirus\dvprpt.exe -> Authentium, Inc. [Ver = 4,94,107,521 | Size = 206128 bytes | Modified Date = 12/5/2007 3:46:54 PM | Attr = R  ]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 77824 bytes | Modified Date = 9/15/2006 4:50:22 PM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 118784 bytes | Modified Date = 9/15/2006 4:54:22 PM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 94208 bytes | Modified Date = 9/15/2006 4:53:36 PM | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 11.1.0.2 | Size = 970752 bytes | Modified Date = 2/21/2007 11:17:42 AM | Attr =	]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 11.1.0.5   | Size = 819200 bytes | Modified Date = 2/21/2007 11:19:58 AM | Attr =	]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> File not found
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 9, 0, 0 | Size = 217088 bytes | Modified Date = 1/20/2008 2:05:37 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 1/31/2008 11:13:08 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
untray -> %ProgramFiles%\Authentium\Command AntiVirus\untray.exe -> Authentium, Inc. [Ver = 4,94,107,530 | Size = 140592 bytes | Modified Date = 12/5/2007 3:47:06 PM | Attr = R  ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 11:15:06 AM | Attr =	]
BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/28/2008 12:41:51 AM | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< David Startup Folder > -> C:\Documents and Settings\David\Start Menu\Programs\Startup -> 
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wbchha.dll [djuka] ->  [Ver =  | Size = 13312 bytes | Modified Date = 2/22/2008 3:26:42 PM | Attr =   S]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 139264 bytes | Modified Date = 9/15/2006 4:49:26 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (224776 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/18/2007 4:49:22 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4190 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4221 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/18/2007 4:49:22 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 5:09:42 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/18/2007 4:49:22 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 5:09:42 PM | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/9/2008 3:01:48 PM | Attr =	]
{9034A523-D068-4BE8-A284-9DF278BE776E}:Exec ->  [IE Anti-Spyware] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{C02DC11B-E104-40C0-873C-79F72F4D7937} ->	(Broadcom NetXtreme 57xx Gigabit Controller) -> 
{C53B994C-91A2-42D9-81E7-4C21987B0DA6} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{3BA3B159-7533-4F96-A2CE-EE5894BBD3D5}[HKEY_LOCAL_MACHINE] -> http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab[Scanner.SysScanner] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202852047062[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 892 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1368 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 2:17:27 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 11:15:06 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/28/2008 12:41:51 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 587568 bytes | Modified Date = 2/11/2008 3:08:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Fonts\lsass.exe -> C:\WINDOWS\Fonts\lsass.exe [C:\WINDOWS\Fonts\lsass.exe:*:Enabled:LSA Shell (Export Version)										] -> Microsoft Corporation						  [Ver = 5.1. | Size = 925672 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr =  HS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 1:58:45 PM | Attr =	]
av -> %SystemDrive%\av ->  [Folder | Created Date = 2/12/2008 3:51:52 PM | Attr =  H ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Created Date = 2/12/2008 1:50:28 PM | Attr =  HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 1:58:45 PM | Attr =	]
dell -> %SystemDrive%\dell ->  [Folder | Created Date = 2/12/2008 2:28:59 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Created Date = 2/12/2008 8:22:40 AM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 1:58:45 PM | Attr = RHS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 526 bytes | Created Date = 2/19/2008 2:29:38 AM | Attr =  H ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 1:58:45 PM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Created Date = 2/15/2008 12:55:32 AM | Attr = RH ]
Program Files -> %ProgramFiles% ->  [Folder | Created Date = 2/12/2008 8:24:10 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 2/12/2008 4:05:31 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 2/12/2008 8:22:40 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
big5.nls -> %SystemRoot%\System32\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 8/3/2004 5:31:54 PM | Attr =	]
c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls ->  [Ver =  | Size = 186402 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls ->  [Ver =  | Size = 185378 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls ->  [Ver =  | Size = 187938 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_28594.nls -> %SystemRoot%\System32\dllcache\c_28594.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_28595.nls -> %SystemRoot%\System32\dllcache\c_28595.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_28597.nls -> %SystemRoot%\System32\dllcache\c_28597.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_28599.nls -> %SystemRoot%\System32\dllcache\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_28603.nls -> %SystemRoot%\System32\dllcache\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 7/17/2004 10:48:36 AM | Attr =	]
c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_737.nls -> %SystemRoot%\System32\dllcache\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_852.nls -> %SystemRoot%\System32\dllcache\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_855.nls -> %SystemRoot%\System32\dllcache\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_857.nls -> %SystemRoot%\System32\dllcache\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_866.nls -> %SystemRoot%\System32\dllcache\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_869.nls -> %SystemRoot%\System32\dllcache\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_875.nls -> %SystemRoot%\System32\dllcache\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
dgrpsetu.dll -> %SystemRoot%\System32\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
dgsetup.dll -> %SystemRoot%\System32\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
eqnclass.dll -> %SystemRoot%\System32\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
FP4.CAT -> %SystemRoot%\System32\dllcache\FP4.CAT ->  [Ver =  | Size = 31281 bytes | Created Date = 8/4/2004 12:58:46 AM | Attr =	]
fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 3/24/2003 4:52:04 PM | Attr =	]
hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
htrn_jis.dll -> %SystemRoot%\System32\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 8/3/2004 5:31:58 PM | Attr =	]
IMS.CAT -> %SystemRoot%\System32\dllcache\IMS.CAT ->  [Ver =  | Size = 13753 bytes | Created Date = 8/4/2004 12:58:46 AM | Attr =	]
imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 8/3/2004 5:31:50 PM | Attr =	]
isrdbg32.dll -> %SystemRoot%\System32\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 8/3/2004 11:56:44 PM | Attr =	]
korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
ltts1033.lxa -> %SystemRoot%\System32\dllcache\ltts1033.lxa ->  [Ver =  | Size = 643717 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
mediactr.cat -> %SystemRoot%\System32\dllcache\mediactr.cat ->  [Ver =  | Size = 31965 bytes | Created Date = 8/4/2004 12:57:02 AM | Attr =	]
mplayer2.exe -> %SystemRoot%\System32\dllcache\mplayer2.exe ->  [Ver =  | Size = 4639 bytes | Created Date = 8/3/2004 11:56:54 PM | Attr =	]
msinfo.dll -> %SystemRoot%\System32\dllcache\msinfo.dll ->  [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 8/3/2004 11:56:44 PM | Attr =	]
MSMSGS.CAT -> %SystemRoot%\System32\dllcache\MSMSGS.CAT ->  [Ver =  | Size = 9581 bytes | Created Date = 8/4/2004 12:58:42 AM | Attr =	]
msn7.cat -> %SystemRoot%\System32\dllcache\msn7.cat ->  [Ver =  | Size = 24209 bytes | Created Date = 8/4/2004 12:58:16 AM | Attr =	]
msn9.cat -> %SystemRoot%\System32\dllcache\msn9.cat ->  [Ver =  | Size = 11651 bytes | Created Date = 8/4/2004 12:57:00 AM | Attr =	]
MSTSWEB.CAT -> %SystemRoot%\System32\dllcache\MSTSWEB.CAT ->  [Ver =  | Size = 7245 bytes | Created Date = 8/4/2004 12:58:10 AM | Attr =	]
MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT ->  [Ver =  | Size = 37484 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
netfx.cat -> %SystemRoot%\System32\dllcache\netfx.cat ->  [Ver =  | Size = 141702 bytes | Created Date = 8/4/2004 12:58:22 AM | Attr =	]
nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex ->  [Ver =  | Size = 4399505 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
NT5.CAT -> %SystemRoot%\System32\dllcache\NT5.CAT ->  [Ver =  | Size = 2012670 bytes | Created Date = 8/4/2004 12:58:34 AM | Attr =	]
NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 797189 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
NT5INF.CAT -> %SystemRoot%\System32\dllcache\NT5INF.CAT ->  [Ver =  | Size = 502724 bytes | Created Date = 8/4/2004 12:58:58 AM | Attr =	]
NTPRINT.CAT -> %SystemRoot%\System32\dllcache\NTPRINT.CAT ->  [Ver =  | Size = 1086058 bytes | Created Date = 8/4/2004 12:57:10 AM | Attr =	]
OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7382 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
pinball.exe -> %SystemRoot%\System32\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 8/3/2004 11:56:56 PM | Attr =	]
pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 8/3/2004 5:31:50 PM | Attr =	]
prc.nls -> %SystemRoot%\System32\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
r1033tts.lxa -> %SystemRoot%\System32\dllcache\r1033tts.lxa ->  [Ver =  | Size = 605050 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
rw330ext.dll -> %SystemRoot%\System32\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
sam.sdf -> %SystemRoot%\System32\dllcache\sam.sdf ->  [Ver =  | Size = 888 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
sam.spd -> %SystemRoot%\System32\dllcache\sam.spd ->  [Ver =  | Size = 1685606 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT ->  [Ver =  | Size = 1042903 bytes | Created Date = 8/4/2004 1:03:44 AM | Attr =	]
spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf ->  [Ver =  | Size = 984 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
tabletpc.cat -> %SystemRoot%\System32\dllcache\tabletpc.cat ->  [Ver =  | Size = 110116 bytes | Created Date = 8/4/2004 1:02:58 AM | Attr =	]
wmerrenu.cat -> %SystemRoot%\System32\dllcache\wmerrenu.cat ->  [Ver =  | Size = 7334 bytes | Created Date = 7/17/2004 10:45:42 AM | Attr =	]
xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.6.0.0 | Size = 21425 bytes | Created Date = 2/12/2008 4:13:04 PM | Attr =	]
BCMWLNPF.SYS -> %SystemRoot%\System32\drivers\BCMWLNPF.SYS -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 33664 bytes | Created Date = 3/16/2007 6:10:42 PM | Attr =	]
del1028.cty -> %SystemRoot%\System32\drivers\del1028.cty ->  [Ver =  | Size = 129405 bytes | Created Date = 5/3/2005 11:56:46 AM | Attr =	]
disdn -> %SystemRoot%\System32\drivers\disdn ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
hosts.20080212-162629.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080212-162629.backup ->  [Ver =  | Size = 734 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
hosts.20080212-162959.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080212-162959.backup ->  [Ver =  | Size = 224776 bytes | Created Date = 2/12/2008 4:26:29 PM | Attr = R  ]
gtipci21.sys -> %SystemRoot%\System32\drivers\gtipci21.sys -> Texas Instruments [Ver = 1.0.1.19 | Size = 88192 bytes | Created Date = 4/6/2006 3:49:00 PM | Attr =	]
HSFHWICH.sys -> %SystemRoot%\System32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 208384 bytes | Created Date = 5/3/2005 3:08:50 PM | Attr =	]
HSF_CNXT.sys -> %SystemRoot%\System32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 705408 bytes | Created Date = 5/3/2005 3:08:44 PM | Attr =	]
HSF_DPV.SYS -> %SystemRoot%\System32\drivers\HSF_DPV.SYS -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 1033728 bytes | Created Date = 5/3/2005 3:09:28 PM | Attr =	]
ialmnt5.sys -> %SystemRoot%\System32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4693 | Size = 1173468 bytes | Created Date = 9/15/2006 5:16:48 PM | Attr =	]
mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Created Date = 3/17/2004 12:04:14 PM | Attr =	]
STAC97.sys -> %SystemRoot%\System32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.4255 | Size = 273168 bytes | Created Date = 3/10/2005 4:56:06 PM | Attr =	]
tiscfw.deb -> %SystemRoot%\System32\drivers\tiscfw.deb ->  [Ver =  | Size = 17120 bytes | Created Date = 1/14/2005 5:28:00 PM | Attr =	]
UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Created Date = 2/13/2008 9:47:02 AM | Attr =	]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 2/13/2008 9:47:03 AM | Attr =  H ]
w29n51.sys -> %SystemRoot%\System32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.33 Driver | Size = 2209408 bytes | Created Date = 2/8/2007 1:51:16 PM | Attr =	]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Created Date = 2/12/2008 2:03:08 PM | Attr =	]
1025 -> %SystemRoot%\System32\1025 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %SystemRoot%\System32\1028 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
1031 -> %SystemRoot%\System32\1031 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
1033 -> %SystemRoot%\System32\1033 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
1037 -> %SystemRoot%\System32\1037 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
1041 -> %SystemRoot%\System32\1041 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
1042 -> %SystemRoot%\System32\1042 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
1054 -> %SystemRoot%\System32\1054 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
2052 -> %SystemRoot%\System32\2052 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
3076 -> %SystemRoot%\System32\3076 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
3com_dmi -> %SystemRoot%\System32\3com_dmi ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 2/25/2008 12:20:13 PM | Attr =	]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Created Date = 2/13/2008 9:49:14 AM | Attr =	]
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 8/2/2006 12:39:06 PM | Attr =	]
AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT ->  [Ver =  | Size = 1688 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
bcm1xsup.dll -> %SystemRoot%\System32\bcm1xsup.dll ->  [Ver =  | Size = 757760 bytes | Created Date = 3/16/2007 6:10:38 PM | Attr =	]
BCMLogon.dll -> %SystemRoot%\System32\BCMLogon.dll -> Dell Inc. [Ver = 4.100.15.8 | Size = 770048 bytes | Created Date = 3/16/2007 6:10:38 PM | Attr =	]
BCMWLCPL.CPL -> %SystemRoot%\System32\BCMWLCPL.CPL -> Dell Inc. [Ver = 4.100.15.8 | Size = 3395584 bytes | Created Date = 3/16/2007 6:10:38 PM | Attr =	]
bcmwlpkt.dll -> %SystemRoot%\System32\bcmwlpkt.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 69632 bytes | Created Date = 3/16/2007 6:10:42 PM | Attr =	]
BCMWLTRY.EXE -> %SystemRoot%\System32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1253376 bytes | Created Date = 3/16/2007 6:10:42 PM | Attr =	]
bcmwlu00.exe -> %SystemRoot%\System32\bcmwlu00.exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 253952 bytes | Created Date = 3/16/2007 6:10:42 PM | Attr =	]
bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce ->  [Ver =  | Size = 22984 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Created Date = 2/12/2008 8:23:20 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Created Date = 2/12/2008 8:23:20 AM | Attr =	]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 1:56:56 PM | Attr = RH ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Created Date = 2/12/2008 1:51:44 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Created Date = 2/12/2008 1:58:45 PM | Attr =	]
c_10006.nls -> %SystemRoot%\System32\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10007.nls -> %SystemRoot%\System32\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10010.nls -> %SystemRoot%\System32\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10017.nls -> %SystemRoot%\System32\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10029.nls -> %SystemRoot%\System32\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10081.nls -> %SystemRoot%\System32\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_10082.nls -> %SystemRoot%\System32\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_20127.nls -> %SystemRoot%\System32\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_28599.nls -> %SystemRoot%\System32\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_28603.nls -> %SystemRoot%\System32\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 7/17/2004 10:48:36 AM | Attr =	]
c_737.nls -> %SystemRoot%\System32\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_852.nls -> %SystemRoot%\System32\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_855.nls -> %SystemRoot%\System32\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_857.nls -> %SystemRoot%\System32\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_866.nls -> %SystemRoot%\System32\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_869.nls -> %SystemRoot%\System32\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
c_875.nls -> %SystemRoot%\System32\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
desktop.ini -> %SystemRoot%\System32\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
dgrpsetu.dll -> %SystemRoot%\System32\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
dgsetup.dll -> %SystemRoot%\System32\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
dhcp -> %SystemRoot%\System32\dhcp ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Created Date = 2/12/2008 1:56:10 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Created Date = 2/12/2008 2:33:43 PM | Attr =	]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Created Date = 2/12/2008 1:53:40 PM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Created Date = 2/13/2008 9:19:06 AM | Attr =	]
EqnClass.Dll -> %SystemRoot%\System32\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
export -> %SystemRoot%\System32\export ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 135664 bytes | Created Date = 2/25/2008 10:57:57 AM | Attr =	]
gb2312.uce -> %SystemRoot%\System32\gb2312.uce ->  [Ver =  | Size = 24006 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
hccutils.dll -> %SystemRoot%\System32\hccutils.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 73728 bytes | Created Date = 9/15/2006 4:49:12 PM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 2/25/2008 12:20:20 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 77824 bytes | Created Date = 9/15/2006 4:50:22 PM | Attr =	]
hsfci014.dll -> %SystemRoot%\System32\hsfci014.dll -> Conexant Systems, Inc. [Ver = 1.0.0.14 | Size = 42858 bytes | Created Date = 2/23/2005 3:02:10 PM | Attr =	]
hticons.dll -> %SystemRoot%\System32\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 11/17/2004 12:41:24 PM | Attr =	]
iAlmCoIn_v4693.dll -> %SystemRoot%\System32\iAlmCoIn_v4693.dll -> Intel Corporation [Ver = 1.00.1000.1 | Size = 61440 bytes | Created Date = 9/15/2006 5:08:56 PM | Attr =	]
ialmdd5.dll -> %SystemRoot%\System32\ialmdd5.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 956026 bytes | Created Date = 9/15/2006 5:15:46 PM | Attr =	]
ialmdev5.dll -> %SystemRoot%\System32\ialmdev5.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 238650 bytes | Created Date = 9/15/2006 5:08:42 PM | Attr =	]
ialmdnt5.dll -> %SystemRoot%\System32\ialmdnt5.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 121467 bytes | Created Date = 9/15/2006 5:08:52 PM | Attr =	]
ialmrem.dll -> %SystemRoot%\System32\ialmrem.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 49152 bytes | Created Date = 9/15/2006 5:08:56 PM | Attr =	]
ialmrnt5.dll -> %SystemRoot%\System32\ialmrnt5.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 45694 bytes | Created Date = 9/15/2006 5:09:00 PM | Attr =	]
ialmuARA.dll -> %SystemRoot%\System32\ialmuARA.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:12 PM | Attr =	]
ialmuARB.dll -> %SystemRoot%\System32\ialmuARB.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:12 PM | Attr =	]
ialmuCHS.dll -> %SystemRoot%\System32\ialmuCHS.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:14 PM | Attr =	]
ialmuCHT.dll -> %SystemRoot%\System32\ialmuCHT.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:14 PM | Attr =	]
ialmuCSY.dll -> %SystemRoot%\System32\ialmuCSY.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:20 PM | Attr =	]
ialmuDAN.dll -> %SystemRoot%\System32\ialmuDAN.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:14 PM | Attr =	]
ialmuDEU.dll -> %SystemRoot%\System32\ialmuDEU.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:14 PM | Attr =	]
ialmudlg.exe -> %SystemRoot%\System32\ialmudlg.exe -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 114688 bytes | Created Date = 9/15/2006 4:55:12 PM | Attr =	]
ialmuELL.dll -> %SystemRoot%\System32\ialmuELL.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:20 PM | Attr =	]
ialmuENG.dll -> %SystemRoot%\System32\ialmuENG.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:14 PM | Attr =	]
ialmuESP.dll -> %SystemRoot%\System32\ialmuESP.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:16 PM | Attr =	]
ialmuFIN.dll -> %SystemRoot%\System32\ialmuFIN.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:16 PM | Attr =	]
ialmuFRA.dll -> %SystemRoot%\System32\ialmuFRA.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:16 PM | Attr =	]
ialmuFRC.dll -> %SystemRoot%\System32\ialmuFRC.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:16 PM | Attr =	]
ialmuHEB.dll -> %SystemRoot%\System32\ialmuHEB.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:16 PM | Attr =	]
ialmuHUN.dll -> %SystemRoot%\System32\ialmuHUN.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:20 PM | Attr =	]
ialmuITA.dll -> %SystemRoot%\System32\ialmuITA.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:16 PM | Attr =	]
ialmuJPN.dll -> %SystemRoot%\System32\ialmuJPN.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:18 PM | Attr =	]
ialmuKOR.dll -> %SystemRoot%\System32\ialmuKOR.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:18 PM | Attr =	]
ialmuNLD.dll -> %SystemRoot%\System32\ialmuNLD.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:18 PM | Attr =	]
ialmuNOR.dll -> %SystemRoot%\System32\ialmuNOR.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:18 PM | Attr =	]
ialmuPLK.dll -> %SystemRoot%\System32\ialmuPLK.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:18 PM | Attr =	]
ialmuPTB.dll -> %SystemRoot%\System32\ialmuPTB.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:18 PM | Attr =	]
ialmuPTG.dll -> %SystemRoot%\System32\ialmuPTG.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:20 PM | Attr =	]
ialmuRUS.dll -> %SystemRoot%\System32\ialmuRUS.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:20 PM | Attr =	]
ialmuSVE.dll -> %SystemRoot%\System32\ialmuSVE.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:20 PM | Attr =	]
ialmuTHA.dll -> %SystemRoot%\System32\ialmuTHA.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:20 PM | Attr =	]
ialmuTRK.dll -> %SystemRoot%\System32\ialmuTRK.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 9/15/2006 4:55:22 PM | Attr =	]
ias -> %SystemRoot%\System32\ias ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
ideograf.uce -> %SystemRoot%\System32\ideograf.uce ->  [Ver =  | Size = 60458 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
igfxcfg.exe -> %SystemRoot%\System32\igfxcfg.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 450560 bytes | Created Date = 9/15/2006 4:52:58 PM | Attr =	]
igfxcpl.cpl -> %SystemRoot%\System32\igfxcpl.cpl -> Intel Corporation [Ver = 3.0.0.4693 | Size = 81920 bytes | Created Date = 9/15/2006 4:53:06 PM | Attr =	]
igfxdev.dll -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 139264 bytes | Created Date = 9/15/2006 4:49:26 PM | Attr =	]
igfxdo.dll -> %SystemRoot%\System32\igfxdo.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 86016 bytes | Created Date = 9/15/2006 4:50:28 PM | Attr =	]
igfxexps.dll -> %SystemRoot%\System32\igfxexps.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 40960 bytes | Created Date = 9/15/2006 4:54:14 PM | Attr =	]
igfxext.exe -> %SystemRoot%\System32\igfxext.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 94208 bytes | Created Date = 9/15/2006 4:54:12 PM | Attr =	]
igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 118784 bytes | Created Date = 9/15/2006 4:54:22 PM | Attr =	]
igfxpph.dll -> %SystemRoot%\System32\igfxpph.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 143360 bytes | Created Date = 9/15/2006 4:53:18 PM | Attr =	]
igfxrchs.lrc -> %SystemRoot%\System32\igfxrchs.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 81920 bytes | Created Date = 9/15/2006 4:54:34 PM | Attr =	]
igfxrcht.lrc -> %SystemRoot%\System32\igfxrcht.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 81920 bytes | Created Date = 9/15/2006 4:54:34 PM | Attr =	]
igfxrdeu.lrc -> %SystemRoot%\System32\igfxrdeu.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 155648 bytes | Created Date = 9/15/2006 4:54:38 PM | Attr =	]
igfxrenu.lrc -> %SystemRoot%\System32\igfxrenu.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 139264 bytes | Created Date = 9/15/2006 4:49:30 PM | Attr =	]
igfxres.dll -> %SystemRoot%\System32\igfxres.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 139264 bytes | Created Date = 9/15/2006 4:49:30 PM | Attr =	]
igfxresp.lrc -> %SystemRoot%\System32\igfxresp.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 151552 bytes | Created Date = 9/15/2006 4:54:40 PM | Attr =	]
igfxress.dll -> %SystemRoot%\System32\igfxress.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 1503232 bytes | Created Date = 9/15/2006 4:53:24 PM | Attr =	]
igfxrfra.lrc -> %SystemRoot%\System32\igfxrfra.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 151552 bytes | Created Date = 9/15/2006 4:54:40 PM | Attr =	]
igfxrita.lrc -> %SystemRoot%\System32\igfxrita.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 155648 bytes | Created Date = 9/15/2006 4:54:42 PM | Attr =	]
igfxrjpn.lrc -> %SystemRoot%\System32\igfxrjpn.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 98304 bytes | Created Date = 9/15/2006 4:54:42 PM | Attr =	]
igfxrkor.lrc -> %SystemRoot%\System32\igfxrkor.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 98304 bytes | Created Date = 9/15/2006 4:54:42 PM | Attr =	]
igfxrptb.lrc -> %SystemRoot%\System32\igfxrptb.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 143360 bytes | Created Date = 9/15/2006 4:54:46 PM | Attr =	]
igfxsrvc.dll -> %SystemRoot%\System32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 61440 bytes | Created Date = 9/15/2006 4:50:16 PM | Attr =	]
igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 163840 bytes | Created Date = 9/15/2006 4:50:14 PM | Attr =	]
igfxtray.exe -> %SystemRoot%\System32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 94208 bytes | Created Date = 9/15/2006 4:53:36 PM | Attr =	]
igfxzoom.exe -> %SystemRoot%\System32\igfxzoom.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 114688 bytes | Created Date = 9/15/2006 4:54:06 PM | Attr =	]
igldev32.dll -> %SystemRoot%\System32\igldev32.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 524288 bytes | Created Date = 9/15/2006 5:02:16 PM | Attr =	]
iglicd32.dll -> %SystemRoot%\System32\iglicd32.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 2318336 bytes | Created Date = 9/15/2006 5:00:48 PM | Attr =	]
igxpxa32.cpa -> %SystemRoot%\System32\igxpxa32.cpa ->  [Ver =  | Size = 524850 bytes | Created Date = 9/15/2006 4:44:44 PM | Attr =	]
igxpxa32.vp -> %SystemRoot%\System32\igxpxa32.vp ->  [Ver =  | Size = 929 bytes | Created Date = 9/15/2006 4:44:44 PM | Attr =	]
igxpxk32.vp -> %SystemRoot%\System32\igxpxk32.vp ->  [Ver =  | Size = 58704 bytes | Created Date = 9/15/2006 4:44:44 PM | Attr =	]
igxpxs32.vp -> %SystemRoot%\System32\igxpxs32.vp ->  [Ver =  | Size = 23296 bytes | Created Date = 9/15/2006 5:59:54 PM | Attr =	]
IME -> %SystemRoot%\System32\IME ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 8/3/2004 11:56:44 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 9/24/2007 10:30:28 PM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 9/24/2007 11:31:42 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 9/24/2007 10:30:30 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 9/24/2007 11:31:42 PM | Attr =	]
kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce ->  [Ver =  | Size = 6948 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce ->  [Ver =  | Size = 8484 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
