Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I would like to get some help with my pc problems.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I would like to get some help with my pc problems.

Unread postby Coño » December 15th, 2008, 6:03 pm

Logfile of random's system information tool 1.04 (written by random/random)
Run by Hidde at 2008-12-15 22:41:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 192 GB (63%) free of 305 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:49, on 15-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PermissionResearch\prmrsr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Driver for ZOLID Laser Mouse\MouseDrv.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\defrag.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hidde\My Documents\Downloads\RSIT (1).exe
C:\Program Files\Trend Micro\HijackThis\Hidde.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Driver for ZOLID Laser Mouse\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [PermissionResearch] C:\Program Files\PermissionResearch\prmrsr.exe -boot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8007744070
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkkigf - jkkkigf.dll (file missing)
O20 - Winlogon Notify: PermissionResearch - C:\Program Files\PermissionResearch\prls.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe

--
End of file - 8770 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-04-04 1822720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe [2001-03-20 192512]
"WireLessMouse"=C:\Program Files\Driver for ZOLID Laser Mouse\StartAutorun.exe [2005-11-30 94208]
"PermissionResearch"=C:\Program Files\PermissionResearch\prmrsr.exe [2008-12-01 1672704]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-21 185896]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-09 3513344]
"ares"=C:\Program Files\Ares\Ares.exe [2007-11-23 962560]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-03 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"Steam"=c:\program files\steam\steam.exe [2008-10-08 1410296]
"WhatPulse"=C:\Program Files\WhatPulse\WhatPulse.exe [2006-08-21 665600]
"Gadwin PrintScreen"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2007-08-20 495616]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-13 342336]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-29 21755688]
"Google Update"=C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-04 133104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe

C:\Documents and Settings\Hidde\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkigf]
jkkkigf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PermissionResearch]
C:\Program Files\PermissionResearch\prls.dll [2008-10-24 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe"="C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe:*:Enabled:sof3"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Documents and Settings\Hidde\Local Settings\Temp\~os161.tmp\ossproxy.exe"="C:\Documents and Settings\Hidde\Local Settings\Temp\~os161.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\WINDOWS\Temp\~os89.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os89.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\Temp\~os20.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os20.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Documents and Settings\Hidde\Local Settings\Temp\~os57.tmp\ossproxy.exe"="C:\Documents and Settings\Hidde\Local Settings\Temp\~os57.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\Temp\~os1F9.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os1F9.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\program files\permissionresearch\prmrsr.exe"="c:\program files\permissionresearch\prmrsr.exe:*:Enabled:prmrsr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - F:\system.exe
shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}]
shell\1\command - F:\Recycled.exe
shell\2\command - F:\Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe


======List of files/folders created in the last 3 months======

2008-12-13 16:57:37 ----RASHD---- C:\autorun.inf
2008-12-10 16:19:34 ----D---- C:\rsit
2008-12-07 22:29:34 ----D---- C:\Program Files\Trend Micro
2008-12-07 19:07:18 ----D---- C:\Program Files\Hijackthis
2008-12-04 21:28:04 ----D---- C:\Program Files\Microsoft Common
2008-12-04 21:19:12 ----D---- C:\Program Files\Advanced AVI Splitter
2008-12-03 22:36:55 ----D---- C:\Documents and Settings\Hidde\Application Data\ImTOO Software Studio
2008-12-03 22:36:15 ----D---- C:\Program Files\ImTOO
2008-11-28 13:22:45 ----D---- C:\divx
2008-11-27 19:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-27 19:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-27 19:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-27 19:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-27 19:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-27 19:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-27 10:55:32 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-27 10:55:30 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-27 10:55:30 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-11-16 21:39:09 ----D---- C:\WINDOWS\system32\AGEIA
2008-11-16 21:39:09 ----D---- C:\Program Files\AGEIA Technologies
2008-11-16 21:39:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-10 21:52:25 ----D---- C:\Program Files\Video mp3 Extractor
2008-11-10 21:48:54 ----D---- C:\Program Files\AimOne_AlltoMP3
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTWMVFile.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTVideoView.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTVideoPlayer.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTVideoFile.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTVideoCoreM.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTVideoCompress.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTRMFile.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTQuickTimeFile.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTImageFile.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTAVIFile.dll
2008-11-10 21:42:48 ----A---- C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2008-11-10 21:42:47 ----A---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-11-10 21:42:47 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2008-11-10 21:42:47 ----A---- C:\WINDOWS\system32\NCTAudioCompress3.dll
2008-11-10 21:42:47 ----A---- C:\WINDOWS\system32\NCTAudioCompress2.dll
2008-11-10 21:42:47 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-11-10 21:42:47 ----A---- C:\WINDOWS\system32\lame_enc.dll
2008-11-10 21:42:46 ----D---- C:\Program Files\Aplus Media to MP3
2008-11-10 13:57:50 ----D---- C:\Program Files\JoshMadison
2008-11-09 18:56:24 ----D---- C:\Documents and Settings\Hidde\Application Data\skypePM
2008-11-09 18:55:01 ----D---- C:\Documents and Settings\Hidde\Application Data\Skype
2008-11-09 18:54:47 ----D---- C:\Program Files\Skype
2008-11-09 18:54:47 ----D---- C:\Program Files\Common Files\Skype
2008-11-09 18:54:40 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-05 21:09:05 ----A---- C:\WINDOWS\system32\wini10571.exe
2008-11-05 14:31:12 ----A---- C:\WINDOWS\brastk.exe
2008-10-28 23:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 23:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 23:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 23:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 23:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-26 13:09:38 ----D---- C:\Program Files\Microsoft
2008-10-26 13:08:20 ----D---- C:\Program Files\Common Files\Windows Live
2008-10-18 14:38:07 ----D---- C:\Documents and Settings\Hidde\Application Data\Turbine
2008-10-18 14:09:50 ----D---- C:\Program Files\Codemasters
2008-10-15 19:47:16 ----D---- C:\Documents and Settings\Hidde\Application Data\Canon
2008-10-15 18:10:35 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-10-15 17:58:03 ----D---- C:\Program Files\Common Files\CANON
2008-10-15 17:55:51 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-10-15 17:55:40 ----HD---- C:\Program Files\CanonBJ
2008-10-15 17:55:17 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-10-15 17:55:05 ----A---- C:\WINDOWS\system32\CNMLM93.DLL
2008-10-15 17:54:25 ----D---- C:\Program Files\Canon
2008-10-14 20:11:08 ----D---- C:\Documents and Settings\Hidde\Application Data\InstallShield
2008-10-14 18:24:48 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca
2008-10-14 18:24:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-10-14 14:18:31 ----D---- C:\Program Files\Sony Ericsson
2008-10-14 14:18:31 ----D---- C:\Program Files\Common Files\Teleca Shared
2008-10-14 14:03:54 ----D---- C:\Program Files\Sony
2008-10-07 14:35:20 ----D---- C:\Program Files\VirtualDJ
2008-10-04 15:27:41 ----D---- C:\Program Files\Common Files\SWF Studio
2008-10-03 23:27:18 ----D---- C:\Program Files\ManHunt
2008-10-02 21:58:31 ----D---- C:\Program Files\ASIO4ALL v2
2008-10-02 21:58:22 ----D---- C:\Program Files\VstPlugins
2008-10-02 21:58:22 ----A---- C:\WINDOWS\system32\rewire.dll
2008-10-02 21:58:04 ----D---- C:\Program Files\Outsim
2008-10-02 21:56:37 ----D---- C:\Program Files\Image-Line
2008-10-01 20:14:31 ----A---- C:\WINDOWS\dxva_sig.txt
2008-09-30 16:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-30 16:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-30 16:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-30 16:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-30 16:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-30 16:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-30 16:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-30 16:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-30 16:22:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-30 16:19:05 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-30 16:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-30 16:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-30 16:17:33 ----A---- C:\WINDOWS\PaltalkScene Uninstall Log.txt
2008-09-28 19:41:45 ----D---- C:\WINDOWS\Logs
2008-09-28 19:41:43 ----HD---- C:\WINDOWS\msdownld.tmp
2008-09-25 09:03:44 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-09-25 09:03:38 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-09-25 09:03:38 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-25 09:03:34 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-09-25 09:03:32 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-09-25 09:03:32 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-09-25 09:03:32 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-09-25 09:03:30 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-09-25 09:03:30 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-09-25 09:03:18 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-21 13:07:28 ----D---- C:\Program Files\Common Files\xing shared
2008-09-21 13:01:39 ----D---- C:\Program Files\Real
2008-09-21 13:01:39 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-09-21 13:01:39 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-09-21 13:01:37 ----D---- C:\Program Files\Common Files\Real
2008-09-21 13:01:37 ----D---- C:\Documents and Settings\Hidde\Application Data\Real
2008-09-19 22:57:34 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-19 22:55:58 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-09-19 22:55:58 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-09-19 22:55:10 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-09-19 22:55:10 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-09-19 22:54:18 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll

======List of files/folders modified in the last 3 months======

2008-12-15 22:41:22 ----D---- C:\Documents and Settings\Hidde\Application Data\DNA
2008-12-15 19:29:32 ----D---- C:\WINDOWS\Prefetch
2008-12-15 15:24:06 ----D---- C:\Program Files\Steam
2008-12-15 15:22:32 ----D---- C:\WINDOWS\Temp
2008-12-15 15:20:38 ----D---- C:\Program Files\DNA
2008-12-14 12:42:12 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 12:39:35 ----D---- C:\Program Files\LimeWire
2008-12-10 16:35:14 ----D---- C:\WINDOWS
2008-12-08 17:17:40 ----D---- C:\Program Files\mIRC
2008-12-07 22:29:34 ----RD---- C:\Program Files
2008-12-07 14:03:35 ----D---- C:\WINDOWS\Minidump
2008-12-05 17:43:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-05 17:09:14 ----D---- C:\Program Files\SwiftKit
2008-12-04 21:41:06 ----D---- C:\DVDVideoSoft
2008-12-04 19:19:51 ----SD---- C:\WINDOWS\Tasks
2008-12-04 18:47:58 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-04 18:47:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 22:36:32 ----D---- C:\WINDOWS\system32
2008-12-03 22:33:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-03 21:57:30 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem.txt
2008-12-03 21:57:30 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem #2.txt
2008-12-03 21:57:30 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2008-12-03 21:57:30 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt
2008-12-03 21:47:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 21:47:46 ----HD---- C:\WINDOWS\inf
2008-12-03 14:51:27 ----D---- C:\Documents and Settings\Hidde\Application Data\mIRC
2008-12-02 16:13:53 ----D---- C:\Program Files\PermissionResearch
2008-11-28 13:21:11 ----D---- C:\Program Files\DivX
2008-11-28 13:15:38 ----SHD---- C:\WINDOWS\Installer
2008-11-27 19:10:15 ----A---- C:\WINDOWS\imsins.BAK
2008-11-27 19:10:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-27 19:10:14 ----D---- C:\WINDOWS\system32\drivers
2008-11-27 19:10:12 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-27 19:09:49 ----A---- C:\WINDOWS\win.ini
2008-11-27 19:08:10 ----D---- C:\Program Files\Internet Explorer
2008-11-26 13:40:33 ----SD---- C:\Documents and Settings\Hidde\Application Data\Microsoft
2008-11-18 16:24:31 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-11-16 21:40:54 ----D---- C:\WINDOWS\nview
2008-11-16 21:39:01 ----D---- C:\Program Files\Common Files
2008-11-16 21:38:50 ----D---- C:\WINDOWS\Help
2008-11-14 18:23:57 ----D---- C:\Documents and Settings\Hidde\Application Data\SPORE Creature Creator
2008-11-13 18:57:40 ----A---- C:\Log.txt
2008-11-11 13:59:40 ----D---- C:\Program Files\SystemRequirementsLab
2008-11-11 13:59:28 ----D---- C:\Documents and Settings\Hidde\Application Data\SystemRequirementsLab
2008-11-10 21:12:11 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2008-11-10 18:57:47 ----D---- C:\WINDOWS\.jagex_cache_32
2008-10-29 16:09:35 ----D---- C:\Program Files\Safari
2008-10-26 13:09:49 ----D---- C:\WINDOWS\WinSxS
2008-10-26 13:09:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-26 13:09:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-26 13:03:52 ----D---- C:\Program Files\Windows Live
2008-10-26 11:50:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-22 22:51:42 ----D---- C:\Program Files\Messenger Plus! Live
2008-10-22 15:16:45 ----D---- C:\Documents and Settings\Hidde\Application Data\dvdcss
2008-10-19 20:39:27 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-10-19 20:38:38 ----D---- C:\Program Files\WarRock
2008-10-19 15:56:54 ----RSD---- C:\WINDOWS\Fonts
2008-10-16 18:10:20 ----RD---- C:\My shared folder
2008-10-15 19:32:40 ----D---- C:\Program Files\ArtMoney
2008-10-15 17:54:39 ----D---- C:\WINDOWS\Media
2008-10-15 17:54:28 ----D---- C:\WINDOWS\twain_32
2008-10-14 20:21:52 ----D---- C:\Documents and Settings\Hidde\Application Data\BitTorrent
2008-10-14 20:11:43 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-14 14:18:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-14 14:18:38 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-14 13:46:53 ----D---- C:\Program Files\Bonjour
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\keystone.exe
2008-10-02 10:07:58 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-01 15:55:30 ----D---- C:\Program Files\StuffPlug3
2008-09-30 17:33:54 ----D---- C:\Program Files\WiFi Guardian
2008-09-30 16:25:52 ----D---- C:\Program Files\Messenger
2008-09-30 16:22:59 ----RSD---- C:\WINDOWS\assembly
2008-09-30 16:22:14 ----D---- C:\WINDOWS\Debug
2008-09-30 16:21:44 ----D---- C:\Program Files\Microsoft Works
2008-09-30 16:17:53 ----D---- C:\Documents and Settings\Hidde\Application Data\Paltalk
2008-09-30 16:17:52 ----D---- C:\Program Files\Paltalk Messenger
2008-09-28 19:41:43 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-08-31 20480]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-07-29 23000]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 P1110VID;Creative WebCam NX; C:\WINDOWS\system32\DRIVERS\P1110VID.sys [2003-05-14 90357]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-10-01 162304]
R3 SISNPF;SIS Netgroup Packet Filter; C:\WINDOWS\system32\drivers\SISNPF.sys [2004-09-30 74240]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 ajrsmh3f;ajrsmh3f; C:\WINDOWS\system32\drivers\ajrsmh3f.sys []
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-29 11988]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver; \??\C:\DOCUME~1\Hidde\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-03-01 25280]
S3 hitmanpro2;Hitman Pro 2 Driver; \??\C:\Program Files\Hitman Pro\hitmanpro2.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-19 66872]
R2 SiSWLSvc;SiS WirelessLan Service; C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe [2004-09-27 40960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-18 654848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


Will do the flashlight tomorrow, because I can't find my other scan. I remember by the way that it didn't found any threats. So is it necessary? And it's not my intention to be rude and stuff, but when are we gonna start with the actually cleaning of my computer?
Coño
Active Member
 
Posts: 12
Joined: December 7th, 2008, 2:37 pm
Advertisement
Register to Remove

Re: I would like to get some help with my pc problems.

Unread postby Odd dude » December 16th, 2008, 10:38 am

I haven't started fixing anything because I can't find out what is wrong with your computer.

There are a few items that require our attention, but none of these are active and/or harmful enough to cause issues such as the ones you describe.

I think you would prefer me getting your explorer to work over me fixing some relatively harmless nags in your registry.

Post the blacklight log when blacklight finishes running, then also perform one last scan which will check the integrity of your system files:

Please download OTScanIt2 from Geeks to Go or Bleeping Computer. Save it to your desktop.

  1. Double click on OTScanIt2.exe to run it.
  2. Click on Extract. Once done, you will be prompted. Click OK and click Close.
  3. Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
  4. Under Rookit Search, select Yes.
  5. Under Additional Scans, select Reg - Shell spawning, File - LOP check, File - Signature check and Evnt - EventViewer logs (last 10 errors).
  6. Click on Run Scan at the top left hand corner.
  7. When done, Notepad will open. Please post this log in your next reply.

If this scan comes back clean I can fix the leftovers and then send you off to a general troubleshooting forum.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I would like to get some help with my pc problems.

Unread postby Coño » December 16th, 2008, 6:25 pm

Odd dude wrote:I haven't started fixing anything because I can't find out what is wrong with your computer.

There are a few items that require our attention, but none of these are active and/or harmful enough to cause issues such as the ones you describe.

I think you would prefer me getting your explorer to work over me fixing some relatively harmless nags in your registry.

Post the blacklight log when blacklight finishes running, then also perform one last scan which will check the integrity of your system files:

Please download OTScanIt2 from Geeks to Go or Bleeping Computer. Save it to your desktop.

  1. Double click on OTScanIt2.exe to run it.
  2. Click on Extract. Once done, you will be prompted. Click OK and click Close.
  3. Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
  4. Under Rookit Search, select Yes.
  5. Under Additional Scans, select Reg - Shell spawning, File - LOP check, File - Signature check and Evnt - EventViewer logs (last 10 errors).
  6. Click on Run Scan at the top left hand corner.
  7. When done, Notepad will open. Please post this log in your next reply.

If this scan comes back clean I can fix the leftovers and then send you off to a general troubleshooting forum.


Well, I've run a blacklight scan again, and again, I can't find the log. :l It found 1 hidden file, that was something like reboot mode or something.

Code: Select all
OTScanIt2 logfile created on: 16-12-2008 23:15:06 - Run 1
OTScanIt2 by OldTimer - Version 1.0.3.1     Folder = C:\Documents and Settings\Hidde\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy
 
