Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cash.core.dsk & Rootkit.tncore/trace


  • This topic is locked This topic is locked
2 replies to this topic

#1 MichaelBu

MichaelBu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 15 March 2008 - 08:32 AM

Hello, i think that it is these 2 files Cash.Core.dsk & Rootkit.Tncore/trace that is making me get popups all the time while i surf the net. I cant seem to remove them anyone that know how i can remove these? Dont know if its connected but lately my computer is very slow.

Ive run ATF-Cleaner, after that i run Winpfind35u to get a logfile (hopefully someone can see what i have)

Thanks in advance!


WinPFind35 logfile created on: 2008-03-15 14:25:36
WinPFind35U Version 1.0.5.0	 Folder = C:\Documents and Settings\Micke\Skrivbord\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
 
1,25 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 49,44% Memory free
2,98 Gb Paging File | 2,43 Gb Available in Paging File | 81,49% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 38,28 Gb Total Space | 5,44 Gb Free Space | 14,21% Space Free | Partition Type: NTFS
Drive D: | 111,75 Gb Total Space | 8,72 Gb Free Space | 7,80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 198,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RED
Current User Name: Micke
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 2007-11-14 16:05:06 | Attr =	]
scanningprocess.exe -> %SystemRoot%\system32\ZoneLabs\avsys\ScanningProcess.exe ->  [Ver =  | Size = 135168 bytes | Modified Date = 2007-09-11 21:09:16 | Attr =	]
scanningprocess.exe -> %SystemRoot%\system32\ZoneLabs\avsys\ScanningProcess.exe ->  [Ver =  | Size = 135168 bytes | Modified Date = 2007-09-11 21:09:16 | Attr =	]
atkkbservice.exe -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 1, 0 | Size = 241664 bytes | Modified Date = 2006-09-04 12:49:52 | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6909 | Size = 155716 bytes | Modified Date = 2007-11-12 06:51:00 | Attr =	]
pnkbstrb.exe -> %SystemRoot%\system32\PnkBstrB.exe ->  [Ver =  | Size = 103736 bytes | Modified Date = 2007-12-02 23:26:05 | Attr =	]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe ->  [Ver = 1.1.0808   | Size = 167936 bytes | Modified Date = 2005-08-08 13:54:00 | Attr =	]
razerhid.exe -> %ProgramFiles%\Razer\razerhid.exe ->  [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 2005-05-17 18:21:12 | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 2006-09-01 15:57:48 | Attr =	]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 2007-11-14 16:05:06 | Attr =	]
nslauncher.exe -> %ProgramFiles%\Nokia\Nokia Software Launcher\NSLauncher.exe ->  [Ver = 1.6.80.0 | Size = 3100672 bytes | Modified Date = 2007-09-07 14:44:30 | Attr =	]
daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 2006-11-12 11:48:46 | Attr =	]
razerofa.exe -> %ProgramFiles%\Razer\razerofa.exe -> Razer Inc. [Ver = 4.0.0.4 | Size = 143360 bytes | Modified Date = 2005-01-18 01:06:12 | Attr =	]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1126 | Size = 1470464 bytes | Modified Date = 2008-03-09 18:16:21 | Attr =	]
personal.exe -> %ProgramFiles%\Personal\bin\Personal.exe -> Technology Nexus AB [Ver = 4,5,2,2 | Size = 722728 bytes | Modified Date = 2007-12-20 17:20:07 | Attr =	]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 5 | Size = 212480 bytes | Modified Date = 2007-02-08 16:13:46 | Attr =	]
utorrent.exe -> D:\Program\utorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 2008-02-06 23:31:16 | Attr =	]
mantispm.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe ->   [Ver = 5, 0, 6, 8903 | Size = 804376 bytes | Modified Date = 2007-05-11 07:50:24 | Attr =	]
winpfind35u.exe -> %UserProfile%\Skrivbord\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.5.0 | Size = 310272 bytes | Modified Date = 2008-03-10 02:34:14 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2007-12-16 12:22:39 | Attr =	]
(ATKKeyboardService) ATK Keyboard Service [Win32_Own | Auto | Running] -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 1, 0 | Size = 241664 bytes | Modified Date = 2006-09-04 12:49:52 | Attr =	]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 774144 bytes | Modified Date = 2007-01-15 17:14:38 | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 2007-01-15 16:01:56 | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6909 | Size = 155716 bytes | Modified Date = 2007-11-12 06:51:00 | Attr =	]
(PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrB.exe ->  [Ver =  | Size = 103736 bytes | Modified Date = 2007-12-02 23:26:05 | Attr =	]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe ->  [Ver = 1.1.0808   | Size = 167936 bytes | Modified Date = 2005-08-08 13:54:00 | Attr =	]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 5 | Size = 212480 bytes | Modified Date = 2007-02-08 16:13:46 | Attr =	]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 2007-11-14 16:05:06 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> Sensaura [Ver = 5.10.00.3513 | Size = 400384 bytes | Modified Date = 2004-02-24 04:08:52 | Attr =	]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6240 built by: WinDDK | Size = 4030144 bytes | Modified Date = 2007-04-25 15:20:48 | Attr =	]
(alcxwdmm) alcxwdmm [Kernel | System | Running] -> %SystemRoot%\system32\drivers\alcxwdmm.sys ->  [Ver =  | Size = 86144 bytes | Modified Date = 2008-02-13 18:17:01 | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(ASPI32) ASPI32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) | Size = 16877 bytes | Modified Date = 2002-07-17 01:53:02 | Attr =	]
(asuskbnt) Enhanced Display Driver Helper Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\atkkbnt.sys -> ASUSTeK COMPUTER INC. [Ver = 1.0.0.1 | Size = 11008 bytes | Modified Date = 2005-10-18 14:01:00 | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(atksgt) atksgt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\atksgt.sys ->  [Ver =  | Size = 271360 bytes | Modified Date = 2007-12-08 14:52:54 | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2001-09-28 13:00:00 | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(EagleNT) EagleNT [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\EagleNT.sys -> File not found
(EIO) EIO [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\EIO.sys -> ASUSTeK Computer Inc. [Ver = 1.93 | Size = 12288 bytes | Modified Date = 2006-06-14 06:56:00 | Attr = R  ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(KLIF) KLIF [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 2007-07-19 15:10:28 | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(lirsgt) lirsgt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\lirsgt.sys ->  [Ver =  | Size = 18048 bytes | Modified Date = 2007-12-08 14:52:53 | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Modified Date = 2007-02-22 11:15:56 | Attr =	]
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Modified Date = 2007-02-22 11:15:14 | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6909 | Size = 7433504 bytes | Modified Date = 2007-11-12 06:51:00 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2001-09-28 13:00:00 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.40a | Size = 36528 bytes | Modified Date = 2006-07-24 03:00:00 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(Razerlow) Razerlow USB Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Razerlow.sys -> Razer (Asia-Pacific) Pte Ltd [Ver = 1.0.0.3.0.0 built by: WinDDK | Size = 13225 bytes | Modified Date = 2005-04-24 22:43:58 | Attr =	]
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtlnic51.sys -> Realtek Semiconductor Corporation							[Ver = 5.611.1231.2003 built by: WinDDK | Size = 69504 bytes | Modified Date = 2003-12-31 04:58:46 | Attr = R  ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 2004-08-04 06:31:32 | Attr =	]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 8944 bytes | Modified Date = 2008-02-01 13:48:38 | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2006-02-16 16:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1050 | Size = 51440 bytes | Modified Date = 2008-02-01 13:48:38 | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 11:25:56 | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 646392 bytes | Modified Date = 2007-01-27 21:28:04 | Attr =	]
(srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 189, 0 | Size = 51176 bytes | Modified Date = 2008-03-08 15:08:49 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Modified Date = 2007-11-14 16:05:16 | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(XTrapD12) XTrapD12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\XTrapD12.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
NSLauncher -> %ProgramFiles%\Nokia\Nokia Software Launcher\NSLauncher.exe ->  [Ver = 1.6.80.0 | Size = 3100672 bytes | Modified Date = 2007-09-07 14:44:30 | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6909 | Size = 8523776 bytes | Modified Date = 2007-11-12 06:51:00 | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6909 | Size = 81920 bytes | Modified Date = 2007-11-12 06:51:00 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 2006-09-01 15:57:48 | Attr =	]
razer -> %ProgramFiles%\Razer\razerhid.exe ->  [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 2005-05-17 18:21:12 | Attr =	]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 2007-11-14 16:05:06 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ASUS SmartDoctor -> %ProgramFiles% Files\ASUS\SmartDoctor\SmartDoctor.exe -> ASUSTeK Inc. [Ver = 4, 9, 0, 0 | Size = 1085440 bytes | Modified Date = 2006-09-08 16:10:36 | Attr =	]
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 2006-11-12 11:48:46 | Attr =	]
NVIDIA nTune -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneCmd.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1126 | Size = 1470464 bytes | Modified Date = 2008-03-09 18:16:21 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start-meny\Program\Autostart -> 
%AllUsersProfile%\Start-meny\Program\Autostart\Personal.lnk -> %ProgramFiles%\Personal\bin\Personal.exe -> Technology Nexus AB [Ver = 4,5,2,2 | Size = 722728 bytes | Modified Date = 2007-12-20 17:20:07 | Attr =	]
< Micke Startup Folder > -> C:\Documents and Settings\Micke\Start-meny\Program\Autostart -> 
%UserProfile%\Start-meny\Program\Autostart\µTorrent.lnk -> D:\Program\utorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 2008-02-06 23:31:16 | Attr =	]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 12:55:48 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2007-04-19 12:41:36 | Attr =	]
AtiExtEvent ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (710 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.aftonbladet.se/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr =	]
{7A9BC6B1-7F27-47c6-A66D-13582E81E537} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\CleanMyPC Popup Blocker\CleanBHO.dll [CleanMyPCPopupBlocker Class] -> CleanMyPC Software [Ver = 2, 1, 0, 0 | Size = 65536 bytes | Modified Date = 2004-12-10 09:48:58 | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{04164EC4-1E48-4279-818E-3721931E7636} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\CleanMyPC Popup Blocker\CleanBar.dll [CleanMyPC Toolbar] -> CleanMyPC Software [Ver = 2, 1, 0, 0 | Size = 167936 bytes | Modified Date = 2004-12-10 09:48:51 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java-konsol] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java-konsol] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java-konsol] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr =	]