korean.uce -> %SystemRoot%\System32\korean.uce ->  [Ver =  | Size = 12876 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Created Date = 2/13/2008 9:47:02 AM | Attr =	]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 2/12/2008 1:57:05 PM | Attr = RH ]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Created Date = 2/12/2008 1:55:11 PM | Attr =	]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 3/17/2004 12:00:32 PM | Attr =	]
Microsoft -> %SystemRoot%\System32\Microsoft ->  [Folder | Created Date = 2/12/2008 2:15:44 PM | Attr =   S]
MsDtc -> %SystemRoot%\System32\MsDtc ->  [Folder | Created Date = 2/12/2008 1:51:47 PM | Attr =	]
msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h ->  [Ver =  | Size = 768 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini ->  [Ver =  | Size = 1931 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
mui -> %SystemRoot%\System32\mui ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 1:56:56 PM | Attr = RH ]
Netw2c32.dll -> %SystemRoot%\System32\Netw2c32.dll -> Intel Corporation [Ver = 9. 0. 4. 95 | Size = 557056 bytes | Created Date = 2/12/2007 11:40:44 AM | Attr =	]
Netw2r32.dll -> %SystemRoot%\System32\Netw2r32.dll -> Intel Corporation [Ver = 9. 0. 4. 95 | Size = 2732032 bytes | Created Date = 2/12/2007 11:41:44 AM | Attr =	]
npp -> %SystemRoot%\System32\npp ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Created Date = 2/13/2008 9:49:14 AM | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Created Date = 2/13/2008 6:40:58 PM | Attr =	]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 1:56:56 PM | Attr = RH ]
oemdspif.dll -> %SystemRoot%\System32\oemdspif.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 57344 bytes | Created Date = 9/15/2006 4:54:26 PM | Attr =	]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 2/25/2008 12:20:20 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 526710 bytes | Created Date = 2/25/2008 11:41:38 AM | Attr =	]
preflib.dll -> %SystemRoot%\System32\preflib.dll ->  [Ver =  | Size = 86016 bytes | Created Date = 3/16/2007 6:10:44 PM | Attr =	]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Created Date = 2/12/2008 4:37:34 PM | Attr =	]
ras -> %SystemRoot%\System32\ras ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Created Date = 2/12/2008 1:54:45 PM | Attr =	]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 1:56:56 PM | Attr = RH ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
ShellExt -> %SystemRoot%\System32\ShellExt ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce ->  [Ver =  | Size = 16740 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution ->  [Folder | Created Date = 2/12/2008 4:35:19 PM | Attr =	]
spool -> %SystemRoot%\System32\spool ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
stac97.cpl -> %SystemRoot%\System32\stac97.cpl -> SigmaTel Inc. [Ver = 1, 0, 0, 12 | Size = 102481 bytes | Created Date = 8/17/2004 4:34:44 PM | Attr = R  ]
stac97co.dll -> %SystemRoot%\System32\stac97co.dll ->  [Ver = 1, 0, 0, 1 | Size = 192512 bytes | Created Date = 7/20/2004 10:14:06 AM | Attr =	]
subrange.uce -> %SystemRoot%\System32\subrange.uce ->  [Ver =  | Size = 93702 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
tslabels.h -> %SystemRoot%\System32\tslabels.h ->  [Ver =  | Size = 3286 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
tslabels.ini -> %SystemRoot%\System32\tslabels.ini ->  [Ver =  | Size = 13223 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 2/25/2008 12:20:21 PM | Attr =	]
URTTemp -> %SystemRoot%\System32\URTTemp ->  [Folder | Created Date = 2/13/2008 9:38:06 AM | Attr =	]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd ->  [Ver =  | Size = 1161 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
wbchha.dll -> %SystemRoot%\System32\wbchha.dll ->  [Ver =  | Size = 13312 bytes | Created Date = 2/22/2008 3:26:42 PM | Attr =   S]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 2/12/2008 1:57:05 PM | Attr = RH ]
wins -> %SystemRoot%\System32\wins ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
WLBCGCBPRO731.DLL -> %SystemRoot%\System32\WLBCGCBPRO731.DLL -> BCGSoft Ltd [Ver = 7, 31, 0, 0 | Size = 2129920 bytes | Created Date = 3/16/2007 6:10:44 PM | Attr =	]
WLTRAY.EXE -> %SystemRoot%\System32\WLTRAY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Created Date = 3/16/2007 6:10:46 PM | Attr =	]
wltrynt.dll -> %SystemRoot%\System32\wltrynt.dll -> Broadcom Corporation [Ver = 4.100.15.8 | Size = 44032 bytes | Created Date = 3/16/2007 6:10:46 PM | Attr =	]
WLTRYSVC.EXE -> %SystemRoot%\System32\WLTRYSVC.EXE ->  [Ver =  | Size = 20480 bytes | Created Date = 3/16/2007 6:10:46 PM | Attr =	]
wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc ->  [Ver =  | Size = 63488 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
wpa.bak -> %SystemRoot%\System32\wpa.bak ->  [Ver =  | Size = 13646 bytes | Created Date = 2/12/2008 4:01:58 PM | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 1:56:56 PM | Attr = RH ]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Created Date = 2/12/2008 1:59:13 PM | Attr =	]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Created Date = 2/13/2008 9:52:12 AM | Attr =	]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 3/25/2003 6:53:50 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 2/12/2008 4:37:32 PM | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Created Date = 2/12/2008 4:37:07 PM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 2/13/2008 9:17:23 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 2/13/2008 9:17:04 AM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Created Date = 2/13/2008 9:38:08 AM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 2/25/2008 12:22:05 PM | Attr =	]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp ->  [Ver =  | Size = 1272 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Created Date = 3/7/2008 3:51:19 PM | Attr =   S]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp ->  [Ver =  | Size = 17062 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 1:58:45 PM | Attr =	]
cttib1.dll -> %SystemRoot%\cttib1.dll -> Gemplus [Ver = 1, 0, 1, 8 | Size = 28672 bytes | Created Date = 3/23/2004 11:45:00 AM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
desktop.ini -> %SystemRoot%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Created Date = 2/12/2008 1:57:06 PM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp ->  [Ver =  | Size = 16730 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr = R S]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp ->  [Ver =  | Size = 17336 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp ->  [Ver =  | Size = 26582 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 2/13/2008 9:17:44 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 2/13/2008 9:19:40 AM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 2/13/2008 10:07:27 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Created Date = 2/12/2008 8:24:18 AM | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Created Date = 2/13/2008 9:38:07 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1397 bytes | Created Date = 2/21/2008 7:33:25 AM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 2/13/2008 9:15:17 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 4:02:16 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Created Date = 2/15/2008 1:00:49 AM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Created Date = 2/12/2008 1:58:20 PM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 2/12/2008 1:57:06 PM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp ->  [Ver =  | Size = 65954 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 2/12/2008 2:15:45 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 2/12/2008 3:27:06 PM | Attr =	]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Created Date = 2/13/2008 9:40:42 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Created Date = 2/12/2008 1:53:19 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 2/12/2008 2:04:00 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp ->  [Ver =  | Size = 17362 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp ->  [Ver =  | Size = 26680 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp ->  [Ver =  | Size = 65832 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Created Date = 2/15/2008 12:58:32 AM | Attr =	]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp ->  [Ver =  | Size = 65978 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 2/12/2008 2:15:46 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Created Date = 2/12/2008 1:55:12 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 2/25/2008 12:16:38 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Created Date = 2/12/2008 1:55:19 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
tiinst -> %SystemRoot%\tiinst ->  [Folder | Created Date = 2/13/2008 12:24:59 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Created Date = 2/12/2008 1:53:25 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Created Date = 2/12/2008 1:53:25 PM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 2/13/2008 9:19:07 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr = R  ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 1:56:56 PM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 123 bytes | Created Date = 2/25/2008 4:14:07 AM | Attr =	]
winnt.bmp -> %SystemRoot%\winnt.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =  HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =  HS]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Created Date = 2/12/2008 8:12:20 AM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Created Date = 2/13/2008 9:41:03 AM | Attr =	]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp ->  [Ver =  | Size = 9522 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr =	]
desktop.ini -> %SystemRoot%\tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Created Date = 8/29/2002 7:00:00 AM | Attr = RH ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Created Date = 3/7/2008 3:51:23 PM | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Created Date = 2/14/2008 1:47:42 PM | Attr =	]
AOL -> %AllUsersProfile%\Application Data\AOL ->  [Folder | Created Date = 2/19/2008 2:29:07 AM | Attr =	]
AOL OCP -> %AllUsersProfile%\Application Data\AOL OCP ->  [Folder | Created Date = 2/19/2008 2:29:07 AM | Attr =	]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Created Date = 2/15/2008 3:33:02 PM | Attr =	]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Created Date = 2/15/2008 3:33:31 PM | Attr =	]
Command Software -> %AllUsersProfile%\Application Data\Command Software ->  [Folder | Created Date = 2/12/2008 3:52:08 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 2/12/2008 8:23:36 AM | Attr =  HS]
FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet ->  [Folder | Created Date = 3/8/2008 5:10:26 AM | Attr =	]
Intel -> %AllUsersProfile%\Application Data\Intel ->  [Folder | Created Date = 2/12/2008 4:12:40 PM | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Created Date = 2/12/2008 8:23:14 AM | Attr =   S]
MSScanAppDataDir -> %AllUsersProfile%\Application Data\MSScanAppDataDir ->  [Folder | Created Date = 2/20/2008 6:42:04 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/12/2008 4:21:07 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/25/2008 3:57:28 AM | Attr =	]
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D
@Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint ->  [Folder | Created Date = 2/19/2008 2:29:23 AM | Attr =	]
Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage ->  [Folder | Created Date = 2/12/2008 4:42:48 PM | Attr =	]
Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! ->  [Folder | Created Date = 2/22/2008 3:27:52 PM | Attr =	]
Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion ->  [Folder | Created Date = 2/22/2008 3:46:39 PM | Attr =	]
acccore -> %AppData%\acccore ->  [Folder | Created Date = 2/19/2008 2:29:52 AM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Created Date = 2/13/2008 11:27:30 AM | Attr =	]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Created Date = 2/20/2008 6:40:35 PM | Attr =	]
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Created Date = 2/28/2008 12:42:10 AM | Attr =	]
Command Software -> %AppData%\Command Software ->  [Folder | Created Date = 2/12/2008 3:53:09 PM | Attr =	]
desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 2/12/2008 8:23:36 AM | Attr =  HS]
DNA -> %AppData%\DNA ->  [Folder | Created Date = 2/28/2008 12:41:51 AM | Attr =	]
dvdcss -> %AppData%\dvdcss ->  [Folder | Created Date = 3/1/2008 12:22:04 AM | Attr =	]
Identities -> %AppData%\Identities ->  [Folder | Created Date = 2/12/2008 2:18:46 PM | Attr =	]
Intel -> %AppData%\Intel ->  [Folder | Created Date = 2/12/2008 4:13:11 PM | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Created Date = 2/13/2008 11:27:30 AM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Created Date = 2/12/2008 2:18:35 PM | Attr =   S]
Mozilla -> %AppData%\Mozilla ->  [Folder | Created Date = 2/12/2008 4:02:13 PM | Attr =	]
Sun -> %AppData%\Sun ->  [Folder | Created Date = 2/25/2008 12:16:38 PM | Attr =	]
Thunderbird -> %AppData%\Thunderbird ->  [Folder | Created Date = 2/14/2008 1:36:39 PM | Attr =	]
vlc -> %AppData%\vlc ->  [Folder | Created Date = 2/14/2008 6:09:05 AM | Attr =	]
Yahoo! -> %AppData%\Yahoo! ->  [Folder | Created Date = 2/22/2008 3:46:39 PM | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Created Date = 2/14/2008 1:48:16 PM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Created Date = 2/19/2008 2:29:37 AM | Attr =	]
AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Created Date = 2/19/2008 2:29:39 AM | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Created Date = 2/15/2008 3:33:09 PM | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Created Date = 2/15/2008 3:32:47 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Created Date = 2/13/2008 10:09:31 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 5632 bytes | Created Date = 2/23/2008 4:35:31 AM | Attr =	]
DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Created Date = 2/28/2008 12:41:53 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 22992 bytes | Created Date = 3/8/2008 7:19:28 AM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4838220 bytes | Created Date = 3/7/2008 3:48:41 PM | Attr =  H ]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Created Date = 2/13/2008 6:14:14 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Created Date = 2/12/2008 2:18:35 PM | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Created Date = 2/12/2008 4:02:13 PM | Attr =	]
Thunderbird -> %UserProfile%\Local Settings\Application Data\Thunderbird ->  [Folder | Created Date = 2/14/2008 1:36:39 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Documents\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 2/12/2008 8:23:36 AM | Attr =  HS]
My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Created Date = 2/12/2008 1:53:09 PM | Attr = R  ]
My Pictures -> %AllUsersProfile%\Documents\My Pictures ->  [Folder | Created Date = 2/12/2008 1:54:14 PM | Attr = R  ]
My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Created Date = 2/12/2008 1:51:22 PM | Attr = R  ]
1chapter01.pdf -> %UserProfile%\My Documents\1chapter01.pdf ->  [Ver =  | Size = 27649 bytes | Created Date = 2/25/2008 2:23:16 PM | Attr =	]
2.9.pdf -> %UserProfile%\My Documents\2.9.pdf ->  [Ver =  | Size = 166623 bytes | Created Date = 2/25/2008 2:20:09 PM | Attr =	]
5pt3.jpg -> %UserProfile%\My Documents\5pt3.jpg ->  [Ver =  | Size = 69828 bytes | Created Date = 2/25/2008 2:25:01 PM | Attr =	]
BME 94 Spring 08 -> %UserProfile%\My Documents\BME 94 Spring 08 ->  [Folder | Created Date = 2/20/2008 8:36:32 PM | Attr =	]
desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 76 bytes | Created Date = 2/13/2008 9:25:36 AM | Attr =  HS]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Created Date = 2/28/2008 12:42:45 AM | Attr =	]
Final Resume.doc -> %UserProfile%\My Documents\Final Resume.doc ->  [Ver =  | Size = 40960 bytes | Created Date = 3/6/2008 12:29:06 PM | Attr =	]
fulltext.pdf -> %UserProfile%\My Documents\fulltext.pdf ->  [Ver =  | Size = 509122 bytes | Created Date = 2/20/2008 11:53:23 PM | Attr =	]
HW1 Soln.pdf -> %UserProfile%\My Documents\HW1 Soln.pdf ->  [Ver =  | Size = 375668 bytes | Created Date = 2/25/2008 2:29:06 PM | Attr =	]
HW1%20Soln.pdf -> %UserProfile%\My Documents\HW1%20Soln.pdf ->  [Ver =  | Size = 375668 bytes | Created Date = 2/25/2008 2:16:25 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Created Date = 2/12/2008 2:18:39 PM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Created Date = 2/12/2008 2:18:39 PM | Attr = R  ]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Created Date = 2/21/2008 6:05:06 AM | Attr = R  ]
p4p16sol.jpg -> %UserProfile%\My Documents\p4p16sol.jpg ->  [Ver =  | Size = 438633 bytes | Created Date = 2/25/2008 2:24:58 PM | Attr =	]
Prob1.6 soln.JPG -> %UserProfile%\My Documents\Prob1.6 soln.JPG ->  [Ver =  | Size = 181397 bytes | Created Date = 2/25/2008 2:19:35 PM | Attr =	]
Prob1.8 soln.JPG -> %UserProfile%\My Documents\Prob1.8 soln.JPG ->  [Ver =  | Size = 124267 bytes | Created Date = 2/25/2008 2:19:39 PM | Attr =	]
Prob2p17soln.jpg -> %UserProfile%\My Documents\Prob2p17soln.jpg ->  [Ver =  | Size = 140906 bytes | Created Date = 2/25/2008 2:22:58 PM | Attr =	]
prob4p2sol.jpg -> %UserProfile%\My Documents\prob4p2sol.jpg ->  [Ver =  | Size = 102608 bytes | Created Date = 2/25/2008 2:24:54 PM | Attr =	]
prob5p19.pdf -> %UserProfile%\My Documents\prob5p19.pdf ->  [Ver =  | Size = 7015 bytes | Created Date = 2/25/2008 2:25:16 PM | Attr =	]
prob5p19_Schematics.pdf -> %UserProfile%\My Documents\prob5p19_Schematics.pdf ->  [Ver =  | Size = 9903 bytes | Created Date = 2/25/2008 2:25:09 PM | Attr =	]
Research mouse -> %UserProfile%\My Documents\Research mouse ->  [Folder | Created Date = 3/8/2008 7:21:36 AM | Attr =	]
Resume.doc -> %UserProfile%\My Documents\Resume.doc ->  [Ver =  | Size = 40960 bytes | Created Date = 3/6/2008 12:25:30 PM | Attr =	]
Soccer Indoor League.xls -> %UserProfile%\My Documents\Soccer Indoor League.xls ->  [Ver =  | Size = 15872 bytes | Created Date = 3/6/2008 8:40:27 PM | Attr =	]
Sol2p9.pdf -> %UserProfile%\My Documents\Sol2p9.pdf ->  [Ver =  | Size = 16687 bytes | Created Date = 2/25/2008 2:22:29 PM | Attr =	]
Summer possibilities.doc -> %UserProfile%\My Documents\Summer possibilities.doc ->  [Ver =  | Size = 50688 bytes | Created Date = 3/3/2008 4:18:27 AM | Attr =	]
Test 1 BME 100.doc -> %UserProfile%\My Documents\Test 1 BME 100.doc ->  [Ver =  | Size = 5922304 bytes | Created Date = 2/25/2008 2:37:56 PM | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Created Date = 2/14/2008 1:47:51 PM | Attr =	]
AIM 6.lnk -> %AllUsersProfile%\Desktop\AIM 6.lnk ->  [Ver =  | Size = 1672 bytes | Created Date = 2/19/2008 2:29:20 AM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 2/13/2008 11:16:09 AM | Attr =	]
Mozilla Thunderbird.lnk -> %AllUsersProfile%\Desktop\Mozilla Thunderbird.lnk ->  [Ver =  | Size = 1668 bytes | Created Date = 2/14/2008 1:36:29 PM | Attr =	]
PowerISO.lnk -> %AllUsersProfile%\Desktop\PowerISO.lnk ->  [Ver =  | Size = 682 bytes | Created Date = 3/8/2008 4:13:25 AM | Attr =	]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Created Date = 2/15/2008 3:33:54 PM | Attr =	]
VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk ->  [Ver =  | Size = 719 bytes | Created Date = 2/14/2008 5:49:16 AM | Attr =	]
Adobe CS3 -> %UserProfile%\Desktop\Adobe CS3 ->  [Folder | Created Date = 3/8/2008 4:28:07 AM | Attr =	]
Adobe Photoshop CS3 v10.0 Extended Incl Keygen -> %UserProfile%\Desktop\Adobe Photoshop CS3 v10.0 Extended Incl Keygen ->  [Folder | Created Date = 3/8/2008 3:36:29 AM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 3/8/2008 2:42:24 PM | Attr =	]
BitTorrent-6.0.2.exe -> %UserProfile%\Desktop\BitTorrent-6.0.2.exe ->  [Ver =  | Size = 873688 bytes | Created Date = 2/28/2008 12:41:36 AM | Attr =	]
dmckeo01 -> %UserProfile%\Desktop\dmckeo01 ->  [Folder | Created Date = 2/13/2008 4:36:11 PM | Attr =	]
DVD Decrypter.lnk -> %UserProfile%\Desktop\DVD Decrypter.lnk ->  [Ver =  | Size = 1635 bytes | Created Date = 2/28/2008 8:58:33 PM | Attr =	]
giants.jpg -> %UserProfile%\Desktop\giants.jpg ->  [Ver =  | Size = 841859 bytes | Created Date = 2/29/2008 4:24:21 AM | Attr =	]
giants2.jpg -> %UserProfile%\Desktop\giants2.jpg ->  [Ver =  | Size = 144494 bytes | Created Date = 2/29/2008 4:25:32 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 2/25/2008 12:03:32 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 2/25/2008 12:03:15 PM | Attr =	]
install_flash_player.exe -> %UserProfile%\Desktop\install_flash_player.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1491592 bytes | Created Date = 3/3/2008 11:41:57 PM | Attr =	]
PhotoShop.CS3.zip -> %UserProfile%\Desktop\PhotoShop.CS3.zip ->  [Ver =  | Size = 200422 bytes | Created Date = 3/8/2008 8:18:37 AM | Attr =	]
PowerISO39.exe -> %UserProfile%\Desktop\PowerISO39.exe ->  [Ver =  | Size = 1086613 bytes | Created Date = 3/8/2008 4:13:10 AM | Attr =	]
Preparation of your Significance & Background Section_1.pptx -> %UserProfile%\Desktop\Preparation of your Significance & Background Section_1.pptx ->  [Ver =  | Size = 82298 bytes | Created Date = 2/20/2008 6:32:48 PM | Attr =	]
sdsetup.exe -> %UserProfile%\Desktop\sdsetup.exe -> PC Tools													 [Ver = 5.5.0.204			| Size = 17678792 bytes | Created Date = 2/25/2008 11:36:30 AM | Attr =	]
SetupDVDDecrypter_3.5.4.0.exe -> %UserProfile%\Desktop\SetupDVDDecrypter_3.5.4.0.exe ->  [Ver =  | Size = 899414 bytes | Created Date = 2/28/2008 8:54:16 PM | Attr =	]
Significance.docx -> %UserProfile%\Desktop\Significance.docx ->  [Ver =  | Size = 13137 bytes | Created Date = 2/20/2008 6:34:03 PM | Attr =	]
Silverlight.exe -> %UserProfile%\Desktop\Silverlight.exe ->  [Ver = 1.13 | Size = 1454656 bytes | Created Date = 3/6/2008 9:52:14 AM | Attr =	]
slides.ppt -> %UserProfile%\Desktop\slides.ppt ->  [Ver =  | Size = 1391616 bytes | Created Date = 3/4/2008 5:46:53 AM | Attr =	]
SPECIFIC AIMS and SignificanceandBackground.docx -> %UserProfile%\Desktop\SPECIFIC AIMS and SignificanceandBackground.docx ->  [Ver =  | Size = 35225 bytes | Created Date = 2/20/2008 6:35:47 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 2/12/2008 4:21:14 PM | Attr =	]
SpywareTerminatorSetup.exe -> %UserProfile%\Desktop\SpywareTerminatorSetup.exe -> Crawler Inc.												 [Ver = 2.1.1.314			| Size = 9824080 bytes | Created Date = 2/25/2008 11:49:43 AM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 2/26/2008 3:09:39 AM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Created Date = 2/26/2008 4:33:42 AM | Attr =	]
UFileDownloadTrial.EXE -> %UserProfile%\Desktop\UFileDownloadTrial.EXE -> VersalSoft [Ver = 2, 0, 0, 0 | Size = 766708 bytes | Created Date = 2/25/2008 3:55:40 AM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/8/2008 2:46:47 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482464 bytes | Created Date = 3/8/2008 2:43:44 PM | Attr =	]
~$ECIFIC AIMS and SignificanceandBackground.docx -> %UserProfile%\Desktop\~$ECIFIC AIMS and SignificanceandBackground.docx ->  [Ver =  | Size = 162 bytes | Created Date = 3/6/2008 10:39:29 PM | Attr =  H ]
desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 2/12/2008 1:58:53 PM | Attr =  HS]
desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 2/12/2008 1:58:53 PM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Created Date = 2/14/2008 1:47:33 PM | Attr =	]
AOL -> %CommonProgramFiles%\AOL ->  [Folder | Created Date = 2/19/2008 2:28:38 AM | Attr =	]
Authentium -> %CommonProgramFiles%\Authentium ->  [Folder | Created Date = 2/12/2008 3:57:41 PM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Created Date = 2/15/2008 12:59:09 AM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Created Date = 2/12/2008 2:29:08 PM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 2/21/2008 7:31:25 AM | Attr =	]
L&H -> %CommonProgramFiles%\L&H ->  [Folder | Created Date = 2/15/2008 12:59:32 AM | Attr =	]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared ->  [Folder | Created Date = 3/8/2008 4:39:21 AM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Created Date = 2/12/2008 8:24:11 AM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Created Date = 2/12/2008 1:55:18 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Created Date = 2/12/2008 8:24:17 AM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Created Date = 2/12/2008 1:55:24 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Created Date = 2/12/2008 8:24:12 AM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Created Date = 2/12/2008 1:54:21 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 1:58:45 PM | Attr =	]
av -> %SystemDrive%\av ->  [Folder | Modified Date = 2/12/2008 3:51:52 PM | Attr =  H ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 2/12/2008 1:50:28 PM | Attr =  HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 1:58:45 PM | Attr =	]
dell -> %SystemDrive%\dell ->  [Folder | Modified Date = 2/12/2008 2:28:59 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/12/2008 2:18:34 PM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 1:58:45 PM | Attr = RHS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 526 bytes | Modified Date = 2/19/2008 2:29:38 AM | Attr =  H ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 1:58:45 PM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Modified Date = 2/15/2008 12:55:32 AM | Attr = RH ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/8/2008 4:52:32 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2/12/2008 4:05:31 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/12/2008 2:15:48 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/8/2008 5:21:46 AM | Attr =	]
AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.6.0.0 | Size = 21425 bytes | Modified Date = 2/12/2008 4:13:04 PM | Attr =	]
disdn -> %SystemRoot%\System32\drivers\disdn ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/12/2008 4:29:59 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 224776 bytes | Modified Date = 2/12/2008 4:29:59 PM | Attr = R  ]
hosts.20080212-162959.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080212-162959.backup ->  [Ver =  | Size = 224776 bytes | Modified Date = 2/12/2008 4:26:29 PM | Attr = R  ]
UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Modified Date = 2/13/2008 9:47:52 AM | Attr =	]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/13/2008 9:47:03 AM | Attr =  H ]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Modified Date = 2/12/2008 2:03:08 PM | Attr =	]
1025 -> %SystemRoot%\System32\1025 ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %SystemRoot%\System32\1028 ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
1031 -> %SystemRoot%\System32\1031 ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
1033 -> %SystemRoot%\System32\1033 ->  [Folder | Modified Date = 2/12/2008 8:14:03 AM | Attr =	]
1037 -> %SystemRoot%\System32\1037 ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
1041 -> %SystemRoot%\System32\1041 ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
1042 -> %SystemRoot%\System32\1042 ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
1054 -> %SystemRoot%\System32\1054 ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
2052 -> %SystemRoot%\System32\2052 ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
3076 -> %SystemRoot%\System32\3076 ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
3com_dmi -> %SystemRoot%\System32\3com_dmi ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 2/25/2008 12:38:06 PM | Attr =	]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 2/13/2008 9:49:14 AM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/13/2008 10:16:37 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/25/2008 12:20:06 PM | Attr =	]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 1:56:56 PM | Attr = RH ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 2/12/2008 5:01:52 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 2/12/2008 2:03:45 PM | Attr =	]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 2/12/2008 1:58:45 PM | Attr =	]
dhcp -> %SystemRoot%\System32\dhcp ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 2/12/2008 1:56:10 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/20/2008 5:45:26 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/8/2008 4:13:23 AM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2/13/2008 12:25:32 PM | Attr =	]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Modified Date = 2/12/2008 1:53:40 PM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 2/13/2008 10:15:45 AM | Attr =	]
export -> %SystemRoot%\System32\export ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 135664 bytes | Modified Date = 2/25/2008 10:57:57 AM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/25/2008 12:20:20 PM | Attr =	]
ias -> %SystemRoot%\System32\ias ->  [Folder | Modified Date = 2/12/2008 1:58:00 PM | Attr =	]
icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Modified Date = 2/12/2008 8:15:23 AM | Attr =	]
IME -> %SystemRoot%\System32\IME ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 2/13/2008 9:47:02 AM | Attr =	]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 2/12/2008 1:57:05 PM | Attr = RH ]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 2/12/2008 1:55:11 PM | Attr =	]