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,74% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 187,66 Gb Free Space | 62,95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 660,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NIKS-2EE130D9F7
Current User Name: Hidde
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
ares.exe -> %ProgramFiles%\Ares\Ares.exe -> [2007-11-23 17:18:16 | 00,962,560 | ---- | M] (Ares Development Group)
bjmyprt.exe -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE -> [2007-04-03 17:50:00 | 01,603,152 | ---- | M] (CANON INC.)
bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> [2005-08-31 12:04:14 | 01,196,032 | ---- | M] (IVT Corporation)
btdna.exe -> %ProgramFiles%\DNA\btdna.exe -> [2008-12-16 15:37:45 | 00,342,848 | ---- | M] (BitTorrent, Inc.)
btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [2005-04-06 15:03:28 | 00,110,592 | ---- | M] ()
chrome.exe -> %UserProfile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2008-12-01 17:30:19 | 00,766,960 | ---- | M] (Google Inc.)
chrome.exe -> %UserProfile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2008-12-01 17:30:19 | 00,766,960 | ---- | M] (Google Inc.)
chrome.exe -> %UserProfile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2008-12-01 17:30:19 | 00,766,960 | ---- | M] (Google Inc.)
daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> [2008-01-03 14:54:45 | 00,486,856 | ---- | M] (DT Soft Ltd)
defrag.exe -> %SystemRoot%\system32\defrag.exe -> [2004-08-04 02:07:00 | 00,025,088 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.)
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008-12-04 19:19:38 | 00,133,104 | ---- | M] (Google Inc.)
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008-12-04 19:19:38 | 00,133,104 | ---- | M] (Google Inc.)
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008-12-04 19:19:38 | 00,133,104 | ---- | M] (Google Inc.)
hpztsb02.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb02.exe -> [2001-03-20 15:03:08 | 00,192,512 | ---- | M] (HP)
ijplmsvc.exe -> %ProgramFiles%\Canon\IJPLM\ijplmsvc.exe -> [2007-04-13 07:49:00 | 00,101,528 | ---- | M] ()
jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jucheck.exe -> [2008-06-10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
limewire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe -> [2005-03-09 20:49:38 | 00,081,920 | ---- | M] (Lime Wire, LLC)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007-07-24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
mousedrv.exe -> %ProgramFiles%\Driver for ZOLID Laser Mouse\MouseDrv.exe -> [2006-01-05 16:53:04 | 00,307,200 | ---- | M] ()
msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe -> [2008-09-09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008-12-12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools)
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2007-12-19 16:23:59 | 00,066,872 | ---- | M] ()
prmrsr.exe -> %ProgramFiles%\PermissionResearch\prmrsr.exe -> [2008-12-01 20:41:45 | 01,672,704 | ---- | M] (PermissionResearch)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2008-09-21 13:07:12 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> [2007-04-10 16:28:44 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.)
siswlsvc.exe -> %ProgramFiles%\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe -> [2004-09-27 14:54:32 | 00,040,960 | ---- | M] ()
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> [2008-09-29 17:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.)
tsvncache.exe -> %ProgramFiles%\TortoiseSVN\bin\TSVNCache.exe -> [2008-07-31 16:26:40 | 00,575,488 | ---- | M] (http://tortoisesvn.net)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation)
whatpulse.exe -> %ProgramFiles%\WhatPulse\WhatPulse.exe -> [2006-08-21 18:48:46 | 00,665,600 | ---- | M] (WhatPulse.org)
wlancu.exe -> %ProgramFiles%\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe -> [2004-09-29 16:08:02 | 00,442,368 | ---- | M] ()
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2004-08-04 02:07:00 | 00,218,112 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> [2007-03-20 02:19:14 | 00,263,168 | ---- | M] (Ares Development Group)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [2005-04-06 15:03:28 | 00,110,592 | ---- | M] ()
(Bonjour Service) Bonjour-service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007-07-24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008-07-18 12:09:32 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004-08-04 02:07:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(IJPLMSVC) PIXMA Extended Survey Program [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\IJPLM\ijplmsvc.exe -> [2007-04-13 07:49:00 | 00,101,528 | ---- | M] ()
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2007-12-19 16:23:59 | 00,066,872 | ---- | M] ()
(SiSWLSvc) SiS WirelessLan Service [Win32_Own | Auto | Running] -> %ProgramFiles%\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe -> [2004-09-27 14:54:32 | 00,040,960 | ---- | M] ()
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aec.sys -> [2008-09-02 18:41:23 | 00,006,656 | ---- | M] ()
(AtcL001) NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\l151x86.sys -> [2007-11-01 08:56:00 | 00,036,864 | ---- | M] (Atheros Communications, Inc.)
(BlueletAudio) Bluetooth Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\blueletaudio.sys -> [2005-08-31 09:34:10 | 00,020,480 | ---- | M] (IVT Corporation)
(BlueletSCOAudio) Bluetooth SCO Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BlueletSCOAudio.sys -> [2005-08-31 09:34:52 | 00,020,480 | ---- | M] (IVT Corporation)
(BT) Bluetooth PAN Network Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BtNetDrv.sys -> [2005-04-30 13:48:58 | 00,010,804 | ---- | M] (IVT Corporation)
(Btcsrusb) Bluetooth USB For Bluetooth Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btcusb.sys -> [2005-07-29 15:26:54 | 00,023,000 | ---- | M] (IVT Corporation)
(BTHidEnum) Bluetooth HID Enumerator [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vbtenum.sys -> [2005-07-29 15:21:32 | 00,011,988 | ---- | M] ()
(BTHidMgr) Bluetooth HID Manager Service [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\BTHidMgr.sys -> [2005-04-30 13:50:10 | 00,028,271 | ---- | M] (IVT Corporation)
(CCDECODE) Closed Caption Decoder [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CCDECODE.sys -> [2004-08-03 23:10:18 | 00,017,024 | ---- | M] ()
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hamachi.sys -> [2008-03-01 18:19:50 | 00,025,280 | ---- | M] (LogMeIn, Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider)
(hitmanpro2) Hitman Pro 2 Driver [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Hitman Pro\hitmanpro2.sys -> [2006-11-03 12:02:59 | 00,010,336 | ---- | M] (SurfRight)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007-04-10 20:04:40 | 04,397,568 | R--- | M] (Realtek Semiconductor Corp.)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2004-08-03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys -> [2004-08-13 11:56:20 | 00,005,810 | R--- | M] ()
(npkcrypt) npkcrypt [Kernel | Auto | Running] -> %SystemDrive%\Nexon\MapleStory\npkcrypt.sys -> [2008-04-02 08:14:04 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.)
(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\npptNT2.sys -> [2005-01-04 10:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2008-10-07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation)
(P1110VID) Creative WebCam NX [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\P1110Vid.sys -> [2003-05-14 03:57:02 | 00,090,357 | R--- | M] (Creative Technology Ltd.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004-08-04 02:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2008-06-11 01:07:16 | 00,043,528 | ---- | M] (Sonic Solutions)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rootmdm.sys -> [2004-08-04 02:07:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(s116bus) Sony Ericsson Device 116 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116bus.sys -> [2007-04-03 12:57:42 | 00,083,336 | R--- | M] (MCCI Corporation)
(s116mdfl) Sony Ericsson Device 116 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116mdfl.sys -> [2007-04-03 12:57:48 | 00,015,112 | R--- | M] (MCCI Corporation)
(s116mdm) Sony Ericsson Device 116 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116mdm.sys -> [2007-04-03 12:57:48 | 00,108,680 | R--- | M] (MCCI Corporation)
(s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116mgmt.sys -> [2007-04-03 12:57:50 | 00,100,488 | R--- | M] (MCCI Corporation)
(s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116nd5.sys -> [2007-04-03 12:57:52 | 00,023,176 | R--- | M] (MCCI Corporation)
(s116obex) Sony Ericsson Device 116 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116obex.sys -> [2007-04-03 12:57:52 | 00,098,696 | R--- | M] (MCCI Corporation)
(s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116unic.sys -> [2007-04-03 12:57:54 | 00,099,080 | R--- | M] (MCCI Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007-11-13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SIS163u) SiS 163 usb Wireless LAN Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SiS163u.sys -> [2004-10-01 10:14:34 | 00,162,304 | ---- | M] (SiS Corporation)
(SISNPF) SIS Netgroup Packet Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SISNPF.SYS -> [2004-09-30 21:34:30 | 00,074,240 | ---- | M] (Politecnico di Torino)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [2008-01-11 13:27:00 | 00,715,248 | ---- | M] ()
(VComm) Virtual Serial port driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\VComm.sys -> [2004-10-19 12:37:38 | 00,061,312 | ---- | M] (IVT Corporation)
(VcommMgr) Bluetooth VComm Manager Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\VcommMgr.sys -> [2005-03-25 16:18:48 | 00,082,148 | ---- | M] (IVT Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Page_Transitions" ->  -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Search\\"AutoSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx -> 
HKEY_CURRENT_USER\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" -> msn -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Hidde\Application Data\Mozilla\FireFox\Profiles\6fkjcs2w.default\prefs.js -> 
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
browser.startup.homepage -> "http://www.leetzone.co.uk/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
extensions.enabledItems -> {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
extensions.enabledItems -> {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1 ->
extensions.enabledItems -> {6E19037A-12E3-4295-8915-ED48BC341614}:1.3 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< HOSTS File > (22 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1  localhost
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2007-10-10 19:51:56 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> [2005-05-03 19:43:28 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"CanonMyPrinter" -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> [2007-04-03 17:50:00 | 01,603,152 | ---- | M] (CANON INC.)
"CanonSolutionMenu" -> %ProgramFiles%\Canon\SolutionMenu\CNSLMAIN.EXE [C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon] -> [2007-05-14 17:01:00 | 00,644,696 | ---- | M] (CANON INC.)
"HPDJ Taskbar Utility" -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb02.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe] -> [2001-03-20 15:03:08 | 00,192,512 | ---- | M] (HP)
"NBKeyScan" -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ["C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"] -> File not found
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008-10-07 13:33:00 | 13,574,144 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008-10-07 13:33:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2008-10-07 13:33:00 | 01,630,208 | ---- | M] ()
"PermissionResearch" -> %ProgramFiles%\PermissionResearch\prmrsr.exe [C:\Program Files\PermissionResearch\prmrsr.exe -boot] -> [2008-12-01 20:41:45 | 01,672,704 | ---- | M] (PermissionResearch)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008-05-27 09:50:30 | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> [2007-04-10 16:28:44 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> %SystemRoot%\SkyTel.exe [SkyTel.EXE] -> [2007-04-04 18:22:46 | 01,822,720 | R--- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2008-09-21 13:07:12 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"WinampAgent" -> %ProgramFiles%\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> File not found
"WireLessMouse" -> %ProgramFiles%\Driver for ZOLID Laser Mouse\StartAutorun.exe MouseDrv.exe [C:\Program Files\Driver for ZOLID Laser Mouse\StartAutorun.exe MouseDrv.exe] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ares" -> %ProgramFiles%\Ares\Ares.exe ["C:\Program Files\Ares\Ares.exe" -h] -> [2007-11-23 17:18:16 | 00,962,560 | ---- | M] (Ares Development Group)
"BitTorrent DNA" -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> [2008-12-16 15:37:45 | 00,342,848 | ---- | M] (BitTorrent, Inc.)
"DAEMON Tools Lite" -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe"] -> [2008-01-03 14:54:45 | 00,486,856 | ---- | M] (DT Soft Ltd)
"Gadwin PrintScreen" -> %ProgramFiles%\Gadwin Systems\PrintScreen\PrintScreen.exe [C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash] -> [2007-08-20 09:42:23 | 00,495,616 | ---- | M] (Gadwin Systems, Inc)
"Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008-12-04 19:19:38 | 00,133,104 | ---- | M] (Google Inc.)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe ["C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020] -> File not found
"MsnMsgr" -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2008-09-09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation)
"Skype" -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2008-09-29 17:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.)
"Steam" -> %ProgramFiles%\Steam\Steam.exe ["c:\program files\steam\steam.exe" -silent] -> [2008-10-08 13:17:25 | 01,410,296 | ---- | M] (Valve Corporation)
"WhatPulse" -> %ProgramFiles%\WhatPulse\WhatPulse.exe [C:\Program Files\WhatPulse\WhatPulse.exe] -> [2006-08-21 18:48:46 | 00,665,600 | ---- | M] (WhatPulse.org)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\BlueSoleil.lnk -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> [2005-08-31 12:04:14 | 01,196,032 | ---- | M] (IVT Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\PalTalk.lnk -> %ProgramFiles%\Paltalk Messenger\paltalk.exe -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\Wireless Configuration Utility HW.32.lnk -> %SystemRoot%\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe -> [2007-12-18 20:36:51 | 00,040,960 | R--- | M] (InstallShield Software Corp.)
< Hidde Startup Folder > -> C:\Documents and Settings\Hidde\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\LimeWire On Startup.lnk -> %ProgramFiles%\LimeWire\LimeWire.exe -> [2005-03-09 20:49:38 | 00,081,920 | ---- | M] (Lime Wire, LLC)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [36] -> File not found
\\"ForceClassicControlPanel" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [FF FF FF FF  [binary data]] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}:Exec [HKLM] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [Button: PalTalk] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198007744070[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab[Java Plug-in 1.5.0_12] -> 
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1AAEDD7D-1F7A-497C-A623-2145F8C52AA6} ->    () -> 
{201C9FA4-8C65-49BA-B7A8-E97FBB6BDE47} ->    () -> 
{63A326B3-18D6-4DBB-A1E1-9F01AB659A9F} ->    (802.11g USB 2.0 Wireless LAN Adapter) -> 
{A70E7AC6-CA98-493B-97D8-955939EE188D} ->    () -> 
{C6A7A94A-BA75-401A-920D-1DB1E082722B} ->    (Sony Ericsson Device 116 USB Ethernet Emulation (NDIS 5)) -> 
{D070D55F-D17E-4169-A77E-25E56295A50A} ->    (802.11g USB 2.0 Wireless LAN Adapter) -> 
{E9DC5FDD-4E00-4F81-9C44-B21067D58F11} ->    (802.11g USB 2.0 Wireless LAN Adapter) -> 
{EEBD2AAE-81D1-4802-8DE3-33B659EB845D} ->    (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
jkkkigf ->  -> File not found
PermissionResearch -> %ProgramFiles%\PermissionResearch\prls.dll -> [2008-10-24 14:50:53 | 00,372,736 | ---- | M] (PermissionResearch)
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
explorer.exe -> %ProgramFiles%\Microsoft Common\wuauclt.exe [Debugger] -> [2008-08-31 18:51:42 | 00,033,280 | -H-- | M] ()
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004-08-04 02:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2008-09-09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Hidde\Local Settings\Temp\~os161.tmp\ossproxy.exe" -> C:\Documents and Settings\Hidde\Local Settings\Temp\~os161.tmp\ossproxy.exe [C:\Documents and Settings\Hidde\Local Settings\Temp\~os161.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\Documents and Settings\Hidde\Local Settings\Temp\~os57.tmp\ossproxy.exe" -> C:\Documents and Settings\Hidde\Local Settings\Temp\~os57.tmp\ossproxy.exe [C:\Documents and Settings\Hidde\Local Settings\Temp\~os57.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe" -> C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe [C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe:*:Enabled:sof3] -> [2007-11-07 22:39:36 | 00,061,440 | ---- | M] ()
"C:\Program Files\Ares\Ares.exe" -> C:\Program Files\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> [2007-11-23 17:18:16 | 00,962,560 | ---- | M] (Ares Development Group)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2008-09-27 00:44:20 | 00,634,672 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2007-07-24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2008-12-16 15:37:45 | 00,342,848 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" -> C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil] -> [2005-08-31 12:04:14 | 01,196,032 | ---- | M] (IVT Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2005-03-09 20:49:38 | 00,081,920 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> [2008-05-21 19:23:52 | 02,797,568 | ---- | M] (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2008-11-20 15:08:05 | 00,307,712 | ---- | M] (Mozilla Corporation)
"c:\program files\permissionresearch\prmrsr.exe" -> c:\Program Files\PermissionResearch\prmrsr.exe [c:\program files\permissionresearch\prmrsr.exe:*:Enabled:prmrsr.exe] -> [2008-12-01 20:41:45 | 01,672,704 | ---- | M] (PermissionResearch)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008-09-29 17:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" -> C:\Program Files\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" -> C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" -> C:\Program Files\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2008-09-09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> File not found
"C:\WINDOWS\Temp\~os1F9.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os1F9.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os1F9.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\WINDOWS\Temp\~os20.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os20.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os20.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> [2008-12-14 12:38:50 | 01,690,112 | ---- | M] (PermissionResearch)
"C:\WINDOWS\Temp\~os89.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os89.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os89.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004-08-04 02:07:00 | 00,049,536 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007-12-18 20:22:31 | 00,000,000 | ---- | M] ()
C:\autorun.inf [] -> %SystemDrive%\autorun.inf [ NTFS ] -> [2008-12-13 16:57:37 | 00,000,000 | RHSD | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\AutoRun
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Explore\command
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Explore\command\\"" -> F:\system.exe [F:\system.exe] -> File not found
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Open\command
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Open\command\\"" -> F:\system.exe [F:\system.exe] -> File not found
\{c82ccc74-b274-11dd-a710-0040f4dcec58}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell
\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\1\Command
\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\1\Command\\"" -> F:\Recycled.exe [F:\Recycled.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\2\Command
\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\2\Command\\"" -> F:\Recycled.exe [F:\Recycled.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\AutoRun
\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
 
[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* -> File not found
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2005-05-27 00:22:01 | 00,010,752 | ---- | M] (Microsoft Corporation)
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
cmdfile [open] -> "%1" %* -> File not found
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
helpfile [open] -> winhlp32.exe %1 -> [2004-08-04 02:07:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> [2004-08-04 02:07:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
htafile [open] -> %SystemRoot%\system32\mshta.exe "%1" %* -> [2004-08-04 02:07:00 | 00,029,184 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007-04-19 13:07:38 | 00,061,280 | ---- | M] (Microsoft Corporation)
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> [2004-08-04 02:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> [2004-08-04 02:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2007-04-19 13:07:38 | 00,061,280 | ---- | M] (Microsoft Corporation)
http [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2008-11-20 15:08:05 | 00,307,712 | ---- | M] (Mozilla Corporation)
https [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2008-11-20 15:08:05 | 00,307,712 | ---- | M] (Mozilla Corporation)
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> [2004-08-04 02:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> File not found
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" -> [2004-08-04 02:07:00 | 00,146,432 | ---- | M] (Microsoft Corporation)
regfile [merge] -> Reg Error: Key does not exist or could not be opened.
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
scrfile [config] -> "%1" -> File not found
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2004-08-04 02:07:00 | 00,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> File not found
txtfile [edit] -> Reg Error: Key does not exist or could not be opened.
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> [2004-08-04 02:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> [2004-08-04 02:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
System [ Error ] 16-12-2008 17:43:22 Computer Name = NIKS-2EE130D9F7 | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15  minutes.  The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 16-12-2008 17:43:22 Computer Name = NIKS-2EE130D9F7 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more  time sources, however none of the sources are currently accessible.   No attempt to contact a source will be made for 14 minutes.  NtpClient has no source of accurate time. 
System [ Error ] 16-12-2008 17:43:22 Computer Name = NIKS-2EE130D9F7 | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15  minutes.  The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 16-12-2008 17:43:22 Computer Name = NIKS-2EE130D9F7 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more  time sources, however none of the sources are currently accessible.   No attempt to contact a source will be made for 14 minutes.  NtpClient has no source of accurate time. 
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:44:19 Computer Name = NIKS-2EE130D9F7 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   Beep
 