CmdMapping\\{49783ED4-258D-4f9f-BE11-137C18D3E543} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{BAABB0D5-7D61-46D7-9D43-77EB1CE123A4} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> 
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}[HKEY_LOCAL_MACHINE] -> http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[System Requirements Lab Class] -> 
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}[HKEY_LOCAL_MACHINE] -> http://www.acclaim.com/cabs/acclaim_v4.cab[GameLauncher Control] -> 
{6E5E167B-1566-4316-B27F-0DDAB3484CF7}[HKEY_LOCAL_MACHINE] -> http://korthuset.seavus.com/ImageUploader4.cab[Image Uploader Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}[HKEY_LOCAL_MACHINE] -> http://webcam.universeum.se/activex/AxisCamControl.ocx[CamImage Class] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 09:33:46 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 18:51:07 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 09:33:46 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 15:22:55 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-24 05:39:58 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 664 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 183808 bytes | Modified Date = 2004-08-04 09:33:54 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 09:33:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2001-09-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 09:34:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Erbjuder översättningar av nätverksadresser, adressering, namnmatchningstjänster och/eller intrångsskyddtjänster för ett hemnätverk eller mindre kontorsnätverk. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 33475 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 330752 bytes | Modified Date = 2004-08-04 09:33:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> 
-> Reg Error: Key does not exist or could not be opened. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{BAABB0D5-7D61-46D7-9D43-77EB1CE123A4} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 09:34:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatiska uppdateringar -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Aktiverar hämtning och installation av viktiga Windows-uppdateringar. Om denna tjänst inaktiveras kan operativsystemet uppdateras manuellt från hemsidan Microsoft Windows Update. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 09:34:06 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Gör att fjärranvändare kan ändra registerinställningar på den här datorn. Om den här tjänsten stoppas kan registret endast ändras av lokala användare på den här datorn. Om tjänsten inaktiveras kommer ingen tjänst som är uttryckligen beroende av den här att kunna starta. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 05:42:49 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 09:34:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-04 09:33:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2004-08-04 09:34:47 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 05:42:49 | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Gör att fjärranvändare kan logga in på den här datorn och köra program, och stöder flera olika TCP/IP Telnet-klienter såsom UNIX-baserade och Windows-baserade datorer. Om den här tjänsten stoppas kommer tillgång till program kanske inte att ges för fjärranvändare. Om tjänsten inaktiveras kommer ingen tjänst som är uttryckligen beroende av denna att kunna starta. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
rollback.ini -> %SystemDrive%\rollback.ini ->  [Ver =  | Size = 805 bytes | Created Date = 2008-03-08 15:08:21 | Attr =	]
apphelp.sdb -> %SystemRoot%\System32\dllcache\apphelp.sdb ->  [Ver =  | Size = 217118 bytes | Created Date = 2008-03-15 11:57:42 | Attr =	]
apph_sp.sdb -> %SystemRoot%\System32\dllcache\apph_sp.sdb ->  [Ver =  | Size = 764868 bytes | Created Date = 2008-03-15 11:57:42 | Attr =	]
sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb ->  [Ver =  | Size = 1197294 bytes | Created Date = 2008-03-15 11:57:42 | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 3188000 bytes | Created Date = 2008-03-08 14:57:51 | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 44120 bytes | Created Date = 2008-03-08 14:57:51 | Attr =  HS]
klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 2008-03-08 14:53:42 | Attr =	]
nmwcd.sys -> %SystemRoot%\System32\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Created Date = 2008-03-11 19:49:30 | Attr =	]
nmwcdc.sys -> %SystemRoot%\System32\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Created Date = 2008-03-11 19:49:31 | Attr =	]
UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Created Date = 2008-03-15 11:52:30 | Attr =	]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 2008-03-15 11:52:34 | Attr =  H ]
BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Created Date = 2008-03-08 15:30:59 | Attr =	]
en-us -> %SystemRoot%\System32\en-us ->  [Folder | Created Date = 2008-03-15 12:07:20 | Attr =	]
7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
libeay32_0.9.6l.dll -> %SystemRoot%\System32\libeay32_0.9.6l.dll ->  [Ver =  | Size = 796048 bytes | Created Date = 2008-03-08 14:53:37 | Attr =	]
nmwcdcls.dll -> %SystemRoot%\System32\nmwcdcls.dll -> Nokia [Ver = 6.83.6.0 | Size = 90624 bytes | Created Date = 2008-03-11 17:10:14 | Attr =	]
nmwcdcocls.dll -> %SystemRoot%\System32\nmwcdcocls.dll -> Nokia [Ver = 6.83.6.0 | Size = 65536 bytes | Created Date = 2008-03-11 19:49:30 | Attr =	]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 355091 bytes | Created Date = 2008-03-08 14:53:29 | Attr =	]
vsdata.dll -> %SystemRoot%\System32\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Created Date = 2008-03-08 14:50:51 | Attr =	]
vsdatant.sys -> %SystemRoot%\System32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Created Date = 2008-03-08 14:53:29 | Attr =	]
vsinit.dll -> %SystemRoot%\System32\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 157160 bytes | Created Date = 2008-03-08 14:50:51 | Attr =	]
vsmonapi.dll -> %SystemRoot%\System32\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 103912 bytes | Created Date = 2008-03-08 14:53:30 | Attr =	]
vspubapi.dll -> %SystemRoot%\System32\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 275944 bytes | Created Date = 2008-03-08 14:53:30 | Attr =	]
vsregexp.dll -> %SystemRoot%\System32\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 2008-03-08 14:53:37 | Attr =	]
vsutil.dll -> %SystemRoot%\System32\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 472552 bytes | Created Date = 2008-03-08 14:50:51 | Attr =	]
vswmi.dll -> %SystemRoot%\System32\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 46568 bytes | Created Date = 2008-03-08 14:53:31 | Attr =	]
vsxml.dll -> %SystemRoot%\System32\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 99816 bytes | Created Date = 2008-03-08 14:53:30 | Attr =	]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Created Date = 2008-03-15 12:07:23 | Attr =	]
zlcomm.dll -> %SystemRoot%\System32\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Created Date = 2008-03-08 14:53:36 | Attr =	]
zlcommdb.dll -> %SystemRoot%\System32\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 2008-03-08 14:53:36 | Attr =	]
ZoneLabs -> %SystemRoot%\System32\ZoneLabs ->  [Folder | Created Date = 2008-03-08 14:53:30 | Attr =	]
zpeng24.dll -> %SystemRoot%\System32\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 2008-03-08 14:53:30 | Attr =	]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Created Date = 2008-03-11 17:11:52 | Attr =	]
11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Created Date = 2008-03-15 11:29:34 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 2008-03-14 12:28:50 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 2008-03-14 12:28:50 | Attr =  H ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75248 bytes | Created Date = 2008-03-08 14:53:51 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier ->  [Folder | Created Date = 2008-03-08 14:54:04 | Attr =	]
Nokia -> %AllUsersProfile%\Application Data\Nokia ->  [Folder | Created Date = 2008-03-11 19:32:37 | Attr =	]
PC Suite -> %AllUsersProfile%\Application Data\PC Suite ->  [Folder | Created Date = 2008-03-11 17:12:36 | Attr =	]
sentinel -> %AllUsersProfile%\Application Data\sentinel ->  [Folder | Created Date = 2008-03-08 10:58:50 | Attr =	]
MailFrontier -> %AppData%\MailFrontier ->  [Folder | Created Date = 2008-03-08 15:00:17 | Attr =	]
Nokia -> %AppData%\Nokia ->  [Folder | Created Date = 2008-03-11 17:12:18 | Attr =	]
Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player ->  [Folder | Created Date = 2008-03-11 19:44:44 | Attr =	]
PC Suite -> %AppData%\PC Suite ->  [Folder | Created Date = 2008-03-11 17:10:53 | Attr =	]
IconCache.db -> %UserProfile%\Lokala inställningar\Application Data\IconCache.db ->  [Ver =  | Size = 4286270 bytes | Created Date = 2008-02-24 12:40:04 | Attr =  H ]
NokiaLifeblogData -> %UserProfile%\Mina dokument\NokiaLifeblogData ->  [Folder | Created Date = 2008-03-11 19:27:10 | Attr =	]
Nokia Lifeblog 2.5.lnk -> %AllUsersProfile%\Skrivbord\Nokia Lifeblog 2.5.lnk ->  [Ver =  | Size = 1733 bytes | Created Date = 2008-03-11 17:13:09 | Attr =	]
Nokia Nseries PC Suite.lnk -> %AllUsersProfile%\Skrivbord\Nokia Nseries PC Suite.lnk ->  [Ver =  | Size = 915 bytes | Created Date = 2008-03-11 17:12:11 | Attr =	]
Nokia Software Updater.lnk -> %AllUsersProfile%\Skrivbord\Nokia Software Updater.lnk ->  [Ver =  | Size = 1857 bytes | Created Date = 2008-03-11 19:50:57 | Attr =	]
SUPERAntiSpyware Professional.lnk -> %AllUsersProfile%\Skrivbord\SUPERAntiSpyware Professional.lnk ->  [Ver =  | Size = 1712 bytes | Created Date = 2008-03-09 18:15:01 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Skrivbord\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2008-03-15 13:46:02 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Skrivbord\ATF-Cleaner.exe:Zone.Identifier
Genväg till ra2.lnk -> %UserProfile%\Skrivbord\Genväg till ra2.lnk ->  [Ver =  | Size = 720 bytes | Created Date = 2008-02-24 12:48:03 | Attr =	]
Software Remove Master.lnk -> %UserProfile%\Skrivbord\Software Remove Master.lnk ->  [Ver =  | Size = 796 bytes | Created Date = 2008-03-08 11:15:09 | Attr =	]
WinPFind35u -> %UserProfile%\Skrivbord\WinPFind35u ->  [Folder | Created Date = 2008-03-15 13:51:07 | Attr =	]
WinPFind35u.exe -> %UserProfile%\Skrivbord\WinPFind35u.exe ->  [Ver =  | Size = 481244 bytes | Created Date = 2008-03-15 13:47:22 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Skrivbord\WinPFind35u.exe:Zone.Identifier
µTorrent.lnk -> %UserProfile%\Start-meny\Program\Autostart\µTorrent.lnk ->  [Ver =  | Size = 431 bytes | Created Date = 2008-03-04 20:21:35 | Attr =	]
Nokia -> %CommonProgramFiles%\Nokia ->  [Folder | Created Date = 2008-03-11 19:50:46 | Attr =	]
PCSuite -> %CommonProgramFiles%\PCSuite ->  [Folder | Created Date = 2008-03-11 19:30:43 | Attr =	]