Microsoft -> %SystemRoot%\System32\Microsoft ->  [Folder | Modified Date = 2/12/2008 2:15:44 PM | Attr =   S]
MsDtc -> %SystemRoot%\System32\MsDtc ->  [Folder | Modified Date = 2/12/2008 1:53:18 PM | Attr =	]
mui -> %SystemRoot%\System32\mui ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 1:56:56 PM | Attr = RH ]
npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 2/12/2008 8:19:49 AM | Attr =	]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 2/13/2008 9:49:14 AM | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 2/13/2008 6:40:58 PM | Attr =	]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 1:56:56 PM | Attr = RH ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 2/12/2008 1:55:56 PM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/25/2008 12:20:20 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 72554 bytes | Modified Date = 2/25/2008 11:41:39 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 445096 bytes | Modified Date = 2/25/2008 11:41:39 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 526710 bytes | Modified Date = 2/25/2008 11:41:38 AM | Attr =	]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Modified Date = 2/12/2008 4:37:34 PM | Attr =	]
ras -> %SystemRoot%\System32\ras ->  [Folder | Modified Date = 2/12/2008 8:15:41 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2/12/2008 2:15:48 PM | Attr =	]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 1:56:56 PM | Attr = RH ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 2/12/2008 8:21:40 AM | Attr =	]
ShellExt -> %SystemRoot%\System32\ShellExt ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution ->  [Folder | Modified Date = 2/12/2008 4:35:19 PM | Attr =	]
spool -> %SystemRoot%\System32\spool ->  [Folder | Modified Date = 2/13/2008 9:50:06 AM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/25/2008 12:20:21 PM | Attr =	]
URTTemp -> %SystemRoot%\System32\URTTemp ->  [Folder | Modified Date = 2/13/2008 9:38:20 AM | Attr =	]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 2/13/2008 10:00:04 AM | Attr =	]
wbchha.dll -> %SystemRoot%\System32\wbchha.dll ->  [Ver =  | Size = 13312 bytes | Modified Date = 2/22/2008 3:26:42 PM | Attr =   S]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 2/20/2008 6:42:31 PM | Attr =	]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 2/12/2008 1:57:05 PM | Attr = RH ]
wins -> %SystemRoot%\System32\wins ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
wpa.bak -> %SystemRoot%\System32\wpa.bak ->  [Ver =  | Size = 13646 bytes | Modified Date = 2/12/2008 4:01:58 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 3/7/2008 3:51:20 PM | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 1:56:56 PM | Attr = RH ]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Modified Date = 2/12/2008 1:59:13 PM | Attr =	]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Modified Date = 2/13/2008 10:15:42 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 10:04:05 AM | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 2/12/2008 4:37:08 PM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 2/13/2008 9:17:23 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 2/13/2008 9:17:04 AM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 2/13/2008 10:00:05 AM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2/15/2008 1:00:27 AM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 2/25/2008 12:23:44 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/7/2008 3:51:19 PM | Attr =   S]
Config -> %SystemRoot%\Config ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 1:58:45 PM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 2/12/2008 1:52:47 PM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/13/2008 9:15:37 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/25/2008 12:22:09 PM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 2/12/2008 8:20:52 AM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 3/8/2008 2:44:30 PM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/13/2008 9:48:51 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 2/13/2008 9:18:46 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/13/2008 9:19:40 AM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 2/12/2008 1:59:13 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 10:07:27 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/25/2008 12:22:05 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/8/2008 4:56:16 AM | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 2/13/2008 9:18:59 AM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2/13/2008 10:34:12 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1397 bytes | Modified Date = 2/21/2008 7:33:25 AM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 2/13/2008 9:25:15 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 2/12/2008 8:20:52 AM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 2/13/2008 9:15:18 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 4:02:16 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 2/15/2008 1:00:49 AM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Modified Date = 2/12/2008 1:58:20 PM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 2/12/2008 1:57:06 PM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Modified Date = 2/12/2008 1:54:52 PM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 2/12/2008 8:20:21 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/8/2008 2:47:24 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2/12/2008 3:27:06 PM | Attr =	]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 2/13/2008 9:41:10 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/13/2008 10:09:19 AM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 2/12/2008 2:04:00 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 2/12/2008 1:59:12 PM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 2/12/2008 8:12:20 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/13/2008 9:59:36 AM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 2/15/2008 12:59:24 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 2/12/2008 4:39:57 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 2/12/2008 1:56:32 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 2/25/2008 12:16:38 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/15/2008 12:55:42 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 231 bytes | Modified Date = 2/12/2008 8:24:10 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/8/2008 4:55:59 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/12/2008 2:15:45 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/7/2008 6:05:55 PM | Attr =	]
tiinst -> %SystemRoot%\tiinst ->  [Folder | Modified Date = 2/13/2008 12:25:00 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 2/12/2008 8:15:58 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Modified Date = 2/12/2008 1:53:25 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Modified Date = 2/12/2008 1:53:25 PM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 2/13/2008 9:19:07 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 2/12/2008 1:57:10 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 662 bytes | Modified Date = 2/25/2008 12:38:13 PM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 1:56:56 PM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 123 bytes | Modified Date = 2/25/2008 4:14:07 AM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2/20/2008 6:30:56 PM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 2/13/2008 9:41:03 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/7/2008 3:51:23 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5460 bytes | Modified Date = 2/15/2008 7:40:30 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/15/2008 7:40:32 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11066 bytes | Modified Date = 2/15/2008 1:03:28 AM | Attr =	]
cwc4A.exe -> C:\Documents and Settings\David\Local Settings\Temp\cwc4A.exe ->  [Ver =  | Size = 5680520 bytes | Modified Date = 2/12/2008 3:56:10 PM | Attr =	]
Keygen.exe -> C:\Documents and Settings\David\Local Settings\Temp\Keygen.exe ->  [Ver = 1, 0, 0, 1 | Size = 52224 bytes | Modified Date = 3/8/2008 2:36:42 PM | Attr =	]
laf1.exe_old -> C:\Documents and Settings\David\Local Settings\Temp\laf1.exe ->  [Ver =  | Size = 19968 bytes | Modified Date = 2/25/2008 3:57:16 AM | Attr =	]
88 C:\Documents and Settings\David\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\David\Local Settings\Temp\*.tmp -> 
AIMinst.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\AIMinst.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 1534136 bytes | Modified Date = 1/3/2008 11:27:34 AM | Attr =	]
AIMLang.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\AIMLang.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 561928 bytes | Modified Date = 1/3/2008 11:27:35 AM | Attr =	]
alsetup.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\alsetup.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 142040 bytes | Modified Date = 1/3/2008 11:27:46 AM | Attr =	]
aoldlmgr.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\aoldlmgr.exe -> AOL LLC [Ver = 1.0.6.0 | Size = 120368 bytes | Modified Date = 1/3/2008 11:27:41 AM | Attr =	]
bsetutil.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\bsetutil.exe ->  [Ver = 1, 0, 5, 1 | Size = 96608 bytes | Modified Date = 1/3/2008 11:27:45 AM | Attr =	]
migrator.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\migrator.exe ->  [Ver = 0, 0, 0, 2 | Size = 228192 bytes | Modified Date = 1/3/2008 11:27:38 AM | Attr =	]
ocpinst.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\ocpinst.exe -> AOL LLC [Ver = 6.5.7.10 | Size = 5572272 bytes | Modified Date = 1/3/2008 11:27:38 AM | Attr =	]
postproc.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\postproc.exe -> AOL LLC. [Ver = 1, 0, 0, 6 | Size = 36912 bytes | Modified Date = 1/3/2008 11:27:31 AM | Attr =	]
setup.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\setup.exe -> AOL LLC. [Ver = 11, 8, 0, 0 | Size = 170848 bytes | Modified Date = 1/3/2008 11:27:30 AM | Attr =	]
tbsetup.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\tbsetup.exe -> AOL LLC [Ver = 3.3.15.2 | Size = 383128 bytes | Modified Date = 1/3/2008 11:27:39 AM | Attr =	]
toolbar.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\toolbar.exe -> AOL LLC [Ver = 1.0.19.1 | Size = 1628864 bytes | Modified Date = 1/3/2008 11:27:45 AM | Attr =	]
unagi3.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\unagi3.exe ->  [Ver = 3.0.0.0 | Size = 376568 bytes | Modified Date = 1/3/2008 11:27:39 AM | Attr =	]
Uninstaller.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\Uninstaller.exe ->  [Ver = 1, 0, 0, 1 | Size = 30560 bytes | Modified Date = 1/3/2008 11:27:43 AM | Attr =	]
vwpt.exe -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\vwpt.exe ->  [Ver =  | Size = 2882640 bytes | Modified Date = 1/3/2008 11:27:45 AM | Attr =	]
Keygen.exe -> C:\Documents and Settings\David\Local Settings\Temp\Temporary Directory 1 for PhotoShop.CS3.zip\PhotoShop.CS3.keygen\PhotoShop.CS3\Keygen\Keygen.exe ->  [Ver =  | Size = 256640 bytes | Modified Date = 9/2/2007 4:15:34 PM | Attr =	]
progupd.dll -> C:\Documents and Settings\David\Local Settings\Temp\progupd.dll -> AOL LLC. [Ver = 1, 0, 1, 0 | Size = 83808 bytes | Modified Date = 1/3/2008 11:27:31 AM | Attr =	]
88 C:\Documents and Settings\David\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\David\Local Settings\Temp\*.tmp -> 
7Z.DLL -> C:\Documents and Settings\David\Local Settings\Temp\_PASFX17\7Z.DLL ->  [Ver =  | Size = 76288 bytes | Modified Date = 3/8/2008 4:25:47 AM | Attr =	]
ywiseext.dll -> C:\Documents and Settings\David\Local Settings\Temp\5339907\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 11, 2, 1 | Size = 106496 bytes | Modified Date = 11/2/2007 10:25:48 AM | Attr =	]
AOLFirewallMgr.dll -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\AOLFirewallMgr.dll -> AOL LLC [Ver = 1.3.2.1		   | Size = 95792 bytes | Modified Date = 1/3/2008 11:27:32 AM | Attr =	]
AOLSearch.dll -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\AOLSearch.dll -> America Online, Inc. [Ver = 1.0.8.1 | Size = 111968 bytes | Modified Date = 1/3/2008 11:27:42 AM | Attr =	]
gui.dll -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\gui.dll -> AOL LLC [Ver = 10, 5, 0, 0 | Size = 243504 bytes | Modified Date = 1/3/2008 11:27:32 AM | Attr =	]
imappver.dll -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\imappver.dll -> AOL LLC [Ver = 6.5.9.1 | Size = 13664 bytes | Modified Date = 1/3/2008 11:27:36 AM | Attr =	]
instSup.dll -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\instSup.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 75104 bytes | Modified Date = 1/3/2008 11:27:39 AM | Attr =	]
ocpchk.dll -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\ocpchk.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 15712 bytes | Modified Date = 1/3/2008 11:27:38 AM | Attr =	]
postinst.dll -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\postinst.dll -> AOL LLC [Ver = 6, 5, 7, 13 | Size = 209248 bytes | Modified Date = 1/3/2008 11:27:32 AM | Attr =	]
ProgUpd.dll -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\ProgUpd.dll -> AOL LLC. [Ver = 1, 0, 1, 0 | Size = 83808 bytes | Modified Date = 1/3/2008 11:27:31 AM | Attr =	]
tbinst.dll -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\tbinst.dll -> AOL LLC [Ver = 3.3.15.2 | Size = 11616 bytes | Modified Date = 1/3/2008 11:27:41 AM | Attr =	]
setup.ini -> C:\Documents and Settings\David\Local Settings\Temp\setup.ini ->  [Ver =  | Size = 4505 bytes | Modified Date = 2/19/2008 2:28:39 AM | Attr =	]
{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\David\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini ->  [Ver =  | Size = 586 bytes | Modified Date = 2/14/2008 1:47:19 PM | Attr =	]
88 C:\Documents and Settings\David\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\David\Local Settings\Temp\*.tmp -> 
dlconfig.ini -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\dlconfig.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 1/3/2008 11:27:46 AM | Attr =	]
gui.ini -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\gui.ini ->  [Ver =  | Size = 5495 bytes | Modified Date = 1/3/2008 11:27:46 AM | Attr =	]
post.ini -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\post.ini ->  [Ver =  | Size = 389 bytes | Modified Date = 1/3/2008 11:27:46 AM | Attr =	]
postui.ini -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\postui.ini ->  [Ver =  | Size = 1954 bytes | Modified Date = 1/3/2008 11:27:46 AM | Attr =	]
setup.ini -> C:\Documents and Settings\David\Local Settings\Temp\AIM_6.5.9.1\setup.ini ->  [Ver =  | Size = 3299 bytes | Modified Date = 1/3/2008 11:27:47 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Modified Date = 3/8/2008 4:53:48 AM | Attr =	]
AOL -> %AllUsersProfile%\Application Data\AOL ->  [Folder | Modified Date = 2/19/2008 2:29:07 AM | Attr =	]
AOL OCP -> %AllUsersProfile%\Application Data\AOL OCP ->  [Folder | Modified Date = 2/19/2008 2:30:01 AM | Attr =	]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Modified Date = 2/15/2008 3:33:02 PM | Attr =	]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Modified Date = 2/15/2008 3:33:31 PM | Attr =	]
Command Software -> %AllUsersProfile%\Application Data\Command Software ->  [Folder | Modified Date = 2/12/2008 3:52:08 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 2/12/2008 8:23:36 AM | Attr =  HS]
FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet ->  [Folder | Modified Date = 3/8/2008 5:10:26 AM | Attr =	]
Intel -> %AllUsersProfile%\Application Data\Intel ->  [Folder | Modified Date = 2/12/2008 4:12:40 PM | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 2/15/2008 1:00:56 AM | Attr =   S]
MSScanAppDataDir -> %AllUsersProfile%\Application Data\MSScanAppDataDir ->  [Folder | Modified Date = 2/20/2008 6:42:04 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/12/2008 4:30:02 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/26/2008 2:18:57 AM | Attr =	]
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D
@Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint ->  [Folder | Modified Date = 2/19/2008 2:29:23 AM | Attr =	]
Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 2/12/2008 4:42:48 PM | Attr =	]
Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! ->  [Folder | Modified Date = 2/22/2008 3:28:09 PM | Attr =	]
Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion ->  [Folder | Modified Date = 2/22/2008 3:46:39 PM | Attr =	]
acccore -> %AppData%\acccore ->  [Folder | Modified Date = 2/19/2008 2:29:53 AM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 3/8/2008 7:22:19 AM | Attr =	]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Modified Date = 2/20/2008 6:40:35 PM | Attr =	]
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Modified Date = 3/8/2008 2:44:23 PM | Attr =	]
Command Software -> %AppData%\Command Software ->  [Folder | Modified Date = 2/12/2008 3:53:09 PM | Attr =	]
desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 2/12/2008 8:23:36 AM | Attr =  HS]
DNA -> %AppData%\DNA ->  [Folder | Modified Date = 3/8/2008 2:47:53 PM | Attr =	]
dvdcss -> %AppData%\dvdcss ->  [Folder | Modified Date = 3/4/2008 10:46:30 PM | Attr =	]
Identities -> %AppData%\Identities ->  [Folder | Modified Date = 2/12/2008 2:18:46 PM | Attr =	]
Intel -> %AppData%\Intel ->  [Folder | Modified Date = 2/12/2008 4:13:11 PM | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Modified Date = 2/13/2008 11:27:30 AM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2/29/2008 4:24:36 AM | Attr =   S]
Mozilla -> %AppData%\Mozilla ->  [Folder | Modified Date = 2/14/2008 1:36:42 PM | Attr =	]
Sun -> %AppData%\Sun ->  [Folder | Modified Date = 2/25/2008 12:16:38 PM | Attr =	]
Thunderbird -> %AppData%\Thunderbird ->  [Folder | Modified Date = 2/14/2008 1:36:41 PM | Attr =	]
vlc -> %AppData%\vlc ->  [Folder | Modified Date = 2/14/2008 6:09:05 AM | Attr =	]
Yahoo! -> %AppData%\Yahoo! ->  [Folder | Modified Date = 2/22/2008 5:16:43 PM | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Modified Date = 3/8/2008 2:37:42 PM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Modified Date = 2/19/2008 2:29:37 AM | Attr =	]
AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Modified Date = 2/19/2008 2:29:39 AM | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Modified Date = 2/15/2008 3:33:09 PM | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Modified Date = 2/15/2008 3:32:47 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 2/13/2008 10:13:35 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 5632 bytes | Modified Date = 2/23/2008 4:35:31 AM | Attr =	]
DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Modified Date = 2/28/2008 12:41:53 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 22992 bytes | Modified Date = 3/8/2008 7:19:28 AM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4838220 bytes | Modified Date = 3/7/2008 3:48:41 PM | Attr =  H ]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Modified Date = 2/13/2008 6:14:14 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 3/1/2008 12:27:05 AM | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Modified Date = 2/12/2008 4:02:13 PM | Attr =	]
Thunderbird -> %UserProfile%\Local Settings\Application Data\Thunderbird ->  [Folder | Modified Date = 2/14/2008 1:36:48 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Documents\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 2/12/2008 8:23:36 AM | Attr =  HS]
My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Modified Date = 2/13/2008 9:48:11 AM | Attr = R  ]
My Pictures -> %AllUsersProfile%\Documents\My Pictures ->  [Folder | Modified Date = 2/12/2008 1:55:33 PM | Attr = R  ]
My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Modified Date = 2/12/2008 1:51:22 PM | Attr = R  ]
1chapter01.pdf -> %UserProfile%\My Documents\1chapter01.pdf ->  [Ver =  | Size = 27649 bytes | Modified Date = 2/25/2008 2:23:16 PM | Attr =	]
2.9.pdf -> %UserProfile%\My Documents\2.9.pdf ->  [Ver =  | Size = 166623 bytes | Modified Date = 2/25/2008 2:20:09 PM | Attr =	]
5pt3.jpg -> %UserProfile%\My Documents\5pt3.jpg ->  [Ver =  | Size = 69828 bytes | Modified Date = 2/25/2008 2:25:01 PM | Attr =	]
BME 94 Spring 08 -> %UserProfile%\My Documents\BME 94 Spring 08 ->  [Folder | Modified Date = 3/6/2008 7:33:19 AM | Attr =	]
desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 76 bytes | Modified Date = 2/13/2008 9:25:36 AM | Attr =  HS]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 2/28/2008 12:42:45 AM | Attr =	]
Final Resume.doc -> %UserProfile%\My Documents\Final Resume.doc ->  [Ver =  | Size = 40960 bytes | Modified Date = 3/6/2008 12:29:06 PM | Attr =	]
fulltext.pdf -> %UserProfile%\My Documents\fulltext.pdf ->  [Ver =  | Size = 509122 bytes | Modified Date = 2/20/2008 11:53:23 PM | Attr =	]
HW1 Soln.pdf -> %UserProfile%\My Documents\HW1 Soln.pdf ->  [Ver =  | Size = 375668 bytes | Modified Date = 2/25/2008 2:29:06 PM | Attr =	]
HW1%20Soln.pdf -> %UserProfile%\My Documents\HW1%20Soln.pdf ->  [Ver =  | Size = 375668 bytes | Modified Date = 2/25/2008 2:16:25 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 2/22/2008 3:27:53 PM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/25/2008 2:48:14 PM | Attr = R  ]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 2/21/2008 6:05:06 AM | Attr = R  ]
p4p16sol.jpg -> %UserProfile%\My Documents\p4p16sol.jpg ->  [Ver =  | Size = 438633 bytes | Modified Date = 2/25/2008 2:24:58 PM | Attr =	]
Prob1.6 soln.JPG -> %UserProfile%\My Documents\Prob1.6 soln.JPG ->  [Ver =  | Size = 181397 bytes | Modified Date = 2/25/2008 2:19:35 PM | Attr =	]
Prob1.8 soln.JPG -> %UserProfile%\My Documents\Prob1.8 soln.JPG ->  [Ver =  | Size = 124267 bytes | Modified Date = 2/25/2008 2:19:39 PM | Attr =	]
Prob2p17soln.jpg -> %UserProfile%\My Documents\Prob2p17soln.jpg ->  [Ver =  | Size = 140906 bytes | Modified Date = 2/25/2008 2:22:58 PM | Attr =	]
prob4p2sol.jpg -> %UserProfile%\My Documents\prob4p2sol.jpg ->  [Ver =  | Size = 102608 bytes | Modified Date = 2/25/2008 2:24:54 PM | Attr =	]
prob5p19.pdf -> %UserProfile%\My Documents\prob5p19.pdf ->  [Ver =  | Size = 7015 bytes | Modified Date = 2/25/2008 2:25:16 PM | Attr =	]
prob5p19_Schematics.pdf -> %UserProfile%\My Documents\prob5p19_Schematics.pdf ->  [Ver =  | Size = 9903 bytes | Modified Date = 2/25/2008 2:25:09 PM | Attr =	]
Research mouse -> %UserProfile%\My Documents\Research mouse ->  [Folder | Modified Date = 3/8/2008 7:21:56 AM | Attr =	]
Resume.doc -> %UserProfile%\My Documents\Resume.doc ->  [Ver =  | Size = 40960 bytes | Modified Date = 3/6/2008 12:25:30 PM | Attr =	]
Soccer Indoor League.xls -> %UserProfile%\My Documents\Soccer Indoor League.xls ->  [Ver =  | Size = 15872 bytes | Modified Date = 3/6/2008 8:40:27 PM | Attr =	]
Sol2p9.pdf -> %UserProfile%\My Documents\Sol2p9.pdf ->  [Ver =  | Size = 16687 bytes | Modified Date = 2/25/2008 2:22:29 PM | Attr =	]
Summer possibilities.doc -> %UserProfile%\My Documents\Summer possibilities.doc ->  [Ver =  | Size = 50688 bytes | Modified Date = 3/3/2008 4:18:27 AM | Attr =	]
Test 1 BME 100.doc -> %UserProfile%\My Documents\Test 1 BME 100.doc ->  [Ver =  | Size = 5922304 bytes | Modified Date = 2/25/2008 2:37:56 PM | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2/14/2008 1:47:51 PM | Attr =	]
AIM 6.lnk -> %AllUsersProfile%\Desktop\AIM 6.lnk ->  [Ver =  | Size = 1672 bytes | Modified Date = 2/19/2008 2:29:20 AM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 2/13/2008 11:16:09 AM | Attr =	]
Mozilla Thunderbird.lnk -> %AllUsersProfile%\Desktop\Mozilla Thunderbird.lnk ->  [Ver =  | Size = 1668 bytes | Modified Date = 2/14/2008 1:36:29 PM | Attr =	]
PowerISO.lnk -> %AllUsersProfile%\Desktop\PowerISO.lnk ->  [Ver =  | Size = 682 bytes | Modified Date = 3/8/2008 4:13:25 AM | Attr =	]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Modified Date = 2/15/2008 3:33:54 PM | Attr =	]
VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk ->  [Ver =  | Size = 719 bytes | Modified Date = 2/14/2008 5:49:16 AM | Attr =	]
Adobe CS3 -> %UserProfile%\Desktop\Adobe CS3 ->  [Folder | Modified Date = 3/8/2008 4:28:07 AM | Attr =	]
Adobe Photoshop CS3 v10.0 Extended Incl Keygen -> %UserProfile%\Desktop\Adobe Photoshop CS3 v10.0 Extended Incl Keygen ->  [Folder | Modified Date = 3/8/2008 3:36:29 AM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/8/2008 2:42:24 PM | Attr =	]
BitTorrent-6.0.2.exe -> %UserProfile%\Desktop\BitTorrent-6.0.2.exe ->  [Ver =  | Size = 873688 bytes | Modified Date = 2/28/2008 12:41:36 AM | Attr =	]
dmckeo01 -> %UserProfile%\Desktop\dmckeo01 ->  [Folder | Modified Date = 2/23/2008 4:36:36 AM | Attr =	]
DVD Decrypter.lnk -> %UserProfile%\Desktop\DVD Decrypter.lnk ->  [Ver =  | Size = 1635 bytes | Modified Date = 2/28/2008 8:58:33 PM | Attr =	]
giants.jpg -> %UserProfile%\Desktop\giants.jpg ->  [Ver =  | Size = 841859 bytes | Modified Date = 2/29/2008 4:24:21 AM | Attr =	]
giants2.jpg -> %UserProfile%\Desktop\giants2.jpg ->  [Ver =  | Size = 144494 bytes | Modified Date = 2/29/2008 4:25:32 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/25/2008 12:03:32 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/25/2008 12:03:15 PM | Attr =	]
install_flash_player.exe -> %UserProfile%\Desktop\install_flash_player.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1491592 bytes | Modified Date = 3/3/2008 11:41:57 PM | Attr =	]
PhotoShop.CS3.zip -> %UserProfile%\Desktop\PhotoShop.CS3.zip ->  [Ver =  | Size = 200422 bytes | Modified Date = 3/8/2008 8:18:37 AM | Attr =	]
PowerISO39.exe -> %UserProfile%\Desktop\PowerISO39.exe ->  [Ver =  | Size = 1086613 bytes | Modified Date = 3/8/2008 4:13:10 AM | Attr =	]
Preparation of your Significance & Background Section_1.pptx -> %UserProfile%\Desktop\Preparation of your Significance & Background Section_1.pptx ->  [Ver =  | Size = 82298 bytes | Modified Date = 2/20/2008 6:32:48 PM | Attr =	]
sdsetup.exe -> %UserProfile%\Desktop\sdsetup.exe -> PC Tools													 [Ver = 5.5.0.204			| Size = 17678792 bytes | Modified Date = 2/25/2008 11:36:30 AM | Attr =	]
SetupDVDDecrypter_3.5.4.0.exe -> %UserProfile%\Desktop\SetupDVDDecrypter_3.5.4.0.exe ->  [Ver =  | Size = 899414 bytes | Modified Date = 2/28/2008 8:54:16 PM | Attr =	]
Significance.docx -> %UserProfile%\Desktop\Significance.docx ->  [Ver =  | Size = 13137 bytes | Modified Date = 2/20/2008 6:34:03 PM | Attr =	]
Silverlight.exe -> %UserProfile%\Desktop\Silverlight.exe ->  [Ver = 1.13 | Size = 1454656 bytes | Modified Date = 3/6/2008 9:52:14 AM | Attr =	]
slides.ppt -> %UserProfile%\Desktop\slides.ppt ->  [Ver =  | Size = 1391616 bytes | Modified Date = 3/4/2008 5:46:53 AM | Attr =	]
SPECIFIC AIMS and SignificanceandBackground.docx -> %UserProfile%\Desktop\SPECIFIC AIMS and SignificanceandBackground.docx ->  [Ver =  | Size = 35225 bytes | Modified Date = 2/20/2008 6:35:47 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 2/12/2008 4:21:14 PM | Attr =	]
SpywareTerminatorSetup.exe -> %UserProfile%\Desktop\SpywareTerminatorSetup.exe -> Crawler Inc.												 [Ver = 2.1.1.314			| Size = 9824080 bytes | Modified Date = 2/25/2008 11:49:43 AM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/26/2008 3:09:39 AM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/26/2008 4:33:42 AM | Attr =	]
UFileDownloadTrial.EXE -> %UserProfile%\Desktop\UFileDownloadTrial.EXE -> VersalSoft [Ver = 2, 0, 0, 0 | Size = 766708 bytes | Modified Date = 2/25/2008 3:55:40 AM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/8/2008 2:46:48 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482464 bytes | Modified Date = 3/8/2008 2:43:44 PM | Attr =	]
~$ECIFIC AIMS and SignificanceandBackground.docx -> %UserProfile%\Desktop\~$ECIFIC AIMS and SignificanceandBackground.docx ->  [Ver =  | Size = 162 bytes | Modified Date = 3/6/2008 10:39:29 PM | Attr =  H ]
desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 2/12/2008 1:58:53 PM | Attr =  HS]
desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 2/12/2008 1:58:53 PM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 3/8/2008 4:52:29 AM | Attr =	]
AOL -> %CommonProgramFiles%\AOL ->  [Folder | Modified Date = 2/19/2008 2:28:38 AM | Attr =	]
Authentium -> %CommonProgramFiles%\Authentium ->  [Folder | Modified Date = 2/12/2008 3:57:41 PM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Modified Date = 2/15/2008 12:59:09 AM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 2/12/2008 3:38:01 PM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 2/21/2008 7:31:25 AM | Attr =	]
L&H -> %CommonProgramFiles%\L&H ->  [Folder | Modified Date = 2/15/2008 12:59:32 AM | Attr =	]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared ->  [Folder | Modified Date = 3/8/2008 4:39:21 AM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2/20/2008 6:30:45 PM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Modified Date = 2/12/2008 1:55:18 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Modified Date = 2/12/2008 8:24:17 AM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Modified Date = 2/12/2008 1:55:24 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Modified Date = 2/12/2008 8:24:12 AM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 2/15/2008 12:58:38 AM | Attr =	]

< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:10 PM

Posted 08 March 2008 - 05:10 PM

Hi keep22goal.

After running the scan, some websites(including bleeping computer) don't run exactly right and you can't see all the graphics and stuff like that

That can happen if all browsers were not closed when ATF was run as instructed. Run it again with ALL other programs closed, browsers included.

Now, first we need to disable TeaTimer so it does not interfere with the changes we are going to make.
  • Start Spybot-S&D.
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools and then click on Resident.
  • Uncheck Resident TeaTimer and choose OK for any further prompts.
  • Restart your computer.
Next, follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%SystemRoot%\System32\wbchha.dll
%SystemRoot%\wininit.ini

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wbchha.dll [djuka]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {9034A523-D068-4BE8-A284-9DF278BE776E}:Exec -> [IE Anti-Spyware]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Fonts\lsass.exe -> C:\WINDOWS\Fonts\lsass.exe [C:\WINDOWS\Fonts\lsass.exe:*:Enabled:LSA Shell (Export Version)										]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D
NY -> @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> wbchha.dll -> %SystemRoot%\System32\wbchha.dll
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> wininit.ini -> %SystemRoot%\wininit.ini
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D
NY -> @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 keep22goal

keep22goal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 March 2008 - 10:37 PM

So after running the avenger I got this and it seemed to work but after doing the Run Fix in WinPFind my programs aren't running correctly. Whenever I try to run a program it asks me what program I would like to open that program with and it gives me a list. For Firefox I choose Firefox and it eventially lets me open it but for IE it doesn't let me. I choose the program from the list and it asks me to Run or Save the program and then I do that and it opens and asks me to downolad or Save it again and then it just cancels. Here is my Log for the Avenger and the Moved Files thing:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\System32\wbchha.dll" deleted successfully.
File "C:\WINDOWS\wininit.ini" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISTray not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}\ not found.
File C:\WINDOWS\system32\wbchha.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9034A523-D068-4BE8-A284-9DF278BE776E}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Fonts\lsass.exe not found.
File C:\WINDOWS\Fonts\lsass.exe not found.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\wbchha.dll not found!
File C:\WINDOWS\wininit.ini not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Unable to start explorer.exe
< End of fix log >
WinPFind35U Version 1.0.4.0 fix logfile created on 03092008_233839

Edited by keep22goal, 09 March 2008 - 10:45 PM.


#6 keep22goal

keep22goal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 March 2008 - 10:52 PM

So when I right click on the IE program and say Run As, it comes up that I am logged in as TUFTS-1C11..\David. If I go down and click The Following User and scroll to where it says David, my log in name then IE runs. Not sure what the problem is. When I go to UserAccounts in the Control Panel it says C:\WINDOWS\System32\run32dll.exe Application not Found. It also says for my Microsoft Office Programs when I try to open them: Application Not Found

Edited by keep22goal, 09 March 2008 - 11:05 PM.


#7 keep22goal

keep22goal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 10 March 2008 - 12:17 AM

This is the report:

Scanning Report
Sunday, March 09, 2008 23:58:03 - 01:14:56

Computer name: TUFTS-1C11D0E5D
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 3 malware found
Backdoor.Win32.MoSucker.ee (virus)

* C:\DOCUMENTS AND SETTINGS\DAVID\WINPFIND35U\MOVEDFILES\03092008_231601\WINDOWS\FONTS\LSASS.EXE (Renamed & Submitted)

Tracking Cookie (spyware)

* System

W32/Agent.DUEY (virus)

* C:\DOCUMENTS AND SETTINGS\DAVID\DESKTOP\DMCKEO01\CHEM 2\EMULATOR\FCEU.EXE (Submitted)

Statistics
Scanned:

* Files: 39577
* System: 3213
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 2
* Submitted: 2

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{572267C8-AA16-4C89-8C36-4AFD6A9342F3}.BIN

Options
Scanning engines:

* F-Secure USS: 2.20.0
* F-Secure Hydra: 2.6.7470, 2008-03-10
* F-Secure AVP: 7.0.171, 2008-03-10
* F-Secure Pegasus: 1.20.0, 2008-02-03
* F-Secure Blacklight: 1.0.64

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:10 PM

Posted 10 March 2008 - 01:06 AM

Hi keep22goal. I need to see the new WinPFind35 scan.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 keep22goal

keep22goal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 10 March 2008 - 01:33 AM

Hey. So I did a system restore to Saturday and my roommate gave me a virus scanner that he has and I think it found whatever I had and got rid of it. Here is a new HijackThis. Let me know if you see any problems. The virus scanner is NOD32.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:29 AM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\David\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\David\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Eset\nod32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202852047062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8386 bytes

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:10 PM

Posted 10 March 2008 - 09:43 AM

Hi keep22goal. Nope, it's still there. Rerun the fix again.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 keep22goal

keep22goal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 11 March 2008 - 03:52 AM

Here is my WinPFind32 log after I did the fix:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}\ deleted successfully.
File C:\WINDOWS\system32\wbchha.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9034A523-D068-4BE8-A284-9DF278BE776E}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Fonts\lsass.exe not found.
File C:\WINDOWS\Fonts\lsass.exe not found.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\wbchha.dll not found!
C:\WINDOWS\wininit.ini moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.5.0 fix logfile created on 03112008_044540

#12 keep22goal

keep22goal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 11 March 2008 - 03:57 AM

Here is the full WinPFind35 scan again:

WinPFind35 logfile created on: 3/11/2008 4:55:25 AM
WinPFind35U Version 1.0.5.0	 Folder = C:\Documents and Settings\David\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.36 Mb Total Physical Memory | 662.36 Mb Available Physical Memory | 65.23% Memory free
2.39 Gb Paging File | 2.14 Gb Available in Paging File | 89.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 47.44 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive D: | 33.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TUFTS-1C11D0E5D
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.0.4 | Size = 643072 bytes | Modified Date = 2/21/2007 12:28:36 PM | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 11, 1, 0, 9 | Size = 983040 bytes | Modified Date = 2/21/2007 12:16:48 PM | Attr =	]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 11.1.0.4 | Size = 294912 bytes | Modified Date = 2/21/2007 12:19:40 PM | Attr =	]
wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE ->  [Ver =  | Size = 20480 bytes | Modified Date = 3/16/2007 7:10:46 PM | Attr =	]
bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1253376 bytes | Modified Date = 3/16/2007 7:10:42 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr =	]
nod32krn.exe -> %ProgramFiles%\Eset\nod32krn.exe -> Eset  [Ver = 2, 51, 30  | Size = 507904 bytes | Modified Date = 3/10/2008 1:36:49 AM | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.0.0   | Size = 327680 bytes | Modified Date = 2/21/2007 12:10:00 PM | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr =	]
wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 3/16/2007 7:10:46 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 77824 bytes | Modified Date = 9/15/2006 5:50:22 PM | Attr =	]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 118784 bytes | Modified Date = 9/15/2006 5:54:22 PM | Attr =	]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 11.1.0.5   | Size = 819200 bytes | Modified Date = 2/21/2007 12:19:58 PM | Attr =	]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 11.1.0.2 | Size = 970752 bytes | Modified Date = 2/21/2007 12:17:42 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr =	]
nod32kui.exe -> %ProgramFiles%\Eset\nod32kui.exe -> Eset  [Ver = 2, 51, 30  | Size = 921600 bytes | Modified Date = 3/10/2008 1:36:50 AM | Attr =	]
btdna.exe -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/28/2008 1:41:51 AM | Attr =	]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr =	]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 11.1.0.7 | Size = 487424 bytes | Modified Date = 2/21/2007 12:13:26 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.5.0 | Size = 310272 bytes | Modified Date = 3/10/2008 2:34:14 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 3/10/2008 1:56:08 AM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr =	]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.0.4 | Size = 643072 bytes | Modified Date = 2/21/2007 12:28:36 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 3/8/2008 5:39:21 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Eset\nod32krn.exe -> Eset  [Ver = 2, 51, 30  | Size = 507904 bytes | Modified Date = 3/10/2008 1:36:49 AM | Attr =	]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.0.0   | Size = 327680 bytes | Modified Date = 2/21/2007 12:10:00 PM | Attr =	]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 11, 1, 0, 9 | Size = 983040 bytes | Modified Date = 2/21/2007 12:16:48 PM | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr =	]
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 11.1.0.4 | Size = 294912 bytes | Modified Date = 2/21/2007 12:19:40 PM | Attr =	]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.6.0.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.6.0.0 | Size = 21425 bytes | Modified Date = 2/12/2008 5:13:04 PM | Attr =	]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AMON) AMON [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\amon.sys -> Eset  [Ver = 2, 51, 30  | Size = 502368 bytes | Modified Date = 3/10/2008 1:36:51 AM | Attr =	]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 7.86.0.0 built by: WinDDK | Size = 121472 bytes | Modified Date = 8/23/2004 3:49:30 PM | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 7:07:18 PM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 7:07:18 PM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(GTIPCI21) GTIPCI21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gtipci21.sys -> Texas Instruments [Ver = 1.0.1.19 | Size = 88192 bytes | Modified Date = 4/6/2006 4:49:00 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 208384 bytes | Modified Date = 5/3/2005 4:08:50 PM | Attr =	]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.SYS -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 1033728 bytes | Modified Date = 5/3/2005 4:09:28 PM | Attr =	]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4693 | Size = 1173468 bytes | Modified Date = 9/15/2006 6:16:48 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 1:04:14 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 11, 1, 0, 0 | Size = 12416 bytes | Modified Date = 2/21/2007 12:16:12 PM | Attr =	]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\system32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 9, 0, 0 | Size = 33292 bytes | Modified Date = 1/20/2008 3:07:58 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.4255 | Size = 273168 bytes | Modified Date = 3/10/2005 5:56:06 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.33 Driver | Size = 2209408 bytes | Modified Date = 2/8/2007 2:51:16 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 705408 bytes | Modified Date = 5/3/2005 4:08:44 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =	]
Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 3/16/2007 7:10:46 PM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 77824 bytes | Modified Date = 9/15/2006 5:50:22 PM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 118784 bytes | Modified Date = 9/15/2006 5:54:22 PM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 94208 bytes | Modified Date = 9/15/2006 5:53:36 PM | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 11.1.0.2 | Size = 970752 bytes | Modified Date = 2/21/2007 12:17:42 PM | Attr =	]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 11.1.0.5   | Size = 819200 bytes | Modified Date = 2/21/2007 12:19:58 PM | Attr =	]
nod32kui -> %ProgramFiles%\Eset\nod32kui.exe -> Eset  [Ver = 2, 51, 30  | Size = 921600 bytes | Modified Date = 3/10/2008 1:36:50 AM | Attr =	]
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 9, 0, 0 | Size = 217088 bytes | Modified Date = 1/20/2008 3:05:37 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2/1/2008 12:13:08 AM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 12:15:06 PM | Attr =	]
BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/28/2008 1:41:51 AM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< David Startup Folder > -> C:\Documents and Settings\David\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 139264 bytes | Modified Date = 9/15/2006 5:49:26 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (224776 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/18/2007 5:49:22 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4190 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4221 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/18/2007 5:49:22 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 6:09:42 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/18/2007 5:49:22 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 6:09:42 PM | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/9/2008 4:01:48 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{C02DC11B-E104-40C0-873C-79F72F4D7937} ->	(Broadcom NetXtreme 57xx Gigabit Controller) -> 
{C53B994C-91A2-42D9-81E7-4C21987B0DA6} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 1:42:30 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{3BA3B159-7533-4F96-A2CE-EE5894BBD3D5}[HKEY_LOCAL_MACHINE] -> http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab[Scanner.SysScanner] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202852047062[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 