[Files/Folders - Created Within 30 Days]
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008-12-16 23:13:19 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008-12-16 19:43:06 | 00,647,677 | ---- | C] ()
autorun.inf -> %SystemDrive%\autorun.inf -> [2008-12-13 16:57:37 | 00,000,000 | RHSD | C]
rsit -> %SystemDrive%\rsit -> [2008-12-10 16:19:34 | 00,000,000 | ---D | C]
wallpapermercskenk1.JPG -> %UserProfile%\My Documents\wallpapermercskenk1.JPG -> [2008-12-08 21:53:35 | 00,811,514 | ---- | C] ()
2n6yd1i.jpg -> %UserProfile%\My Documents\2n6yd1i.jpg -> [2008-12-08 21:51:32 | 00,631,616 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2008-12-07 22:29:34 | 00,000,000 | ---D | C]
Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk -> [2008-12-07 19:07:18 | 00,001,734 | ---- | C] ()
Hijackthis -> %ProgramFiles%\Hijackthis -> [2008-12-07 19:07:18 | 00,000,000 | ---D | C]
Microsoft Common -> %ProgramFiles%\Microsoft Common -> [2008-12-04 21:28:04 | 00,000,000 | ---D | C]
Advanced AVI Splitter -> %ProgramFiles%\Advanced AVI Splitter -> [2008-12-04 21:19:12 | 00,000,000 | ---D | C]
avisplit.exe -> %UserProfile%\Desktop\avisplit.exe -> [2008-12-04 21:18:51 | 00,731,711 | ---- | C] ()
ImTOO Software Studio -> %UserProfile%\My Documents\ImTOO Software Studio -> [2008-12-03 22:36:55 | 00,000,000 | ---D | C]
ImTOO Software Studio -> %AppData%\ImTOO Software Studio -> [2008-12-03 22:36:55 | 00,000,000 | ---D | C]
ImTOO Video to Audio Converter.lnk -> %UserProfile%\Desktop\ImTOO Video to Audio Converter.lnk -> [2008-12-03 22:36:31 | 00,001,747 | ---- | C] ()
ImTOO -> %ProgramFiles%\ImTOO -> [2008-12-03 22:36:15 | 00,000,000 | ---D | C]
r-mp3-converter.exe.download -> %UserProfile%\My Documents\r-mp3-converter.exe.download -> [2008-12-03 22:34:50 | 00,147,993 | ---- | C] ()
testbeeld2.gif -> %UserProfile%\My Documents\testbeeld2.gif -> [2008-12-03 19:31:10 | 00,018,742 | ---- | C] ()
BB2K__Gigi_Ravelli__009.mpg.mpeg -> %UserProfile%\Desktop\BB2K__Gigi_Ravelli__009.mpg.mpeg -> [2008-12-02 20:06:50 | 22,850,811 | ---- | C] ()
kaal lol.JPG -> %UserProfile%\My Documents\kaal lol.JPG -> [2008-12-01 15:29:50 | 01,276,595 | ---- | C] ()
DVD gedicht.doc -> %UserProfile%\My Documents\DVD gedicht.doc -> [2008-11-30 18:52:57 | 00,024,576 | ---- | C] ()
divx -> %SystemDrive%\divx -> [2008-11-28 13:22:45 | 00,000,000 | ---D | C]
Buy DivX for Windows.lnk -> %AllUsersProfile%\Desktop\Buy DivX for Windows.lnk -> [2008-11-28 13:21:20 | 00,001,122 | ---- | C] ()
DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [2008-11-28 13:21:05 | 00,000,806 | ---- | C] ()
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [2008-11-28 13:20:50 | 00,001,469 | ---- | C] ()
samson.JPG -> %UserProfile%\My Documents\samson.JPG -> [2008-11-27 22:46:50 | 00,192,016 | ---- | C] ()
LELA POV.wmv -> %UserProfile%\Desktop\LELA POV.wmv -> [2008-11-27 14:17:41 | 59,418,123 | ---- | C] ()
MFC71.dll -> %SystemRoot%\System32\MFC71.dll -> [2008-11-27 10:55:30 | 01,060,864 | ---- | C] (Microsoft Corporation)
RealMediaSplitter.ax -> %SystemRoot%\System32\RealMediaSplitter.ax -> [2008-11-27 10:55:30 | 00,421,888 | ---- | C] (Gabest)
pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> [2008-11-27 10:55:30 | 00,278,528 | ---- | C] (Real Networks, Inc)
Gedicht Dirk Jan.doc -> %UserProfile%\My Documents\Gedicht Dirk Jan.doc -> [2008-11-26 15:14:51 | 00,024,576 | ---- | C] ()
sint.doc -> %UserProfile%\My Documents\sint.doc -> [2008-11-26 14:41:18 | 00,414,720 | ---- | C] ()
don2.jpg -> %UserProfile%\My Documents\don2.jpg -> [2008-11-22 22:46:46 | 00,016,492 | ---- | C] ()
don3.jpg -> %UserProfile%\My Documents\don3.jpg -> [2008-11-22 22:40:37 | 00,011,107 | ---- | C] ()
50cent.jpg -> %UserProfile%\My Documents\50cent.jpg -> [2008-11-22 22:39:09 | 00,017,979 | ---- | C] ()
dl.php.jpg -> %UserProfile%\Desktop\dl.php.jpg -> [2008-11-22 18:36:57 | 00,092,281 | ---- | C] ()
donn-e1.JPG -> %UserProfile%\My Documents\donn-e1.JPG -> [2008-11-20 22:46:41 | 00,111,999 | ---- | C] ()
donn-e.JPG -> %UserProfile%\My Documents\donn-e.JPG -> [2008-11-20 22:45:31 | 00,058,718 | ---- | C] ()
1772607_5_4rYe.jpeg -> %UserProfile%\My Documents\1772607_5_4rYe.jpeg -> [2008-11-20 22:44:16 | 00,058,718 | ---- | C] ()
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [2008-11-19 18:34:08 | 00,000,236 | ---- | C] ()
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [2008-11-19 18:34:08 | 00,000,200 | ---- | C] ()
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [2008-11-17 17:08:47 | 00,000,236 | ---- | C] ()
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [2008-11-17 17:08:47 | 00,000,200 | ---- | C] ()
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [2008-11-17 14:28:46 | 00,000,236 | ---- | C] ()
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [2008-11-17 14:28:46 | 00,000,200 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2007-12-18 21:02:30 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008-12-16 20:51:19 | 00,012,818 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008-12-16 20:51:19 | 00,013,940 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2008-03-12 14:04:48 | 00,000,000 | ---D | M]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2008-03-12 21:16:34 | 00,008,206 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp -> [2008-12-16 23:12:57 | 00,000,000 | ---D | M]
11524.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\11524.exe -> [2007-12-20 15:12:35 | 03,208,192 | ---- | M] ()
9c29e5chp9e5c0.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\9c29e5chp9e5c0.exe -> [2008-08-31 17:51:12 | 00,000,000 | -H-- | M] ()
ADBEPHSPCS3_WWE.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\ADBEPHSPCS3_WWE.exe -> [2008-02-09 21:06:04 | 48,610,8144 | ---- | M] (Adobe Systems Incorporated)
CmdLineExtInstallerExe.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\CmdLineExtInstallerExe.exe -> [2008-06-20 10:38:18 | 00,375,992 | ---- | M] ()
gtb2k1033.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\gtb2k1033.exe -> [2007-04-12 06:35:16 | 00,559,784 | ---- | M] (Google)
ildownloader_install.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\ildownloader_install.exe -> [2008-06-19 08:29:28 | 01,775,121 | ---- | M] ()
Install_WLMessenger.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Install_WLMessenger.exe -> [2007-10-28 05:47:10 | 20,244,496 | ---- | M] (Microsoft Corporation)
jre-6u11-windows-i586-p-iftw_196cf524.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\jre-6u11-windows-i586-p-iftw_196cf524.exe -> [2008-11-26 04:49:07 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.)
mirc632.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mirc632.exe -> [2008-05-21 19:27:00 | 01,693,806 | ---- | M] (mIRC Co. Ltd.)
SPTDinst-x64.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\SPTDinst-x64.exe -> [2007-12-04 11:26:08 | 01,093,616 | ---- | M] (Duplex Secure Ltd.)
1342 C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Hidde\Local Settings\Temp\_ir_sf7_temp_0\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\_ir_sf7_temp_0 -> [2008-05-28 17:02:51 | 00,000,000 | ---D | M]
irsetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\_ir_sf7_temp_0\irsetup.exe -> [2008-05-28 17:02:24 | 00,473,600 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\{2AC2E76E-AC89-40A2-BB86-05A0829649E5}\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\{2AC2E76E-AC89-40A2-BB86-05A0829649E5} -> [2007-12-20 15:05:33 | 00,000,000 | ---D | M]
dotnetfx.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\{2AC2E76E-AC89-40A2-BB86-05A0829649E5}\dotnetfx.exe -> [2007-12-20 15:05:33 | 00,422,832 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe Reader 8\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe Reader 8 -> [2007-12-22 12:57:21 | 00,000,000 | ---D | M]
Setup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe Reader 8\Setup.exe -> [2007-05-11 09:50:42 | 00,304,784 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe_Downloads\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe_Downloads -> [2007-12-22 23:49:59 | 00,000,000 | ---D | M]
pase320_en_US.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe_Downloads\pase320_en_US.exe -> [2007-12-22 12:56:37 | 08,823,576 | ---- | M] (Adobe Systems, Inc.                                         )
C:\Documents and Settings\Hidde\Local Settings\Temp\bye6C.tmp\Disk1\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\bye6C.tmp\Disk1 -> [2008-01-15 22:18:11 | 00,000,000 | ---D | M]
setup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\bye6C.tmp\Disk1\setup.exe -> [2008-01-15 22:18:10 | 00,119,016 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\ -> [2007-12-20 15:06:41 | 00,000,000 | ---D | M]
install.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.exe -> [2005-09-23 07:01:16 | 00,609,472 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
UtherverseSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\UtherverseSetup.exe -> [2008-07-22 02:21:10 | 02,567,864 | ---- | M] (Utherverse Digital Inc                                                                                                                                                                                                                                                                                      )
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\bag\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\bag -> [2008-09-28 19:38:40 | 00,000,000 | ---D | M]
dxwebsetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\bag\dxwebsetup.exe -> [2008-03-05 01:38:07 | 00,287,240 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
msiexec.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msiexec.exe -> [2004-11-13 02:27:16 | 00,083,456 | ---- | M] (Microsoft Corporation)
msiinst.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msiinst.exe -> [2004-11-13 02:27:16 | 00,036,864 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\unicode\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\unicode -> [2008-09-28 19:38:40 | 00,000,000 | ---D | M]
update.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\unicode\update.exe -> [2005-11-02 04:08:45 | 02,003,176 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
Utherverse.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\Utherverse.exe -> [2008-07-19 02:17:28 | 02,012,480 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\625AF3E1\565D2D36\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\625AF3E1\565D2D36 -> [2008-09-28 19:38:40 | 00,000,000 | ---D | M]
UtherversePatcher.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\625AF3E1\565D2D36\UtherversePatcher.exe -> [2008-07-18 00:59:41 | 01,438,016 | ---- | M] (Utherverse Digital Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4 -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
artpschd.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\artpschd.exe -> [2007-01-13 07:50:00 | 00,427,624 | ---- | M] (Pocket Soft, Inc.)
cabarc.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\cabarc.exe -> [2007-01-13 07:50:00 | 00,114,688 | ---- | M] ()
chktrust.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\chktrust.exe -> [2007-01-13 07:50:00 | 00,012,560 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415 -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
SetupX.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\SetupX.exe -> [2007-12-07 17:29:27 | 02,553,128 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
NL2WriteThrough.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\NL2WriteThrough.exe -> [2007-12-07 17:29:27 | 00,218,408 | ---- | M] (NERO AG)
WindowsInstaller-KB884016-v2-x86.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\WindowsInstaller-KB884016-v2-x86.exe -> [2007-02-09 13:59:27 | 02,003,176 | ---- | M] (Microsoft Corporation)
wmfdist.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\wmfdist.exe -> [2002-12-11 20:11:50 | 04,085,904 | ---- | M] (Microsoft Corporation)
wmfdist95.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\wmfdist95.exe -> [2004-08-11 00:51:20 | 05,649,648 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
dxsetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\dxsetup.exe -> [2006-08-14 16:08:04 | 00,484,632 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
NeroDelTmp.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\NeroDelTmp.exe -> [2007-12-07 17:29:27 | 01,500,456 | ---- | M] (Nero AG)
UninstallNero.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\UninstallNero.exe -> [2007-12-07 17:29:27 | 01,647,912 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf17.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf17.tmp\ -> [2008-11-28 13:20:16 | 00,000,000 | ---D | M]
DivXInstaller.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf17.tmp\DivXInstaller.exe -> [2008-11-28 13:20:16 | 20,724,432 | ---- | M] (DivX, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf174.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf174.tmp\ -> [2008-12-04 19:19:37 | 00,000,000 | ---D | M]
ChromeSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf174.tmp\ChromeSetup.exe -> [2008-12-04 19:19:37 | 00,487,592 | ---- | M] (Google Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf1F1.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf1F1.tmp\ -> [2008-11-09 18:54:29 | 00,000,000 | ---D | M]
SkypeSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf1F1.tmp\SkypeSetup.exe -> [2008-11-09 18:54:29 | 22,380,328 | ---- | M] (Skype Technologies S.A.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf25.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf25.tmp\ -> [2008-09-21 13:00:25 | 00,000,000 | ---D | M]
RealPlayer11GOLD.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf25.tmp\RealPlayer11GOLD.exe -> [2008-09-21 13:00:25 | 00,353,840 | ---- | M] (RealNetworks, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf27B.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf27B.tmp\ -> [2008-12-03 22:33:06 | 00,000,000 | ---D | M]
alltomp3.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf27B.tmp\alltomp3.exe -> [2008-12-03 22:33:06 | 01,382,162 | ---- | M] (AimOneSoft.                                                 )
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf282.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf282.tmp\ -> [2008-12-03 22:36:05 | 00,000,000 | ---D | M]
video-to-audio-converter-standard.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf282.tmp\video-to-audio-converter-standard.exe -> [2008-12-03 22:36:05 | 16,258,443 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf299.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf299.tmp\ -> [2008-10-02 21:49:06 | 00,000,000 | ---D | M]
flstudio_8.0.2.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf299.tmp\flstudio_8.0.2.exe -> [2008-10-02 21:49:06 | 10,234,1937 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf35.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf35.tmp\ -> [2008-09-21 13:05:52 | 00,000,000 | ---D | M]
RealPlayer11GOLD.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf35.tmp\RealPlayer11GOLD.exe -> [2008-09-21 13:05:52 | 00,353,840 | ---- | M] (RealNetworks, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf36.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf36.tmp\ -> [2008-09-28 19:38:35 | 00,000,000 | ---D | M]
UtherverseSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf36.tmp\UtherverseSetup.exe -> [2008-09-28 19:38:35 | 10,017,176 | ---- | M] (Utherverse Digital Inc                                                                                                                                                                                                                                                                                      )
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf48.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf48.tmp\ -> [2008-10-14 20:11:01 | 00,000,000 | ---D | M]
wr_installer_04082008.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf48.tmp\wr_installer_04082008.exe -> [2008-10-14 20:11:01 | 57,403,7317 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\SafA0.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\SafA0.tmp\ -> [2008-11-10 13:57:26 | 00,000,000 | ---D | M]
ConvertSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\SafA0.tmp\ConvertSetup.exe -> [2008-11-10 13:57:26 | 00,798,244 | ---- | M] (Joshua F. Madison                                           )
C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Directory 1 for soldat142.zip\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Directory 1 for soldat142.zip\ -> [2007-12-19 20:42:32 | 00,000,000 | -H-D | M]
soldatsetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Directory 1 for soldat142.zip\soldatsetup.exe -> [2007-08-11 16:55:50 | 14,188,010 | ---- | M] (Michal Marcinkowski                                         )
C:\Documents and Settings\Hidde\Local Settings\Temp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp -> [2008-12-16 23:15:41 | 00,000,000 | ---D | M]
CmdLineExt.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\CmdLineExt.dll -> [2008-06-20 10:38:18 | 00,107,888 | ---- | M] (Sony DADC Austria AG.)
1342 C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Hidde\Local Settings\Temp\_PASFX269\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\_PASFX269 -> [2008-07-18 12:08:33 | 00,000,000 | ---D | M]
7Z.DLL -> C:\Documents and Settings\Hidde\Local Settings\Temp\_PASFX269\7Z.DLL -> [2008-07-18 12:05:39 | 00,076,288 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E} -> [2008-04-26 13:26:19 | 00,000,000 | ---D | M]
isrt.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\isrt.dll -> [2004-10-22 01:18:38 | 00,413,696 | ---- | M] (Macrovision Corporation)
_IsRes.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\_IsRes.dll -> [2004-10-22 02:50:56 | 00,380,928 | ---- | M] (Macrovision Corporation)
_ISUser.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\_ISUser.dll -> [2005-05-06 13:22:46 | 00,012,288 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374}\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374} -> [2008-05-05 15:20:40 | 00,000,000 | ---D | M]
ISRT.DLL -> C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374}\ISRT.DLL -> [2003-11-10 17:16:22 | 00,401,408 | ---- | M] (InstallShield Software Corporation)
_ISRES.DLL -> C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374}\_ISRES.DLL -> [2003-09-03 03:53:48 | 00,299,008 | ---- | M] (InstallShield Software Corporation)
_ISUSER.DLL -> C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374}\_ISUSER.DLL -> [2008-05-05 15:20:32 | 00,434,176 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\ -> [2007-12-20 15:06:41 | 00,000,000 | ---D | M]
install.res.1025.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1025.dll -> [2005-09-23 06:29:48 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1028.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1028.dll -> [2005-09-23 06:32:24 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1029.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1029.dll -> [2005-09-23 06:34:10 | 00,082,944 | ---- | M] (Microsoft Corporation)
install.res.1030.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1030.dll -> [2005-09-23 06:34:12 | 00,081,920 | ---- | M] (Microsoft Corporation)
install.res.1031.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1031.dll -> [2005-09-23 06:34:44 | 00,085,504 | ---- | M] (Microsoft Corporation)
install.res.1032.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1032.dll -> [2005-09-23 06:36:24 | 00,087,552 | ---- | M] (Microsoft Corporation)
install.res.1033.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1033.dll -> [2005-09-23 03:46:14 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1035.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1035.dll -> [2005-09-23 06:38:26 | 00,081,408 | ---- | M] (Microsoft Corporation)
install.res.1036.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1036.dll -> [2005-09-23 06:38:52 | 00,086,016 | ---- | M] (Microsoft Corporation)
install.res.1037.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1037.dll -> [2005-09-23 06:40:30 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1038.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1038.dll -> [2005-09-23 06:40:32 | 00,083,968 | ---- | M] (Microsoft Corporation)
install.res.1040.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1040.dll -> [2005-09-23 06:40:56 | 00,084,480 | ---- | M] (Microsoft Corporation)
install.res.1041.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1041.dll -> [2005-09-23 06:42:58 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1042.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1042.dll -> [2005-09-23 06:44:58 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1043.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1043.dll -> [2005-09-23 06:46:38 | 00,083,456 | ---- | M] (Microsoft Corporation)
install.res.1044.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1044.dll -> [2005-09-23 06:46:38 | 00,081,920 | ---- | M] (Microsoft Corporation)
install.res.1045.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1045.dll -> [2005-09-23 06:46:40 | 00,083,456 | ---- | M] (Microsoft Corporation)
install.res.1046.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1046.dll -> [2005-09-23 06:47:04 | 00,082,432 | ---- | M] (Microsoft Corporation)
install.res.1049.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1049.dll -> [2005-09-23 06:47:30 | 00,082,432 | ---- | M] (Microsoft Corporation)
install.res.1053.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1053.dll -> [2005-09-23 06:47:32 | 00,081,920 | ---- | M] (Microsoft Corporation)
install.res.1055.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1055.dll -> [2005-09-23 06:47:32 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.2052.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.2052.dll -> [2005-09-23 06:30:18 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.2070.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.2070.dll -> [2005-09-23 06:47:06 | 00,084,480 | ---- | M] (Microsoft Corporation)
install.res.3076.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.3076.dll -> [2005-09-23 06:29:50 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.3082.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.3082.dll -> [2005-09-23 06:36:48 | 00,085,504 | ---- | M] (Microsoft Corporation)
mscoree.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\mscoree.dll -> [2005-09-23 04:30:40 | 00,270,848 | ---- | M] (Microsoft Corporation)
unicows.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\unicows.dll -> [2005-09-23 07:57:06 | 00,245,408 | R--- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup -> [2008-09-14 15:24:47 | 00,000,000 | ---D | M]
_shfoldr.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup\_shfoldr.dll -> [2008-09-14 15:24:47 | 00,023,312 | ---- | M] (Microsoft Corporation)
1 C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup\*.tmp -> 
C:\Documents and Settings\Hidde\Local Settings\Temp\isp10C.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp10C.tmp\ -> [2008-02-27 15:26:36 | 00,000,000 | ---D | M]
_Setup.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp10C.tmp\_Setup.dll -> [2008-02-27 15:26:36 | 00,368,640 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\isp33B.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp33B.tmp\ -> [2008-04-26 13:26:17 | 00,000,000 | ---D | M]
_Setup.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp33B.tmp\_Setup.dll -> [2008-04-26 13:26:17 | 00,368,640 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\isp8.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp8.tmp\ -> [2007-12-24 17:41:22 | 00,000,000 | ---D | M]
_Setup.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp8.tmp\_Setup.dll -> [2007-12-24 17:41:22 | 00,368,640 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\isp90.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp90.tmp\ -> [2008-03-03 17:26:59 | 00,000,000 | ---D | M]
_Setup.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp90.tmp\_Setup.dll -> [2008-03-03 17:26:59 | 00,368,640 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\ -> [2008-09-28 19:38:41 | 00,000,000 | ---D | M]
mFileBagEXE.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\mFileBagEXE.dll -> [2008-07-06 01:52:55 | 00,097,280 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mFileBagIDE.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mFileBagIDE.dll\ -> [2008-09-28 19:38:41 | 00,000,000 | ---D | M]
mFileBagEXE.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mFileBagIDE.dll\mFileBagEXE.dll -> [2008-07-06 01:52:55 | 00,097,280 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mMSI.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mMSI.dll\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
mMSIExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mMSI.dll\mMSIExec.dll -> [2008-07-06 01:52:29 | 00,433,152 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
mWinRunExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\mWinRunExec.dll -> [2008-07-06 01:52:10 | 00,407,040 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
cabinet.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\cabinet.dll -> [2004-11-13 02:27:16 | 00,056,080 | ---- | M] (Microsoft Corporation)
imagehlp.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\imagehlp.dll -> [2004-11-13 02:27:16 | 00,106,013 | ---- | M] (Microsoft Corporation)
msi.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msi.dll -> [2004-11-13 02:27:16 | 01,927,680 | ---- | M] (Microsoft Corporation)
msihnd.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msihnd.dll -> [2004-11-13 02:27:16 | 00,297,472 | ---- | M] (Microsoft Corporation)
msimsg.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msimsg.dll -> [2004-11-13 02:27:16 | 00,847,872 | ---- | M] (Microsoft Corporation)
msisip.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msisip.dll -> [2004-11-13 02:27:17 | 00,040,448 | ---- | M] (Microsoft Corporation)
msls31.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msls31.dll -> [2004-11-13 02:27:17 | 00,167,936 | ---- | M] (Microsoft Corporation)
mspatcha.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\mspatcha.dll -> [2004-11-13 02:27:17 | 00,028,746 | ---- | M] (Microsoft Corporation)
riched20.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\riched20.dll -> [2004-11-13 02:27:17 | 00,431,133 | ---- | M] (Microsoft Corporation)
sdbapi.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\sdbapi.dll -> [2004-11-13 02:27:17 | 00,063,488 | ---- | M] (Microsoft Corporation)
shfolder.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\shfolder.dll -> [2004-11-13 02:27:17 | 00,021,021 | ---- | M] (Microsoft Corporation)
usp10.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\usp10.dll -> [2004-11-13 02:27:17 | 00,314,906 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mMSI.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mMSI.dll\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
mMSIExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mMSI.dll\mMSIExec.dll -> [2008-07-06 01:52:29 | 00,433,152 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mWinRun.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mWinRun.dll\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
mWinRunExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mWinRun.dll\mWinRunExec.dll -> [2008-07-06 01:52:10 | 00,407,040 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
ATL80.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ATL80.dll -> [2007-10-08 22:28:02 | 00,096,256 | ---- | M] (Microsoft Corporation)
cshtpav5.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\cshtpav5.dll -> [2007-10-08 22:37:26 | 00,243,560 | ---- | M] (Catalyst Development Corporation)
d3dx9_35.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\d3dx9_35.dll -> [2007-07-20 03:14:42 | 03,727,720 | ---- | M] (Microsoft Corporation)
D3DX9_37.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\D3DX9_37.dll -> [2008-03-06 00:56:58 | 03,786,760 | ---- | M] (Microsoft Corporation)
granny2.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\granny2.dll -> [2007-10-08 22:39:08 | 00,516,608 | ---- | M] (RAD Game Tools, Inc.)
xmllite.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\xmllite.dll -> [2007-09-13 20:14:26 | 00,121,856 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4 -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
artpclnt.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\artpclnt.dll -> [2007-01-13 07:50:00 | 00,116,328 | ---- | M] (Pocket Soft, Inc.)
patchw32.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\patchw32.dll -> [2007-01-13 07:50:00 | 00,215,144 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\mDown.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\mDown.dll\ -> [2008-09-28 19:38:41 | 00,000,000 | ---D | M]
mDownExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\mDown.dll\mDownExec.dll -> [2008-07-06 01:52:16 | 00,506,368 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.105_14415\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.105_14415 -> [2008-01-18 20:34:40 | 00,000,000 | ---D | M]
AdvrCntr3.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.105_14415\AdvrCntr3.dll -> [2007-12-13 22:25:30 | 03,429,672 | ---- | M] (Nero AG)
ShellManager3.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.105_14415\ShellManager3.dll -> [2007-12-13 22:25:38 | 01,262,888 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
InstGuru.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\InstGuru.dll -> [2007-12-07 17:29:24 | 00,120,112 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
DSETUP.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\DSETUP.dll -> [2006-08-14 16:08:04 | 00,074,520 | ---- | M] (Microsoft Corporation)
dsetup32.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\dsetup32.dll -> [2006-08-14 16:08:04 | 02,248,984 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
NPS.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\NPS.dll -> [2007-12-07 17:29:27 | 04,871,464 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~0\RUP\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~0\RUP -> [2008-09-21 13:01:57 | 00,000,000 | ---D | M]
control.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~0\RUP\control.dll -> [2008-09-21 13:00:33 | 00,042,528 | ---- | M] (RealNetworks, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~1\RUP\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~1\RUP -> [2008-09-21 13:07:56 | 00,000,000 | ---D | M]
control.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~1\RUP\control.dll -> [2008-09-21 13:05:56 | 00,042,528 | ---- | M] (RealNetworks, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\WLZB335.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\WLZB335.tmp\ -> [2008-10-14 13:48:10 | 00,000,000 | ---D | M]
CddbLangNL.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\WLZB335.tmp\CddbLangNL.dll -> [2008-10-14 13:47:58 | 00,103,664 | ---- | M] (Gracenote)
C:\Documents and Settings\Hidde\Local Settings\Temp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp -> [2008-12-16 23:15:41 | 00,000,000 | ---D | M]
1GV37wTL.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\1GV37wTL.dat -> [2008-08-31 19:13:06 | 00,010,343 | ---- | M] ()
4FU61vSK.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\4FU61vSK.dat -> [2008-07-15 16:36:44 | 00,006,703 | ---- | M] ()
4QG61hEV.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\4QG61hEV.dat -> [2008-08-24 16:28:45 | 00,011,111 | ---- | M] ()
asmcache.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\asmcache.dat -> [2008-10-22 20:19:06 | 00,000,073 | ---- | M] ()
j17ynR36.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\j17ynR36.dat -> [2008-09-14 15:22:14 | 00,004,578 | ---- | M] ()
n74drV03.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\n74drV03.dat -> [2008-07-15 16:36:56 | 00,006,703 | ---- | M] ()
Perflib_Perfdata_124.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_124.dat -> [2008-11-01 15:10:53 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_468.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_468.dat -> [2008-06-28 09:25:49 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_520.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_520.dat -> [2008-06-29 09:29:56 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_740.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_740.dat -> [2008-10-15 19:06:10 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_810.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_810.dat -> [2008-06-28 09:25:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8fc.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_8fc.dat -> [2008-06-01 21:20:24 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_908.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_908.dat -> [2008-06-23 20:50:37 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_a84.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_a84.dat -> [2008-09-22 21:37:41 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_a98.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_a98.dat -> [2008-09-02 17:57:07 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_cc4.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_cc4.dat -> [2008-09-02 14:08:50 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_da4.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_da4.dat -> [2008-09-03 17:34:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_e84.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_e84.dat -> [2008-09-10 14:46:06 | 00,016,384 | ---- | M] ()
s17iwB36.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\s17iwB36.dat -> [2008-09-01 21:28:49 | 00,010,916 | ---- | M] ()
1342 C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Hidde\Local Settings\Temp\Cookies\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Cookies -> [2008-12-03 20:02:01 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Cookies\index.dat -> [2008-12-03 20:01:44 | 00,049,152 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\History\History.IE5\ -> [2008-11-03 13:12:04 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\History\History.IE5\index.dat -> [2008-12-03 20:01:44 | 00,262,144 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [2008-10-30 20:06:09 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008-12-03 20:38:34 | 00,294,912 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua -> [2008-06-30 09:04:55 | 00,000,000 | ---D | M]
index.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua\index.dat -> [2008-06-30 09:04:55 | 00,000,314 | ---- | M] ()
3 C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008-12-16 22:43:34 | 00,000,000 | ---D | M]
5LIdLXv7.exe -> C:\WINDOWS\Temp\5LIdLXv7.exe -> [2008-08-31 11:12:14 | 00,031,232 | ---- | M] ()
hpfaicm.exe -> C:\WINDOWS\Temp\hpfaicm.exe -> [2001-03-20 15:02:23 | 00,036,864 | ---- | M] ()
hpfiui.exe -> C:\WINDOWS\Temp\hpfiui.exe -> [2001-03-20 15:02:22 | 00,335,872 | ---- | M] (Hewlett-Packard Co.)
hpfmicm.exe -> C:\WINDOWS\Temp\hpfmicm.exe -> [2001-03-20 15:02:23 | 00,036,864 | ---- | M] ()