[Files/Folders - Modified Within 30 days]
Casino -> %SystemDrive%\Casino ->  [Folder | Modified Date = 2008-03-09 19:49:41 | Attr =	]
Program -> %ProgramFiles% ->  [Folder | Modified Date = 2008-03-15 12:15:29 | Attr = R  ]
rollback.ini -> %SystemDrive%\rollback.ini ->  [Ver =  | Size = 805 bytes | Modified Date = 2008-03-15 12:16:03 | Attr =	]
tmp -> %SystemDrive%\tmp ->  [Folder | Modified Date = 2008-02-25 21:53:25 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-03-15 12:18:03 | Attr =	]
core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Modified Date = 2008-03-09 19:41:19 | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2008-03-08 11:18:33 | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 3188000 bytes | Modified Date = 2008-03-15 14:25:03 | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 44120 bytes | Modified Date = 2008-03-15 13:11:30 | Attr =  HS]
UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Modified Date = 2008-03-15 11:53:52 | Attr =	]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-03-15 11:52:34 | Attr =  H ]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 2008-03-15 11:57:19 | Attr =	]
BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Modified Date = 2008-03-08 15:30:59 | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2008-03-15 11:45:58 | Attr =	]
7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2008-03-15 14:03:25 | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 2008-02-25 20:24:32 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2008-03-15 11:59:02 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2008-03-15 12:42:38 | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2008-03-11 19:49:32 | Attr =	]
en-us -> %SystemRoot%\System32\en-us ->  [Folder | Modified Date = 2008-03-15 12:07:21 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 248696 bytes | Modified Date = 2008-03-15 12:42:56 | Attr =	]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 2008-03-15 11:52:30 | Attr =	]
mui -> %SystemRoot%\System32\mui ->  [Folder | Modified Date = 2008-03-15 11:43:15 | Attr =	]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 2008-03-15 11:57:19 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 71386 bytes | Modified Date = 2008-03-15 12:13:10 | Attr =	]
perfc01D.dat -> %SystemRoot%\System32\perfc01D.dat ->  [Ver =  | Size = 83392 bytes | Modified Date = 2008-03-15 12:13:10 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 441320 bytes | Modified Date = 2008-03-15 12:13:10 | Attr =	]
perfh01D.dat -> %SystemRoot%\System32\perfh01D.dat ->  [Ver =  | Size = 443404 bytes | Modified Date = 2008-03-15 12:13:10 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 1048752 bytes | Modified Date = 2008-03-15 12:13:10 | Attr =	]
spool -> %SystemRoot%\System32\spool ->  [Folder | Modified Date = 2008-03-15 11:59:14 | Attr =	]
sv-se -> %SystemRoot%\System32\sv-se ->  [Folder | Modified Date = 2008-03-15 12:14:32 | Attr =	]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 355091 bytes | Modified Date = 2008-03-15 13:14:35 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2262 bytes | Modified Date = 2008-03-15 13:14:56 | Attr =	]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Modified Date = 2008-03-15 12:14:32 | Attr =	]
zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat ->  [Ver =  | Size = 4212 bytes | Modified Date = 2008-03-12 18:40:53 | Attr =  H ]
ZoneLabs -> %SystemRoot%\System32\ZoneLabs ->  [Folder | Modified Date = 2008-03-15 10:07:12 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-03-15 11:39:46 | Attr =  H ]
11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 2008-03-15 11:58:09 | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2008-03-15 12:14:47 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-03-15 13:13:54 | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2008-03-08 09:35:44 | Attr =  HS]
disney.ini -> %SystemRoot%\disney.ini ->  [Ver =  | Size = 631 bytes | Modified Date = 2008-02-25 21:21:51 | Attr =	]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 2008-03-11 17:11:52 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-02-16 11:30:59 | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2008-03-15 12:07:17 | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2008-03-15 11:55:54 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2008-03-15 11:58:50 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2008-03-15 13:13:31 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-03-15 12:15:34 | Attr =  HS]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 2008-03-15 14:21:50 | Attr =	]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Modified Date = 2008-03-15 11:46:03 | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2008-03-15 12:15:32 | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2008-03-08 09:35:42 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2008-03-12 20:54:29 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-03-15 14:24:40 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-03-14 12:28:50 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-03-14 12:28:50 | Attr =  H ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 2008-03-15 11:46:09 | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2008-03-15 11:56:29 | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 2008-03-08 09:42:21 | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2008-03-15 12:42:37 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-03-15 14:23:14 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 658 bytes | Modified Date = 2008-03-15 11:57:06 | Attr =	]
wincmd.ini -> %SystemRoot%\wincmd.ini ->  [Ver =  | Size = 784 bytes | Modified Date = 2008-03-15 12:16:12 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2008-03-12 23:33:41 | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 2008-03-15 11:45:43 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-03-15 13:14:02 | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5340 bytes | Modified Date = 2008-03-15 14:04:38 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5340 bytes | Modified Date = 2008-03-15 14:04:28 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2007-03-17 00:15:21 | Attr =	]
www.gamezone[1].com -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\0LM7SDI3\www.gamezone[1].com ->  [Ver =  | Size = 23382 bytes | Modified Date = 2007-12-15 15:57:34 | Attr =	]
_isF.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_isF.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 2007-01-20 03:46:42 | Attr = R  ]
108 C:\Documents and Settings\Micke\Lokala inställningar\Temp\*.tmp files -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\*.tmp -> 
irsetup.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_ir_sf7_temp_0\irsetup.exe ->  [Ver = 7.0.6.1 | Size = 473600 bytes | Modified Date = 2007-12-22 19:07:17 | Attr =	]
setup.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\{7C38B442-D116-4752-9BC5-472F6DF5C37B}\setup.exe -> Petroglyph			  [Ver = 1.00.000 | Size = 331776 bytes | Modified Date = 2007-12-16 21:59:11 | Attr =	]
Install.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Install.exe -> Panda Software International [Ver = 1, 0, 0, 10 | Size = 94208 bytes | Modified Date = 2006-05-15 16:05:34 | Attr =	]
setup.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\setup.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 121064 bytes | Modified Date = 2005-04-07 00:39:06 | Attr =	]
APVXDWIN.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\APVXDWIN.EXE -> Panda Software International [Ver = 7.00.09 | Size = 311296 bytes | Modified Date = 2006-07-28 12:05:28 | Attr =	]
Avciman.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\Avciman.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 65536 bytes | Modified Date = 2006-07-04 13:25:46 | Attr =	]
AVENGINE.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\AVENGINE.EXE -> Panda Software International [Ver = 2, 0, 1840, 33 | Size = 106496 bytes | Modified Date = 2006-08-08 17:25:32 | Attr =	]
AVLITE.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\AVLITE.EXE -> Panda Software International [Ver = 7.0.4.0 | Size = 198144 bytes | Modified Date = 2006-07-19 08:17:30 | Attr =	]
AVLTMAIN.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\AVLTMAIN.EXE -> Panda Software International [Ver = 7.0.31.0 | Size = 4291072 bytes | Modified Date = 2006-08-08 14:14:56 | Attr =	]
AVTASK.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\AVTASK.EXE -> Panda Software International [Ver = 7.00.06 | Size = 143360 bytes | Modified Date = 2006-07-20 15:23:26 | Attr =	]
FwAct.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\FwAct.exe -> Panda Software [Ver = 7.0.5.0 | Size = 371712 bytes | Modified Date = 2006-07-20 15:28:40 | Attr =	]
LITEUPG.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\LITEUPG.EXE -> Panda Software International [Ver = 3.12.01 | Size = 86016 bytes | Modified Date = 2003-12-23 21:16:46 | Attr =	]
LUPGCONF.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\LUPGCONF.EXE -> Panda Software International [Ver = 5.3.1.0 | Size = 412160 bytes | Modified Date = 2005-03-07 19:09:10 | Attr =	]
PavFnSvr.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavFnSvr.exe -> Panda Software International [Ver = 7.06.03.00 | Size = 159744 bytes | Modified Date = 2006-07-21 11:22:32 | Attr =	]
PAVSCRIP.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVSCRIP.EXE -> Panda Software International [Ver = 6, 1, 2, 0 | Size = 65536 bytes | Modified Date = 2006-01-19 16:48:16 | Attr =	]
PAVSRV50.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVSRV50.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 147456 bytes | Modified Date = 2006-08-08 17:25:54 | Attr =	]
PAVSRV51.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 2006-08-08 17:26:18 | Attr =	]