[Files/Folders - Created Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 2:58:45 PM | Attr =	]
av -> %SystemDrive%\av ->  [Folder | Created Date = 2/12/2008 4:51:52 PM | Attr =  H ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 3/9/2008 6:18:06 PM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Created Date = 2/12/2008 9:21:57 AM | Attr =  HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 2:58:45 PM | Attr =	]
dell -> %SystemDrive%\dell ->  [Folder | Created Date = 2/12/2008 3:28:59 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Created Date = 2/12/2008 9:22:40 AM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 2:58:45 PM | Attr = RHS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 526 bytes | Created Date = 2/19/2008 3:28:21 AM | Attr =  H ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 2:58:45 PM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Created Date = 2/15/2008 1:55:32 AM | Attr = RH ]
Program Files -> %ProgramFiles% ->  [Folder | Created Date = 2/12/2008 9:24:10 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 2/12/2008 5:05:31 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 2/12/2008 9:22:40 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
big5.nls -> %SystemRoot%\System32\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 2/12/2008 2:59:52 PM | Attr =	]
bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 2/12/2008 2:59:52 PM | Attr =	]
cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 2/12/2008 3:00:06 PM | Attr =	]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 2/12/2008 3:00:10 PM | Attr =	]
c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 2/12/2008 2:59:53 PM | Attr =	]
c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 2/12/2008 2:59:53 PM | Attr =	]
c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 2/12/2008 2:59:53 PM | Attr =	]
c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:54 PM | Attr =	]
c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:54 PM | Attr =	]
c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:04 AM | Attr =	]
c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 2/12/2008 2:59:54 PM | Attr =	]
c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:55 AM | Attr =	]
c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:04 AM | Attr =	]
c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:54 PM | Attr =	]
c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:55 AM | Attr =	]
c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:07 AM | Attr =	]
c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:55 AM | Attr =	]
c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:55 PM | Attr =	]
c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:55 PM | Attr =	]
c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:55 PM | Attr =	]
c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:55 PM | Attr =	]
c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:55 PM | Attr =	]
c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:55 PM | Attr =	]
c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:56 PM | Attr =	]
c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:56 PM | Attr =	]
c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:56 PM | Attr =	]
c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:56 PM | Attr =	]
c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:56 PM | Attr =	]
c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 2/12/2008 2:59:57 PM | Attr =	]
c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 2/12/2008 2:59:57 PM | Attr =	]
c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls ->  [Ver =  | Size = 186402 bytes | Created Date = 2/12/2008 2:59:57 PM | Attr =	]
c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 2/12/2008 2:59:57 PM | Attr =	]
c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls ->  [Ver =  | Size = 185378 bytes | Created Date = 2/12/2008 2:59:58 PM | Attr =	]
c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 2/12/2008 2:59:58 PM | Attr =	]
c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls ->  [Ver =  | Size = 187938 bytes | Created Date = 2/12/2008 2:59:58 PM | Attr =	]
c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:59 PM | Attr =	]
c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:59 PM | Attr =	]
c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:59 PM | Attr =	]
c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:59 PM | Attr =	]
c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:53 AM | Attr =	]
c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:59 PM | Attr =	]
c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 2:59:59 PM | Attr =	]
c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:00 PM | Attr =	]
c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:00 PM | Attr =	]
c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:00 PM | Attr =	]
c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:00 PM | Attr =	]
c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:00 PM | Attr =	]
c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:00 PM | Attr =	]
c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:00 PM | Attr =	]
c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:01 PM | Attr =	]
c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:01 PM | Attr =	]
c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:01 PM | Attr =	]
c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:01 PM | Attr =	]
c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:01 PM | Attr =	]
c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:01 PM | Attr =	]
c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:02 PM | Attr =	]
c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:02 PM | Attr =	]
c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 2/12/2008 3:00:02 PM | Attr =	]
c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 2/12/2008 3:00:02 PM | Attr =	]
c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 2/12/2008 3:00:02 PM | Attr =	]
c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:03 PM | Attr =	]
c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:03 PM | Attr =	]
c_28594.nls -> %SystemRoot%\System32\dllcache\c_28594.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:59 AM | Attr =	]
c_28595.nls -> %SystemRoot%\System32\dllcache\c_28595.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:04 AM | Attr =	]
c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:03 PM | Attr =	]
c_28597.nls -> %SystemRoot%\System32\dllcache\c_28597.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
c_28599.nls -> %SystemRoot%\System32\dllcache\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:07 AM | Attr =	]
c_28603.nls -> %SystemRoot%\System32\dllcache\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:09 AM | Attr =	]
c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:03 PM | Attr =	]
c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 3:00:04 PM | Attr =	]
c_737.nls -> %SystemRoot%\System32\dllcache\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
c_852.nls -> %SystemRoot%\System32\dllcache\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:23:55 AM | Attr =	]
c_855.nls -> %SystemRoot%\System32\dllcache\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:23:59 AM | Attr =	]
c_857.nls -> %SystemRoot%\System32\dllcache\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:24:07 AM | Attr =	]
c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 3:00:04 PM | Attr =	]
c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 3:00:04 PM | Attr =	]
c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 3:00:04 PM | Attr =	]
c_866.nls -> %SystemRoot%\System32\dllcache\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:23:59 AM | Attr =	]
c_869.nls -> %SystemRoot%\System32\dllcache\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 3:00:04 PM | Attr =	]
c_875.nls -> %SystemRoot%\System32\dllcache\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
dgrpsetu.dll -> %SystemRoot%\System32\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 2/12/2008 9:23:52 AM | Attr =	]
dgsetup.dll -> %SystemRoot%\System32\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 2/12/2008 9:23:52 AM | Attr =	]
eqnclass.dll -> %SystemRoot%\System32\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 2/12/2008 9:23:52 AM | Attr =	]
esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 2/12/2008 3:00:23 PM | Attr =	]
esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 2/12/2008 3:00:23 PM | Attr =	]
esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 2/12/2008 3:00:23 PM | Attr =	]
FP4.CAT -> %SystemRoot%\System32\dllcache\FP4.CAT ->  [Ver =  | Size = 31281 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 2/12/2008 3:00:27 PM | Attr =	]
hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 2/12/2008 3:00:36 PM | Attr =	]
HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
htrn_jis.dll -> %SystemRoot%\System32\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 2/12/2008 2:52:38 PM | Attr =	]
hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 2/12/2008 3:00:45 PM | Attr =	]
IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =	]
imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 2/12/2008 3:01:04 PM | Attr =	]
imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 2/12/2008 3:01:08 PM | Attr =	]
IMS.CAT -> %SystemRoot%\System32\dllcache\IMS.CAT ->  [Ver =  | Size = 13753 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 2/12/2008 3:01:11 PM | Attr =	]
isrdbg32.dll -> %SystemRoot%\System32\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 2/12/2008 2:54:44 PM | Attr =	]
korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 2/12/2008 3:01:23 PM | Attr =	]
ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 2/12/2008 3:01:24 PM | Attr =	]
ltts1033.lxa -> %SystemRoot%\System32\dllcache\ltts1033.lxa ->  [Ver =  | Size = 643717 bytes | Created Date = 2/12/2008 9:24:12 AM | Attr =	]
MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
mediactr.cat -> %SystemRoot%\System32\dllcache\mediactr.cat ->  [Ver =  | Size = 31965 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =	]
mplayer2.exe -> %SystemRoot%\System32\dllcache\mplayer2.exe ->  [Ver =  | Size = 4639 bytes | Created Date = 2/12/2008 2:55:07 PM | Attr =	]
msinfo.dll -> %SystemRoot%\System32\dllcache\msinfo.dll ->  [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 2/12/2008 2:54:48 PM | Attr =	]
MSMSGS.CAT -> %SystemRoot%\System32\dllcache\MSMSGS.CAT ->  [Ver =  | Size = 9581 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
msn7.cat -> %SystemRoot%\System32\dllcache\msn7.cat ->  [Ver =  | Size = 24209 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =	]
msn9.cat -> %SystemRoot%\System32\dllcache\msn9.cat ->  [Ver =  | Size = 11651 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =	]
MSTSWEB.CAT -> %SystemRoot%\System32\dllcache\MSTSWEB.CAT ->  [Ver =  | Size = 7245 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =	]
MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT ->  [Ver =  | Size = 37484 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
netfx.cat -> %SystemRoot%\System32\dllcache\netfx.cat ->  [Ver =  | Size = 141702 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =	]
nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex ->  [Ver =  | Size = 4399505 bytes | Created Date = 2/12/2008 2:56:31 PM | Attr =	]
NT5.CAT -> %SystemRoot%\System32\dllcache\NT5.CAT ->  [Ver =  | Size = 2012670 bytes | Created Date = 2/12/2008 9:23:34 AM | Attr =	]
NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 797189 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
NT5INF.CAT -> %SystemRoot%\System32\dllcache\NT5INF.CAT ->  [Ver =  | Size = 502724 bytes | Created Date = 2/12/2008 9:23:34 AM | Attr =	]
NTPRINT.CAT -> %SystemRoot%\System32\dllcache\NTPRINT.CAT ->  [Ver =  | Size = 1086058 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7382 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =	]
pinball.exe -> %SystemRoot%\System32\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 2/12/2008 2:51:53 PM | Attr =	]
pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 2/12/2008 3:01:52 PM | Attr =	]
prc.nls -> %SystemRoot%\System32\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 2/12/2008 3:01:55 PM | Attr =	]
prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 2/12/2008 3:01:55 PM | Attr =	]
r1033tts.lxa -> %SystemRoot%\System32\dllcache\r1033tts.lxa ->  [Ver =  | Size = 605050 bytes | Created Date = 2/12/2008 9:24:13 AM | Attr =	]
rw330ext.dll -> %SystemRoot%\System32\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 2/12/2008 3:02:02 PM | Attr =	]
rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 2/12/2008 3:02:02 PM | Attr =	]
rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 2/12/2008 3:02:03 PM | Attr =	]
sam.sdf -> %SystemRoot%\System32\dllcache\sam.sdf ->  [Ver =  | Size = 888 bytes | Created Date = 2/12/2008 9:24:13 AM | Attr =	]
sam.spd -> %SystemRoot%\System32\dllcache\sam.spd ->  [Ver =  | Size = 1685606 bytes | Created Date = 2/12/2008 9:24:14 AM | Attr =	]
SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT ->  [Ver =  | Size = 1042903 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 2/12/2008 9:23:52 AM | Attr =	]
srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf ->  [Ver =  | Size = 984 bytes | Created Date = 2/12/2008 2:55:26 PM | Attr =	]
tabletpc.cat -> %SystemRoot%\System32\dllcache\tabletpc.cat ->  [Ver =  | Size = 110116 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =	]
wmerrenu.cat -> %SystemRoot%\System32\dllcache\wmerrenu.cat ->  [Ver =  | Size = 7334 bytes | Created Date = 2/12/2008 9:23:35 AM | Attr =	]
xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 2/12/2008 3:02:48 PM | Attr =	]
AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.6.0.0 | Size = 21425 bytes | Created Date = 2/12/2008 5:13:04 PM | Attr =	]
amon.sys -> %SystemRoot%\System32\drivers\amon.sys -> Eset  [Ver = 2, 51, 30  | Size = 502368 bytes | Created Date = 3/10/2008 1:37:55 AM | Attr =	]
BCMWLNPF.SYS -> %SystemRoot%\System32\drivers\BCMWLNPF.SYS -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 33664 bytes | Created Date = 2/12/2008 3:30:30 PM | Attr =	]
del1028.cty -> %SystemRoot%\System32\drivers\del1028.cty ->  [Ver =  | Size = 129405 bytes | Created Date = 2/12/2008 5:03:57 PM | Attr =	]
disdn -> %SystemRoot%\System32\drivers\disdn ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
hosts.20080212-162629.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080212-162629.backup ->  [Ver =  | Size = 734 bytes | Created Date = 2/12/2008 5:26:29 PM | Attr =	]
hosts.20080212-162959.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080212-162959.backup ->  [Ver =  | Size = 224776 bytes | Created Date = 2/12/2008 5:29:59 PM | Attr = R  ]
gtipci21.sys -> %SystemRoot%\System32\drivers\gtipci21.sys -> Texas Instruments [Ver = 1.0.1.19 | Size = 88192 bytes | Created Date = 2/13/2008 1:25:26 PM | Attr =	]
HSFHWICH.sys -> %SystemRoot%\System32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 208384 bytes | Created Date = 2/12/2008 5:03:57 PM | Attr =	]
HSF_CNXT.sys -> %SystemRoot%\System32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 705408 bytes | Created Date = 2/12/2008 5:03:57 PM | Attr =	]
HSF_DPV.SYS -> %SystemRoot%\System32\drivers\HSF_DPV.SYS -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 1033728 bytes | Created Date = 2/12/2008 5:03:57 PM | Attr =	]
ialmnt5.sys -> %SystemRoot%\System32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4693 | Size = 1173468 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Created Date = 2/12/2008 5:03:57 PM | Attr =	]
STAC97.sys -> %SystemRoot%\System32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.4255 | Size = 273168 bytes | Created Date = 2/12/2008 4:38:15 PM | Attr =	]
tiscfw.deb -> %SystemRoot%\System32\drivers\tiscfw.deb ->  [Ver =  | Size = 17120 bytes | Created Date = 2/13/2008 1:25:26 PM | Attr =	]
UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Created Date = 2/13/2008 10:47:02 AM | Attr =	]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 2/13/2008 10:47:03 AM | Attr =  H ]
w29n51.sys -> %SystemRoot%\System32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.33 Driver | Size = 2209408 bytes | Created Date = 2/12/2008 5:12:13 PM | Attr =	]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Created Date = 2/12/2008 9:21:53 AM | Attr =	]
1025 -> %SystemRoot%\System32\1025 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
1028 -> %SystemRoot%\System32\1028 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
1031 -> %SystemRoot%\System32\1031 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
1033 -> %SystemRoot%\System32\1033 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
1037 -> %SystemRoot%\System32\1037 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
1041 -> %SystemRoot%\System32\1041 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
1042 -> %SystemRoot%\System32\1042 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
1054 -> %SystemRoot%\System32\1054 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
2052 -> %SystemRoot%\System32\2052 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
3076 -> %SystemRoot%\System32\3076 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
3com_dmi -> %SystemRoot%\System32\3com_dmi ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 2/25/2008 1:20:13 PM | Attr =	]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Created Date = 2/12/2008 2:58:34 PM | Attr =	]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Created Date = 3/10/2008 1:45:45 AM | Attr =	]
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2/25/2008 1:21:20 PM | Attr =	]
AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT ->  [Ver =  | Size = 1688 bytes | Created Date = 2/12/2008 9:23:49 AM | Attr =	]
bcm1xsup.dll -> %SystemRoot%\System32\bcm1xsup.dll ->  [Ver =  | Size = 757760 bytes | Created Date = 2/12/2008 3:30:28 PM | Attr =	]
BCMLogon.dll -> %SystemRoot%\System32\BCMLogon.dll -> Dell Inc. [Ver = 4.100.15.8 | Size = 770048 bytes | Created Date = 2/12/2008 3:30:31 PM | Attr =	]
BCMWLCPL.CPL -> %SystemRoot%\System32\BCMWLCPL.CPL -> Dell Inc. [Ver = 4.100.15.8 | Size = 3395584 bytes | Created Date = 2/12/2008 3:30:29 PM | Attr =	]
bcmwlpkt.dll -> %SystemRoot%\System32\bcmwlpkt.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 69632 bytes | Created Date = 2/12/2008 3:30:29 PM | Attr =	]
BCMWLTRY.EXE -> %SystemRoot%\System32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1253376 bytes | Created Date = 2/12/2008 3:30:28 PM | Attr =	]
bcmwlu00.exe -> %SystemRoot%\System32\bcmwlu00.exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 253952 bytes | Created Date = 2/12/2008 3:30:29 PM | Attr =	]
bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce ->  [Ver =  | Size = 22984 bytes | Created Date = 2/12/2008 2:52:27 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Created Date = 2/12/2008 9:23:20 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Created Date = 2/12/2008 9:23:20 AM | Attr =	]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 2:56:56 PM | Attr = RH ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Created Date = 2/12/2008 2:51:44 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
config.gms -> %SystemRoot%\System32\config.gms ->  [Ver =  | Size = 645120 bytes | Created Date = 3/10/2008 7:09:00 AM | Attr =	]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Created Date = 2/12/2008 2:58:45 PM | Attr =	]
c_10006.nls -> %SystemRoot%\System32\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
c_10007.nls -> %SystemRoot%\System32\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:04 AM | Attr =	]
c_10010.nls -> %SystemRoot%\System32\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:55 AM | Attr =	]
c_10017.nls -> %SystemRoot%\System32\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:04 AM | Attr =	]
c_10029.nls -> %SystemRoot%\System32\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:55 AM | Attr =	]
c_10081.nls -> %SystemRoot%\System32\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:07 AM | Attr =	]
c_10082.nls -> %SystemRoot%\System32\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:55 AM | Attr =	]
c_20127.nls -> %SystemRoot%\System32\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:53 AM | Attr =	]
C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:23:59 AM | Attr =	]
C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:04 AM | Attr =	]
C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
c_28599.nls -> %SystemRoot%\System32\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:07 AM | Attr =	]
c_28603.nls -> %SystemRoot%\System32\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:09 AM | Attr =	]
c_737.nls -> %SystemRoot%\System32\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
c_852.nls -> %SystemRoot%\System32\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:23:55 AM | Attr =	]
c_855.nls -> %SystemRoot%\System32\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:23:59 AM | Attr =	]
c_857.nls -> %SystemRoot%\System32\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:24:07 AM | Attr =	]
c_866.nls -> %SystemRoot%\System32\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:23:59 AM | Attr =	]
c_869.nls -> %SystemRoot%\System32\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
c_875.nls -> %SystemRoot%\System32\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 2/12/2008 9:24:01 AM | Attr =	]
desktop.ini -> %SystemRoot%\System32\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 2/12/2008 2:55:33 PM | Attr =	]
dgrpsetu.dll -> %SystemRoot%\System32\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 2/12/2008 9:23:52 AM | Attr =	]
dgsetup.dll -> %SystemRoot%\System32\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 2/12/2008 9:23:52 AM | Attr =	]
dhcp -> %SystemRoot%\System32\dhcp ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Created Date = 2/12/2008 2:56:10 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Created Date = 2/12/2008 3:33:43 PM | Attr =	]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Created Date = 2/12/2008 2:53:40 PM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Created Date = 2/13/2008 10:19:06 AM | Attr =	]
EqnClass.Dll -> %SystemRoot%\System32\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 2/12/2008 9:23:52 AM | Attr =	]
export -> %SystemRoot%\System32\export ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1436712 bytes | Created Date = 2/12/2008 9:22:39 AM | Attr =	]
gb2312.uce -> %SystemRoot%\System32\gb2312.uce ->  [Ver =  | Size = 24006 bytes | Created Date = 2/12/2008 2:52:28 PM | Attr =	]
hccutils.dll -> %SystemRoot%\System32\hccutils.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 73728 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 2/25/2008 1:20:20 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 77824 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
hsfci014.dll -> %SystemRoot%\System32\hsfci014.dll -> Conexant Systems, Inc. [Ver = 1.0.0.14 | Size = 42858 bytes | Created Date = 2/12/2008 5:03:57 PM | Attr =	]
hticons.dll -> %SystemRoot%\System32\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 2/12/2008 2:52:38 PM | Attr =	]
hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 2/12/2008 2:51:52 PM | Attr =	]
iAlmCoIn_v4693.dll -> %SystemRoot%\System32\iAlmCoIn_v4693.dll -> Intel Corporation [Ver = 1.00.1000.1 | Size = 61440 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmdd5.dll -> %SystemRoot%\System32\ialmdd5.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 956026 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmdev5.dll -> %SystemRoot%\System32\ialmdev5.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 238650 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmdnt5.dll -> %SystemRoot%\System32\ialmdnt5.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 121467 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmrem.dll -> %SystemRoot%\System32\ialmrem.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 49152 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmrnt5.dll -> %SystemRoot%\System32\ialmrnt5.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 45694 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuARA.dll -> %SystemRoot%\System32\ialmuARA.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuARB.dll -> %SystemRoot%\System32\ialmuARB.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuCHS.dll -> %SystemRoot%\System32\ialmuCHS.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuCHT.dll -> %SystemRoot%\System32\ialmuCHT.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuCSY.dll -> %SystemRoot%\System32\ialmuCSY.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuDAN.dll -> %SystemRoot%\System32\ialmuDAN.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuDEU.dll -> %SystemRoot%\System32\ialmuDEU.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmudlg.exe -> %SystemRoot%\System32\ialmudlg.exe -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 114688 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuELL.dll -> %SystemRoot%\System32\ialmuELL.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuENG.dll -> %SystemRoot%\System32\ialmuENG.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuESP.dll -> %SystemRoot%\System32\ialmuESP.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuFIN.dll -> %SystemRoot%\System32\ialmuFIN.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuFRA.dll -> %SystemRoot%\System32\ialmuFRA.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuFRC.dll -> %SystemRoot%\System32\ialmuFRC.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuHEB.dll -> %SystemRoot%\System32\ialmuHEB.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuHUN.dll -> %SystemRoot%\System32\ialmuHUN.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuITA.dll -> %SystemRoot%\System32\ialmuITA.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuJPN.dll -> %SystemRoot%\System32\ialmuJPN.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuKOR.dll -> %SystemRoot%\System32\ialmuKOR.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuNLD.dll -> %SystemRoot%\System32\ialmuNLD.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuNOR.dll -> %SystemRoot%\System32\ialmuNOR.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuPLK.dll -> %SystemRoot%\System32\ialmuPLK.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuPTB.dll -> %SystemRoot%\System32\ialmuPTB.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuPTG.dll -> %SystemRoot%\System32\ialmuPTG.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuRUS.dll -> %SystemRoot%\System32\ialmuRUS.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuSVE.dll -> %SystemRoot%\System32\ialmuSVE.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuTHA.dll -> %SystemRoot%\System32\ialmuTHA.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ialmuTRK.dll -> %SystemRoot%\System32\ialmuTRK.dll -> Intel(r) Corporation [Ver = 0, 0, 0, 0 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
ias -> %SystemRoot%\System32\ias ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
ideograf.uce -> %SystemRoot%\System32\ideograf.uce ->  [Ver =  | Size = 60458 bytes | Created Date = 2/12/2008 2:52:28 PM | Attr =	]
igfxcfg.exe -> %SystemRoot%\System32\igfxcfg.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 450560 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
igfxcpl.cpl -> %SystemRoot%\System32\igfxcpl.cpl -> Intel Corporation [Ver = 3.0.0.4693 | Size = 81920 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
igfxdev.dll -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 139264 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
igfxdo.dll -> %SystemRoot%\System32\igfxdo.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 86016 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
igfxexps.dll -> %SystemRoot%\System32\igfxexps.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 40960 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
igfxext.exe -> %SystemRoot%\System32\igfxext.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 94208 bytes | Created Date = 2/12/2008 4:48:38 PM | Attr =	]
igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 118784 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxpph.dll -> %SystemRoot%\System32\igfxpph.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 143360 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxrchs.lrc -> %SystemRoot%\System32\igfxrchs.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 81920 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxrcht.lrc -> %SystemRoot%\System32\igfxrcht.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 81920 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxrdeu.lrc -> %SystemRoot%\System32\igfxrdeu.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 155648 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxrenu.lrc -> %SystemRoot%\System32\igfxrenu.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 139264 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxres.dll -> %SystemRoot%\System32\igfxres.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 139264 bytes | Created Date = 2/12/2008 4:50:35 PM | Attr =	]
igfxresp.lrc -> %SystemRoot%\System32\igfxresp.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 151552 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxress.dll -> %SystemRoot%\System32\igfxress.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 1503232 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxrfra.lrc -> %SystemRoot%\System32\igfxrfra.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 151552 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxrita.lrc -> %SystemRoot%\System32\igfxrita.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 155648 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxrjpn.lrc -> %SystemRoot%\System32\igfxrjpn.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 98304 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxrkor.lrc -> %SystemRoot%\System32\igfxrkor.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 98304 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxrptb.lrc -> %SystemRoot%\System32\igfxrptb.lrc -> Intel Corporation [Ver = 3.0.0.4693 | Size = 143360 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxsrvc.dll -> %SystemRoot%\System32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 61440 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 163840 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxtray.exe -> %SystemRoot%\System32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 94208 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igfxzoom.exe -> %SystemRoot%\System32\igfxzoom.exe -> Intel Corporation [Ver = 3.0.0.4693 | Size = 114688 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igldev32.dll -> %SystemRoot%\System32\igldev32.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 524288 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