qt1e5hTq.exe -> C:\WINDOWS\Temp\qt1e5hTq.exe -> [2008-08-24 18:28:55 | 00,031,232 | ---- | M] ()
136 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\~os6E.tmp\ -> C:\WINDOWS\Temp\~os6E.tmp\ -> [2008-12-14 12:38:50 | 00,000,000 | ---D | M]
ossproxy.exe -> C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe -> [2008-12-14 12:38:50 | 01,690,112 | ---- | M] (PermissionResearch)
OSSService.exe -> C:\WINDOWS\Temp\~os6E.tmp\OSSService.exe -> [2008-12-14 12:38:50 | 00,045,056 | ---- | M] (PermissionResearch)
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008-12-16 22:43:34 | 00,000,000 | ---D | M]
hpfinst.dll -> C:\WINDOWS\Temp\hpfinst.dll -> [2001-03-20 15:02:22 | 00,204,800 | ---- | M] (Hewlett-Packard Co.)
136 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\~os6E.tmp\ -> C:\WINDOWS\Temp\~os6E.tmp\ -> [2008-12-14 12:38:50 | 00,000,000 | ---D | M]
DOMPilot.dll -> C:\WINDOWS\Temp\~os6E.tmp\DOMPilot.dll -> [2008-12-14 12:38:49 | 00,217,088 | ---- | M] (PermissionResearch)
DOMPilot3.dll -> C:\WINDOWS\Temp\~os6E.tmp\DOMPilot3.dll -> [2008-12-14 12:38:49 | 00,110,592 | ---- | M] (PermissionResearch)
osmim.dll -> C:\WINDOWS\Temp\~os6E.tmp\osmim.dll -> [2008-12-14 12:38:49 | 00,372,736 | ---- | M] (PermissionResearch)
OssPdf.dll -> C:\WINDOWS\Temp\~os6E.tmp\OssPdf.dll -> [2008-12-14 12:38:49 | 00,708,608 | ---- | M] (PermissionResearch)
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008-12-16 22:43:34 | 00,000,000 | ---D | M]
1GV37wTL.dat -> C:\WINDOWS\Temp\1GV37wTL.dat -> [2008-08-31 18:00:38 | 00,010,343 | ---- | M] ()
4FU61vSK.dat -> C:\WINDOWS\Temp\4FU61vSK.dat -> [2008-07-23 11:01:46 | 00,006,009 | ---- | M] ()
4HW61xUM.dat -> C:\WINDOWS\Temp\4HW61xUM.dat -> [2008-08-20 16:00:20 | 00,009,143 | ---- | M] ()
4QG61hEV.dat -> C:\WINDOWS\Temp\4QG61hEV.dat -> [2008-08-26 16:04:57 | 00,010,487 | ---- | M] ()
asmcache.dat -> C:\WINDOWS\Temp\asmcache.dat -> [2008-12-14 12:38:50 | 00,000,100 | ---- | M] ()
g74vkO03.dat -> C:\WINDOWS\Temp\g74vkO03.dat -> [2008-08-27 15:00:35 | 00,010,919 | ---- | M] ()
j17ynR36.dat -> C:\WINDOWS\Temp\j17ynR36.dat -> [2008-09-14 12:16:07 | 00,004,578 | ---- | M] ()
KcrAO3ph.dat -> C:\WINDOWS\Temp\KcrAO3ph.dat -> [2008-08-28 15:00:53 | 00,016,721 | ---- | M] ()
n74drV03.dat -> C:\WINDOWS\Temp\n74drV03.dat -> [2008-07-16 19:13:00 | 00,007,942 | ---- | M] ()
o17esW36.dat -> C:\WINDOWS\Temp\o17esW36.dat -> [2008-08-16 18:00:11 | 00,008,433 | ---- | M] ()
Perflib_Perfdata_140.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_140.dat -> [2008-11-02 12:58:27 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_154.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_154.dat -> [2008-11-04 15:05:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_17a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_17a4.dat -> [2008-08-27 18:33:03 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1a4.dat -> [2008-12-08 17:02:00 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1ac.dat -> [2008-10-30 10:32:32 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1c8.dat -> [2008-12-10 17:18:16 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1d0.dat -> [2008-11-02 19:01:07 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1e4.dat -> [2008-12-06 17:34:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f0.dat -> [2008-11-23 17:36:48 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f8.dat -> [2008-11-17 17:05:29 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_208.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_208.dat -> [2008-11-14 18:49:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_22c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_22c.dat -> [2008-10-24 21:38:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_24c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_24c.dat -> [2008-10-31 15:43:32 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_25c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat -> [2008-10-30 15:13:47 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_26c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat -> [2008-12-06 13:07:29 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_298.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_298.dat -> [2008-12-14 12:50:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2ac.dat -> [2008-11-22 18:22:11 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2b0.dat -> [2008-11-25 16:23:46 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2cc.dat -> [2008-10-23 10:57:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2e0.dat -> [2008-11-17 14:51:06 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2e8.dat -> [2008-12-05 17:26:50 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2f8.dat -> [2008-11-05 14:29:38 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_308.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_308.dat -> [2008-11-01 14:03:25 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_314.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_314.dat -> [2008-11-17 21:42:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_334.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_334.dat -> [2008-11-18 20:54:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_34c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_34c.dat -> [2008-11-06 10:38:12 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_360.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_360.dat -> [2008-11-03 13:10:54 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_384.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_384.dat -> [2008-11-17 14:27:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_388.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_388.dat -> [2008-10-20 15:43:55 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_3b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3b8.dat -> [2008-12-05 15:06:35 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_41c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_41c.dat -> [2008-11-13 14:30:26 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_43c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_43c.dat -> [2008-12-13 16:02:17 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_440.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_440.dat -> [2008-11-21 15:49:12 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_474.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_474.dat -> [2008-11-23 13:03:00 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_480.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_480.dat -> [2008-12-06 17:44:00 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_488.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_488.dat -> [2008-11-05 23:04:26 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat -> [2008-12-06 13:09:44 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4c8.dat -> [2008-12-07 14:04:03 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4cc.dat -> [2008-11-13 19:22:41 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat -> [2008-11-25 22:50:48 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat -> [2008-11-03 21:35:24 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4ec.dat -> [2008-10-28 22:25:45 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_504.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_504.dat -> [2008-11-01 15:07:33 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_508.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_508.dat -> [2008-11-06 18:08:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_50c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat -> [2008-12-04 21:44:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_510.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_510.dat -> [2008-10-30 19:42:25 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_514.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_514.dat -> [2008-11-23 23:04:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_518.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_518.dat -> [2008-11-13 18:41:56 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_524.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_524.dat -> [2008-11-06 17:47:17 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_534.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_534.dat -> [2008-11-18 15:36:41 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_53c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat -> [2008-11-26 13:18:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_540.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_540.dat -> [2008-12-16 22:43:29 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_548.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_548.dat -> [2008-11-22 14:17:37 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_550.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_550.dat -> [2008-11-28 12:31:19 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_558.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_558.dat -> [2008-10-30 09:35:26 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_584.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_584.dat -> [2008-12-05 16:46:45 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_58c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat -> [2008-11-19 17:07:58 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_598.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_598.dat -> [2008-12-11 16:16:17 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat -> [2008-11-26 19:58:26 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat -> [2008-11-10 13:22:44 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat -> [2008-10-24 15:15:27 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat -> [2008-10-29 15:53:46 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat -> [2008-12-07 13:50:35 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat -> [2008-11-16 21:41:08 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_604.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_604.dat -> [2008-10-29 16:24:47 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_60c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat -> [2008-10-24 21:47:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_614.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_614.dat -> [2008-11-20 14:13:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_620.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_620.dat -> [2008-12-09 16:03:51 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_62c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat -> [2008-11-06 18:33:08 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_634.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_634.dat -> [2008-12-09 17:07:20 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_640.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_640.dat -> [2008-12-09 19:25:49 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_64c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat -> [2008-12-07 13:46:08 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_660.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_660.dat -> [2008-11-07 12:43:00 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat -> [2008-12-04 21:48:44 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6d0.dat -> [2008-12-16 15:37:10 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat -> [2008-12-15 15:20:34 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat -> [2008-11-27 13:53:03 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_714.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_714.dat -> [2008-11-05 14:31:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_72c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat -> [2008-09-22 21:25:39 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_734.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_734.dat -> [2008-12-01 10:36:15 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_77c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_77c.dat -> [2008-11-08 15:16:52 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_804.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_804.dat -> [2008-12-04 15:08:41 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8bc.dat -> [2008-11-24 18:36:30 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8c.dat -> [2008-11-09 12:43:54 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8c0.dat -> [2008-10-24 19:22:59 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8d0.dat -> [2008-09-05 18:39:35 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_978.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_978.dat -> [2008-10-22 22:49:06 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_998.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_998.dat -> [2008-10-26 11:48:53 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_abc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_abc.dat -> [2008-11-15 13:55:32 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_ae8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_ae8.dat -> [2008-11-16 12:58:42 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_aec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_aec.dat -> [2008-10-10 18:19:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_b3c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b3c.dat -> [2008-11-15 17:00:56 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_b54.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b54.dat -> [2008-11-11 12:47:09 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_b5c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b5c.dat -> [2008-11-12 20:15:44 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_b88.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b88.dat -> [2008-11-10 19:07:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bc.dat -> [2008-11-20 20:02:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_c1c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c1c.dat -> [2008-12-02 14:09:38 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_c38.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c38.dat -> [2008-11-14 17:23:39 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_cd4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_cd4.dat -> [2008-12-03 14:46:12 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_d4.dat -> [2008-12-07 14:01:35 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_e74.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_e74.dat -> [2008-09-05 15:22:02 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_fe8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_fe8.dat -> [2008-10-22 20:19:03 | 00,016,384 | ---- | M] ()
RjyHV3wo.dat -> C:\WINDOWS\Temp\RjyHV3wo.dat -> [2008-08-23 00:00:22 | 00,010,947 | ---- | M] ()
s17iwB36.dat -> C:\WINDOWS\Temp\s17iwB36.dat -> [2008-09-09 12:00:59 | 00,010,489 | ---- | M] ()
136 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [2008-01-11 13:30:29 | 00,000,000 | --SD | M]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2008-11-20 22:30:59 | 00,016,384 | ---- | M] ()
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [2008-01-11 13:30:29 | 00,000,000 | --SD | M]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2008-11-20 22:30:59 | 00,032,768 | ---- | M] ()
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [2008-11-03 22:06:01 | 00,000,000 | --SD | M]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008-11-20 22:32:04 | 00,081,920 | ---- | M] ()
Wireless Configuration Utility HW.32.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Wireless Configuration Utility HW.32.lnk -> [2008-12-16 22:43:56 | 00,002,657 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2008-12-16 22:43:47 | 00,194,987 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008-12-16 22:43:17 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008-12-16 22:43:05 | 00,002,048 | --S- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008-12-16 19:43:06 | 00,647,677 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008-12-16 15:36:47 | 00,002,206 | ---- | M] ()
At38.job -> %SystemRoot%\tasks\At38.job -> [2008-12-15 15:20:22 | 00,000,350 | ---- | M] ()
At39.job -> %SystemRoot%\tasks\At39.job -> [2008-12-14 14:00:23 | 00,000,350 | ---- | M] ()
At15.job -> %SystemRoot%\tasks\At15.job -> [2008-12-14 14:00:00 | 00,000,350 | ---- | M] ()
At14.job -> %SystemRoot%\tasks\At14.job -> [2008-12-14 13:00:00 | 00,000,350 | ---- | M] ()
At37.job -> %SystemRoot%\tasks\At37.job -> [2008-12-13 16:02:13 | 00,000,350 | ---- | M] ()
At13.job -> %SystemRoot%\tasks\At13.job -> [2008-12-13 12:00:00 | 00,000,350 | ---- | M] ()
At42.job -> %SystemRoot%\tasks\At42.job -> [2008-12-13 11:30:33 | 00,000,350 | ---- | M] ()
At18.job -> %SystemRoot%\tasks\At18.job -> [2008-12-11 17:00:00 | 00,000,350 | ---- | M] ()
At46.job -> %SystemRoot%\tasks\At46.job -> [2008-12-11 16:14:06 | 00,000,350 | ---- | M] ()
At22.job -> %SystemRoot%\tasks\At22.job -> [2008-12-10 21:00:00 | 00,000,350 | ---- | M] ()
At43.job -> %SystemRoot%\tasks\At43.job -> [2008-12-09 16:03:44 | 00,000,350 | ---- | M] ()
wallpapermercskenk1.JPG -> %UserProfile%\My Documents\wallpapermercskenk1.JPG -> [2008-12-08 21:53:36 | 00,811,514 | ---- | M] ()
2n6yd1i.jpg -> %UserProfile%\My Documents\2n6yd1i.jpg -> [2008-12-08 21:51:32 | 00,631,616 | ---- | M] ()
At19.job -> %SystemRoot%\tasks\At19.job -> [2008-12-08 18:00:00 | 00,000,350 | ---- | M] ()
Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk -> [2008-12-07 22:29:34 | 00,001,734 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008-12-04 21:34:22 | 00,017,920 | ---- | M] ()
avisplit.exe -> %UserProfile%\Desktop\avisplit.exe -> [2008-12-04 21:18:54 | 00,731,711 | ---- | M] ()
At45.job -> %SystemRoot%\tasks\At45.job -> [2008-12-04 20:01:01 | 00,000,350 | ---- | M] ()
At21.job -> %SystemRoot%\tasks\At21.job -> [2008-12-04 20:00:00 | 00,000,350 | ---- | M] ()
At44.job -> %SystemRoot%\tasks\At44.job -> [2008-12-04 19:00:47 | 00,000,350 | ---- | M] ()
At20.job -> %SystemRoot%\tasks\At20.job -> [2008-12-04 19:00:00 | 00,000,350 | ---- | M] ()
At41.job -> %SystemRoot%\tasks\At41.job -> [2008-12-04 16:00:42 | 00,000,350 | ---- | M] ()
At17.job -> %SystemRoot%\tasks\At17.job -> [2008-12-04 16:00:00 | 00,000,350 | ---- | M] ()
At48.job -> %SystemRoot%\tasks\At48.job -> [2008-12-03 23:00:40 | 00,000,350 | ---- | M] ()
At24.job -> %SystemRoot%\tasks\At24.job -> [2008-12-03 23:00:00 | 00,000,350 | ---- | M] ()
ImTOO Video to Audio Converter.lnk -> %UserProfile%\Desktop\ImTOO Video to Audio Converter.lnk -> [2008-12-03 22:36:31 | 00,001,747 | ---- | M] ()
r-mp3-converter.exe.download -> %UserProfile%\My Documents\r-mp3-converter.exe.download -> [2008-12-03 22:35:00 | 00,147,993 | ---- | M] ()
At47.job -> %SystemRoot%\tasks\At47.job -> [2008-12-03 22:00:36 | 00,000,350 | ---- | M] ()
At23.job -> %SystemRoot%\tasks\At23.job -> [2008-12-03 22:00:00 | 00,000,350 | ---- | M] ()
testbeeld2.gif -> %UserProfile%\My Documents\testbeeld2.gif -> [2008-12-03 19:31:10 | 00,018,742 | ---- | M] ()
At40.job -> %SystemRoot%\tasks\At40.job -> [2008-12-03 15:03:19 | 00,000,350 | ---- | M] ()
At16.job -> %SystemRoot%\tasks\At16.job -> [2008-12-03 15:00:00 | 00,000,350 | ---- | M] ()
BB2K__Gigi_Ravelli__009.mpg.mpeg -> %UserProfile%\Desktop\BB2K__Gigi_Ravelli__009.mpg.mpeg -> [2008-12-02 20:20:53 | 22,850,811 | ---- | M] ()
DVD gedicht.doc -> %UserProfile%\My Documents\DVD gedicht.doc -> [2008-12-02 20:11:43 | 00,024,576 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008-12-01 22:06:00 | 00,000,284 | ---- | M] ()
kaal lol.JPG -> %UserProfile%\My Documents\kaal lol.JPG -> [2008-12-01 15:35:43 | 01,276,595 | ---- | M] ()
At36.job -> %SystemRoot%\tasks\At36.job -> [2008-12-01 11:00:38 | 00,000,350 | ---- | M] ()
At12.job -> %SystemRoot%\tasks\At12.job -> [2008-12-01 11:00:00 | 00,000,350 | ---- | M] ()
At26.job -> %SystemRoot%\tasks\At26.job -> [2008-11-30 01:00:40 | 00,000,350 | ---- | M] ()
At2.job -> %SystemRoot%\tasks\At2.job -> [2008-11-30 01:00:00 | 00,000,350 | ---- | M] ()
At1.job -> %SystemRoot%\tasks\At1.job -> [2008-11-30 00:51:00 | 00,000,350 | ---- | M] ()
At25.job -> %SystemRoot%\tasks\At25.job -> [2008-11-30 00:22:28 | 00,000,350 | ---- | M] ()
Buy DivX for Windows.lnk -> %AllUsersProfile%\Desktop\Buy DivX for Windows.lnk -> [2008-11-28 13:21:21 | 00,001,122 | ---- | M] ()
DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [2008-11-28 13:21:05 | 00,000,806 | ---- | M] ()
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [2008-11-28 13:20:50 | 00,001,469 | ---- | M] ()
samson.JPG -> %UserProfile%\My Documents\samson.JPG -> [2008-11-27 22:46:50 | 00,192,016 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008-11-27 19:11:55 | 01,550,792 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008-11-27 19:10:15 | 00,001,393 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008-11-27 19:09:49 | 00,000,660 | ---- | M] ()
MFC71.dll -> %SystemRoot%\System32\MFC71.dll -> [2008-11-27 10:55:30 | 01,060,864 | ---- | M] (Microsoft Corporation)
RealMediaSplitter.ax -> %SystemRoot%\System32\RealMediaSplitter.ax -> [2008-11-27 10:55:30 | 00,421,888 | ---- | M] (Gabest)
pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> [2008-11-27 10:55:30 | 00,278,528 | ---- | M] (Real Networks, Inc)
Gedicht Dirk Jan.doc -> %UserProfile%\My Documents\Gedicht Dirk Jan.doc -> [2008-11-26 15:14:51 | 00,024,576 | ---- | M] ()
sint.doc -> %UserProfile%\My Documents\sint.doc -> [2008-11-26 14:41:18 | 00,414,720 | ---- | M] ()
don2.jpg -> %UserProfile%\My Documents\don2.jpg -> [2008-11-22 22:46:46 | 00,016,492 | ---- | M] ()
don3.jpg -> %UserProfile%\My Documents\don3.jpg -> [2008-11-22 22:40:37 | 00,011,107 | ---- | M] ()
50cent.jpg -> %UserProfile%\My Documents\50cent.jpg -> [2008-11-22 22:39:09 | 00,017,979 | ---- | M] ()
dl.php.jpg -> %UserProfile%\Desktop\dl.php.jpg -> [2008-11-22 18:36:57 | 00,092,281 | ---- | M] ()
donn-e1.JPG -> %UserProfile%\My Documents\donn-e1.JPG -> [2008-11-20 22:46:41 | 00,111,999 | ---- | M] ()
donn-e.JPG -> %UserProfile%\My Documents\donn-e.JPG -> [2008-11-20 22:45:31 | 00,058,718 | ---- | M] ()
1772607_5_4rYe.jpeg -> %UserProfile%\My Documents\1772607_5_4rYe.jpeg -> [2008-11-20 22:44:16 | 00,058,718 | ---- | M] ()
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [2008-11-19 18:34:08 | 00,000,236 | ---- | M] ()
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [2008-11-19 18:34:08 | 00,000,200 | ---- | M] ()
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [2008-11-17 17:08:47 | 00,000,236 | ---- | M] ()
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [2008-11-17 17:08:47 | 00,000,200 | ---- | M] ()
brastk.exe -> %SystemRoot%\brastk.exe -> [2008-11-17 15:14:54 | 00,009,728 | ---- | M] ()
karna.dat -> %SystemRoot%\System32\karna.dat -> [2008-11-17 15:14:54 | 00,006,144 | ---- | M] ()
karna.dat -> %SystemRoot%\karna.dat -> [2008-11-17 15:14:54 | 00,006,144 | ---- | M] ()
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [2008-11-17 14:28:46 | 00,000,236 | ---- | M] ()
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [2008-11-17 14:28:46 | 00,000,200 | ---- | M] ()
[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008-11-09 18:54:40 | 00,000,000 | RH-D | M]
Bluetooth -> C:\Documents and Settings\All Users\Application Data\Bluetooth -> [2008-08-01 18:31:25 | 00,000,000 | ---D | M]
CanonBJ -> C:\Documents and Settings\All Users\Application Data\CanonBJ -> [2008-10-15 17:55:17 | 00,000,000 | -H-D | M]
CanonIJPLM -> C:\Documents and Settings\All Users\Application Data\CanonIJPLM -> [2008-10-15 18:10:35 | 00,000,000 | ---D | M]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2008-07-18 12:52:49 | 00,000,000 | ---D | M]
Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2008-06-19 13:01:13 | 00,000,000 | ---D | M]
Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! -> [2008-01-02 18:17:51 | 00,000,000 | ---D | M]
SwiftKit -> C:\Documents and Settings\All Users\Application Data\SwiftKit -> [2008-06-22 15:12:06 | 00,000,000 | ---D | M]
SwiftSwitch -> C:\Documents and Settings\All Users\Application Data\SwiftSwitch -> [2008-01-13 18:58:30 | 00,000,000 | ---D | M]
Teleca -> C:\Documents and Settings\All Users\Application Data\Teleca -> [2008-10-14 18:24:48 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008-12-03 22:33:47 | 00,000,000 | ---D | M]
WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2007-12-24 22:24:25 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Hidde\Application Data -> [2008-12-03 22:36:55 | 00,000,000 | RH-D | M]
Atari -> C:\Documents and Settings\Hidde\Application Data\Atari -> [2008-05-16 17:09:06 | 00,000,000 | ---D | M]
AVG7 -> C:\Documents and Settings\Hidde\Application Data\AVG7 -> [2008-06-19 12:32:48 | 00,000,000 | ---D | M]
BitTorrent -> C:\Documents and Settings\Hidde\Application Data\BitTorrent -> [2008-10-14 20:21:52 | 00,000,000 | ---D | M]
Canon -> C:\Documents and Settings\Hidde\Application Data\Canon -> [2008-10-15 19:47:43 | 00,000,000 | ---D | M]
DAEMON Tools -> C:\Documents and Settings\Hidde\Application Data\DAEMON Tools -> [2008-01-12 18:01:14 | 00,000,000 | ---D | M]
DNA -> C:\Documents and Settings\Hidde\Application Data\DNA -> [2008-12-16 23:13:54 | 00,000,000 | ---D | M]
dvdcss -> C:\Documents and Settings\Hidde\Application Data\dvdcss -> [2008-10-22 15:16:45 | 00,000,000 | ---D | M]
Hamachi -> C:\Documents and Settings\Hidde\Application Data\Hamachi -> [2008-03-30 12:07:56 | 00,000,000 | ---D | M]
ImTOO Software Studio -> C:\Documents and Settings\Hidde\Application Data\ImTOO Software Studio -> [2008-12-03 22:36:55 | 00,000,000 | ---D | M]
Leadertech -> C:\Documents and Settings\Hidde\Application Data\Leadertech -> [2008-01-18 19:58:28 | 00,000,000 | ---D | M]
mIRC -> C:\Documents and Settings\Hidde\Application Data\mIRC -> [2008-12-03 14:51:27 | 00,000,000 | ---D | M]
Nexon -> C:\Documents and Settings\Hidde\Application Data\Nexon -> [2007-12-19 12:04:33 | 00,000,000 | ---D | M]
Paltalk -> C:\Documents and Settings\Hidde\Application Data\Paltalk -> [2008-09-30 16:17:53 | 00,000,000 | ---D | M]
Soldat -> C:\Documents and Settings\Hidde\Application Data\Soldat -> [2007-12-19 20:43:42 | 00,000,000 | ---D | M]
SoundSpectrum -> C:\Documents and Settings\Hidde\Application Data\SoundSpectrum -> [2008-07-08 15:33:14 | 00,000,000 | ---D | M]
SPORE Creature Creator -> C:\Documents and Settings\Hidde\Application Data\SPORE Creature Creator -> [2008-11-14 18:23:57 | 00,000,000 | ---D | M]
Subversion -> C:\Documents and Settings\Hidde\Application Data\Subversion -> [2008-08-24 17:16:32 | 00,000,000 | ---D | M]
SystemRequirementsLab -> C:\Documents and Settings\Hidde\Application Data\SystemRequirementsLab -> [2008-11-11 13:59:28 | 00,000,000 | ---D | M]
teamspeak2 -> C:\Documents and Settings\Hidde\Application Data\teamspeak2 -> [2008-01-30 15:47:22 | 00,000,000 | ---D | M]
TeamViewer -> C:\Documents and Settings\Hidde\Application Data\TeamViewer -> [2008-04-24 14:56:21 | 00,000,000 | ---D | M]
TortoiseSVN -> C:\Documents and Settings\Hidde\Application Data\TortoiseSVN -> [2008-08-24 17:21:21 | 00,000,000 | ---D | M]
Turbine -> C:\Documents and Settings\Hidde\Application Data\Turbine -> [2008-10-18 14:38:07 | 00,000,000 | ---D | M]
vghd -> C:\Documents and Settings\Hidde\Application Data\vghd -> [2008-08-15 23:40:00 | 00,000,000 | ---D | M]
WNR -> C:\Documents and Settings\Hidde\Application Data\WNR -> [2008-05-15 22:14:11 | 00,000,000 | ---D | M]
Xfire -> C:\Documents and Settings\Hidde\Application Data\Xfire -> [2007-12-20 14:54:40 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008-12-04 19:19:51 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008-12-01 22:06:00 | 00,000,284 | ---- | M] ()
At1.job -> C:\WINDOWS\Tasks\At1.job -> [2008-11-30 00:51:00 | 00,000,350 | ---- | M] ()
At10.job -> C:\WINDOWS\Tasks\At10.job -> [2008-10-03 08:00:00 | 00,000,350 | ---- | M] ()
At11.job -> C:\WINDOWS\Tasks\At11.job -> [2008-10-30 10:00:00 | 00,000,350 | ---- | M] ()
At12.job -> C:\WINDOWS\Tasks\At12.job -> [2008-12-01 11:00:00 | 00,000,350 | ---- | M] ()
At13.job -> C:\WINDOWS\Tasks\At13.job -> [2008-12-13 12:00:00 | 00,000,350 | ---- | M] ()
At14.job -> C:\WINDOWS\Tasks\At14.job -> [2008-12-14 13:00:00 | 00,000,350 | ---- | M] ()
At15.job -> C:\WINDOWS\Tasks\At15.job -> [2008-12-14 14:00:00 | 00,000,350 | ---- | M] ()
At16.job -> C:\WINDOWS\Tasks\At16.job -> [2008-12-03 15:00:00 | 00,000,350 | ---- | M] ()
At17.job -> C:\WINDOWS\Tasks\At17.job -> [2008-12-04 16:00:00 | 00,000,350 | ---- | M] ()
At18.job -> C:\WINDOWS\Tasks\At18.job -> [2008-12-11 17:00:00 | 00,000,350 | ---- | M] ()
At19.job -> C:\WINDOWS\Tasks\At19.job -> [2008-12-08 18:00:00 | 00,000,350 | ---- | M] ()
At2.job -> C:\WINDOWS\Tasks\At2.job -> [2008-11-30 01:00:00 | 00,000,350 | ---- | M] ()
At20.job -> C:\WINDOWS\Tasks\At20.job -> [2008-12-04 19:00:00 | 00,000,350 | ---- | M] ()
At21.job -> C:\WINDOWS\Tasks\At21.job -> [2008-12-04 20:00:00 | 00,000,350 | ---- | M] ()
At22.job -> C:\WINDOWS\Tasks\At22.job -> [2008-12-10 21:00:00 | 00,000,350 | ---- | M] ()
At23.job -> C:\WINDOWS\Tasks\At23.job -> [2008-12-03 22:00:00 | 00,000,350 | ---- | M] ()
At24.job -> C:\WINDOWS\Tasks\At24.job -> [2008-12-03 23:00:00 | 00,000,350 | ---- | M] ()
At25.job -> C:\WINDOWS\Tasks\At25.job -> [2008-11-30 00:22:28 | 00,000,350 | ---- | M] ()
At26.job -> C:\WINDOWS\Tasks\At26.job -> [2008-11-30 01:00:40 | 00,000,350 | ---- | M] ()
At27.job -> C:\WINDOWS\Tasks\At27.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At28.job -> C:\WINDOWS\Tasks\At28.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At29.job -> C:\WINDOWS\Tasks\At29.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At3.job -> C:\WINDOWS\Tasks\At3.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At30.job -> C:\WINDOWS\Tasks\At30.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At31.job -> C:\WINDOWS\Tasks\At31.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At32.job -> C:\WINDOWS\Tasks\At32.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At33.job -> C:\WINDOWS\Tasks\At33.job -> [2008-09-15 17:57:18 | 00,000,350 | ---- | M] ()
At34.job -> C:\WINDOWS\Tasks\At34.job -> [2008-10-03 10:25:20 | 00,000,350 | ---- | M] ()
At35.job -> C:\WINDOWS\Tasks\At35.job -> [2008-10-30 10:03:33 | 00,000,350 | ---- | M] ()
At36.job -> C:\WINDOWS\Tasks\At36.job -> [2008-12-01 11:00:38 | 00,000,350 | ---- | M] ()
At37.job -> C:\WINDOWS\Tasks\At37.job -> [2008-12-13 16:02:13 | 00,000,350 | ---- | M] ()
At38.job -> C:\WINDOWS\Tasks\At38.job -> [2008-12-15 15:20:22 | 00,000,350 | ---- | M] ()
At39.job -> C:\WINDOWS\Tasks\At39.job -> [2008-12-14 14:00:23 | 00,000,350 | ---- | M] ()
At4.job -> C:\WINDOWS\Tasks\At4.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At40.job -> C:\WINDOWS\Tasks\At40.job -> [2008-12-03 15:03:19 | 00,000,350 | ---- | M] ()
At41.job -> C:\WINDOWS\Tasks\At41.job -> [2008-12-04 16:00:42 | 00,000,350 | ---- | M] ()
At42.job -> C:\WINDOWS\Tasks\At42.job -> [2008-12-13 11:30:33 | 00,000,350 | ---- | M] ()
At43.job -> C:\WINDOWS\Tasks\At43.job -> [2008-12-09 16:03:44 | 00,000,350 | ---- | M] ()
At44.job -> C:\WINDOWS\Tasks\At44.job -> [2008-12-04 19:00:47 | 00,000,350 | ---- | M] ()
At45.job -> C:\WINDOWS\Tasks\At45.job -> [2008-12-04 20:01:01 | 00,000,350 | ---- | M] ()
At46.job -> C:\WINDOWS\Tasks\At46.job -> [2008-12-11 16:14:06 | 00,000,350 | ---- | M] ()
At47.job -> C:\WINDOWS\Tasks\At47.job -> [2008-12-03 22:00:36 | 00,000,350 | ---- | M] ()
At48.job -> C:\WINDOWS\Tasks\At48.job -> [2008-12-03 23:00:40 | 00,000,350 | ---- | M] ()
At5.job -> C:\WINDOWS\Tasks\At5.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At6.job -> C:\WINDOWS\Tasks\At6.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At7.job -> C:\WINDOWS\Tasks\At7.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At8.job -> C:\WINDOWS\Tasks\At8.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At9.job -> C:\WINDOWS\Tasks\At9.job -> [2008-09-15 07:00:00 | 00,000,350 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004-08-04 02:07:00 | 00,000,065 | RH-- | M] ()
GoogleUpdateTaskUser.job -> C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job -> [2008-12-13 11:49:08 | 00,001,196 | ---- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008-12-16 22:43:17 | 00,000,006 | -H-- | M] ()
[File - Signature Check]
< Cached Copy > -> < OS Copy > -> < MD5's >
C:\WINDOWS\system32\dllcache\explorer.exe [2007-06-13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2007-06-13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -> Cached Copy = 97BD6515465659FF8F3B7BE375B2EA87 \ OS Copy = 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\system32\dllcache\csrss.exe [2004-08-04 02:07:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2004-08-04 02:07:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = F12B178B1678D778CFD3FF1FC38C71FB \ OS Copy = F12B178B1678D778CFD3FF1FC38C71FB
C:\WINDOWS\system32\dllcache\lsass.exe [2004-08-04 02:07:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2004-08-04 02:07:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = 84885F9B82F4D55C6146EBF6065D75D2 \ OS Copy = 84885F9B82F4D55C6146EBF6065D75D2
C:\WINDOWS\system32\dllcache\rundll32.exe [2004-08-04 02:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2004-08-04 02:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = DA285490BBD8A1D0CE6623577D5BA1FF \ OS Copy = DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\system32\dllcache\services.exe [2004-08-04 02:07:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2004-08-04 02:07:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -> Cached Copy = C6CE6EEC82F187615D1002BB3BB50ED4 \ OS Copy = C6CE6EEC82F187615D1002BB3BB50ED4
C:\WINDOWS\system32\dllcache\smss.exe [2004-08-04 02:07:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2004-08-04 02:07:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = BD7FB0957C716F1A60333AEE04DE2178 \ OS Copy = BD7FB0957C716F1A60333AEE04DE2178
C:\WINDOWS\system32\dllcache\spoolsv.exe [2005-06-11 00:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2005-06-11 00:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = DA81EC57ACD4CDC3D4C51CF3D409AF9F \ OS Copy = DA81EC57ACD4CDC3D4C51CF3D409AF9F
C:\WINDOWS\system32\dllcache\svchost.exe [2004-08-04 02:07:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 8F078AE4ED187AAABC0A305146DE6716 \ OS Copy = 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\dllcache\taskmgr.exe [2004-08-04 02:07:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2004-08-04 02:07:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = FC160ACE21C81837692B339D230DD4BE \ OS Copy = FC160ACE21C81837692B339D230DD4BE
C:\WINDOWS\system32\dllcache\userinit.exe [2004-08-04 02:07:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2004-08-04 02:07:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -> Cached Copy = 39B1FFB03C2296323832ACBAE50D2AFF \ OS Copy = 39B1FFB03C2296323832ACBAE50D2AFF
C:\WINDOWS\system32\dllcache\winlogon.exe [2004-08-04 02:07:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2004-08-04 02:07:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -> Cached Copy = 01C3346C241652F43AED8E2149881BFE \ OS Copy = 01C3346C241652F43AED8E2149881BFE
 