PNMSRV.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PNMSRV.exe -> Panda Software International [Ver = 3, 0, 0,21 | Size = 811008 bytes | Modified Date = 2006-08-02 13:05:54 | Attr =	]
PPFW.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PPFW.EXE -> Panda Software International [Ver = 7.02.01.00 | Size = 86016 bytes | Modified Date = 2006-08-04 10:59:58 | Attr =	]
psimreal.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\psimreal.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 65536 bytes | Modified Date = 2006-07-04 13:25:06 | Attr =	]
PsImSvc.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 2006-07-04 13:25:34 | Attr =	]
ROLSTART.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ROLSTART.EXE -> Panda Software International [Ver = 5, 8, 1, 0 | Size = 65536 bytes | Modified Date = 2005-08-31 16:44:26 | Attr =	]
SAFEBOOT.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\SAFEBOOT.EXE ->  [Ver =  | Size = 39108 bytes | Modified Date = 2000-06-16 11:16:38 | Attr =	]
SAFEDISK.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\SAFEDISK.EXE -> Panda Software International [Ver = 7.0.5.0 | Size = 794624 bytes | Modified Date = 2006-08-03 18:55:04 | Attr =	]
SHFOLDER.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\SHFOLDER.EXE -> Microsoft Corporation [Ver = 5.50.4027.300 | Size = 117288 bytes | Modified Date = 2001-01-23 11:13:28 | Attr =	]
sporder.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\sporder.exe -> Microsoft Corporation [Ver = 5.00.1641.1 | Size = 14608 bytes | Modified Date = 1997-09-18 04:12:48 | Attr =	]
TPSrv.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\TPSrv.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 348160 bytes | Modified Date = 2006-08-02 13:46:00 | Attr =	]
TPSrv9x.exe -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\TPSrv9x.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 266240 bytes | Modified Date = 2006-07-10 10:53:52 | Attr =	]
UPGTEST.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\UPGTEST.EXE -> Panda Software International [Ver = 3.12.03 | Size = 77824 bytes | Modified Date = 2003-12-23 20:03:04 | Attr =	]
WEBPROXY.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\WEBPROXY.EXE -> Panda Software International [Ver = 6, 2, 22, 533 | Size = 69632 bytes | Modified Date = 2006-06-29 10:04:42 | Attr =	]
WIZSOS.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\WIZSOS.EXE -> Panda Software International [Ver = 7.0.17.0 | Size = 2600960 bytes | Modified Date = 2006-08-04 14:20:00 | Attr =	]
PAVPRS9X.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\PavShld\PAVPRS9X.EXE ->  [Ver =  | Size = 24576 bytes | Modified Date = 2005-07-25 08:02:22 | Attr =	]
PAVPRSRV.EXE -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\PavShld\PAVPRSRV.EXE -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Modified Date = 2005-07-25 08:02:22 | Attr =	]
ISSetup.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\{45C8D9B7-CD7D-45A0-8F77-6F679B945330}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58851 | Size = 492032 bytes | Modified Date = 2007-04-05 15:36:12 | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\{45C8D9B7-CD7D-45A0-8F77-6F679B945330}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 2006-05-17 16:21:04 | Attr = R  ]
pavsddl.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\{9EF9F331-5509-42C5-AA52-466EF730FA28}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\pavsddl.dll -> Panda Software International [Ver = 2, 0, 0, 5 | Size = 103728 bytes | Modified Date = 2007-07-17 13:00:04 | Attr =	]
InstLog.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\InstLog.dll -> Panda [Ver = 1, 0, 0, 2 | Size = 61440 bytes | Modified Date = 2005-03-15 18:35:36 | Attr =	]
PSWLabel.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\PSWLabel.dll -> Panda Software S.L. [Ver = 5.12.01.00 | Size = 94208 bytes | Modified Date = 2005-12-01 15:27:04 | Attr =	]
PSWLRes.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\PSWLRes.dll -> Panda Software S.L. [Ver = 7.07.06.10 | Size = 1261568 bytes | Modified Date = 2006-07-26 13:25:00 | Attr =	]
ADIAGNST.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ADIAGNST.DLL -> Panda Software International [Ver = 6, 6, 1, 6 | Size = 180224 bytes | Modified Date = 2006-07-28 11:57:32 | Attr =	]
apflctrl9X.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\apflctrl9X.dll -> Panda Software [Ver = 1, 0, 0,37 | Size = 49152 bytes | Modified Date = 2006-08-02 13:19:50 | Attr =	]
apflctrlNT.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\apflctrlNT.dll -> Panda Software International [Ver = 2, 0, 0, 0 | Size = 81920 bytes | Modified Date = 2006-08-02 13:18:24 | Attr =	]
apflinst.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\apflinst.dll ->  [Ver = 1, 4, 0,1 | Size = 90195 bytes | Modified Date = 2006-08-03 15:36:54 | Attr =	]
ASMDAT.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ASMDAT.DLL ->  [Ver =  | Size = 96256 bytes | Modified Date = 2001-03-19 17:19:54 | Attr =	]
Avcic.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\Avcic.dll -> Panda Software [Ver = 2, 6, 36, 0 | Size = 69632 bytes | Modified Date = 2006-07-04 13:25:52 | Attr =	]
AVENGDLL.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\AVENGDLL.DLL -> Panda Software [Ver = 2, 0, 1840, 6 | Size = 57344 bytes | Modified Date = 2006-02-06 10:53:16 | Attr =	]
avldr.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\avldr.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 45056 bytes | Modified Date = 2005-09-27 11:13:48 | Attr =	]
CHMCCFG.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\CHMCCFG.DLL -> Panda Software [Ver = 5, 1, 1, 2 | Size = 86016 bytes | Modified Date = 2005-05-06 10:15:10 | Attr =	]
ComFlt9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ComFlt9x.dll ->  [Ver =  | Size = 49152 bytes | Modified Date = 2003-08-28 08:08:20 | Attr =	]
ComFltNt.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ComFltNt.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 2003-08-28 08:08:20 | Attr =	]
cpdll.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\cpdll.dll -> Panda Software [Ver = 1, 1, 0, 0120 | Size = 90112 bytes | Modified Date = 2004-11-01 20:50:38 | Attr =	]
CryptMng.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\CryptMng.dll -> Panda Software [Ver = 1, 0, 0, 5 | Size = 53248 bytes | Modified Date = 2005-09-01 16:26:10 | Attr =	]
DpifTran.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\DpifTran.dll -> Panda Software International  [Ver = 3, 0, 0, 1 | Size = 196608 bytes | Modified Date = 2006-07-05 13:25:34 | Attr =	]
dsaflt.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\dsaflt.dll -> Panda Software International [Ver = 1, 3, 0,27 | Size = 77824 bytes | Modified Date = 2006-08-02 13:08:20 | Attr =	]
dsarule.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\dsarule.dll -> Panda Software International [Ver = 1, 3, 0,20 | Size = 60416 bytes | Modified Date = 2006-06-22 16:37:12 | Attr =	]
fnetctrl9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\fnetctrl9x.dll -> Panda Software [Ver = 1, 0, 0,28 | Size = 49152 bytes | Modified Date = 2006-08-02 13:20:28 | Attr =	]
fnetctrlNT.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\fnetctrlNT.dll -> Panda Software International [Ver = 2, 0, 0, 0 | Size = 77824 bytes | Modified Date = 2006-08-02 13:18:50 | Attr =	]
ICL_CFG.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ICL_CFG.DLL -> Panda Software International [Ver = 6, 2, 29, 510 | Size = 126976 bytes | Modified Date = 2006-06-29 10:03:52 | Attr =	]
ICL_MTR.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ICL_MTR.DLL -> Panda Software International [Ver = 6, 2, 1, 1 | Size = 11264 bytes | Modified Date = 2006-02-09 16:14:28 | Attr =	]
ICL_TRF.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ICL_TRF.DLL -> Panda Software International [Ver = 6, 1, 2, 1 | Size = 32768 bytes | Modified Date = 2006-01-23 11:16:30 | Attr =	]
Icons.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\Icons.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 2005-02-17 13:24:06 | Attr =	]
Idiomas.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\Idiomas.dll -> Panda Software International [Ver = 6, 8, 8, 40 | Size = 417792 bytes | Modified Date = 2006-08-03 08:31:06 | Attr =	]
idsflt.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\idsflt.dll -> Panda Software International [Ver = 1, 3, 0,18 | Size = 73728 bytes | Modified Date = 2006-08-02 13:09:42 | Attr =	]
ImLocRep.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ImLocRep.dll -> Panda Software Internacional [Ver = 2, 0, 3, 1 | Size = 69632 bytes | Modified Date = 2006-06-15 09:47:34 | Attr =	]
iphlpapi.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\iphlpapi.dll -> Microsoft Corporation [Ver = 5.00.1717.2 | Size = 32768 bytes | Modified Date = 2005-06-28 09:06:26 | Attr =	]
KreCfg9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\KreCfg9x.dll -> Panda Software [Ver = 7, 0, 0, 0 | Size = 90112 bytes | Modified Date = 2006-02-16 14:07:04 | Attr =	]
KreCfgXM.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\KreCfgXM.dll -> Panda Software [Ver = 7, 0, 0, 0 | Size = 94208 bytes | Modified Date = 2006-02-16 14:01:30 | Attr =	]
LIBXML2.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\LIBXML2.DLL ->  [Ver =  | Size = 507904 bytes | Modified Date = 2004-05-19 10:33:12 | Attr =	]
LTFORMS.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\LTFORMS.DLL -> Panda Software International [Ver = 7.0.12.0 | Size = 2884096 bytes | Modified Date = 2006-07-27 19:35:30 | Attr =	]
MiniCryp.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\MiniCryp.dll -> Panda Software [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2005-08-12 11:05:16 | Attr =	]
netadapt.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\netadapt.dll -> Panda Software International [Ver = 1, 3, 0,20 | Size = 73728 bytes | Modified Date = 2006-06-22 16:37:00 | Attr =	]