iglicd32.dll -> %SystemRoot%\System32\iglicd32.dll -> Intel Corporation [Ver = 6.14.10.4693 | Size = 2318336 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igxpxa32.cpa -> %SystemRoot%\System32\igxpxa32.cpa ->  [Ver =  | Size = 524850 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igxpxa32.vp -> %SystemRoot%\System32\igxpxa32.vp ->  [Ver =  | Size = 929 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igxpxk32.vp -> %SystemRoot%\System32\igxpxk32.vp ->  [Ver =  | Size = 58704 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
igxpxs32.vp -> %SystemRoot%\System32\igxpxs32.vp ->  [Ver =  | Size = 23296 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
IME -> %SystemRoot%\System32\IME ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
imon.dll -> %SystemRoot%\System32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Created Date = 3/10/2008 1:37:56 AM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 2/12/2008 2:54:44 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/21/2008 8:33:06 AM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 2/21/2008 8:33:06 AM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/21/2008 8:33:06 AM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 2/21/2008 8:33:06 AM | Attr =	]
kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce ->  [Ver =  | Size = 6948 bytes | Created Date = 2/12/2008 2:52:28 PM | Attr =	]
kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce ->  [Ver =  | Size = 8484 bytes | Created Date = 2/12/2008 2:52:28 PM | Attr =	]
korean.uce -> %SystemRoot%\System32\korean.uce ->  [Ver =  | Size = 12876 bytes | Created Date = 2/12/2008 2:52:28 PM | Attr =	]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Created Date = 2/13/2008 10:47:02 AM | Attr =	]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 2/12/2008 2:57:05 PM | Attr = RH ]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Created Date = 2/12/2008 2:55:11 PM | Attr =	]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 2/12/2008 5:03:57 PM | Attr =	]
Microsoft -> %SystemRoot%\System32\Microsoft ->  [Folder | Created Date = 2/12/2008 3:15:44 PM | Attr =   S]
mscomct2.dep -> %SystemRoot%\System32\mscomct2.dep ->  [Ver =  | Size = 2362 bytes | Created Date = 3/10/2008 7:09:18 AM | Attr =	]
MsDtc -> %SystemRoot%\System32\MsDtc ->  [Folder | Created Date = 2/12/2008 2:51:47 PM | Attr =	]
msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h ->  [Ver =  | Size = 768 bytes | Created Date = 2/12/2008 2:52:23 PM | Attr =	]
msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini ->  [Ver =  | Size = 1931 bytes | Created Date = 2/12/2008 2:52:23 PM | Attr =	]
mui -> %SystemRoot%\System32\mui ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 2:56:56 PM | Attr = RH ]
Netw2c32.dll -> %SystemRoot%\System32\Netw2c32.dll -> Intel Corporation [Ver = 9. 0. 4. 95 | Size = 557056 bytes | Created Date = 2/12/2008 5:12:13 PM | Attr =	]
Netw2r32.dll -> %SystemRoot%\System32\Netw2r32.dll -> Intel Corporation [Ver = 9. 0. 4. 95 | Size = 2732032 bytes | Created Date = 2/12/2008 5:12:13 PM | Attr =	]
npp -> %SystemRoot%\System32\npp ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Created Date = 2/12/2008 2:58:34 PM | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Created Date = 2/13/2008 7:40:58 PM | Attr =	]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 2:56:56 PM | Attr = RH ]
oemdspif.dll -> %SystemRoot%\System32\oemdspif.dll -> Intel Corporation [Ver = 3.0.0.4693 | Size = 57344 bytes | Created Date = 2/12/2008 4:48:39 PM | Attr =	]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 2/25/2008 1:20:17 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 526710 bytes | Created Date = 2/12/2008 9:24:18 AM | Attr =	]
preflib.dll -> %SystemRoot%\System32\preflib.dll ->  [Ver =  | Size = 86016 bytes | Created Date = 2/12/2008 3:30:29 PM | Attr =	]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Created Date = 2/12/2008 5:37:34 PM | Attr =	]
ras -> %SystemRoot%\System32\ras ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Created Date = 2/12/2008 2:54:45 PM | Attr =	]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 2:56:56 PM | Attr = RH ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
ShellExt -> %SystemRoot%\System32\ShellExt ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce ->  [Ver =  | Size = 16740 bytes | Created Date = 2/12/2008 2:52:28 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution ->  [Folder | Created Date = 2/12/2008 5:35:19 PM | Attr =	]
spool -> %SystemRoot%\System32\spool ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 2/12/2008 9:23:52 AM | Attr =	]
stac97.cpl -> %SystemRoot%\System32\stac97.cpl -> SigmaTel Inc. [Ver = 1, 0, 0, 12 | Size = 102481 bytes | Created Date = 2/12/2008 4:38:15 PM | Attr = R  ]
stac97co.dll -> %SystemRoot%\System32\stac97co.dll ->  [Ver = 1, 0, 0, 1 | Size = 192512 bytes | Created Date = 2/12/2008 4:38:15 PM | Attr =	]
subrange.uce -> %SystemRoot%\System32\subrange.uce ->  [Ver =  | Size = 93702 bytes | Created Date = 2/12/2008 2:52:29 PM | Attr =	]
tslabels.h -> %SystemRoot%\System32\tslabels.h ->  [Ver =  | Size = 3286 bytes | Created Date = 2/12/2008 2:52:24 PM | Attr =	]
tslabels.ini -> %SystemRoot%\System32\tslabels.ini ->  [Ver =  | Size = 13223 bytes | Created Date = 2/12/2008 2:52:24 PM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 2/25/2008 1:20:20 PM | Attr =	]
URTTemp -> %SystemRoot%\System32\URTTemp ->  [Folder | Created Date = 2/13/2008 10:38:06 AM | Attr =	]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd ->  [Ver =  | Size = 1161 bytes | Created Date = 2/12/2008 2:52:25 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 2/12/2008 2:57:05 PM | Attr = RH ]
wins -> %SystemRoot%\System32\wins ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
WLBCGCBPRO731.DLL -> %SystemRoot%\System32\WLBCGCBPRO731.DLL -> BCGSoft Ltd [Ver = 7, 31, 0, 0 | Size = 2129920 bytes | Created Date = 2/12/2008 3:30:28 PM | Attr =	]
WLTRAY.EXE -> %SystemRoot%\System32\WLTRAY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Created Date = 2/12/2008 3:30:28 PM | Attr =	]
wltrynt.dll -> %SystemRoot%\System32\wltrynt.dll -> Broadcom Corporation [Ver = 4.100.15.8 | Size = 44032 bytes | Created Date = 2/12/2008 3:30:29 PM | Attr =	]
WLTRYSVC.EXE -> %SystemRoot%\System32\WLTRYSVC.EXE ->  [Ver =  | Size = 20480 bytes | Created Date = 2/12/2008 3:30:28 PM | Attr =	]
wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc ->  [Ver =  | Size = 63488 bytes | Created Date = 2/12/2008 2:52:13 PM | Attr =	]
wpa.bak -> %SystemRoot%\System32\wpa.bak ->  [Ver =  | Size = 13646 bytes | Created Date = 2/12/2008 5:01:59 PM | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 2:56:56 PM | Attr = RH ]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Created Date = 2/12/2008 2:59:13 PM | Attr =	]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Created Date = 2/13/2008 10:52:12 AM | Attr =	]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 2/25/2008 1:21:19 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 2/12/2008 5:37:32 PM | Attr =  H ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Created Date = 2/12/2008 5:37:07 PM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 2/13/2008 10:17:23 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 2/13/2008 10:17:04 AM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Created Date = 2/13/2008 10:38:08 AM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 2/25/2008 1:22:05 PM | Attr =	]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp ->  [Ver =  | Size = 1272 bytes | Created Date = 2/12/2008 2:52:29 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Created Date = 2/12/2008 3:03:08 PM | Attr =   S]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp ->  [Ver =  | Size = 17062 bytes | Created Date = 2/12/2008 2:52:29 PM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 2:58:45 PM | Attr =	]
cttib1.dll -> %SystemRoot%\cttib1.dll -> Gemplus [Ver = 1, 0, 1, 8 | Size = 28672 bytes | Created Date = 2/13/2008 1:25:26 PM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
desktop.ini -> %SystemRoot%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 2/12/2008 2:55:33 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Created Date = 2/12/2008 2:57:06 PM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp ->  [Ver =  | Size = 16730 bytes | Created Date = 2/12/2008 2:52:29 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr = R S]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp ->  [Ver =  | Size = 17336 bytes | Created Date = 2/12/2008 2:52:29 PM | Attr =	]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp ->  [Ver =  | Size = 26582 bytes | Created Date = 2/12/2008 2:52:30 PM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 2/13/2008 10:17:44 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 2/13/2008 10:19:40 AM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 2/12/2008 9:24:21 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Created Date = 2/12/2008 9:24:18 AM | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Created Date = 2/13/2008 10:38:07 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1397 bytes | Created Date = 2/13/2008 12:27:27 PM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 2/13/2008 10:15:17 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 2/12/2008 5:02:16 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Created Date = 2/15/2008 2:00:49 AM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Created Date = 2/12/2008 9:24:17 AM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 2/12/2008 2:57:06 PM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp ->  [Ver =  | Size = 65954 bytes | Created Date = 2/12/2008 2:52:30 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 2/12/2008 3:15:45 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 2/12/2008 4:27:06 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 3/10/2008 3:41:16 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 3/10/2008 3:41:16 AM | Attr =  H ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Created Date = 2/13/2008 10:40:42 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Created Date = 2/12/2008 2:53:19 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 2/12/2008 3:04:00 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp ->  [Ver =  | Size = 17362 bytes | Created Date = 2/12/2008 2:52:30 PM | Attr =	]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp ->  [Ver =  | Size = 26680 bytes | Created Date = 2/12/2008 2:52:30 PM | Attr =	]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp ->  [Ver =  | Size = 65832 bytes | Created Date = 2/12/2008 2:52:30 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Created Date = 2/15/2008 1:58:32 AM | Attr =	]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp ->  [Ver =  | Size = 65978 bytes | Created Date = 2/12/2008 2:52:29 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 2/12/2008 3:15:46 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Created Date = 2/12/2008 2:55:12 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 2/25/2008 1:16:38 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Created Date = 2/12/2008 2:55:19 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
tiinst -> %SystemRoot%\tiinst ->  [Folder | Created Date = 2/13/2008 1:24:59 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Created Date = 2/12/2008 2:53:25 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Created Date = 2/12/2008 2:53:25 PM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 2/13/2008 10:19:07 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr = R  ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Created Date = 2/12/2008 2:56:56 PM | Attr = RH ]
winnt.bmp -> %SystemRoot%\winnt.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 2/12/2008 2:55:33 PM | Attr =  HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 2/12/2008 2:55:33 PM | Attr =  HS]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Created Date = 2/12/2008 9:12:20 AM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Created Date = 2/12/2008 2:58:32 PM | Attr =	]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp ->  [Ver =  | Size = 9522 bytes | Created Date = 2/12/2008 2:52:30 PM | Attr =	]
desktop.ini -> %SystemRoot%\tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Created Date = 2/12/2008 2:55:19 PM | Attr = RH ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Created Date = 2/12/2008 3:15:45 PM | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Created Date = 2/14/2008 2:47:42 PM | Attr =	]
Adobe Systems -> %AllUsersProfile%\Application Data\Adobe Systems ->  [Folder | Created Date = 3/10/2008 1:56:14 AM | Attr =	]
AOL -> %AllUsersProfile%\Application Data\AOL ->  [Folder | Created Date = 2/19/2008 3:29:07 AM | Attr =	]
AOL OCP -> %AllUsersProfile%\Application Data\AOL OCP ->  [Folder | Created Date = 2/19/2008 3:29:07 AM | Attr =	]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Created Date = 2/15/2008 4:33:02 PM | Attr =	]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Created Date = 2/15/2008 4:33:31 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =  HS]
FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet ->  [Folder | Created Date = 3/8/2008 6:10:26 AM | Attr =	]
Intel -> %AllUsersProfile%\Application Data\Intel ->  [Folder | Created Date = 2/12/2008 5:12:40 PM | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Created Date = 2/12/2008 9:23:14 AM | Attr =   S]
MSScanAppDataDir -> %AllUsersProfile%\Application Data\MSScanAppDataDir ->  [Folder | Created Date = 2/20/2008 7:42:04 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/12/2008 5:21:07 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/25/2008 4:57:28 AM | Attr =	]
Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint ->  [Folder | Created Date = 2/19/2008 3:29:23 AM | Attr =	]
Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage ->  [Folder | Created Date = 2/12/2008 5:42:48 PM | Attr =	]
Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! ->  [Folder | Created Date = 2/22/2008 4:27:52 PM | Attr =	]
Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion ->  [Folder | Created Date = 2/22/2008 4:46:39 PM | Attr =	]
acccore -> %AppData%\acccore ->  [Folder | Created Date = 2/19/2008 3:29:52 AM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Created Date = 2/13/2008 12:27:30 PM | Attr =	]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Created Date = 2/20/2008 7:40:35 PM | Attr =	]
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Created Date = 2/28/2008 1:42:10 AM | Attr =	]
Command Software -> %AppData%\Command Software ->  [Folder | Created Date = 2/12/2008 4:53:09 PM | Attr =	]
desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 2/12/2008 3:18:35 PM | Attr =  HS]
DNA -> %AppData%\DNA ->  [Folder | Created Date = 2/28/2008 1:41:51 AM | Attr =	]
dvdcss -> %AppData%\dvdcss ->  [Folder | Created Date = 3/1/2008 1:22:04 AM | Attr =	]
Identities -> %AppData%\Identities ->  [Folder | Created Date = 2/12/2008 3:18:46 PM | Attr =	]
Intel -> %AppData%\Intel ->  [Folder | Created Date = 2/12/2008 5:13:11 PM | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Created Date = 2/13/2008 12:27:30 PM | Attr =	]
MathWorks -> %AppData%\MathWorks ->  [Folder | Created Date = 3/10/2008 7:25:13 AM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Created Date = 2/12/2008 3:18:35 PM | Attr =   S]
Mozilla -> %AppData%\Mozilla ->  [Folder | Created Date = 2/12/2008 5:02:13 PM | Attr =	]
Opera -> %AppData%\Opera ->  [Folder | Created Date = 3/10/2008 5:45:32 AM | Attr =	]
Sun -> %AppData%\Sun ->  [Folder | Created Date = 2/25/2008 1:16:38 PM | Attr =	]
Thunderbird -> %AppData%\Thunderbird ->  [Folder | Created Date = 2/14/2008 2:36:39 PM | Attr =	]
vlc -> %AppData%\vlc ->  [Folder | Created Date = 2/14/2008 7:09:05 AM | Attr =	]
WinRAR -> %AppData%\WinRAR ->  [Folder | Created Date = 3/10/2008 4:09:04 AM | Attr =	]
Yahoo! -> %AppData%\Yahoo! ->  [Folder | Created Date = 2/22/2008 4:46:39 PM | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Created Date = 2/14/2008 2:48:16 PM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Created Date = 2/19/2008 3:29:37 AM | Attr =	]
AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Created Date = 2/19/2008 3:29:39 AM | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Created Date = 2/15/2008 4:33:09 PM | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Created Date = 2/15/2008 4:32:47 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Created Date = 2/13/2008 11:09:31 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 9728 bytes | Created Date = 2/21/2008 7:04:11 AM | Attr =	]
DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Created Date = 2/28/2008 1:41:53 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 22992 bytes | Created Date = 2/12/2008 3:19:49 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 5358550 bytes | Created Date = 2/12/2008 3:31:07 PM | Attr =  H ]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Created Date = 2/13/2008 7:14:14 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Created Date = 2/12/2008 3:18:35 PM | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Created Date = 2/12/2008 5:02:13 PM | Attr =	]
Thunderbird -> %UserProfile%\Local Settings\Application Data\Thunderbird ->  [Folder | Created Date = 2/14/2008 2:36:39 PM | Attr =	]
Adobe PDF -> %AllUsersProfile%\Documents\Adobe PDF ->  [Folder | Created Date = 3/10/2008 1:58:07 AM | Attr =	]
desktop.ini -> %AllUsersProfile%\Documents\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =  HS]
My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Created Date = 2/12/2008 2:53:09 PM | Attr = R  ]
My Pictures -> %AllUsersProfile%\Documents\My Pictures ->  [Folder | Created Date = 2/12/2008 2:54:14 PM | Attr = R  ]
My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Created Date = 2/12/2008 2:51:22 PM | Attr = R  ]
1chapter01.pdf -> %UserProfile%\My Documents\1chapter01.pdf ->  [Ver =  | Size = 27649 bytes | Created Date = 2/25/2008 3:19:13 PM | Attr =	]
2.9.pdf -> %UserProfile%\My Documents\2.9.pdf ->  [Ver =  | Size = 166623 bytes | Created Date = 2/25/2008 3:20:09 PM | Attr =	]
5pt3.jpg -> %UserProfile%\My Documents\5pt3.jpg ->  [Ver =  | Size = 69828 bytes | Created Date = 2/25/2008 3:25:00 PM | Attr =	]
BME 94 Spring 08 -> %UserProfile%\My Documents\BME 94 Spring 08 ->  [Folder | Created Date = 2/20/2008 9:36:32 PM | Attr =	]
desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 76 bytes | Created Date = 2/12/2008 3:18:39 PM | Attr =  HS]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Created Date = 2/28/2008 1:42:45 AM | Attr =	]
Final Resume.doc -> %UserProfile%\My Documents\Final Resume.doc ->  [Ver =  | Size = 40960 bytes | Created Date = 3/6/2008 1:25:36 PM | Attr =	]
fulltext.pdf -> %UserProfile%\My Documents\fulltext.pdf ->  [Ver =  | Size = 509122 bytes | Created Date = 2/21/2008 12:53:23 AM | Attr =	]
HW1 Soln.pdf -> %UserProfile%\My Documents\HW1 Soln.pdf ->  [Ver =  | Size = 375668 bytes | Created Date = 2/25/2008 3:29:05 PM | Attr =	]
HW1%20Soln.pdf -> %UserProfile%\My Documents\HW1%20Soln.pdf ->  [Ver =  | Size = 375668 bytes | Created Date = 2/25/2008 3:16:25 PM | Attr =	]
MATLAB -> %UserProfile%\My Documents\MATLAB ->  [Folder | Created Date = 3/10/2008 7:25:00 AM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Created Date = 2/12/2008 3:18:39 PM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Created Date = 2/12/2008 3:18:39 PM | Attr = R  ]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Created Date = 2/21/2008 7:05:06 AM | Attr = R  ]
p4p16sol.jpg -> %UserProfile%\My Documents\p4p16sol.jpg ->  [Ver =  | Size = 438633 bytes | Created Date = 2/25/2008 3:24:57 PM | Attr =	]
Prob1.6 soln.JPG -> %UserProfile%\My Documents\Prob1.6 soln.JPG ->  [Ver =  | Size = 181397 bytes | Created Date = 2/25/2008 3:19:35 PM | Attr =	]
Prob1.8 soln.JPG -> %UserProfile%\My Documents\Prob1.8 soln.JPG ->  [Ver =  | Size = 124267 bytes | Created Date = 2/25/2008 3:19:38 PM | Attr =	]
Prob2p17soln.jpg -> %UserProfile%\My Documents\Prob2p17soln.jpg ->  [Ver =  | Size = 140906 bytes | Created Date = 2/25/2008 3:22:58 PM | Attr =	]
prob4p2sol.jpg -> %UserProfile%\My Documents\prob4p2sol.jpg ->  [Ver =  | Size = 102608 bytes | Created Date = 2/25/2008 3:24:53 PM | Attr =	]
prob5p19.pdf -> %UserProfile%\My Documents\prob5p19.pdf ->  [Ver =  | Size = 7015 bytes | Created Date = 2/25/2008 3:25:16 PM | Attr =	]
prob5p19_Schematics.pdf -> %UserProfile%\My Documents\prob5p19_Schematics.pdf ->  [Ver =  | Size = 9903 bytes | Created Date = 2/25/2008 3:25:08 PM | Attr =	]
Research mouse -> %UserProfile%\My Documents\Research mouse ->  [Folder | Created Date = 3/8/2008 8:21:36 AM | Attr =	]
Resume.doc -> %UserProfile%\My Documents\Resume.doc ->  [Ver =  | Size = 40960 bytes | Created Date = 3/6/2008 1:25:29 PM | Attr =	]
Soccer Indoor League.xls -> %UserProfile%\My Documents\Soccer Indoor League.xls ->  [Ver =  | Size = 15872 bytes | Created Date = 2/28/2008 1:44:34 AM | Attr =	]
Sol2p9.pdf -> %UserProfile%\My Documents\Sol2p9.pdf ->  [Ver =  | Size = 16687 bytes | Created Date = 2/25/2008 3:21:45 PM | Attr =	]
Summer possibilities.doc -> %UserProfile%\My Documents\Summer possibilities.doc ->  [Ver =  | Size = 50688 bytes | Created Date = 3/3/2008 5:18:27 AM | Attr =	]
Test 1 BME 100.doc -> %UserProfile%\My Documents\Test 1 BME 100.doc ->  [Ver =  | Size = 5922304 bytes | Created Date = 2/25/2008 3:36:10 PM | Attr =	]
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db ->  [Ver =  | Size = 15360 bytes | Created Date = 3/10/2008 9:08:28 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
Updater -> %UserProfile%\My Documents\Updater ->  [Folder | Created Date = 3/10/2008 2:02:06 AM | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Created Date = 2/14/2008 2:47:51 PM | Attr =	]
AIM 6.lnk -> %AllUsersProfile%\Desktop\AIM 6.lnk ->  [Ver =  | Size = 1672 bytes | Created Date = 2/19/2008 3:29:20 AM | Attr =	]
MATLAB R2007b.lnk -> %AllUsersProfile%\Desktop\MATLAB R2007b.lnk ->  [Ver =  | Size = 847 bytes | Created Date = 3/10/2008 7:10:16 AM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 2/12/2008 5:01:28 PM | Attr =	]
Mozilla Thunderbird.lnk -> %AllUsersProfile%\Desktop\Mozilla Thunderbird.lnk ->  [Ver =  | Size = 1668 bytes | Created Date = 2/14/2008 2:36:29 PM | Attr =	]
PowerISO.lnk -> %AllUsersProfile%\Desktop\PowerISO.lnk ->  [Ver =  | Size = 682 bytes | Created Date = 3/8/2008 5:13:25 AM | Attr =	]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Created Date = 2/15/2008 4:33:54 PM | Attr =	]
VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk ->  [Ver =  | Size = 719 bytes | Created Date = 2/14/2008 6:49:16 AM | Attr =	]
Adobe CS3 -> %UserProfile%\Desktop\Adobe CS3 ->  [Folder | Created Date = 3/8/2008 5:28:07 AM | Attr =	]
Adobe Photoshop CS3 v10.0 Extended Incl Keygen -> %UserProfile%\Desktop\Adobe Photoshop CS3 v10.0 Extended Incl Keygen ->  [Folder | Created Date = 3/8/2008 4:36:29 AM | Attr =	]
Adobe Photoshop Pro CS2 v9.0 Full + Keygen -> %UserProfile%\Desktop\Adobe Photoshop Pro CS2 v9.0 Full + Keygen ->  [Folder | Created Date = 3/10/2008 1:35:58 AM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Created Date = 3/9/2008 6:16:30 PM | Attr =	]
BitTorrent-6.0.2.exe -> %UserProfile%\Desktop\BitTorrent-6.0.2.exe ->  [Ver =  | Size = 873688 bytes | Created Date = 2/28/2008 1:41:31 AM | Attr =	]
dmckeo01 -> %UserProfile%\Desktop\dmckeo01 ->  [Folder | Created Date = 2/13/2008 5:36:11 PM | Attr =	]
DVD Decrypter.lnk -> %UserProfile%\Desktop\DVD Decrypter.lnk ->  [Ver =  | Size = 1635 bytes | Created Date = 2/28/2008 9:58:33 PM | Attr =	]
Eset.NOD32.2.51.30 -> %UserProfile%\Desktop\Eset.NOD32.2.51.30 ->  [Folder | Created Date = 3/10/2008 1:35:51 AM | Attr =	]
giants.jpg -> %UserProfile%\Desktop\giants.jpg ->  [Ver =  | Size = 841859 bytes | Created Date = 2/29/2008 5:24:20 AM | Attr =	]
giants2.jpg -> %UserProfile%\Desktop\giants2.jpg ->  [Ver =  | Size = 144494 bytes | Created Date = 2/29/2008 5:25:32 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 2/25/2008 1:03:32 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 2/25/2008 1:03:13 PM | Attr =	]
install_flash_player.exe -> %UserProfile%\Desktop\install_flash_player.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1491592 bytes | Created Date = 3/4/2008 12:41:57 AM | Attr =	]
Matlab 2007b Full Release (no keygen).rar -> %UserProfile%\Desktop\Matlab 2007b Full Release (no keygen).rar ->  [Ver =  | Size = 1991989824 bytes | Created Date = 3/10/2008 4:13:05 AM | Attr =	]
Matlab keygen 2007b.rar -> %UserProfile%\Desktop\Matlab keygen 2007b.rar ->  [Ver =  | Size = 68225 bytes | Created Date = 3/10/2008 4:07:37 AM | Attr =	]
oh joy.jpg -> %UserProfile%\Desktop\oh joy.jpg ->  [Ver =  | Size = 83272 bytes | Created Date = 3/10/2008 2:36:22 AM | Attr =	]
PhotoShop.CS3.zip -> %UserProfile%\Desktop\PhotoShop.CS3.zip ->  [Ver =  | Size = 200422 bytes | Created Date = 3/8/2008 9:18:18 AM | Attr =	]
PowerISO39.exe -> %UserProfile%\Desktop\PowerISO39.exe ->  [Ver =  | Size = 1086613 bytes | Created Date = 3/8/2008 5:13:06 AM | Attr =	]
Preparation of your Significance & Background Section_1.pptx -> %UserProfile%\Desktop\Preparation of your Significance & Background Section_1.pptx ->  [Ver =  | Size = 82298 bytes | Created Date = 2/20/2008 7:32:48 PM | Attr =	]
sdsetup.exe -> %UserProfile%\Desktop\sdsetup.exe -> PC Tools													 [Ver = 5.5.0.204			| Size = 17678792 bytes | Created Date = 2/25/2008 12:35:35 PM | Attr =	]
season 4 -> %UserProfile%\Desktop\season 4 ->  [Folder | Created Date = 3/10/2008 3:11:41 PM | Attr =	]
SetupDVDDecrypter_3.5.4.0.exe -> %UserProfile%\Desktop\SetupDVDDecrypter_3.5.4.0.exe ->  [Ver =  | Size = 899414 bytes | Created Date = 2/28/2008 9:58:18 PM | Attr =	]
Significance.docx -> %UserProfile%\Desktop\Significance.docx ->  [Ver =  | Size = 13137 bytes | Created Date = 2/20/2008 7:34:22 PM | Attr =	]
Silverlight.exe -> %UserProfile%\Desktop\Silverlight.exe ->  [Ver = 1.13 | Size = 1454656 bytes | Created Date = 3/6/2008 10:52:13 AM | Attr =	]
slides.ppt -> %UserProfile%\Desktop\slides.ppt ->  [Ver =  | Size = 1391616 bytes | Created Date = 3/4/2008 6:46:52 AM | Attr =	]
SPECIFIC AIMS and SignificanceandBackground.docx -> %UserProfile%\Desktop\SPECIFIC AIMS and SignificanceandBackground.docx ->  [Ver =  | Size = 35225 bytes | Created Date = 2/20/2008 7:35:47 PM | Attr =	]
SpywareTerminatorSetup.exe -> %UserProfile%\Desktop\SpywareTerminatorSetup.exe -> Crawler Inc.												 [Ver = 2.1.1.314			| Size = 9824080 bytes | Created Date = 2/25/2008 12:48:54 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 2/26/2008 4:09:19 AM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Created Date = 2/26/2008 5:33:42 AM | Attr =	]
The Office Season 2 -> %UserProfile%\Desktop\The Office Season 2 ->  [Folder | Created Date = 3/10/2008 3:07:51 PM | Attr =	]
The Office Season 3 -> %UserProfile%\Desktop\The Office Season 3 ->  [Folder | Created Date = 3/10/2008 3:06:08 PM | Attr =	]
UFileDownloadTrial.EXE -> %UserProfile%\Desktop\UFileDownloadTrial.EXE -> VersalSoft [Ver = 2, 0, 0, 0 | Size = 766708 bytes | Created Date = 2/25/2008 4:55:39 AM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/8/2008 3:46:47 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481244 bytes | Created Date = 3/11/2008 4:44:22 AM | Attr =	]
wrar371.exe -> %UserProfile%\Desktop\wrar371.exe ->  [Ver =  | Size = 1206366 bytes | Created Date = 3/10/2008 4:08:24 AM | Attr =	]
~$ECIFIC AIMS and SignificanceandBackground.docx -> %UserProfile%\Desktop\~$ECIFIC AIMS and SignificanceandBackground.docx ->  [Ver =  | Size = 162 bytes | Created Date = 3/6/2008 11:39:29 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 2/12/2008 9:23:36 AM | Attr =  HS]
Adobe Gamma.lnk -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk ->  [Ver =  | Size = 988 bytes | Created Date = 3/10/2008 1:58:27 AM | Attr =	]
desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 2/12/2008 3:18:35 PM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Created Date = 2/14/2008 2:47:33 PM | Attr =	]
Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared ->  [Folder | Created Date = 3/10/2008 1:56:08 AM | Attr =	]
AOL -> %CommonProgramFiles%\AOL ->  [Folder | Created Date = 2/19/2008 3:28:38 AM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Created Date = 2/15/2008 1:59:09 AM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Created Date = 2/12/2008 3:29:08 PM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 2/21/2008 8:31:25 AM | Attr =	]
L&H -> %CommonProgramFiles%\L&H ->  [Folder | Created Date = 2/15/2008 1:59:32 AM | Attr =	]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared ->  [Folder | Created Date = 3/8/2008 5:39:21 AM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Created Date = 2/12/2008 9:24:11 AM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Created Date = 2/12/2008 2:55:18 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Created Date = 2/12/2008 9:24:17 AM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Created Date = 2/12/2008 2:55:24 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Created Date = 2/12/2008 9:24:12 AM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Created Date = 2/12/2008 2:54:21 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 2:58:45 PM | Attr =	]
av -> %SystemDrive%\av ->  [Folder | Modified Date = 2/12/2008 4:51:52 PM | Attr =  H ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 3/10/2008 1:27:25 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 2/12/2008 2:50:28 PM | Attr =  HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 2:58:45 PM | Attr =	]