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ab,3a,57,eb,bd,3d,b2,f8,2b,02,f2,bf,ff,86,4d,5b,c4,34,dc,18,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,7f,71,de,24,56,62,a2,73,31,a0,ea,21,e3,70,5f,c1,..
"khjeh"=hex:8c,3e,eb,cf,f8,dc,10,a0,bd,0c,e3,4b,70,b5,52,88,f8,c2,9b,be,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:92,8a,6d,b4,71,a5,d9,7d,c2,7d,6b,bc,04,c9,ad,e6,73,ce,43,4f,77,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a3,79,1e,fe,9e,bf,81,b7,73,8e,10,fa,36,13,e1,11,22,4e,68,e9,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:7a,52,56,8e,31,0a,a2,24,be,a0,8a,f7,c6,4a,26,3b,51,52,69,2f,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:49,1a,35,06,0c,db,dc,9b,7b,6b,c3,eb,8c,89,ec,11,25,46,1e,ac,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ab,3a,57,eb,bd,3d,b2,f8,2b,02,f2,bf,ff,86,4d,5b,c4,34,dc,18,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,7f,71,de,24,56,62,a2,73,31,a0,ea,21,e3,70,5f,c1,..
"khjeh"=hex:8c,3e,eb,cf,f8,dc,10,a0,bd,0c,e3,4b,70,b5,52,88,f8,c2,9b,be,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2f,f2,39,48,7a,45,99,18,3f,63,97,a8,61,88,31,44,48,01,a7,3b,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a3,79,1e,fe,9e,bf,81,b7,73,8e,10,fa,36,13,e1,11,22,4e,68,e9,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:7a,52,56,8e,31,0a,a2,24,be,a0,8a,f7,c6,4a,26,3b,51,52,69,2f,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:49,1a,35,06,0c,db,dc,9b,7b,6b,c3,eb,8c,89,ec,11,25,46,1e,ac,fd,..
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT 6144 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:3553E6B8 100 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D 120 bytes
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\arjan_demann@hotmail.com\DFSR\Staging\CS{6C1AD96D-3E0B-9B3B-EA0C-9E3AADD8FC39}\01\125-{6C1AD96D-3E0B-9B3B-EA0C-9E3AADD8FC39}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v125-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\ingevdhelm@hotmail.com\DFSR\Staging\CS{C93B56D6-3D12-B6D9-EB71-9A7AD94CDBE4}\01\130-{C93B56D6-3D12-B6D9-EB71-9A7AD94CDBE4}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v130-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\01\23-{28E03C34-841E-120A-5E84-FA74DE0B891D}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\20\120-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v120-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 912 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\20\120-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v120-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\75\75-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v75-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v75-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\80\80-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v80-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v80-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 750 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\80\80-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v80-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v80-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\87\87-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v87-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 786 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\87\87-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v87-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\98\98-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v98-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 678 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\98\98-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v98-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\martinettema1991@hotmail.com\DFSR\Staging\CS{F58C7B51-33E2-7782-1AAF-74D95C6F3883}\01\126-{F58C7B51-33E2-7782-1AAF-74D95C6F3883}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v126-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\maxje1992@hotmail.com\DFSR\Staging\CS{16D6FC1E-0EB0-AE2D-B686-9E30927A5025}\01\19-{16D6FC1E-0EB0-AE2D-B686-9E30927A5025}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\nathan_the_best_5@hotmail.com\DFSR\Staging\CS{527C254C-0824-262C-0F5A-092E29CA9465}\01\20-{527C254C-0824-262C-0F5A-092E29CA9465}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\nathan_the_best_5@hotmail.com\DFSR\Staging\CS{527C254C-0824-262C-0F5A-092E29CA9465}\12\20-{54C55ADF-0819-42A5-9461-5ED06EFE3E0E}-v12-{54C55ADF-0819-42A5-9461-5ED06EFE3E0E}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\nathan_the_best_5@hotmail.com\DFSR\Staging\CS{527C254C-0824-262C-0F5A-092E29CA9465}\15\23-{54C55ADF-0819-42A5-9461-5ED06EFE3E0E}-v15-{54C55ADF-0819-42A5-9461-5ED06EFE3E0E}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1240 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\nielsettema1995@hotmail.com\DFSR\Staging\CS{7800B3F3-27FE-DAA1-7934-CBAB58402DE4}\01\10-{7800B3F3-27FE-DAA1-7934-CBAB58402DE4}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\rollerblader_gangstah@hotmail.com\DFSR\Staging\CS{328DE71C-05A3-18BA-CCC6-52C9ED48EDBB}\01\127-{328DE71C-05A3-18BA-CCC6-52C9ED48EDBB}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\01\12-{E45C1060-78BE-CACF-0A79-48D7B3216658}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\13\13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2730 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\13\13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 228 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\13\13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v14-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 642 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v14-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1830 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 192 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\15\15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10560 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\15\15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 750 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\15\15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\16\16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4512 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\16\16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 372 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\16\16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\17\17-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v17-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1254 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\17\17-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v17-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\18\18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7050 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\18\18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 480 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\18\18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\19\19-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v19-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 768 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\19\19-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v19-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\21\21-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v21-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 660 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\21\21-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v21-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1008 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\22\22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 37596 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\22\22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2658 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\22\22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4184 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\24\24-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v24-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 768 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\24\24-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v24-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\36\136-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v136-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 192 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\36\136-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v136-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\38\138-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v138-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1668 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\38\138-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v138-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 192 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\41\141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17454 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\41\141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1236 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\41\141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1944 bytes hidden from API
scan completed successfully
hidden files: 365
 