netflt.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\netflt.dll -> Panda Software International [Ver = 1, 3, 0,27 | Size = 102400 bytes | Modified Date = 2006-08-02 13:12:42 | Attr =	]
OSMerger.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\OSMerger.dll -> Panda Software [Ver = 2, 4, 3, 2 | Size = 417792 bytes | Modified Date = 2006-05-24 09:41:00 | Attr =	]
ParserFW.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ParserFW.dll -> Panda Software International [Ver = 1, 4, 2, 2 | Size = 159744 bytes | Modified Date = 2006-08-04 10:51:10 | Attr =	]
PAV2WSC.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAV2WSC.DLL -> Panda Software [Ver = 1, 0, 24, 83 | Size = 114688 bytes | Modified Date = 2005-08-22 12:22:20 | Attr =	]
PavAMW.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavAMW.dll -> Panda Software International [Ver = 6, 3, 44, 605 | Size = 172032 bytes | Modified Date = 2006-07-27 13:11:34 | Attr =	]
PavCntrs.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavCntrs.dll -> Panda Software International [Ver = 6, 2, 1, 0 | Size = 81920 bytes | Modified Date = 2006-04-20 15:32:04 | Attr =	]
PAVCRC.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVCRC.DLL -> Panda Software International [Ver = 3.09.02 | Size = 69632 bytes | Modified Date = 2003-09-23 02:03:26 | Attr =	]
PAVEXCOM.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVEXCOM.DLL -> Panda Software [Ver = 3, 2, 0, 1 | Size = 172102 bytes | Modified Date = 2005-08-17 09:13:56 | Attr =	]
Pavfirec.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\Pavfirec.dll -> Panda Software International [Ver = 6.05.01.01 | Size = 118784 bytes | Modified Date = 2006-05-22 08:54:00 | Attr =	]
PavFtp.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavFtp.dll -> Panda Software International [Ver = 6, 1, 3, 15 | Size = 81920 bytes | Modified Date = 2006-08-08 12:22:00 | Attr =	]
PavHttp.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavHttp.dll -> Panda Software International [Ver = 6, 2, 27, 545 | Size = 98304 bytes | Modified Date = 2006-08-02 12:10:00 | Attr =	]
pavim.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\pavim.dll -> Panda Software International [Ver = 6, 6, 1, 0 | Size = 69632 bytes | Modified Date = 2006-06-26 17:51:52 | Attr =	]
pavipc.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\pavipc.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 57344 bytes | Modified Date = 2006-06-16 13:44:34 | Attr =	]
pavipc9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\pavipc9x.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 57344 bytes | Modified Date = 2006-06-26 12:15:28 | Attr =	]
PAVLSP.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVLSP.DLL -> Panda Software International [Ver = 6, 8, 18, 56 | Size = 167936 bytes | Modified Date = 2006-08-06 16:58:18 | Attr =	]
PAVMICLI.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVMICLI.DLL -> Panda Software International [Ver = 6, 3, 40, 553 | Size = 69632 bytes | Modified Date = 2006-07-26 07:15:48 | Attr =	]
PAVNNTP.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVNNTP.DLL -> Panda Software International [Ver = 6, 2, 12, 9 | Size = 73728 bytes | Modified Date = 2006-02-09 16:20:06 | Attr =	]
PAVOE.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVOE.DLL -> Panda software S.L. [Ver = 2005, 6, 7, 43 | Size = 180224 bytes | Modified Date = 2005-06-07 15:39:14 | Attr =	]
PAVPOP3.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVPOP3.DLL -> Panda Software International [Ver = 6, 2, 12, 10 | Size = 73728 bytes | Modified Date = 2006-02-09 16:21:50 | Attr =	]
PavSafCD.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavSafCD.dll ->  [Ver =  | Size = 73728 bytes | Modified Date = 2005-07-06 09:43:42 | Attr =	]
PAvScr.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAvScr.dll -> Panda Software [Ver = 1, 1, 0, 0 | Size = 77902 bytes | Modified Date = 2005-03-29 17:21:40 | Attr =	]
PavSH9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavSH9x.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 204800 bytes | Modified Date = 2006-07-19 13:48:12 | Attr =	]
PavSHook.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavSHook.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 245760 bytes | Modified Date = 2006-07-10 10:50:08 | Attr =	]
PavSI9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavSI9x.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 49152 bytes | Modified Date = 2006-06-26 12:16:18 | Attr =	]
pavSIM9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\pavSIM9x.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 40960 bytes | Modified Date = 2006-06-26 12:15:38 | Attr =	]
pavSIMsg.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\pavSIMsg.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 40960 bytes | Modified Date = 2006-06-16 13:44:42 | Attr =	]
PavSInet.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavSInet.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 49152 bytes | Modified Date = 2006-06-16 13:45:24 | Attr =	]
pavSM9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\pavSM9x.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 49152 bytes | Modified Date = 2006-06-26 12:16:12 | Attr =	]
PavSMAPI.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavSMAPI.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 49152 bytes | Modified Date = 2006-06-16 13:45:18 | Attr =	]
PAVSMTP.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVSMTP.DLL -> Panda Software International [Ver = 6, 2, 14, 13 | Size = 73728 bytes | Modified Date = 2006-02-09 16:20:46 | Attr =	]
PavSRU.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavSRU.dll -> Panda Software [Ver = 1, 0, 0, 1 | Size = 77824 bytes | Modified Date = 2006-02-01 13:41:52 | Attr =	]
pavsrvdl.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\pavsrvdl.dll -> Panda Software [Ver = 2, 0, 1840, 3 | Size = 57344 bytes | Modified Date = 2006-01-25 10:59:48 | Attr =	]
pavtcmgr.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\pavtcmgr.dll -> Panda Software International [Ver = 1, 2, 1, 0 | Size = 90112 bytes | Modified Date = 2005-08-10 18:02:02 | Attr =	]
Pavtftp.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\Pavtftp.dll -> Panda Software International [Ver = 6, 1, 8, 9 | Size = 69632 bytes | Modified Date = 2006-08-08 12:20:18 | Attr =	]
PavTPU.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavTPU.dll -> Panda Software [Ver = 1, 1, 0, 1 | Size = 106496 bytes | Modified Date = 2006-07-06 08:16:14 | Attr =	]
PAVTRC.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PAVTRC.DLL -> Panda Software International [Ver = 5, 12, 17, 520 | Size = 126976 bytes | Modified Date = 2006-06-29 10:04:50 | Attr =	]
PavVT.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavVT.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 13312 bytes | Modified Date = 2006-06-16 13:46:54 | Attr =	]
PavWmail.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PavWmail.dll -> Panda Software International [Ver = 6, 2, 13, 11 | Size = 163840 bytes | Modified Date = 2006-02-09 16:18:42 | Attr =	]
PFSF.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PFSF.DLL -> Panda Software International [Ver = 5, 1, 2608, 1 | Size = 249856 bytes | Modified Date = 2006-07-03 09:25:50 | Attr =	]
PFSF9X.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PFSF9X.DLL ->  [Ver =  | Size = 45056 bytes | Modified Date = 2003-12-11 12:50:20 | Attr =	]
platc.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\platc.dll -> Panda Software [Ver = 2, 0, 0, 5 | Size = 61440 bytes | Modified Date = 2004-12-21 09:24:26 | Attr =	]
plats.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\plats.dll -> Panda Software [Ver = 2, 0, 0, 3 | Size = 57344 bytes | Modified Date = 2004-10-30 17:43:38 | Attr =	]
PNmApi.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PNmApi.dll -> Panda Software International [Ver = 3, 0, 1,22 | Size = 659456 bytes | Modified Date = 2006-08-02 13:02:10 | Attr =	]
pnmatdi.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\pnmatdi.dll -> Panda Software [Ver = 2, 0, 0,8 | Size = 82001 bytes | Modified Date = 2006-08-02 13:19:20 | Attr =	]
PNMSetup.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PNMSetup.dll -> Panda Software International [Ver = 3, 0, 0,6 | Size = 188416 bytes | Modified Date = 2006-06-22 16:18:46 | Attr =	]
PProMg.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PProMg.dll -> Panda Software International [Ver = 1, 1, 3, 6 | Size = 77824 bytes | Modified Date = 2006-06-23 13:28:14 | Attr =	]
ProtExc.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ProtExc.dll -> Panda Software International  [Ver = 2, 0, 0, 5 | Size = 172032 bytes | Modified Date = 2004-09-29 15:47:48 | Attr =	]
PROTINST.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PROTINST.DLL -> Panda Software [Ver = 7, 0, 2, 0 | Size = 49152 bytes | Modified Date = 2006-07-03 11:09:50 | Attr =	]
PSAEng.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PSAEng.dll -> Panda Software [Ver = 1, 2, 24, 99 | Size = 348160 bytes | Modified Date = 2006-03-03 08:56:46 | Attr =	]
PSAPI.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PSAPI.DLL -> Microsoft Corporation [Ver = 5.00.1641.1 | Size = 17680 bytes | Modified Date = 2001-05-09 17:50:00 | Attr =	]
PSAUI.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PSAUI.dll -> Panda Software [Ver = 1.2.24.79 | Size = 292352 bytes | Modified Date = 2006-06-30 09:35:58 | Attr =	]
PSCOOKIE.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PSCOOKIE.DLL -> Panda Software International [Ver = 3, 12, 1, 1 | Size = 122880 bytes | Modified Date = 2005-04-04 18:17:00 | Attr =	]
PSImFltr.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PSImFltr.dll -> Panda Software Internacional [Ver = 2, 1, 34, 0 | Size = 49152 bytes | Modified Date = 2006-07-12 10:20:26 | Attr =	]