dell -> %SystemDrive%\dell ->  [Folder | Modified Date = 2/12/2008 3:28:59 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 3/10/2008 1:24:08 AM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 2:58:45 PM | Attr = RHS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 526 bytes | Modified Date = 2/19/2008 3:29:38 AM | Attr =  H ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 2:58:45 PM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Modified Date = 2/15/2008 1:55:32 AM | Attr = RH ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/10/2008 6:40:14 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2/12/2008 5:05:31 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/12/2008 3:15:48 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/11/2008 4:48:26 AM | Attr =	]
AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.6.0.0 | Size = 21425 bytes | Modified Date = 2/12/2008 5:13:04 PM | Attr =	]
amon.sys -> %SystemRoot%\System32\drivers\amon.sys -> Eset  [Ver = 2, 51, 30  | Size = 502368 bytes | Modified Date = 3/10/2008 1:36:51 AM | Attr =	]
disdn -> %SystemRoot%\System32\drivers\disdn ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/12/2008 5:29:59 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 224776 bytes | Modified Date = 2/12/2008 5:29:59 PM | Attr = R  ]
hosts.20080212-162959.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080212-162959.backup ->  [Ver =  | Size = 224776 bytes | Modified Date = 2/12/2008 5:26:29 PM | Attr = R  ]
UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Modified Date = 2/13/2008 10:47:52 AM | Attr =	]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/13/2008 10:47:03 AM | Attr =  H ]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Modified Date = 2/12/2008 3:03:08 PM | Attr =	]
1025 -> %SystemRoot%\System32\1025 ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
1028 -> %SystemRoot%\System32\1028 ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
1031 -> %SystemRoot%\System32\1031 ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
1033 -> %SystemRoot%\System32\1033 ->  [Folder | Modified Date = 2/12/2008 9:14:03 AM | Attr =	]
1037 -> %SystemRoot%\System32\1037 ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
1041 -> %SystemRoot%\System32\1041 ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
1042 -> %SystemRoot%\System32\1042 ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
1054 -> %SystemRoot%\System32\1054 ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
2052 -> %SystemRoot%\System32\2052 ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
3076 -> %SystemRoot%\System32\3076 ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
3com_dmi -> %SystemRoot%\System32\3com_dmi ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 2/25/2008 1:38:06 PM | Attr =	]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 2/13/2008 10:49:14 AM | Attr =	]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Modified Date = 3/10/2008 1:45:45 AM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/13/2008 11:16:37 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/10/2008 1:35:25 AM | Attr =	]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 2:56:56 PM | Attr = RH ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 2/12/2008 6:01:52 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 3/10/2008 1:29:12 AM | Attr =	]
config.gms -> %SystemRoot%\System32\config.gms ->  [Ver =  | Size = 645120 bytes | Modified Date = 3/10/2008 7:09:00 AM | Attr =	]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 2/12/2008 2:58:45 PM | Attr =	]
dhcp -> %SystemRoot%\System32\dhcp ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 2/12/2008 2:56:10 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/20/2008 6:45:26 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/10/2008 1:45:39 AM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2/13/2008 1:25:32 PM | Attr =	]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Modified Date = 2/12/2008 2:53:40 PM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 2/13/2008 11:15:45 AM | Attr =	]
export -> %SystemRoot%\System32\export ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1436712 bytes | Modified Date = 3/11/2008 2:29:35 AM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/25/2008 1:20:20 PM | Attr =	]
ias -> %SystemRoot%\System32\ias ->  [Folder | Modified Date = 2/12/2008 2:58:00 PM | Attr =	]
icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Modified Date = 2/12/2008 9:15:23 AM | Attr =	]
IME -> %SystemRoot%\System32\IME ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
imon.dll -> %SystemRoot%\System32\imon.dll -> Eset  [Ver = 2, 51, 30  | Size = 274432 bytes | Modified Date = 3/10/2008 1:36:53 AM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 2/13/2008 10:47:02 AM | Attr =	]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 2/12/2008 2:57:05 PM | Attr = RH ]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 2/12/2008 2:55:11 PM | Attr =	]
Microsoft -> %SystemRoot%\System32\Microsoft ->  [Folder | Modified Date = 2/12/2008 3:15:44 PM | Attr =   S]
MsDtc -> %SystemRoot%\System32\MsDtc ->  [Folder | Modified Date = 2/12/2008 2:53:18 PM | Attr =	]
mui -> %SystemRoot%\System32\mui ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 2:56:56 PM | Attr = RH ]
npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 2/12/2008 9:19:49 AM | Attr =	]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 2/13/2008 10:49:14 AM | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 2/13/2008 7:40:58 PM | Attr =	]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 2:56:56 PM | Attr = RH ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 2/12/2008 2:55:56 PM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/25/2008 1:20:20 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 72554 bytes | Modified Date = 3/10/2008 1:32:33 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 445096 bytes | Modified Date = 3/10/2008 1:32:33 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 526710 bytes | Modified Date = 3/10/2008 1:32:33 AM | Attr =	]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Modified Date = 2/12/2008 5:37:34 PM | Attr =	]
ras -> %SystemRoot%\System32\ras ->  [Folder | Modified Date = 2/12/2008 9:15:41 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2/12/2008 3:15:48 PM | Attr =	]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 2:56:56 PM | Attr = RH ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 2/12/2008 9:21:40 AM | Attr =	]
ShellExt -> %SystemRoot%\System32\ShellExt ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution ->  [Folder | Modified Date = 2/12/2008 5:35:19 PM | Attr =	]
spool -> %SystemRoot%\System32\spool ->  [Folder | Modified Date = 2/13/2008 10:50:06 AM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/25/2008 1:20:21 PM | Attr =	]
URTTemp -> %SystemRoot%\System32\URTTemp ->  [Folder | Modified Date = 2/13/2008 10:38:20 AM | Attr =	]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 2/13/2008 11:00:04 AM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/10/2008 1:27:59 AM | Attr =	]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 2/12/2008 2:57:05 PM | Attr = RH ]
wins -> %SystemRoot%\System32\wins ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
wpa.bak -> %SystemRoot%\System32\wpa.bak ->  [Ver =  | Size = 13646 bytes | Modified Date = 2/12/2008 5:01:58 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 3/11/2008 2:29:11 AM | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 2:56:56 PM | Attr = RH ]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Modified Date = 2/12/2008 2:59:13 PM | Attr =	]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Modified Date = 2/13/2008 11:15:42 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 11:04:05 AM | Attr =  H ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 2/12/2008 5:37:08 PM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 2/13/2008 10:17:23 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 2/13/2008 10:17:04 AM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 2/13/2008 11:00:05 AM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 3/10/2008 7:09:09 AM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 2/25/2008 1:23:44 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/11/2008 4:48:12 AM | Attr =   S]
Config -> %SystemRoot%\Config ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 2:58:45 PM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 2/12/2008 2:52:47 PM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/13/2008 10:15:37 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/9/2008 11:58:01 PM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 2/12/2008 9:20:52 AM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 3/10/2008 1:27:20 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 3/10/2008 5:03:13 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 2/13/2008 10:18:46 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/13/2008 10:19:40 AM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 2/12/2008 2:59:13 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 11:07:27 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/25/2008 1:22:05 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/10/2008 6:37:49 AM | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 2/13/2008 10:18:59 AM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2/13/2008 11:34:12 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1397 bytes | Modified Date = 2/21/2008 8:33:25 AM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 2/13/2008 10:25:15 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 2/12/2008 9:20:52 AM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 2/13/2008 10:15:18 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2/12/2008 5:02:16 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 2/15/2008 2:00:49 AM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Modified Date = 2/12/2008 2:58:20 PM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 2/12/2008 2:57:06 PM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Modified Date = 2/12/2008 2:54:52 PM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 2/12/2008 9:20:21 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/11/2008 4:49:53 AM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2/12/2008 4:27:06 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 3/10/2008 3:41:16 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/10/2008 3:41:16 AM | Attr =  H ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 2/13/2008 10:41:10 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 3/10/2008 1:27:57 AM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 2/12/2008 3:04:00 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 2/12/2008 2:59:12 PM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 2/12/2008 9:12:20 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/13/2008 10:59:36 AM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 2/15/2008 1:59:24 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 2/12/2008 5:39:57 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 2/12/2008 2:56:32 PM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 2/25/2008 1:16:38 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/15/2008 1:55:42 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 231 bytes | Modified Date = 2/12/2008 9:24:10 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/10/2008 7:09:20 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/12/2008 3:15:45 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/11/2008 4:55:01 AM | Attr =	]
tiinst -> %SystemRoot%\tiinst ->  [Folder | Modified Date = 2/13/2008 1:25:00 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 2/12/2008 9:15:58 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Modified Date = 2/12/2008 2:53:25 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Modified Date = 2/12/2008 2:53:25 PM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 2/13/2008 10:19:07 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 2/12/2008 2:57:10 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 662 bytes | Modified Date = 3/10/2008 5:45:33 AM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2/12/2008 2:56:56 PM | Attr = RH ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 3/10/2008 6:37:48 AM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 2/13/2008 10:41:03 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/11/2008 4:48:16 AM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5460 bytes | Modified Date = 2/15/2008 8:40:30 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/15/2008 8:40:32 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11066 bytes | Modified Date = 2/15/2008 2:03:28 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Modified Date = 3/10/2008 1:55:10 AM | Attr =	]
Adobe Systems -> %AllUsersProfile%\Application Data\Adobe Systems ->  [Folder | Modified Date = 3/10/2008 1:56:14 AM | Attr =	]
AOL -> %AllUsersProfile%\Application Data\AOL ->  [Folder | Modified Date = 2/19/2008 3:29:07 AM | Attr =	]
AOL OCP -> %AllUsersProfile%\Application Data\AOL OCP ->  [Folder | Modified Date = 2/19/2008 3:30:01 AM | Attr =	]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Modified Date = 2/15/2008 4:33:02 PM | Attr =	]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Modified Date = 2/15/2008 4:33:31 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 2/12/2008 9:23:36 AM | Attr =  HS]
FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet ->  [Folder | Modified Date = 3/8/2008 6:10:26 AM | Attr =	]
Intel -> %AllUsersProfile%\Application Data\Intel ->  [Folder | Modified Date = 2/12/2008 5:12:40 PM | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 2/15/2008 2:00:56 AM | Attr =   S]
MSScanAppDataDir -> %AllUsersProfile%\Application Data\MSScanAppDataDir ->  [Folder | Modified Date = 2/20/2008 7:42:04 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 3/10/2008 1:49:35 AM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/26/2008 3:18:57 AM | Attr =	]
Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint ->  [Folder | Modified Date = 2/19/2008 3:29:23 AM | Attr =	]
Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 2/12/2008 5:42:48 PM | Attr =	]
Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! ->  [Folder | Modified Date = 2/22/2008 4:28:09 PM | Attr =	]
Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion ->  [Folder | Modified Date = 2/22/2008 4:46:39 PM | Attr =	]
acccore -> %AppData%\acccore ->  [Folder | Modified Date = 2/19/2008 3:29:53 AM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 3/10/2008 2:02:06 AM | Attr =	]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Modified Date = 2/20/2008 7:40:35 PM | Attr =	]
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Modified Date = 3/11/2008 1:11:07 AM | Attr =	]
Command Software -> %AppData%\Command Software ->  [Folder | Modified Date = 2/12/2008 4:53:09 PM | Attr =	]
desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 2/12/2008 9:23:36 AM | Attr =  HS]
DNA -> %AppData%\DNA ->  [Folder | Modified Date = 3/11/2008 4:47:12 AM | Attr =	]
dvdcss -> %AppData%\dvdcss ->  [Folder | Modified Date = 3/4/2008 11:46:30 PM | Attr =	]
Identities -> %AppData%\Identities ->  [Folder | Modified Date = 2/12/2008 3:18:46 PM | Attr =	]
Intel -> %AppData%\Intel ->  [Folder | Modified Date = 2/12/2008 5:13:11 PM | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Modified Date = 2/13/2008 12:27:30 PM | Attr =	]
MathWorks -> %AppData%\MathWorks ->  [Folder | Modified Date = 3/10/2008 7:25:13 AM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2/29/2008 5:24:36 AM | Attr =   S]
Mozilla -> %AppData%\Mozilla ->  [Folder | Modified Date = 2/14/2008 2:36:42 PM | Attr =	]
Opera -> %AppData%\Opera ->  [Folder | Modified Date = 3/10/2008 5:45:32 AM | Attr =	]
Sun -> %AppData%\Sun ->  [Folder | Modified Date = 2/25/2008 1:16:38 PM | Attr =	]
Thunderbird -> %AppData%\Thunderbird ->  [Folder | Modified Date = 2/14/2008 2:36:41 PM | Attr =	]
vlc -> %AppData%\vlc ->  [Folder | Modified Date = 2/14/2008 7:09:05 AM | Attr =	]
WinRAR -> %AppData%\WinRAR ->  [Folder | Modified Date = 3/10/2008 4:09:04 AM | Attr =	]
Yahoo! -> %AppData%\Yahoo! ->  [Folder | Modified Date = 2/22/2008 6:16:43 PM | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Modified Date = 3/10/2008 2:01:41 AM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Modified Date = 2/19/2008 3:29:37 AM | Attr =	]
AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Modified Date = 2/19/2008 3:29:39 AM | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Modified Date = 2/15/2008 4:33:09 PM | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Modified Date = 2/15/2008 4:32:47 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 2/13/2008 11:13:35 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 9728 bytes | Modified Date = 3/11/2008 2:31:11 AM | Attr =	]
DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Modified Date = 2/28/2008 1:41:53 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 22992 bytes | Modified Date = 3/10/2008 8:45:51 AM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 5358550 bytes | Modified Date = 3/11/2008 4:47:15 AM | Attr =  H ]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Modified Date = 2/13/2008 7:14:14 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 3/10/2008 2:12:40 AM | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Modified Date = 2/12/2008 5:02:13 PM | Attr =	]
Thunderbird -> %UserProfile%\Local Settings\Application Data\Thunderbird ->  [Folder | Modified Date = 2/14/2008 2:36:48 PM | Attr =	]
Adobe PDF -> %AllUsersProfile%\Documents\Adobe PDF ->  [Folder | Modified Date = 3/10/2008 1:58:20 AM | Attr =	]
desktop.ini -> %AllUsersProfile%\Documents\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 2/12/2008 9:23:36 AM | Attr =  HS]
My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Modified Date = 2/13/2008 10:48:11 AM | Attr = R  ]
My Pictures -> %AllUsersProfile%\Documents\My Pictures ->  [Folder | Modified Date = 2/12/2008 2:55:33 PM | Attr = R  ]
My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Modified Date = 2/12/2008 2:51:22 PM | Attr = R  ]
1chapter01.pdf -> %UserProfile%\My Documents\1chapter01.pdf ->  [Ver =  | Size = 27649 bytes | Modified Date = 2/25/2008 3:23:16 PM | Attr =	]
2.9.pdf -> %UserProfile%\My Documents\2.9.pdf ->  [Ver =  | Size = 166623 bytes | Modified Date = 2/25/2008 3:20:09 PM | Attr =	]
5pt3.jpg -> %UserProfile%\My Documents\5pt3.jpg ->  [Ver =  | Size = 69828 bytes | Modified Date = 2/25/2008 3:25:01 PM | Attr =	]
BME 94 Spring 08 -> %UserProfile%\My Documents\BME 94 Spring 08 ->  [Folder | Modified Date = 3/10/2008 9:08:28 AM | Attr =	]
desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 76 bytes | Modified Date = 2/13/2008 10:25:36 AM | Attr =  HS]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 2/28/2008 1:42:45 AM | Attr =	]
Final Resume.doc -> %UserProfile%\My Documents\Final Resume.doc ->  [Ver =  | Size = 40960 bytes | Modified Date = 3/6/2008 1:29:06 PM | Attr =	]
fulltext.pdf -> %UserProfile%\My Documents\fulltext.pdf ->  [Ver =  | Size = 509122 bytes | Modified Date = 2/21/2008 12:53:23 AM | Attr =	]
HW1 Soln.pdf -> %UserProfile%\My Documents\HW1 Soln.pdf ->  [Ver =  | Size = 375668 bytes | Modified Date = 2/25/2008 3:29:06 PM | Attr =	]
HW1%20Soln.pdf -> %UserProfile%\My Documents\HW1%20Soln.pdf ->  [Ver =  | Size = 375668 bytes | Modified Date = 2/25/2008 3:16:25 PM | Attr =	]
MATLAB -> %UserProfile%\My Documents\MATLAB ->  [Folder | Modified Date = 3/10/2008 7:34:48 AM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 2/22/2008 4:27:53 PM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/25/2008 3:48:14 PM | Attr = R  ]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 2/21/2008 7:05:06 AM | Attr = R  ]
p4p16sol.jpg -> %UserProfile%\My Documents\p4p16sol.jpg ->  [Ver =  | Size = 438633 bytes | Modified Date = 2/25/2008 3:24:58 PM | Attr =	]
Prob1.6 soln.JPG -> %UserProfile%\My Documents\Prob1.6 soln.JPG ->  [Ver =  | Size = 181397 bytes | Modified Date = 2/25/2008 3:19:35 PM | Attr =	]
Prob1.8 soln.JPG -> %UserProfile%\My Documents\Prob1.8 soln.JPG ->  [Ver =  | Size = 124267 bytes | Modified Date = 2/25/2008 3:19:39 PM | Attr =	]
Prob2p17soln.jpg -> %UserProfile%\My Documents\Prob2p17soln.jpg ->  [Ver =  | Size = 140906 bytes | Modified Date = 2/25/2008 3:22:58 PM | Attr =	]
prob4p2sol.jpg -> %UserProfile%\My Documents\prob4p2sol.jpg ->  [Ver =  | Size = 102608 bytes | Modified Date = 2/25/2008 3:24:54 PM | Attr =	]
prob5p19.pdf -> %UserProfile%\My Documents\prob5p19.pdf ->  [Ver =  | Size = 7015 bytes | Modified Date = 2/25/2008 3:25:16 PM | Attr =	]
prob5p19_Schematics.pdf -> %UserProfile%\My Documents\prob5p19_Schematics.pdf ->  [Ver =  | Size = 9903 bytes | Modified Date = 2/25/2008 3:25:09 PM | Attr =	]
Research mouse -> %UserProfile%\My Documents\Research mouse ->  [Folder | Modified Date = 3/11/2008 12:52:22 AM | Attr =	]
Resume.doc -> %UserProfile%\My Documents\Resume.doc ->  [Ver =  | Size = 40960 bytes | Modified Date = 3/6/2008 1:25:30 PM | Attr =	]
Soccer Indoor League.xls -> %UserProfile%\My Documents\Soccer Indoor League.xls ->  [Ver =  | Size = 15872 bytes | Modified Date = 3/6/2008 9:40:27 PM | Attr =	]
Sol2p9.pdf -> %UserProfile%\My Documents\Sol2p9.pdf ->  [Ver =  | Size = 16687 bytes | Modified Date = 2/25/2008 3:22:29 PM | Attr =	]
Summer possibilities.doc -> %UserProfile%\My Documents\Summer possibilities.doc ->  [Ver =  | Size = 50688 bytes | Modified Date = 3/3/2008 5:18:27 AM | Attr =	]
Test 1 BME 100.doc -> %UserProfile%\My Documents\Test 1 BME 100.doc ->  [Ver =  | Size = 5922304 bytes | Modified Date = 2/25/2008 3:37:56 PM | Attr =	]
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db ->  [Ver =  | Size = 15360 bytes | Modified Date = 3/10/2008 9:08:32 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
Updater -> %UserProfile%\My Documents\Updater ->  [Folder | Modified Date = 3/10/2008 2:02:06 AM | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2/14/2008 2:47:51 PM | Attr =	]
AIM 6.lnk -> %AllUsersProfile%\Desktop\AIM 6.lnk ->  [Ver =  | Size = 1672 bytes | Modified Date = 2/19/2008 3:29:20 AM | Attr =	]
MATLAB R2007b.lnk -> %AllUsersProfile%\Desktop\MATLAB R2007b.lnk ->  [Ver =  | Size = 847 bytes | Modified Date = 3/10/2008 7:10:16 AM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 2/13/2008 12:16:09 PM | Attr =	]
Mozilla Thunderbird.lnk -> %AllUsersProfile%\Desktop\Mozilla Thunderbird.lnk ->  [Ver =  | Size = 1668 bytes | Modified Date = 2/14/2008 2:36:29 PM | Attr =	]
PowerISO.lnk -> %AllUsersProfile%\Desktop\PowerISO.lnk ->  [Ver =  | Size = 682 bytes | Modified Date = 3/8/2008 5:13:25 AM | Attr =	]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Modified Date = 2/15/2008 4:33:54 PM | Attr =	]
VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk ->  [Ver =  | Size = 719 bytes | Modified Date = 2/14/2008 6:49:16 AM | Attr =	]
Adobe CS3 -> %UserProfile%\Desktop\Adobe CS3 ->  [Folder | Modified Date = 3/8/2008 5:28:07 AM | Attr =	]
Adobe Photoshop CS3 v10.0 Extended Incl Keygen -> %UserProfile%\Desktop\Adobe Photoshop CS3 v10.0 Extended Incl Keygen ->  [Folder | Modified Date = 3/8/2008 4:36:29 AM | Attr =	]
Adobe Photoshop Pro CS2 v9.0 Full + Keygen -> %UserProfile%\Desktop\Adobe Photoshop Pro CS2 v9.0 Full + Keygen ->  [Folder | Modified Date = 3/10/2008 1:36:23 AM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Modified Date = 3/9/2008 6:16:27 PM | Attr =	]
BitTorrent-6.0.2.exe -> %UserProfile%\Desktop\BitTorrent-6.0.2.exe ->  [Ver =  | Size = 873688 bytes | Modified Date = 2/28/2008 1:41:36 AM | Attr =	]
dmckeo01 -> %UserProfile%\Desktop\dmckeo01 ->  [Folder | Modified Date = 3/10/2008 12:57:50 AM | Attr =	]
DVD Decrypter.lnk -> %UserProfile%\Desktop\DVD Decrypter.lnk ->  [Ver =  | Size = 1635 bytes | Modified Date = 2/28/2008 9:58:33 PM | Attr =	]
Eset.NOD32.2.51.30 -> %UserProfile%\Desktop\Eset.NOD32.2.51.30 ->  [Folder | Modified Date = 3/10/2008 1:35:51 AM | Attr =	]
giants.jpg -> %UserProfile%\Desktop\giants.jpg ->  [Ver =  | Size = 841859 bytes | Modified Date = 2/29/2008 5:24:21 AM | Attr =	]
giants2.jpg -> %UserProfile%\Desktop\giants2.jpg ->  [Ver =  | Size = 144494 bytes | Modified Date = 2/29/2008 5:25:32 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/25/2008 1:03:32 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/25/2008 1:03:15 PM | Attr =	]
install_flash_player.exe -> %UserProfile%\Desktop\install_flash_player.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1491592 bytes | Modified Date = 3/4/2008 12:41:57 AM | Attr =	]
Matlab 2007b Full Release (no keygen).rar -> %UserProfile%\Desktop\Matlab 2007b Full Release (no keygen).rar ->  [Ver =  | Size = 1991989824 bytes | Modified Date = 3/10/2008 6:21:40 AM | Attr =	]
Matlab keygen 2007b.rar -> %UserProfile%\Desktop\Matlab keygen 2007b.rar ->  [Ver =  | Size = 68225 bytes | Modified Date = 3/10/2008 4:07:38 AM | Attr =	]
oh joy.jpg -> %UserProfile%\Desktop\oh joy.jpg ->  [Ver =  | Size = 83272 bytes | Modified Date = 3/10/2008 2:35:01 AM | Attr =	]
PhotoShop.CS3.zip -> %UserProfile%\Desktop\PhotoShop.CS3.zip ->  [Ver =  | Size = 200422 bytes | Modified Date = 3/8/2008 9:18:37 AM | Attr =	]
PowerISO39.exe -> %UserProfile%\Desktop\PowerISO39.exe ->  [Ver =  | Size = 1086613 bytes | Modified Date = 3/8/2008 5:13:10 AM | Attr =	]
Preparation of your Significance & Background Section_1.pptx -> %UserProfile%\Desktop\Preparation of your Significance & Background Section_1.pptx ->  [Ver =  | Size = 82298 bytes | Modified Date = 2/20/2008 7:32:48 PM | Attr =	]
sdsetup.exe -> %UserProfile%\Desktop\sdsetup.exe -> PC Tools													 [Ver = 5.5.0.204			| Size = 17678792 bytes | Modified Date = 2/25/2008 12:36:30 PM | Attr =	]
season 4 -> %UserProfile%\Desktop\season 4 ->  [Folder | Modified Date = 3/10/2008 3:21:56 PM | Attr =	]
SetupDVDDecrypter_3.5.4.0.exe -> %UserProfile%\Desktop\SetupDVDDecrypter_3.5.4.0.exe ->  [Ver =  | Size = 899414 bytes | Modified Date = 2/28/2008 9:54:16 PM | Attr =	]
Significance.docx -> %UserProfile%\Desktop\Significance.docx ->  [Ver =  | Size = 13137 bytes | Modified Date = 2/20/2008 7:34:03 PM | Attr =	]
Silverlight.exe -> %UserProfile%\Desktop\Silverlight.exe ->  [Ver = 1.13 | Size = 1454656 bytes | Modified Date = 3/6/2008 10:52:14 AM | Attr =	]
slides.ppt -> %UserProfile%\Desktop\slides.ppt ->  [Ver =  | Size = 1391616 bytes | Modified Date = 3/4/2008 6:46:53 AM | Attr =	]
SPECIFIC AIMS and SignificanceandBackground.docx -> %UserProfile%\Desktop\SPECIFIC AIMS and SignificanceandBackground.docx ->  [Ver =  | Size = 35225 bytes | Modified Date = 2/20/2008 7:35:47 PM | Attr =	]
SpywareTerminatorSetup.exe -> %UserProfile%\Desktop\SpywareTerminatorSetup.exe -> Crawler Inc.												 [Ver = 2.1.1.314			| Size = 9824080 bytes | Modified Date = 2/25/2008 12:49:43 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/26/2008 4:09:39 AM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/26/2008 5:33:42 AM | Attr =	]
The Office Season 2 -> %UserProfile%\Desktop\The Office Season 2 ->  [Folder | Modified Date = 3/10/2008 3:07:51 PM | Attr =	]
The Office Season 3 -> %UserProfile%\Desktop\The Office Season 3 ->  [Folder | Modified Date = 3/10/2008 3:06:08 PM | Attr =	]
UFileDownloadTrial.EXE -> %UserProfile%\Desktop\UFileDownloadTrial.EXE -> VersalSoft [Ver = 2, 0, 0, 0 | Size = 766708 bytes | Modified Date = 2/25/2008 4:55:40 AM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/10/2008 1:27:27 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481244 bytes | Modified Date = 3/11/2008 4:44:15 AM | Attr =	]
wrar371.exe -> %UserProfile%\Desktop\wrar371.exe ->  [Ver =  | Size = 1206366 bytes | Modified Date = 3/10/2008 4:08:34 AM | Attr =	]
~$ECIFIC AIMS and SignificanceandBackground.docx -> %UserProfile%\Desktop\~$ECIFIC AIMS and SignificanceandBackground.docx ->  [Ver =  | Size = 162 bytes | Modified Date = 3/6/2008 11:39:29 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 2/12/2008 2:58:53 PM | Attr =  HS]
Adobe Gamma.lnk -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk ->  [Ver =  | Size = 988 bytes | Modified Date = 3/10/2008 1:58:27 AM | Attr =	]
desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 2/12/2008 2:58:53 PM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 3/10/2008 1:58:07 AM | Attr =	]
Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared ->  [Folder | Modified Date = 3/10/2008 1:56:08 AM | Attr =	]
AOL -> %CommonProgramFiles%\AOL ->  [Folder | Modified Date = 2/19/2008 3:28:38 AM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Modified Date = 2/15/2008 1:59:09 AM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 2/12/2008 4:38:01 PM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 2/21/2008 8:31:25 AM | Attr =	]
L&H -> %CommonProgramFiles%\L&H ->  [Folder | Modified Date = 2/15/2008 1:59:32 AM | Attr =	]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared ->  [Folder | Modified Date = 3/8/2008 5:39:21 AM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 3/10/2008 6:37:48 AM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Modified Date = 2/12/2008 2:55:18 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Modified Date = 2/12/2008 9:24:17 AM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Modified Date = 2/12/2008 2:55:24 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Modified Date = 2/12/2008 9:24:12 AM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 2/15/2008 1:58:38 AM | Attr =	]

< End of report >


#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:10 PM

Posted 11 March 2008 - 10:37 AM

Hi keep22goal. Everything looks fine in the logs. Run the system for a couple of days and then get back with me so we can do some final cleanup.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 keep22goal

keep22goal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 23 March 2008 - 01:40 PM

Everything seems to be running fine. Anything I should do?

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:10 PM

Posted 23 March 2008 - 11:42 PM

Hi keep22goal. That's good news. Let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTScanIt
    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users