[Alternate Data Streams]
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:C980DA7D
@Alternate Data Stream - 100 bytes -> %AllUsersProfile%\Application Data\TEMP:3553E6B8
< End of report >

Code: Select all
OTScanIt2 logfile created on: 16-12-2008 23:15:06 - Run 1
OTScanIt2 by OldTimer - Version 1.0.3.1     Folder = C:\Documents and Settings\Hidde\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy
 
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,74% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 187,66 Gb Free Space | 62,95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 660,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NIKS-2EE130D9F7
Current User Name: Hidde
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
ares.exe -> %ProgramFiles%\Ares\Ares.exe -> [2007-11-23 17:18:16 | 00,962,560 | ---- | M] (Ares Development Group)
bjmyprt.exe -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE -> [2007-04-03 17:50:00 | 01,603,152 | ---- | M] (CANON INC.)
bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> [2005-08-31 12:04:14 | 01,196,032 | ---- | M] (IVT Corporation)
btdna.exe -> %ProgramFiles%\DNA\btdna.exe -> [2008-12-16 15:37:45 | 00,342,848 | ---- | M] (BitTorrent, Inc.)
btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [2005-04-06 15:03:28 | 00,110,592 | ---- | M] ()
chrome.exe -> %UserProfile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2008-12-01 17:30:19 | 00,766,960 | ---- | M] (Google Inc.)
chrome.exe -> %UserProfile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2008-12-01 17:30:19 | 00,766,960 | ---- | M] (Google Inc.)
chrome.exe -> %UserProfile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2008-12-01 17:30:19 | 00,766,960 | ---- | M] (Google Inc.)
daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> [2008-01-03 14:54:45 | 00,486,856 | ---- | M] (DT Soft Ltd)
defrag.exe -> %SystemRoot%\system32\defrag.exe -> [2004-08-04 02:07:00 | 00,025,088 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.)
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008-12-04 19:19:38 | 00,133,104 | ---- | M] (Google Inc.)
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008-12-04 19:19:38 | 00,133,104 | ---- | M] (Google Inc.)
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008-12-04 19:19:38 | 00,133,104 | ---- | M] (Google Inc.)
hpztsb02.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb02.exe -> [2001-03-20 15:03:08 | 00,192,512 | ---- | M] (HP)
ijplmsvc.exe -> %ProgramFiles%\Canon\IJPLM\ijplmsvc.exe -> [2007-04-13 07:49:00 | 00,101,528 | ---- | M] ()
jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jucheck.exe -> [2008-06-10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
limewire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe -> [2005-03-09 20:49:38 | 00,081,920 | ---- | M] (Lime Wire, LLC)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007-07-24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
mousedrv.exe -> %ProgramFiles%\Driver for ZOLID Laser Mouse\MouseDrv.exe -> [2006-01-05 16:53:04 | 00,307,200 | ---- | M] ()
msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe -> [2008-09-09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008-12-12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools)
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2007-12-19 16:23:59 | 00,066,872 | ---- | M] ()
prmrsr.exe -> %ProgramFiles%\PermissionResearch\prmrsr.exe -> [2008-12-01 20:41:45 | 01,672,704 | ---- | M] (PermissionResearch)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2008-09-21 13:07:12 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> [2007-04-10 16:28:44 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.)
siswlsvc.exe -> %ProgramFiles%\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe -> [2004-09-27 14:54:32 | 00,040,960 | ---- | M] ()
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> [2008-09-29 17:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.)
tsvncache.exe -> %ProgramFiles%\TortoiseSVN\bin\TSVNCache.exe -> [2008-07-31 16:26:40 | 00,575,488 | ---- | M] (http://tortoisesvn.net)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation)
whatpulse.exe -> %ProgramFiles%\WhatPulse\WhatPulse.exe -> [2006-08-21 18:48:46 | 00,665,600 | ---- | M] (WhatPulse.org)
wlancu.exe -> %ProgramFiles%\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe -> [2004-09-29 16:08:02 | 00,442,368 | ---- | M] ()
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2004-08-04 02:07:00 | 00,218,112 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> [2007-03-20 02:19:14 | 00,263,168 | ---- | M] (Ares Development Group)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [2005-04-06 15:03:28 | 00,110,592 | ---- | M] ()
(Bonjour Service) Bonjour-service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007-07-24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008-07-18 12:09:32 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004-08-04 02:07:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(IJPLMSVC) PIXMA Extended Survey Program [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\IJPLM\ijplmsvc.exe -> [2007-04-13 07:49:00 | 00,101,528 | ---- | M] ()
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2007-12-19 16:23:59 | 00,066,872 | ---- | M] ()
(SiSWLSvc) SiS WirelessLan Service [Win32_Own | Auto | Running] -> %ProgramFiles%\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe -> [2004-09-27 14:54:32 | 00,040,960 | ---- | M] ()
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aec.sys -> [2008-09-02 18:41:23 | 00,006,656 | ---- | M] ()
(AtcL001) NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\l151x86.sys -> [2007-11-01 08:56:00 | 00,036,864 | ---- | M] (Atheros Communications, Inc.)
(BlueletAudio) Bluetooth Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\blueletaudio.sys -> [2005-08-31 09:34:10 | 00,020,480 | ---- | M] (IVT Corporation)
(BlueletSCOAudio) Bluetooth SCO Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BlueletSCOAudio.sys -> [2005-08-31 09:34:52 | 00,020,480 | ---- | M] (IVT Corporation)
(BT) Bluetooth PAN Network Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BtNetDrv.sys -> [2005-04-30 13:48:58 | 00,010,804 | ---- | M] (IVT Corporation)
(Btcsrusb) Bluetooth USB For Bluetooth Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btcusb.sys -> [2005-07-29 15:26:54 | 00,023,000 | ---- | M] (IVT Corporation)
(BTHidEnum) Bluetooth HID Enumerator [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vbtenum.sys -> [2005-07-29 15:21:32 | 00,011,988 | ---- | M] ()
(BTHidMgr) Bluetooth HID Manager Service [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\BTHidMgr.sys -> [2005-04-30 13:50:10 | 00,028,271 | ---- | M] (IVT Corporation)
(CCDECODE) Closed Caption Decoder [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CCDECODE.sys -> [2004-08-03 23:10:18 | 00,017,024 | ---- | M] ()
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hamachi.sys -> [2008-03-01 18:19:50 | 00,025,280 | ---- | M] (LogMeIn, Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider)
(hitmanpro2) Hitman Pro 2 Driver [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Hitman Pro\hitmanpro2.sys -> [2006-11-03 12:02:59 | 00,010,336 | ---- | M] (SurfRight)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007-04-10 20:04:40 | 04,397,568 | R--- | M] (Realtek Semiconductor Corp.)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2004-08-03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys -> [2004-08-13 11:56:20 | 00,005,810 | R--- | M] ()
(npkcrypt) npkcrypt [Kernel | Auto | Running] -> %SystemDrive%\Nexon\MapleStory\npkcrypt.sys -> [2008-04-02 08:14:04 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.)
(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\npptNT2.sys -> [2005-01-04 10:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2008-10-07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation)
(P1110VID) Creative WebCam NX [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\P1110Vid.sys -> [2003-05-14 03:57:02 | 00,090,357 | R--- | M] (Creative Technology Ltd.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004-08-04 02:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2008-06-11 01:07:16 | 00,043,528 | ---- | M] (Sonic Solutions)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rootmdm.sys -> [2004-08-04 02:07:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(s116bus) Sony Ericsson Device 116 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116bus.sys -> [2007-04-03 12:57:42 | 00,083,336 | R--- | M] (MCCI Corporation)
(s116mdfl) Sony Ericsson Device 116 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116mdfl.sys -> [2007-04-03 12:57:48 | 00,015,112 | R--- | M] (MCCI Corporation)
(s116mdm) Sony Ericsson Device 116 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116mdm.sys -> [2007-04-03 12:57:48 | 00,108,680 | R--- | M] (MCCI Corporation)
(s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116mgmt.sys -> [2007-04-03 12:57:50 | 00,100,488 | R--- | M] (MCCI Corporation)
(s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116nd5.sys -> [2007-04-03 12:57:52 | 00,023,176 | R--- | M] (MCCI Corporation)
(s116obex) Sony Ericsson Device 116 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116obex.sys -> [2007-04-03 12:57:52 | 00,098,696 | R--- | M] (MCCI Corporation)
(s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116unic.sys -> [2007-04-03 12:57:54 | 00,099,080 | R--- | M] (MCCI Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007-11-13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SIS163u) SiS 163 usb Wireless LAN Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SiS163u.sys -> [2004-10-01 10:14:34 | 00,162,304 | ---- | M] (SiS Corporation)
(SISNPF) SIS Netgroup Packet Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SISNPF.SYS -> [2004-09-30 21:34:30 | 00,074,240 | ---- | M] (Politecnico di Torino)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [2008-01-11 13:27:00 | 00,715,248 | ---- | M] ()
(VComm) Virtual Serial port driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\VComm.sys -> [2004-10-19 12:37:38 | 00,061,312 | ---- | M] (IVT Corporation)
(VcommMgr) Bluetooth VComm Manager Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\VcommMgr.sys -> [2005-03-25 16:18:48 | 00,082,148 | ---- | M] (IVT Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Page_Transitions" ->  -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Search\\"AutoSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx -> 
HKEY_CURRENT_USER\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" -> msn -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Hidde\Application Data\Mozilla\FireFox\Profiles\6fkjcs2w.default\prefs.js -> 
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
browser.startup.homepage -> "http://www.leetzone.co.uk/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
extensions.enabledItems -> {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
extensions.enabledItems -> {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1 ->
extensions.enabledItems -> {6E19037A-12E3-4295-8915-ED48BC341614}:1.3 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< HOSTS File > (22 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1  localhost
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2007-10-10 19:51:56 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> [2005-05-03 19:43:28 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"CanonMyPrinter" -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> [2007-04-03 17:50:00 | 01,603,152 | ---- | M] (CANON INC.)
"CanonSolutionMenu" -> %ProgramFiles%\Canon\SolutionMenu\CNSLMAIN.EXE [C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon] -> [2007-05-14 17:01:00 | 00,644,696 | ---- | M] (CANON INC.)
"HPDJ Taskbar Utility" -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb02.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe] -> [2001-03-20 15:03:08 | 00,192,512 | ---- | M] (HP)
"NBKeyScan" -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ["C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"] -> File not found
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008-10-07 13:33:00 | 13,574,144 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008-10-07 13:33:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2008-10-07 13:33:00 | 01,630,208 | ---- | M] ()
"PermissionResearch" -> %ProgramFiles%\PermissionResearch\prmrsr.exe [C:\Program Files\PermissionResearch\prmrsr.exe -boot] -> [2008-12-01 20:41:45 | 01,672,704 | ---- | M] (PermissionResearch)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008-05-27 09:50:30 | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> [2007-04-10 16:28:44 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> %SystemRoot%\SkyTel.exe [SkyTel.EXE] -> [2007-04-04 18:22:46 | 01,822,720 | R--- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2008-09-21 13:07:12 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"WinampAgent" -> %ProgramFiles%\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> File not found
"WireLessMouse" -> %ProgramFiles%\Driver for ZOLID Laser Mouse\StartAutorun.exe MouseDrv.exe [C:\Program Files\Driver for ZOLID Laser Mouse\StartAutorun.exe MouseDrv.exe] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ares" -> %ProgramFiles%\Ares\Ares.exe ["C:\Program Files\Ares\Ares.exe" -h] -> [2007-11-23 17:18:16 | 00,962,560 | ---- | M] (Ares Development Group)
"BitTorrent DNA" -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> [2008-12-16 15:37:45 | 00,342,848 | ---- | M] (BitTorrent, Inc.)
"DAEMON Tools Lite" -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe"] -> [2008-01-03 14:54:45 | 00,486,856 | ---- | M] (DT Soft Ltd)
"Gadwin PrintScreen" -> %ProgramFiles%\Gadwin Systems\PrintScreen\PrintScreen.exe [C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash] -> [2007-08-20 09:42:23 | 00,495,616 | ---- | M] (Gadwin Systems, Inc)
"Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\Hidde\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008-12-04 19:19:38 | 00,133,104 | ---- | M] (Google Inc.)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe ["C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020] -> File not found
"MsnMsgr" -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2008-09-09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation)
"Skype" -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2008-09-29 17:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.)
"Steam" -> %ProgramFiles%\Steam\Steam.exe ["c:\program files\steam\steam.exe" -silent] -> [2008-10-08 13:17:25 | 01,410,296 | ---- | M] (Valve Corporation)
"WhatPulse" -> %ProgramFiles%\WhatPulse\WhatPulse.exe [C:\Program Files\WhatPulse\WhatPulse.exe] -> [2006-08-21 18:48:46 | 00,665,600 | ---- | M] (WhatPulse.org)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\BlueSoleil.lnk -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> [2005-08-31 12:04:14 | 01,196,032 | ---- | M] (IVT Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\PalTalk.lnk -> %ProgramFiles%\Paltalk Messenger\paltalk.exe -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\Wireless Configuration Utility HW.32.lnk -> %SystemRoot%\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe -> [2007-12-18 20:36:51 | 00,040,960 | R--- | M] (InstallShield Software Corp.)
< Hidde Startup Folder > -> C:\Documents and Settings\Hidde\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\LimeWire On Startup.lnk -> %ProgramFiles%\LimeWire\LimeWire.exe -> [2005-03-09 20:49:38 | 00,081,920 | ---- | M] (Lime Wire, LLC)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [36] -> File not found
\\"ForceClassicControlPanel" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [FF FF FF FF  [binary data]] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}:Exec [HKLM] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [Button: PalTalk] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198007744070[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab[Java Plug-in 1.5.0_12] -> 
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1AAEDD7D-1F7A-497C-A623-2145F8C52AA6} ->    () -> 
{201C9FA4-8C65-49BA-B7A8-E97FBB6BDE47} ->    () -> 
{63A326B3-18D6-4DBB-A1E1-9F01AB659A9F} ->    (802.11g USB 2.0 Wireless LAN Adapter) -> 
{A70E7AC6-CA98-493B-97D8-955939EE188D} ->    () -> 
{C6A7A94A-BA75-401A-920D-1DB1E082722B} ->    (Sony Ericsson Device 116 USB Ethernet Emulation (NDIS 5)) -> 
{D070D55F-D17E-4169-A77E-25E56295A50A} ->    (802.11g USB 2.0 Wireless LAN Adapter) -> 
{E9DC5FDD-4E00-4F81-9C44-B21067D58F11} ->    (802.11g USB 2.0 Wireless LAN Adapter) -> 
{EEBD2AAE-81D1-4802-8DE3-33B659EB845D} ->    (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
jkkkigf ->  -> File not found
PermissionResearch -> %ProgramFiles%\PermissionResearch\prls.dll -> [2008-10-24 14:50:53 | 00,372,736 | ---- | M] (PermissionResearch)
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
explorer.exe -> %ProgramFiles%\Microsoft Common\wuauclt.exe [Debugger] -> [2008-08-31 18:51:42 | 00,033,280 | -H-- | M] ()
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004-08-04 02:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2008-09-09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Hidde\Local Settings\Temp\~os161.tmp\ossproxy.exe" -> C:\Documents and Settings\Hidde\Local Settings\Temp\~os161.tmp\ossproxy.exe [C:\Documents and Settings\Hidde\Local Settings\Temp\~os161.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\Documents and Settings\Hidde\Local Settings\Temp\~os57.tmp\ossproxy.exe" -> C:\Documents and Settings\Hidde\Local Settings\Temp\~os57.tmp\ossproxy.exe [C:\Documents and Settings\Hidde\Local Settings\Temp\~os57.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe" -> C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe [C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe:*:Enabled:sof3] -> [2007-11-07 22:39:36 | 00,061,440 | ---- | M] ()
"C:\Program Files\Ares\Ares.exe" -> C:\Program Files\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> [2007-11-23 17:18:16 | 00,962,560 | ---- | M] (Ares Development Group)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2008-09-27 00:44:20 | 00,634,672 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2007-07-24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2008-12-16 15:37:45 | 00,342,848 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" -> C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil] -> [2005-08-31 12:04:14 | 01,196,032 | ---- | M] (IVT Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2005-03-09 20:49:38 | 00,081,920 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> [2008-05-21 19:23:52 | 02,797,568 | ---- | M] (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2008-11-20 15:08:05 | 00,307,712 | ---- | M] (Mozilla Corporation)
"c:\program files\permissionresearch\prmrsr.exe" -> c:\Program Files\PermissionResearch\prmrsr.exe [c:\program files\permissionresearch\prmrsr.exe:*:Enabled:prmrsr.exe] -> [2008-12-01 20:41:45 | 01,672,704 | ---- | M] (PermissionResearch)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008-09-29 17:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" -> C:\Program Files\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" -> C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" -> C:\Program Files\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2008-09-09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> File not found
"C:\WINDOWS\Temp\~os1F9.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os1F9.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os1F9.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\WINDOWS\Temp\~os20.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os20.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os20.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
"C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> [2008-12-14 12:38:50 | 01,690,112 | ---- | M] (PermissionResearch)
"C:\WINDOWS\Temp\~os89.tmp\ossproxy.exe" -> C:\WINDOWS\Temp\~os89.tmp\ossproxy.exe [C:\WINDOWS\Temp\~os89.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004-08-04 02:07:00 | 00,049,536 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007-12-18 20:22:31 | 00,000,000 | ---- | M] ()
C:\autorun.inf [] -> %SystemDrive%\autorun.inf [ NTFS ] -> [2008-12-13 16:57:37 | 00,000,000 | RHSD | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\AutoRun
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Explore\command
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Explore\command\\"" -> F:\system.exe [F:\system.exe] -> File not found
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Open\command
\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Open\command\\"" -> F:\system.exe [F:\system.exe] -> File not found
\{c82ccc74-b274-11dd-a710-0040f4dcec58}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell
\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\1\Command
\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\1\Command\\"" -> F:\Recycled.exe [F:\Recycled.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\2\Command
\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\2\Command\\"" -> F:\Recycled.exe [F:\Recycled.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\AutoRun
\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
 