PSINET.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PSINET.DLL -> Panda Software [Ver = 1, 1, 3, 0 | Size = 135168 bytes | Modified Date = 2006-08-05 17:47:04 | Attr =	]
PSREPORT.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PSREPORT.DLL -> Panda Software International [Ver = 6, 1, 1, 0 | Size = 81920 bytes | Modified Date = 2006-01-27 11:04:54 | Attr =	]
PSSYSCHK.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PSSYSCHK.DLL -> Panda Software International [Ver = 6, 0, 2, 0 | Size = 106496 bytes | Modified Date = 2006-03-09 15:28:42 | Attr =	]
PSTACKDL.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PSTACKDL.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 2004-10-07 20:22:50 | Attr =	]
PsXML.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PsXML.dll -> Panda Software International [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 2005-06-13 10:27:14 | Attr =	]
REPORTEX.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\REPORTEX.DLL -> Panda [Ver = 3, 0, 14, 0 | Size = 143360 bytes | Modified Date = 2005-04-01 11:44:52 | Attr =	]
RESHOME.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\RESHOME.DLL -> panda [Ver = 5.03.02 | Size = 65536 bytes | Modified Date = 2005-03-09 15:49:00 | Attr =	]
ROL.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ROL.DLL ->  [Ver =  | Size = 110592 bytes | Modified Date = 2002-06-14 09:57:58 | Attr =	]
RSDNAPI.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\RSDNAPI.DLL -> Panda Software International [Ver = 9.00.01.00 | Size = 237568 bytes | Modified Date = 2006-07-13 14:01:48 | Attr =	]
SAFED.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\SAFED.DLL -> PANDA SOFTWARE [Ver = 3, 6, 0, 1 | Size = 77824 bytes | Modified Date = 2004-03-23 12:35:04 | Attr =	]
sentrsc.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\sentrsc.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 57344 bytes | Modified Date = 2005-06-22 11:55:16 | Attr =	]
SHELLTIT.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\SHELLTIT.DLL -> Panda Software International [Ver = 6.1.02 | Size = 118784 bytes | Modified Date = 2006-01-30 17:57:28 | Attr =	]
smsflt.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\smsflt.dll -> Panda Software International [Ver = 1, 3, 0,23 | Size = 73728 bytes | Modified Date = 2006-08-02 13:15:24 | Attr =	]
StarBurn.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\StarBurn.dll ->  [Ver =  | Size = 467456 bytes | Modified Date = 2005-02-21 21:36:58 | Attr =	]
SYSTOOLS.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\SYSTOOLS.DLL -> Panda Software [Ver = 7.0.2.0 | Size = 101888 bytes | Modified Date = 2006-06-27 18:36:40 | Attr =	]
TCPVFILE.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\TCPVFILE.DLL -> Panda Software [Ver = 5, 9, 6, 4 | Size = 53248 bytes | Modified Date = 2005-10-31 20:59:56 | Attr =	]
TITCFG.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\TITCFG.DLL -> Panda Software International [Ver = 7.00.00 | Size = 262144 bytes | Modified Date = 2006-06-19 16:22:12 | Attr =	]
TITSCAN.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\TITSCAN.DLL -> Panda Software International [Ver = 7.0.9.0 | Size = 1091072 bytes | Modified Date = 2006-08-03 21:48:54 | Attr =	]
TPConf.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\TPConf.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 69632 bytes | Modified Date = 2006-07-10 10:51:40 | Attr =	]
TPConf9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\TPConf9x.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 65536 bytes | Modified Date = 2006-07-10 10:53:58 | Attr =	]
TpUtil.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\TpUtil.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 139264 bytes | Modified Date = 2006-07-21 13:35:28 | Attr =	]
TpUtil9x.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\TpUtil9x.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 122880 bytes | Modified Date = 2006-06-26 12:15:22 | Attr =	]
Uninstal.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\Uninstal.dll -> Panda Software International [Ver = 7.06.03.00 | Size = 122880 bytes | Modified Date = 2006-07-17 10:05:22 | Attr =	]
wnaspi32.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\wnaspi32.dll ->  [Ver =  | Size = 124928 bytes | Modified Date = 2005-02-21 21:36:52 | Attr =	]
wnmflt.dll -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\wnmflt.dll -> Panda Software International [Ver = 1, 3, 0,27 | Size = 81920 bytes | Modified Date = 2006-08-02 13:16:42 | Attr =	]
ZIUPDATE.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ZIUPDATE.DLL -> Panda Software International [Ver = 7.0.16.0 | Size = 1088000 bytes | Modified Date = 2006-08-04 14:14:34 | Attr =	]
PAVSHLD.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\PavShld\PAVSHLD.DLL -> Panda Software International [Ver = 1, 1, 7, 16 | Size = 155648 bytes | Modified Date = 2006-05-05 08:08:22 | Attr =	]
PROCPR9X.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\PavShld\PROCPR9X.DLL -> Panda Software [Ver = 1.1.1.6 | Size = 40960 bytes | Modified Date = 2004-09-09 08:29:32 | Attr =	]
PROCPROT.DLL -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\PavShld\PROCPROT.DLL -> Panda Software [Ver = 1.3.6.3 | Size = 69632 bytes | Modified Date = 2006-02-15 15:53:10 | Attr =	]
index.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 1671168 bytes | Modified Date = 2007-12-16 02:20:42 | Attr =	]
index.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Tidigare\History.IE5\index.dat ->  [Ver =  | Size = 65536 bytes | Modified Date = 2007-12-16 02:11:33 | Attr =	]
index.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Tidigare\History.IE5\MSHist012007121620071217\index.dat ->  [Ver =  | Size = 81920 bytes | Modified Date = 2007-12-16 23:54:49 | Attr =	]
FWRLS.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\FWRLS.dat ->  [Ver =  | Size = 14012 bytes | Modified Date = 2006-03-08 12:52:39 | Attr =	]
pavVTS.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\pavVTS.dat ->  [Ver =  | Size = 1149 bytes | Modified Date = 2006-03-22 10:06:20 | Attr =	]
SBRLS.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\SBRLS.dat ->  [Ver =  | Size = 1272 bytes | Modified Date = 2005-06-02 08:03:16 | Attr =	]
WebExcl.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\WebExcl.dat ->  [Ver =  | Size = 4332 bytes | Modified Date = 2006-08-08 12:50:56 | Attr =	]
PLANTWEB.DAT -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PLANTWEB.DAT ->  [Ver =  | Size = 290 bytes | Modified Date = 2002-03-12 14:59:38 | Attr =	]
PNMSetCP.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PNMSetCP.dat ->  [Ver =  | Size = 18387 bytes | Modified Date = 2006-05-19 12:07:44 | Attr =	]
PNMSetup.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PNMSetup.dat ->  [Ver =  | Size = 21702 bytes | Modified Date = 2006-05-05 11:41:04 | Attr =	]
PNMSetVR.dat -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\PNMSetVR.dat ->  [Ver =  | Size = 21702 bytes | Modified Date = 2006-05-05 11:41:00 | Attr =	]
_isdelet.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_isdelet.ini ->  [Ver =  | Size = 516 bytes | Modified Date = 2008-03-08 11:18:39 | Attr =	]
108 C:\Documents and Settings\Micke\Lokala inställningar\Temp\*.tmp files -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\*.tmp -> 
0x0401.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0401.ini ->  [Ver =  | Size = 5939 bytes | Modified Date = 2008-03-11 17:11:43 | Attr =	]
0x0404.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0404.ini ->  [Ver =  | Size = 4376 bytes | Modified Date = 2008-03-11 17:11:39 | Attr =	]
0x0405.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0405.ini ->  [Ver =  | Size = 6408 bytes | Modified Date = 2008-03-11 17:11:39 | Attr =	]
0x0406.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0406.ini ->  [Ver =  | Size = 6352 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x0407.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0407.ini ->  [Ver =  | Size = 6974 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x0408.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0408.ini ->  [Ver =  | Size = 7271 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x0409.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0409.ini ->  [Ver =  | Size = 6139 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x040a.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x040a.ini ->  [Ver =  | Size = 6928 bytes | Modified Date = 2008-03-11 17:11:43 | Attr =	]
0x040b.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x040b.ini ->  [Ver =  | Size = 6231 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x040c.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x040c.ini ->  [Ver =  | Size = 7047 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x040d.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x040d.ini ->  [Ver =  | Size = 5430 bytes | Modified Date = 2008-03-11 17:11:43 | Attr =	]
0x040e.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x040e.ini ->  [Ver =  | Size = 6382 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x0410.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0410.ini ->  [Ver =  | Size = 6801 bytes | Modified Date = 2008-03-11 17:11:41 | Attr =	]
0x0411.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0411.ini ->  [Ver =  | Size = 6607 bytes | Modified Date = 2008-03-11 17:11:41 | Attr =	]
0x0413.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0413.ini ->  [Ver =  | Size = 6723 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x0414.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0414.ini ->  [Ver =  | Size = 6353 bytes | Modified Date = 2008-03-11 17:11:41 | Attr =	]
0x0415.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0415.ini ->  [Ver =  | Size = 6542 bytes | Modified Date = 2008-03-11 17:11:42 | Attr =	]
0x0416.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0416.ini ->  [Ver =  | Size = 6524 bytes | Modified Date = 2008-03-11 17:11:42 | Attr =	]
0x0418.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0418.ini ->  [Ver =  | Size = 6371 bytes | Modified Date = 2008-03-11 17:11:42 | Attr =	]
0x0419.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0419.ini ->  [Ver =  | Size = 6522 bytes | Modified Date = 2008-03-11 17:11:42 | Attr =	]
0x041b.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x041b.ini ->  [Ver =  | Size = 6444 bytes | Modified Date = 2008-03-11 17:11:42 | Attr =	]
0x041c.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x041c.ini ->  [Ver =  | Size = 6894 bytes | Modified Date = 2008-03-11 17:11:43 | Attr =	]
0x041d.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x041d.ini ->  [Ver =  | Size = 6168 bytes | Modified Date = 2008-03-11 17:11:43 | Attr =	]
0x041e.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x041e.ini ->  [Ver =  | Size = 6109 bytes | Modified Date = 2008-03-11 17:11:43 | Attr =	]
0x041f.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x041f.ini ->  [Ver =  | Size = 6318 bytes | Modified Date = 2008-03-11 17:11:43 | Attr =	]
0x0421.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0421.ini ->  [Ver =  | Size = 6430 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x0424.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0424.ini ->  [Ver =  | Size = 6489 bytes | Modified Date = 2008-03-11 17:11:43 | Attr =	]
0x042a.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x042a.ini ->  [Ver =  | Size = 6139 bytes | Modified Date = 2008-03-11 17:11:44 | Attr =	]
0x043e.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x043e.ini ->  [Ver =  | Size = 6648 bytes | Modified Date = 2008-03-11 17:11:41 | Attr =	]
0x0804.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0804.ini ->  [Ver =  | Size = 4459 bytes | Modified Date = 2008-03-11 17:11:39 | Attr =	]
0x0809.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0809.ini ->  [Ver =  | Size = 6267 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
0x080a.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x080a.ini ->  [Ver =  | Size = 7137 bytes | Modified Date = 2008-03-11 17:11:43 | Attr =	]
0x0816.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0816.ini ->  [Ver =  | Size = 6694 bytes | Modified Date = 2008-03-11 17:11:42 | Attr =	]
0x0c04.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0c04.ini ->  [Ver =  | Size = 4726 bytes | Modified Date = 2008-03-11 17:11:39 | Attr =	]
0x0c0c.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\0x0c0c.ini ->  [Ver =  | Size = 7180 bytes | Modified Date = 2008-03-11 17:11:40 | Attr =	]
Setup.INI -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\Setup.INI ->  [Ver =  | Size = 2361 bytes | Modified Date = 2008-03-11 17:11:39 | Attr =	]
_ISMSIDEL.INI -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\_is101\_ISMSIDEL.INI ->  [Ver =  | Size = 2241 bytes | Modified Date = 2008-03-11 17:11:44 | Attr =	]
AvDetect.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\{9EF9F331-5509-42C5-AA52-466EF730FA28}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\AvDetect.ini ->  [Ver =  | Size = 143343 bytes | Modified Date = 2007-07-18 17:54:53 | Attr =	]
desktop.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2007-12-15 15:42:37 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\0LM7SDI3\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2007-12-15 15:42:37 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\GDI7GPUR\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2007-12-15 15:42:37 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\KHYNCH6F\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2007-12-15 15:42:37 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\KT6FG9UZ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2007-12-15 15:42:37 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Tidigare\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 2007-12-15 15:42:37 | Attr =  HS]
ApDetect.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\ApDetect.ini ->  [Ver =  | Size = 159 bytes | Modified Date = 2004-12-20 09:57:03 | Attr =	]
AVLITE.INI -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\AVLITE.INI ->  [Ver =  | Size = 133 bytes | Modified Date = 2001-07-13 13:53:50 | Attr =	]
setup.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\setup.ini ->  [Ver =  | Size = 511 bytes | Modified Date = 2006-08-14 07:59:11 | Attr =	]
UrlConfig.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\UrlConfig.ini ->  [Ver =  | Size = 3464 bytes | Modified Date = 2005-09-03 18:01:26 | Attr =	]
ADiagnst.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\ADiagnst.ini ->  [Ver =  | Size = 3310 bytes | Modified Date = 2006-08-07 16:33:46 | Attr =	]
imanager.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\imanager.ini ->  [Ver =  | Size = 110 bytes | Modified Date = 2006-07-12 14:09:24 | Attr =	]
UNINSTAL.INI -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\UNINSTAL.INI ->  [Ver =  | Size = 10537 bytes | Modified Date = 2006-08-02 15:43:36 | Attr =	]
WebProxy.ini -> C:\Documents and Settings\Micke\Lokala inställningar\Temp\Titanium2007\Files\WebProxy.ini ->  [Ver =  | Size = 654 bytes | Modified Date = 2006-01-10 10:51:26 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier ->  [Folder | Modified Date = 2008-03-08 15:11:50 | Attr =	]
Nokia -> %AllUsersProfile%\Application Data\Nokia ->  [Folder | Modified Date = 2008-03-11 19:32:37 | Attr =	]
PC Suite -> %AllUsersProfile%\Application Data\PC Suite ->  [Folder | Modified Date = 2008-03-11 19:25:44 | Attr =	]
sentinel -> %AllUsersProfile%\Application Data\sentinel ->  [Folder | Modified Date = 2008-03-08 10:58:50 | Attr =	]
dvdcss -> %AppData%\dvdcss ->  [Folder | Modified Date = 2008-02-25 22:15:30 | Attr =	]
MailFrontier -> %AppData%\MailFrontier ->  [Folder | Modified Date = 2008-03-08 15:23:20 | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2008-03-08 09:42:24 | Attr =   S]
Nokia -> %AppData%\Nokia ->  [Folder | Modified Date = 2008-03-11 17:13:42 | Attr =	]
Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player ->  [Folder | Modified Date = 2008-03-11 19:44:44 | Attr =	]
PC Suite -> %AppData%\PC Suite ->  [Folder | Modified Date = 2008-03-11 17:12:39 | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-03-09 18:14:56 | Attr =	]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 2008-03-15 14:24:34 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 11776 bytes | Modified Date = 2008-02-22 22:03:13 | Attr =	]
IconCache.db -> %UserProfile%\Lokala inställningar\Application Data\IconCache.db ->  [Ver =  | Size = 4286270 bytes | Modified Date = 2008-02-25 22:11:31 | Attr =  H ]
Microsoft -> %UserProfile%\Lokala inställningar\Application Data\Microsoft ->  [Folder | Modified Date = 2008-03-15 12:43:59 | Attr =	]
Panda Software -> %UserProfile%\Lokala inställningar\Application Data\Panda Software ->  [Folder | Modified Date = 2008-03-08 11:16:33 | Attr =	]
Min musik -> %AllUsersProfile%\Dokument\Min musik ->  [Folder | Modified Date = 2008-03-15 11:54:51 | Attr = R  ]
EA Games -> %UserProfile%\Mina dokument\EA Games ->  [Folder | Modified Date = 2008-02-25 20:44:28 | Attr =	]
Mina delade mappar.lnk -> %UserProfile%\Mina dokument\Mina delade mappar.lnk ->  [Ver =  | Size = 589 bytes | Modified Date = 2008-03-15 14:03:21 | Attr =	]
Mina mottagna filer -> %UserProfile%\Mina dokument\Mina mottagna filer ->  [Folder | Modified Date = 2008-02-14 20:25:52 | Attr =	]
My Games -> %UserProfile%\Mina dokument\My Games ->  [Folder | Modified Date = 2008-02-25 21:14:49 | Attr =	]
NokiaLifeblogData -> %UserProfile%\Mina dokument\NokiaLifeblogData ->  [Folder | Modified Date = 2008-03-11 19:27:13 | Attr =	]
Nokia Lifeblog 2.5.lnk -> %AllUsersProfile%\Skrivbord\Nokia Lifeblog 2.5.lnk ->  [Ver =  | Size = 1733 bytes | Modified Date = 2008-03-11 17:13:09 | Attr =	]
Nokia Nseries PC Suite.lnk -> %AllUsersProfile%\Skrivbord\Nokia Nseries PC Suite.lnk ->  [Ver =  | Size = 915 bytes | Modified Date = 2008-03-11 17:12:11 | Attr =	]
Nokia Software Updater.lnk -> %AllUsersProfile%\Skrivbord\Nokia Software Updater.lnk ->  [Ver =  | Size = 1857 bytes | Modified Date = 2008-03-11 19:50:57 | Attr =	]
SUPERAntiSpyware Professional.lnk -> %AllUsersProfile%\Skrivbord\SUPERAntiSpyware Professional.lnk ->  [Ver =  | Size = 1712 bytes | Modified Date = 2008-03-09 18:15:01 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Skrivbord\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-03-15 13:46:06 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Skrivbord\ATF-Cleaner.exe:Zone.Identifier
Genväg till ra2.lnk -> %UserProfile%\Skrivbord\Genväg till ra2.lnk ->  [Ver =  | Size = 720 bytes | Modified Date = 2008-02-24 12:48:03 | Attr =	]
Software Remove Master.lnk -> %UserProfile%\Skrivbord\Software Remove Master.lnk ->  [Ver =  | Size = 796 bytes | Modified Date = 2008-03-08 11:15:09 | Attr =	]
WinPFind35u -> %UserProfile%\Skrivbord\WinPFind35u ->  [Folder | Modified Date = 2008-03-15 13:51:07 | Attr =	]
WinPFind35u.exe -> %UserProfile%\Skrivbord\WinPFind35u.exe ->  [Ver =  | Size = 481244 bytes | Modified Date = 2008-03-15 13:47:26 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Skrivbord\WinPFind35u.exe:Zone.Identifier
µTorrent.lnk -> %UserProfile%\Start-meny\Program\Autostart\µTorrent.lnk ->  [Ver =  | Size = 431 bytes | Modified Date = 2008-03-04 20:21:35 | Attr =	]
Nokia -> %CommonProgramFiles%\Nokia ->  [Folder | Modified Date = 2008-03-11 19:50:46 | Attr =	]
Panda Software -> %CommonProgramFiles%\Panda Software ->  [Folder | Modified Date = 2008-03-08 11:18:34 | Attr =	]
PCSuite -> %CommonProgramFiles%\PCSuite ->  [Folder | Modified Date = 2008-03-11 19:30:43 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2008-03-09 18:14:36 | Attr =	]