[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* -> File not found
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2005-05-27 00:22:01 | 00,010,752 | ---- | M] (Microsoft Corporation)
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
cmdfile [open] -> "%1" %* -> File not found
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
helpfile [open] -> winhlp32.exe %1 -> [2004-08-04 02:07:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> [2004-08-04 02:07:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
htafile [open] -> %SystemRoot%\system32\mshta.exe "%1" %* -> [2004-08-04 02:07:00 | 00,029,184 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007-04-19 13:07:38 | 00,061,280 | ---- | M] (Microsoft Corporation)
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> [2004-08-04 02:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> [2004-08-04 02:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2007-04-19 13:07:38 | 00,061,280 | ---- | M] (Microsoft Corporation)
http [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2008-11-20 15:08:05 | 00,307,712 | ---- | M] (Mozilla Corporation)
https [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2008-11-20 15:08:05 | 00,307,712 | ---- | M] (Mozilla Corporation)
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> [2004-08-04 02:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> File not found
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" -> [2004-08-04 02:07:00 | 00,146,432 | ---- | M] (Microsoft Corporation)
regfile [merge] -> Reg Error: Key does not exist or could not be opened.
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
scrfile [config] -> "%1" -> File not found
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2004-08-04 02:07:00 | 00,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> File not found
txtfile [edit] -> Reg Error: Key does not exist or could not be opened.
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004-08-04 02:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004-08-04 02:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> [2004-08-04 02:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> [2004-08-04 02:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
System [ Error ] 16-12-2008 17:43:22 Computer Name = NIKS-2EE130D9F7 | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15  minutes.  The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 16-12-2008 17:43:22 Computer Name = NIKS-2EE130D9F7 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more  time sources, however none of the sources are currently accessible.   No attempt to contact a source will be made for 14 minutes.  NtpClient has no source of accurate time. 
System [ Error ] 16-12-2008 17:43:22 Computer Name = NIKS-2EE130D9F7 | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15  minutes.  The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 16-12-2008 17:43:22 Computer Name = NIKS-2EE130D9F7 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more  time sources, however none of the sources are currently accessible.   No attempt to contact a source will be made for 14 minutes.  NtpClient has no source of accurate time. 
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:43:30 Computer Name = NIKS-2EE130D9F7 | Source = NetBT | ID = 4311 -> Description = Initialization failed because the driver device could not be created.
System [ Error ] 16-12-2008 17:44:19 Computer Name = NIKS-2EE130D9F7 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   Beep
 