< End of report >


BC AdBot (Login to Remove)

 


#2 MichaelBu

MichaelBu
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 15 March 2008 - 10:07 AM

I have added a log report done with COMBOFIX aswell if that may help more ,

ComboFix 08-03-14.4 - Micke 2008-03-15 15:47:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.624 [GMT 1:00]
Running from: C:\Documents and Settings\Micke\Skrivbord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-15 12:15 . 2008-03-15 12:15 <KAT> d-------- C:\Program\MSXML 6.0
2008-03-15 12:12 . 2008-03-15 12:12 <KAT> d-------- C:\Program\MSBuild
2008-03-15 12:07 . 2008-03-15 12:14 <KAT> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-15 12:05 . 2008-03-15 12:05 <KAT> d-------- C:\Program\Reference Assemblies
2008-03-15 11:58 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-15 11:57 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-15 11:57 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-15 11:57 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-15 11:56 . 2008-03-15 11:56 <KAT> d-------- C:\Program\Windows Media Connect 2
2008-03-15 11:52 . 2008-03-15 11:53 <KAT> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-15 11:44 . 2004-08-11 01:45 253,688 --a------ C:\WINDOWS\system32\drmclien.dll
2008-03-14 12:28 . 2008-03-14 12:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-14 12:28 . 2008-03-14 12:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-12 23:33 . 2008-03-12 23:33 <KAT> d-------- C:\Program\MSXML 4.0
2008-03-11 19:50 . 2008-03-11 19:50 <KAT> d-------- C:\Program\Delade filer\Nokia
2008-03-11 19:49 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-03-11 19:49 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-03-11 19:49 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-03-11 19:44 . 2008-03-11 19:44 <KAT> d-------- C:\Documents and Settings\Micke\Application Data\Nokia Multimedia Player
2008-03-11 19:32 . 2008-03-11 19:32 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-03-11 19:30 . 2008-03-11 19:30 <KAT> d-------- C:\Program\Delade filer\PCSuite
2008-03-11 17:12 . 2008-03-11 17:13 <KAT> d-------- C:\Documents and Settings\Micke\Application Data\Nokia
2008-03-11 17:12 . 2008-03-11 19:25 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-11 17:11 . 2008-03-11 17:11 <KAT> d-------- C:\WINDOWS\Downloaded Installations
2008-03-11 17:10 . 2008-03-11 17:10 <KAT> d-------- C:\Program\PC Connectivity Solution
2008-03-11 17:10 . 2008-03-11 19:50 <KAT> d-------- C:\Program\Nokia
2008-03-11 17:10 . 2008-03-11 17:12 <KAT> d-------- C:\Documents and Settings\Micke\Application Data\PC Suite
2008-03-11 17:10 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-03-09 20:03 . 2008-03-09 20:03 <KAT> d-------- C:\Program\CleanMyPC Popup Blocker
2008-03-09 18:14 . 2008-03-09 18:15 <KAT> d-------- C:\Program\SUPERAntiSpyware
2008-03-08 15:08 . 2008-03-15 15:15 1,113 --a------ C:\rollback.ini
2008-03-08 15:00 . 2008-03-08 15:23 <KAT> d-------- C:\Documents and Settings\Micke\Application Data\MailFrontier
2008-03-08 14:57 . 2008-03-15 15:59 3,245,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-08 14:57 . 2008-03-15 15:55 45,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-08 14:54 . 2008-03-08 15:11 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-08 14:53 . 2008-03-08 14:53 <KAT> d-------- C:\Program\Zone Labs
2008-03-08 10:58 . 2008-03-08 10:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-25 21:59 . 2008-03-08 11:15 <KAT> d-------- C:\Program\Software Remove Master

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 15:00 --------- d-----w C:\Documents and Settings\Micke\Application Data\uTorrent
2008-03-15 14:56 932 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-11 16:10 --------- d-----w C:\Program\DIFX
2008-03-09 17:28 --------- d-----w C:\Program\mIRC
2008-03-09 17:14 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard
2008-03-09 17:14 --------- d-----w C:\Documents and Settings\Micke\Application Data\SUPERAntiSpyware.com
2008-03-08 10:18 --------- d-----w C:\Program\Delade filer\Panda Software
2008-03-08 09:57 --------- d--h--w C:\Program\InstallShield Installation Information
2008-02-25 21:15 --------- d-----w C:\Documents and Settings\Micke\Application Data\dvdcss
2008-02-25 21:04 --------- d-----w C:\Program\SlySoft
2008-02-25 20:37 --------- d-----w C:\Program\Skype
2008-02-25 20:33 --------- d-----w C:\Program\PAN Vision
2008-02-25 20:29 --------- d-----w C:\Program\Opera
2008-02-25 20:21 --------- d-----w C:\Program\toy
2008-02-13 17:17 86,144 ----a-w C:\WINDOWS\system32\drivers\alcxwdmm.sys
2008-02-12 16:50 --------- d-----w C:\Program\Razer
2008-02-12 16:50 --------- d-----w C:\Program\QuickTime
2008-02-12 16:50 --------- d-----w C:\Program\DAEMON Tools
2008-02-10 15:09 --------- d-----w C:\Program\MSN Messenger
2008-02-08 08:19 1,990 ----a-w C:\WINDOWS\system32\drivers\net_m32.inf
2008-02-06 19:01 0 ----a-w C:\WINDOWS\system32\drivers\wnmsav.dat
2008-02-06 18:05 --------- d-----w C:\Program\Panda Software
2008-01-29 10:45 --------- d-----w C:\Program\Prelusion Games
2007-11-15 21:18 22,328 ----a-w C:\Documents and Settings\Micke\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:34 15360]
"NVIDIA nTune"="C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" [ ]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-09-08 16:10 1085440]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-09 18:16 1470464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="C:\Program\Razer\razerhid.exe" [2005-05-17 18:21 147456]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-12 06:51 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-12 06:51 81920]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"NSLauncher"="C:\Program\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44 3100672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:34 15360]

C:\Documents and Settings\Micke\Start-meny\Program\Autostart\
æTorrent.lnk - D:\Program\utorrent.exe [2006-08-28 16:45:50 219952]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Personal.lnk - C:\Program\Personal\bin\Personal.exe [2007-12-20 17:20:07 722728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program\\MSN Messenger\\livecall.exe"=
"D:\\Program\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=

R1 alcxwdmm;alcxwdmm;C:\WINDOWS\system32\drivers\alcxwdmm.sys [2008-02-13 18:17]
S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 15:59:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Razer\razerofa.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
.
**************************************************************************
.
Completion time: 2008-03-15 16:03:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 15:03:45
.
2008-03-12 22:35:25 --- E O F ---

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:30 AM

Posted 15 March 2008 - 10:40 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users