[Files/Folders - Created Within 30 Days]
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008-12-16 23:13:19 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008-12-16 19:43:06 | 00,647,677 | ---- | C] ()
autorun.inf -> %SystemDrive%\autorun.inf -> [2008-12-13 16:57:37 | 00,000,000 | RHSD | C]
rsit -> %SystemDrive%\rsit -> [2008-12-10 16:19:34 | 00,000,000 | ---D | C]
wallpapermercskenk1.JPG -> %UserProfile%\My Documents\wallpapermercskenk1.JPG -> [2008-12-08 21:53:35 | 00,811,514 | ---- | C] ()
2n6yd1i.jpg -> %UserProfile%\My Documents\2n6yd1i.jpg -> [2008-12-08 21:51:32 | 00,631,616 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2008-12-07 22:29:34 | 00,000,000 | ---D | C]
Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk -> [2008-12-07 19:07:18 | 00,001,734 | ---- | C] ()
Hijackthis -> %ProgramFiles%\Hijackthis -> [2008-12-07 19:07:18 | 00,000,000 | ---D | C]
Microsoft Common -> %ProgramFiles%\Microsoft Common -> [2008-12-04 21:28:04 | 00,000,000 | ---D | C]
Advanced AVI Splitter -> %ProgramFiles%\Advanced AVI Splitter -> [2008-12-04 21:19:12 | 00,000,000 | ---D | C]
avisplit.exe -> %UserProfile%\Desktop\avisplit.exe -> [2008-12-04 21:18:51 | 00,731,711 | ---- | C] ()
ImTOO Software Studio -> %UserProfile%\My Documents\ImTOO Software Studio -> [2008-12-03 22:36:55 | 00,000,000 | ---D | C]
ImTOO Software Studio -> %AppData%\ImTOO Software Studio -> [2008-12-03 22:36:55 | 00,000,000 | ---D | C]
ImTOO Video to Audio Converter.lnk -> %UserProfile%\Desktop\ImTOO Video to Audio Converter.lnk -> [2008-12-03 22:36:31 | 00,001,747 | ---- | C] ()
ImTOO -> %ProgramFiles%\ImTOO -> [2008-12-03 22:36:15 | 00,000,000 | ---D | C]
r-mp3-converter.exe.download -> %UserProfile%\My Documents\r-mp3-converter.exe.download -> [2008-12-03 22:34:50 | 00,147,993 | ---- | C] ()
testbeeld2.gif -> %UserProfile%\My Documents\testbeeld2.gif -> [2008-12-03 19:31:10 | 00,018,742 | ---- | C] ()
BB2K__Gigi_Ravelli__009.mpg.mpeg -> %UserProfile%\Desktop\BB2K__Gigi_Ravelli__009.mpg.mpeg -> [2008-12-02 20:06:50 | 22,850,811 | ---- | C] ()
kaal lol.JPG -> %UserProfile%\My Documents\kaal lol.JPG -> [2008-12-01 15:29:50 | 01,276,595 | ---- | C] ()
DVD gedicht.doc -> %UserProfile%\My Documents\DVD gedicht.doc -> [2008-11-30 18:52:57 | 00,024,576 | ---- | C] ()
divx -> %SystemDrive%\divx -> [2008-11-28 13:22:45 | 00,000,000 | ---D | C]
Buy DivX for Windows.lnk -> %AllUsersProfile%\Desktop\Buy DivX for Windows.lnk -> [2008-11-28 13:21:20 | 00,001,122 | ---- | C] ()
DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [2008-11-28 13:21:05 | 00,000,806 | ---- | C] ()
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [2008-11-28 13:20:50 | 00,001,469 | ---- | C] ()
samson.JPG -> %UserProfile%\My Documents\samson.JPG -> [2008-11-27 22:46:50 | 00,192,016 | ---- | C] ()
LELA POV.wmv -> %UserProfile%\Desktop\LELA POV.wmv -> [2008-11-27 14:17:41 | 59,418,123 | ---- | C] ()
MFC71.dll -> %SystemRoot%\System32\MFC71.dll -> [2008-11-27 10:55:30 | 01,060,864 | ---- | C] (Microsoft Corporation)
RealMediaSplitter.ax -> %SystemRoot%\System32\RealMediaSplitter.ax -> [2008-11-27 10:55:30 | 00,421,888 | ---- | C] (Gabest)
pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> [2008-11-27 10:55:30 | 00,278,528 | ---- | C] (Real Networks, Inc)
Gedicht Dirk Jan.doc -> %UserProfile%\My Documents\Gedicht Dirk Jan.doc -> [2008-11-26 15:14:51 | 00,024,576 | ---- | C] ()
sint.doc -> %UserProfile%\My Documents\sint.doc -> [2008-11-26 14:41:18 | 00,414,720 | ---- | C] ()
don2.jpg -> %UserProfile%\My Documents\don2.jpg -> [2008-11-22 22:46:46 | 00,016,492 | ---- | C] ()
don3.jpg -> %UserProfile%\My Documents\don3.jpg -> [2008-11-22 22:40:37 | 00,011,107 | ---- | C] ()
50cent.jpg -> %UserProfile%\My Documents\50cent.jpg -> [2008-11-22 22:39:09 | 00,017,979 | ---- | C] ()
dl.php.jpg -> %UserProfile%\Desktop\dl.php.jpg -> [2008-11-22 18:36:57 | 00,092,281 | ---- | C] ()
donn-e1.JPG -> %UserProfile%\My Documents\donn-e1.JPG -> [2008-11-20 22:46:41 | 00,111,999 | ---- | C] ()
donn-e.JPG -> %UserProfile%\My Documents\donn-e.JPG -> [2008-11-20 22:45:31 | 00,058,718 | ---- | C] ()
1772607_5_4rYe.jpeg -> %UserProfile%\My Documents\1772607_5_4rYe.jpeg -> [2008-11-20 22:44:16 | 00,058,718 | ---- | C] ()
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [2008-11-19 18:34:08 | 00,000,236 | ---- | C] ()
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [2008-11-19 18:34:08 | 00,000,200 | ---- | C] ()
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [2008-11-17 17:08:47 | 00,000,236 | ---- | C] ()
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [2008-11-17 17:08:47 | 00,000,200 | ---- | C] ()
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [2008-11-17 14:28:46 | 00,000,236 | ---- | C] ()
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [2008-11-17 14:28:46 | 00,000,200 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2007-12-18 21:02:30 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008-12-16 20:51:19 | 00,012,818 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008-12-16 20:51:19 | 00,013,940 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2008-03-12 14:04:48 | 00,000,000 | ---D | M]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2008-03-12 21:16:34 | 00,008,206 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp -> [2008-12-16 23:12:57 | 00,000,000 | ---D | M]
11524.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\11524.exe -> [2007-12-20 15:12:35 | 03,208,192 | ---- | M] ()
9c29e5chp9e5c0.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\9c29e5chp9e5c0.exe -> [2008-08-31 17:51:12 | 00,000,000 | -H-- | M] ()
ADBEPHSPCS3_WWE.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\ADBEPHSPCS3_WWE.exe -> [2008-02-09 21:06:04 | 48,610,8144 | ---- | M] (Adobe Systems Incorporated)
CmdLineExtInstallerExe.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\CmdLineExtInstallerExe.exe -> [2008-06-20 10:38:18 | 00,375,992 | ---- | M] ()
gtb2k1033.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\gtb2k1033.exe -> [2007-04-12 06:35:16 | 00,559,784 | ---- | M] (Google)
ildownloader_install.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\ildownloader_install.exe -> [2008-06-19 08:29:28 | 01,775,121 | ---- | M] ()
Install_WLMessenger.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Install_WLMessenger.exe -> [2007-10-28 05:47:10 | 20,244,496 | ---- | M] (Microsoft Corporation)
jre-6u11-windows-i586-p-iftw_196cf524.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\jre-6u11-windows-i586-p-iftw_196cf524.exe -> [2008-11-26 04:49:07 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.)
mirc632.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mirc632.exe -> [2008-05-21 19:27:00 | 01,693,806 | ---- | M] (mIRC Co. Ltd.)
SPTDinst-x64.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\SPTDinst-x64.exe -> [2007-12-04 11:26:08 | 01,093,616 | ---- | M] (Duplex Secure Ltd.)
1342 C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Hidde\Local Settings\Temp\_ir_sf7_temp_0\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\_ir_sf7_temp_0 -> [2008-05-28 17:02:51 | 00,000,000 | ---D | M]
irsetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\_ir_sf7_temp_0\irsetup.exe -> [2008-05-28 17:02:24 | 00,473,600 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\{2AC2E76E-AC89-40A2-BB86-05A0829649E5}\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\{2AC2E76E-AC89-40A2-BB86-05A0829649E5} -> [2007-12-20 15:05:33 | 00,000,000 | ---D | M]
dotnetfx.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\{2AC2E76E-AC89-40A2-BB86-05A0829649E5}\dotnetfx.exe -> [2007-12-20 15:05:33 | 00,422,832 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe Reader 8\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe Reader 8 -> [2007-12-22 12:57:21 | 00,000,000 | ---D | M]
Setup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe Reader 8\Setup.exe -> [2007-05-11 09:50:42 | 00,304,784 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe_Downloads\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe_Downloads -> [2007-12-22 23:49:59 | 00,000,000 | ---D | M]
pase320_en_US.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe_Downloads\pase320_en_US.exe -> [2007-12-22 12:56:37 | 08,823,576 | ---- | M] (Adobe Systems, Inc.                                         )
C:\Documents and Settings\Hidde\Local Settings\Temp\bye6C.tmp\Disk1\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\bye6C.tmp\Disk1 -> [2008-01-15 22:18:11 | 00,000,000 | ---D | M]
setup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\bye6C.tmp\Disk1\setup.exe -> [2008-01-15 22:18:10 | 00,119,016 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\ -> [2007-12-20 15:06:41 | 00,000,000 | ---D | M]
install.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.exe -> [2005-09-23 07:01:16 | 00,609,472 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
UtherverseSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\UtherverseSetup.exe -> [2008-07-22 02:21:10 | 02,567,864 | ---- | M] (Utherverse Digital Inc                                                                                                                                                                                                                                                                                      )
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\bag\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\bag -> [2008-09-28 19:38:40 | 00,000,000 | ---D | M]
dxwebsetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\bag\dxwebsetup.exe -> [2008-03-05 01:38:07 | 00,287,240 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
msiexec.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msiexec.exe -> [2004-11-13 02:27:16 | 00,083,456 | ---- | M] (Microsoft Corporation)
msiinst.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msiinst.exe -> [2004-11-13 02:27:16 | 00,036,864 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\unicode\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\unicode -> [2008-09-28 19:38:40 | 00,000,000 | ---D | M]
update.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\unicode\update.exe -> [2005-11-02 04:08:45 | 02,003,176 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
Utherverse.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\Utherverse.exe -> [2008-07-19 02:17:28 | 02,012,480 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\625AF3E1\565D2D36\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\625AF3E1\565D2D36 -> [2008-09-28 19:38:40 | 00,000,000 | ---D | M]
UtherversePatcher.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\625AF3E1\565D2D36\UtherversePatcher.exe -> [2008-07-18 00:59:41 | 01,438,016 | ---- | M] (Utherverse Digital Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4 -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
artpschd.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\artpschd.exe -> [2007-01-13 07:50:00 | 00,427,624 | ---- | M] (Pocket Soft, Inc.)
cabarc.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\cabarc.exe -> [2007-01-13 07:50:00 | 00,114,688 | ---- | M] ()
chktrust.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\chktrust.exe -> [2007-01-13 07:50:00 | 00,012,560 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415 -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
SetupX.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\SetupX.exe -> [2007-12-07 17:29:27 | 02,553,128 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
NL2WriteThrough.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\NL2WriteThrough.exe -> [2007-12-07 17:29:27 | 00,218,408 | ---- | M] (NERO AG)
WindowsInstaller-KB884016-v2-x86.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\WindowsInstaller-KB884016-v2-x86.exe -> [2007-02-09 13:59:27 | 02,003,176 | ---- | M] (Microsoft Corporation)
wmfdist.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\wmfdist.exe -> [2002-12-11 20:11:50 | 04,085,904 | ---- | M] (Microsoft Corporation)
wmfdist95.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\wmfdist95.exe -> [2004-08-11 00:51:20 | 05,649,648 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
dxsetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\dxsetup.exe -> [2006-08-14 16:08:04 | 00,484,632 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
NeroDelTmp.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\NeroDelTmp.exe -> [2007-12-07 17:29:27 | 01,500,456 | ---- | M] (Nero AG)
UninstallNero.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\UninstallNero.exe -> [2007-12-07 17:29:27 | 01,647,912 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf17.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf17.tmp\ -> [2008-11-28 13:20:16 | 00,000,000 | ---D | M]
DivXInstaller.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf17.tmp\DivXInstaller.exe -> [2008-11-28 13:20:16 | 20,724,432 | ---- | M] (DivX, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf174.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf174.tmp\ -> [2008-12-04 19:19:37 | 00,000,000 | ---D | M]
ChromeSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf174.tmp\ChromeSetup.exe -> [2008-12-04 19:19:37 | 00,487,592 | ---- | M] (Google Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf1F1.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf1F1.tmp\ -> [2008-11-09 18:54:29 | 00,000,000 | ---D | M]
SkypeSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf1F1.tmp\SkypeSetup.exe -> [2008-11-09 18:54:29 | 22,380,328 | ---- | M] (Skype Technologies S.A.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf25.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf25.tmp\ -> [2008-09-21 13:00:25 | 00,000,000 | ---D | M]
RealPlayer11GOLD.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf25.tmp\RealPlayer11GOLD.exe -> [2008-09-21 13:00:25 | 00,353,840 | ---- | M] (RealNetworks, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf27B.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf27B.tmp\ -> [2008-12-03 22:33:06 | 00,000,000 | ---D | M]
alltomp3.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf27B.tmp\alltomp3.exe -> [2008-12-03 22:33:06 | 01,382,162 | ---- | M] (AimOneSoft.                                                 )
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf282.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf282.tmp\ -> [2008-12-03 22:36:05 | 00,000,000 | ---D | M]
video-to-audio-converter-standard.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf282.tmp\video-to-audio-converter-standard.exe -> [2008-12-03 22:36:05 | 16,258,443 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf299.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf299.tmp\ -> [2008-10-02 21:49:06 | 00,000,000 | ---D | M]
flstudio_8.0.2.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf299.tmp\flstudio_8.0.2.exe -> [2008-10-02 21:49:06 | 10,234,1937 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf35.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf35.tmp\ -> [2008-09-21 13:05:52 | 00,000,000 | ---D | M]
RealPlayer11GOLD.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf35.tmp\RealPlayer11GOLD.exe -> [2008-09-21 13:05:52 | 00,353,840 | ---- | M] (RealNetworks, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf36.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf36.tmp\ -> [2008-09-28 19:38:35 | 00,000,000 | ---D | M]
UtherverseSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf36.tmp\UtherverseSetup.exe -> [2008-09-28 19:38:35 | 10,017,176 | ---- | M] (Utherverse Digital Inc                                                                                                                                                                                                                                                                                      )
C:\Documents and Settings\Hidde\Local Settings\Temp\Saf48.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf48.tmp\ -> [2008-10-14 20:11:01 | 00,000,000 | ---D | M]
wr_installer_04082008.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Saf48.tmp\wr_installer_04082008.exe -> [2008-10-14 20:11:01 | 57,403,7317 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\SafA0.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\SafA0.tmp\ -> [2008-11-10 13:57:26 | 00,000,000 | ---D | M]
ConvertSetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\SafA0.tmp\ConvertSetup.exe -> [2008-11-10 13:57:26 | 00,798,244 | ---- | M] (Joshua F. Madison                                           )
C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Directory 1 for soldat142.zip\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Directory 1 for soldat142.zip\ -> [2007-12-19 20:42:32 | 00,000,000 | -H-D | M]
soldatsetup.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Directory 1 for soldat142.zip\soldatsetup.exe -> [2007-08-11 16:55:50 | 14,188,010 | ---- | M] (Michal Marcinkowski                                         )
C:\Documents and Settings\Hidde\Local Settings\Temp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp -> [2008-12-16 23:15:41 | 00,000,000 | ---D | M]
CmdLineExt.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\CmdLineExt.dll -> [2008-06-20 10:38:18 | 00,107,888 | ---- | M] (Sony DADC Austria AG.)
1342 C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Hidde\Local Settings\Temp\_PASFX269\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\_PASFX269 -> [2008-07-18 12:08:33 | 00,000,000 | ---D | M]
7Z.DLL -> C:\Documents and Settings\Hidde\Local Settings\Temp\_PASFX269\7Z.DLL -> [2008-07-18 12:05:39 | 00,076,288 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E} -> [2008-04-26 13:26:19 | 00,000,000 | ---D | M]
isrt.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\isrt.dll -> [2004-10-22 01:18:38 | 00,413,696 | ---- | M] (Macrovision Corporation)
_IsRes.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\_IsRes.dll -> [2004-10-22 02:50:56 | 00,380,928 | ---- | M] (Macrovision Corporation)
_ISUser.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\{9F3ACD90-76A0-4245-9D87-E52D93623DFE}\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\_ISUser.dll -> [2005-05-06 13:22:46 | 00,012,288 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374}\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374} -> [2008-05-05 15:20:40 | 00,000,000 | ---D | M]
ISRT.DLL -> C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374}\ISRT.DLL -> [2003-11-10 17:16:22 | 00,401,408 | ---- | M] (InstallShield Software Corporation)
_ISRES.DLL -> C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374}\_ISRES.DLL -> [2003-09-03 03:53:48 | 00,299,008 | ---- | M] (InstallShield Software Corporation)
_ISUSER.DLL -> C:\Documents and Settings\Hidde\Local Settings\Temp\{D0A05794-48C2-4424-A15A-9F20FCFDD374}\_ISUSER.DLL -> [2008-05-05 15:20:32 | 00,434,176 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\ -> [2007-12-20 15:06:41 | 00,000,000 | ---D | M]
install.res.1025.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1025.dll -> [2005-09-23 06:29:48 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1028.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1028.dll -> [2005-09-23 06:32:24 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1029.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1029.dll -> [2005-09-23 06:34:10 | 00,082,944 | ---- | M] (Microsoft Corporation)
install.res.1030.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1030.dll -> [2005-09-23 06:34:12 | 00,081,920 | ---- | M] (Microsoft Corporation)
install.res.1031.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1031.dll -> [2005-09-23 06:34:44 | 00,085,504 | ---- | M] (Microsoft Corporation)
install.res.1032.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1032.dll -> [2005-09-23 06:36:24 | 00,087,552 | ---- | M] (Microsoft Corporation)
install.res.1033.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1033.dll -> [2005-09-23 03:46:14 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1035.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1035.dll -> [2005-09-23 06:38:26 | 00,081,408 | ---- | M] (Microsoft Corporation)
install.res.1036.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1036.dll -> [2005-09-23 06:38:52 | 00,086,016 | ---- | M] (Microsoft Corporation)
install.res.1037.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1037.dll -> [2005-09-23 06:40:30 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1038.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1038.dll -> [2005-09-23 06:40:32 | 00,083,968 | ---- | M] (Microsoft Corporation)
install.res.1040.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1040.dll -> [2005-09-23 06:40:56 | 00,084,480 | ---- | M] (Microsoft Corporation)
install.res.1041.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1041.dll -> [2005-09-23 06:42:58 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1042.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1042.dll -> [2005-09-23 06:44:58 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1043.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1043.dll -> [2005-09-23 06:46:38 | 00,083,456 | ---- | M] (Microsoft Corporation)
install.res.1044.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1044.dll -> [2005-09-23 06:46:38 | 00,081,920 | ---- | M] (Microsoft Corporation)
install.res.1045.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1045.dll -> [2005-09-23 06:46:40 | 00,083,456 | ---- | M] (Microsoft Corporation)
install.res.1046.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1046.dll -> [2005-09-23 06:47:04 | 00,082,432 | ---- | M] (Microsoft Corporation)
install.res.1049.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1049.dll -> [2005-09-23 06:47:30 | 00,082,432 | ---- | M] (Microsoft Corporation)
install.res.1053.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1053.dll -> [2005-09-23 06:47:32 | 00,081,920 | ---- | M] (Microsoft Corporation)
install.res.1055.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.1055.dll -> [2005-09-23 06:47:32 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.2052.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.2052.dll -> [2005-09-23 06:30:18 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.2070.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.2070.dll -> [2005-09-23 06:47:06 | 00,084,480 | ---- | M] (Microsoft Corporation)
install.res.3076.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.3076.dll -> [2005-09-23 06:29:50 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.3082.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\install.res.3082.dll -> [2005-09-23 06:36:48 | 00,085,504 | ---- | M] (Microsoft Corporation)
mscoree.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\mscoree.dll -> [2005-09-23 04:30:40 | 00,270,848 | ---- | M] (Microsoft Corporation)
unicows.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\unicows.dll -> [2005-09-23 07:57:06 | 00,245,408 | R--- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup -> [2008-09-14 15:24:47 | 00,000,000 | ---D | M]
_shfoldr.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup\_shfoldr.dll -> [2008-09-14 15:24:47 | 00,023,312 | ---- | M] (Microsoft Corporation)
1 C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\is-EN3SJ.tmp\_isetup\*.tmp -> 
C:\Documents and Settings\Hidde\Local Settings\Temp\isp10C.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp10C.tmp\ -> [2008-02-27 15:26:36 | 00,000,000 | ---D | M]
_Setup.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp10C.tmp\_Setup.dll -> [2008-02-27 15:26:36 | 00,368,640 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\isp33B.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp33B.tmp\ -> [2008-04-26 13:26:17 | 00,000,000 | ---D | M]
_Setup.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp33B.tmp\_Setup.dll -> [2008-04-26 13:26:17 | 00,368,640 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\isp8.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp8.tmp\ -> [2007-12-24 17:41:22 | 00,000,000 | ---D | M]
_Setup.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp8.tmp\_Setup.dll -> [2007-12-24 17:41:22 | 00,368,640 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\isp90.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp90.tmp\ -> [2008-03-03 17:26:59 | 00,000,000 | ---D | M]
_Setup.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\isp90.tmp\_Setup.dll -> [2008-03-03 17:26:59 | 00,368,640 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\ -> [2008-09-28 19:38:41 | 00,000,000 | ---D | M]
mFileBagEXE.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\DirectXWebInstall\mFileBagIDE.dll\mFileBagEXE.dll -> [2008-07-06 01:52:55 | 00,097,280 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mFileBagIDE.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mFileBagIDE.dll\ -> [2008-09-28 19:38:41 | 00,000,000 | ---D | M]
mFileBagEXE.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mFileBagIDE.dll\mFileBagEXE.dll -> [2008-07-06 01:52:55 | 00,097,280 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mMSI.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mMSI.dll\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
mMSIExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftVisualCRuntime\mMSI.dll\mMSIExec.dll -> [2008-07-06 01:52:29 | 00,433,152 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
mWinRunExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\mWinRunExec.dll -> [2008-07-06 01:52:10 | 00,407,040 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
cabinet.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\cabinet.dll -> [2004-11-13 02:27:16 | 00,056,080 | ---- | M] (Microsoft Corporation)
imagehlp.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\imagehlp.dll -> [2004-11-13 02:27:16 | 00,106,013 | ---- | M] (Microsoft Corporation)
msi.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msi.dll -> [2004-11-13 02:27:16 | 01,927,680 | ---- | M] (Microsoft Corporation)
msihnd.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msihnd.dll -> [2004-11-13 02:27:16 | 00,297,472 | ---- | M] (Microsoft Corporation)
msimsg.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msimsg.dll -> [2004-11-13 02:27:16 | 00,847,872 | ---- | M] (Microsoft Corporation)
msisip.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msisip.dll -> [2004-11-13 02:27:17 | 00,040,448 | ---- | M] (Microsoft Corporation)
msls31.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msls31.dll -> [2004-11-13 02:27:17 | 00,167,936 | ---- | M] (Microsoft Corporation)
mspatcha.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\mspatcha.dll -> [2004-11-13 02:27:17 | 00,028,746 | ---- | M] (Microsoft Corporation)
riched20.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\riched20.dll -> [2004-11-13 02:27:17 | 00,431,133 | ---- | M] (Microsoft Corporation)
sdbapi.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\sdbapi.dll -> [2004-11-13 02:27:17 | 00,063,488 | ---- | M] (Microsoft Corporation)
shfolder.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\shfolder.dll -> [2004-11-13 02:27:17 | 00,021,021 | ---- | M] (Microsoft Corporation)
usp10.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\usp10.dll -> [2004-11-13 02:27:17 | 00,314,906 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mMSI.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mMSI.dll\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
mMSIExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mMSI.dll\mMSIExec.dll -> [2008-07-06 01:52:29 | 00,433,152 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mWinRun.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mWinRun.dll\ -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
mWinRunExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\mWinRun.dll\mWinRunExec.dll -> [2008-07-06 01:52:10 | 00,407,040 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
ATL80.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ATL80.dll -> [2007-10-08 22:28:02 | 00,096,256 | ---- | M] (Microsoft Corporation)
cshtpav5.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\cshtpav5.dll -> [2007-10-08 22:37:26 | 00,243,560 | ---- | M] (Catalyst Development Corporation)
d3dx9_35.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\d3dx9_35.dll -> [2007-07-20 03:14:42 | 03,727,720 | ---- | M] (Microsoft Corporation)
D3DX9_37.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\D3DX9_37.dll -> [2008-03-06 00:56:58 | 03,786,760 | ---- | M] (Microsoft Corporation)
granny2.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\granny2.dll -> [2007-10-08 22:39:08 | 00,516,608 | ---- | M] (RAD Game Tools, Inc.)
xmllite.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\xmllite.dll -> [2007-09-13 20:14:26 | 00,121,856 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4 -> [2008-09-28 19:38:42 | 00,000,000 | ---D | M]
artpclnt.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\artpclnt.dll -> [2007-01-13 07:50:00 | 00,116,328 | ---- | M] (Pocket Soft, Inc.)
patchw32.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\patchw32.dll -> [2007-01-13 07:50:00 | 00,215,144 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\mDown.dll\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\mDown.dll\ -> [2008-09-28 19:38:41 | 00,000,000 | ---D | M]
mDownExec.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\mia3B.tmp\data\Utherverse3DClient\mDown.dll\mDownExec.dll -> [2008-07-06 01:52:16 | 00,506,368 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.105_14415\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.105_14415 -> [2008-01-18 20:34:40 | 00,000,000 | ---D | M]
AdvrCntr3.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.105_14415\AdvrCntr3.dll -> [2007-12-13 22:25:30 | 03,429,672 | ---- | M] (Nero AG)
ShellManager3.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.105_14415\ShellManager3.dll -> [2007-12-13 22:25:38 | 01,262,888 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
InstGuru.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\InstGuru.dll -> [2007-12-07 17:29:24 | 00,120,112 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
DSETUP.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\DSETUP.dll -> [2006-08-14 16:08:04 | 00,074,520 | ---- | M] (Microsoft Corporation)
dsetup32.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Data\Redist\DirectX\dsetup32.dll -> [2006-08-14 16:08:04 | 02,248,984 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup -> [2008-01-18 20:32:37 | 00,000,000 | ---D | M]
NPS.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\NERO14415\Setup\NPS.dll -> [2007-12-07 17:29:27 | 04,871,464 | ---- | M] (Nero AG)
C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~0\RUP\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~0\RUP -> [2008-09-21 13:01:57 | 00,000,000 | ---D | M]
control.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~0\RUP\control.dll -> [2008-09-21 13:00:33 | 00,042,528 | ---- | M] (RealNetworks, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~1\RUP\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~1\RUP -> [2008-09-21 13:07:56 | 00,000,000 | ---D | M]
control.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\rninst~1\RUP\control.dll -> [2008-09-21 13:05:56 | 00,042,528 | ---- | M] (RealNetworks, Inc.)
C:\Documents and Settings\Hidde\Local Settings\Temp\WLZB335.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\WLZB335.tmp\ -> [2008-10-14 13:48:10 | 00,000,000 | ---D | M]
CddbLangNL.dll -> C:\Documents and Settings\Hidde\Local Settings\Temp\WLZB335.tmp\CddbLangNL.dll -> [2008-10-14 13:47:58 | 00,103,664 | ---- | M] (Gracenote)
C:\Documents and Settings\Hidde\Local Settings\Temp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp -> [2008-12-16 23:15:41 | 00,000,000 | ---D | M]
1GV37wTL.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\1GV37wTL.dat -> [2008-08-31 19:13:06 | 00,010,343 | ---- | M] ()
4FU61vSK.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\4FU61vSK.dat -> [2008-07-15 16:36:44 | 00,006,703 | ---- | M] ()
4QG61hEV.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\4QG61hEV.dat -> [2008-08-24 16:28:45 | 00,011,111 | ---- | M] ()
asmcache.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\asmcache.dat -> [2008-10-22 20:19:06 | 00,000,073 | ---- | M] ()
j17ynR36.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\j17ynR36.dat -> [2008-09-14 15:22:14 | 00,004,578 | ---- | M] ()
n74drV03.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\n74drV03.dat -> [2008-07-15 16:36:56 | 00,006,703 | ---- | M] ()
Perflib_Perfdata_124.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_124.dat -> [2008-11-01 15:10:53 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_468.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_468.dat -> [2008-06-28 09:25:49 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_520.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_520.dat -> [2008-06-29 09:29:56 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_740.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_740.dat -> [2008-10-15 19:06:10 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_810.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_810.dat -> [2008-06-28 09:25:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8fc.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_8fc.dat -> [2008-06-01 21:20:24 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_908.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_908.dat -> [2008-06-23 20:50:37 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_a84.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_a84.dat -> [2008-09-22 21:37:41 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_a98.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_a98.dat -> [2008-09-02 17:57:07 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_cc4.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_cc4.dat -> [2008-09-02 14:08:50 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_da4.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_da4.dat -> [2008-09-03 17:34:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_e84.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Perflib_Perfdata_e84.dat -> [2008-09-10 14:46:06 | 00,016,384 | ---- | M] ()
s17iwB36.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\s17iwB36.dat -> [2008-09-01 21:28:49 | 00,010,916 | ---- | M] ()
1342 C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Hidde\Local Settings\Temp\Cookies\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Cookies -> [2008-12-03 20:02:01 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Cookies\index.dat -> [2008-12-03 20:01:44 | 00,049,152 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\History\History.IE5\ -> [2008-11-03 13:12:04 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\History\History.IE5\index.dat -> [2008-12-03 20:01:44 | 00,262,144 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [2008-10-30 20:06:09 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008-12-03 20:38:34 | 00,294,912 | ---- | M] ()
C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua -> [2008-06-30 09:04:55 | 00,000,000 | ---D | M]
index.dat -> C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua\index.dat -> [2008-06-30 09:04:55 | 00,000,314 | ---- | M] ()
3 C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\Wtua\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008-12-16 22:43:34 | 00,000,000 | ---D | M]
5LIdLXv7.exe -> C:\WINDOWS\Temp\5LIdLXv7.exe -> [2008-08-31 11:12:14 | 00,031,232 | ---- | M] ()
hpfaicm.exe -> C:\WINDOWS\Temp\hpfaicm.exe -> [2001-03-20 15:02:23 | 00,036,864 | ---- | M] ()
hpfiui.exe -> C:\WINDOWS\Temp\hpfiui.exe -> [2001-03-20 15:02:22 | 00,335,872 | ---- | M] (Hewlett-Packard Co.)
hpfmicm.exe -> C:\WINDOWS\Temp\hpfmicm.exe -> [2001-03-20 15:02:23 | 00,036,864 | ---- | M] ()
qt1e5hTq.exe -> C:\WINDOWS\Temp\qt1e5hTq.exe -> [2008-08-24 18:28:55 | 00,031,232 | ---- | M] ()
136 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\~os6E.tmp\ -> C:\WINDOWS\Temp\~os6E.tmp\ -> [2008-12-14 12:38:50 | 00,000,000 | ---D | M]
ossproxy.exe -> C:\WINDOWS\Temp\~os6E.tmp\ossproxy.exe -> [2008-12-14 12:38:50 | 01,690,112 | ---- | M] (PermissionResearch)
OSSService.exe -> C:\WINDOWS\Temp\~os6E.tmp\OSSService.exe -> [2008-12-14 12:38:50 | 00,045,056 | ---- | M] (PermissionResearch)
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008-12-16 22:43:34 | 00,000,000 | ---D | M]
hpfinst.dll -> C:\WINDOWS\Temp\hpfinst.dll -> [2001-03-20 15:02:22 | 00,204,800 | ---- | M] (Hewlett-Packard Co.)
136 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\~os6E.tmp\ -> C:\WINDOWS\Temp\~os6E.tmp\ -> [2008-12-14 12:38:50 | 00,000,000 | ---D | M]
DOMPilot.dll -> C:\WINDOWS\Temp\~os6E.tmp\DOMPilot.dll -> [2008-12-14 12:38:49 | 00,217,088 | ---- | M] (PermissionResearch)
DOMPilot3.dll -> C:\WINDOWS\Temp\~os6E.tmp\DOMPilot3.dll -> [2008-12-14 12:38:49 | 00,110,592 | ---- | M] (PermissionResearch)
osmim.dll -> C:\WINDOWS\Temp\~os6E.tmp\osmim.dll -> [2008-12-14 12:38:49 | 00,372,736 | ---- | M] (PermissionResearch)
OssPdf.dll -> C:\WINDOWS\Temp\~os6E.tmp\OssPdf.dll -> [2008-12-14 12:38:49 | 00,708,608 | ---- | M] (PermissionResearch)
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008-12-16 22:43:34 | 00,000,000 | ---D | M]
1GV37wTL.dat -> C:\WINDOWS\Temp\1GV37wTL.dat -> [2008-08-31 18:00:38 | 00,010,343 | ---- | M] ()
4FU61vSK.dat -> C:\WINDOWS\Temp\4FU61vSK.dat -> [2008-07-23 11:01:46 | 00,006,009 | ---- | M] ()
4HW61xUM.dat -> C:\WINDOWS\Temp\4HW61xUM.dat -> [2008-08-20 16:00:20 | 00,009,143 | ---- | M] ()
4QG61hEV.dat -> C:\WINDOWS\Temp\4QG61hEV.dat -> [2008-08-26 16:04:57 | 00,010,487 | ---- | M] ()
asmcache.dat -> C:\WINDOWS\Temp\asmcache.dat -> [2008-12-14 12:38:50 | 00,000,100 | ---- | M] ()
g74vkO03.dat -> C:\WINDOWS\Temp\g74vkO03.dat -> [2008-08-27 15:00:35 | 00,010,919 | ---- | M] ()
j17ynR36.dat -> C:\WINDOWS\Temp\j17ynR36.dat -> [2008-09-14 12:16:07 | 00,004,578 | ---- | M] ()
KcrAO3ph.dat -> C:\WINDOWS\Temp\KcrAO3ph.dat -> [2008-08-28 15:00:53 | 00,016,721 | ---- | M] ()
n74drV03.dat -> C:\WINDOWS\Temp\n74drV03.dat -> [2008-07-16 19:13:00 | 00,007,942 | ---- | M] ()
o17esW36.dat -> C:\WINDOWS\Temp\o17esW36.dat -> [2008-08-16 18:00:11 | 00,008,433 | ---- | M] ()
Perflib_Perfdata_140.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_140.dat -> [2008-11-02 12:58:27 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_154.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_154.dat -> [2008-11-04 15:05:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_17a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_17a4.dat -> [2008-08-27 18:33:03 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1a4.dat -> [2008-12-08 17:02:00 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1ac.dat -> [2008-10-30 10:32:32 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1c8.dat -> [2008-12-10 17:18:16 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1d0.dat -> [2008-11-02 19:01:07 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1e4.dat -> [2008-12-06 17:34:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f0.dat -> [2008-11-23 17:36:48 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_1f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f8.dat -> [2008-11-17 17:05:29 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_208.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_208.dat -> [2008-11-14 18:49:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_22c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_22c.dat -> [2008-10-24 21:38:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_24c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_24c.dat -> [2008-10-31 15:43:32 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_25c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat -> [2008-10-30 15:13:47 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_26c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat -> [2008-12-06 13:07:29 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_298.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_298.dat -> [2008-12-14 12:50:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2ac.dat -> [2008-11-22 18:22:11 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2b0.dat -> [2008-11-25 16:23:46 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2cc.dat -> [2008-10-23 10:57:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2e0.dat -> [2008-11-17 14:51:06 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2e8.dat -> [2008-12-05 17:26:50 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2f8.dat -> [2008-11-05 14:29:38 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_308.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_308.dat -> [2008-11-01 14:03:25 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_314.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_314.dat -> [2008-11-17 21:42:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_334.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_334.dat -> [2008-11-18 20:54:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_34c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_34c.dat -> [2008-11-06 10:38:12 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_360.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_360.dat -> [2008-11-03 13:10:54 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_384.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_384.dat -> [2008-11-17 14:27:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_388.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_388.dat -> [2008-10-20 15:43:55 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_3b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3b8.dat -> [2008-12-05 15:06:35 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_41c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_41c.dat -> [2008-11-13 14:30:26 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_43c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_43c.dat -> [2008-12-13 16:02:17 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_440.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_440.dat -> [2008-11-21 15:49:12 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_474.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_474.dat -> [2008-11-23 13:03:00 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_480.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_480.dat -> [2008-12-06 17:44:00 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_488.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_488.dat -> [2008-11-05 23:04:26 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat -> [2008-12-06 13:09:44 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4c8.dat -> [2008-12-07 14:04:03 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4cc.dat -> [2008-11-13 19:22:41 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat -> [2008-11-25 22:50:48 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat -> [2008-11-03 21:35:24 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_4ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4ec.dat -> [2008-10-28 22:25:45 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_504.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_504.dat -> [2008-11-01 15:07:33 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_508.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_508.dat -> [2008-11-06 18:08:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_50c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat -> [2008-12-04 21:44:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_510.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_510.dat -> [2008-10-30 19:42:25 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_514.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_514.dat -> [2008-11-23 23:04:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_518.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_518.dat -> [2008-11-13 18:41:56 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_524.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_524.dat -> [2008-11-06 17:47:17 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_534.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_534.dat -> [2008-11-18 15:36:41 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_53c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat -> [2008-11-26 13:18:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_540.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_540.dat -> [2008-12-16 22:43:29 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_548.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_548.dat -> [2008-11-22 14:17:37 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_550.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_550.dat -> [2008-11-28 12:31:19 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_558.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_558.dat -> [2008-10-30 09:35:26 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_584.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_584.dat -> [2008-12-05 16:46:45 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_58c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat -> [2008-11-19 17:07:58 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_598.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_598.dat -> [2008-12-11 16:16:17 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat -> [2008-11-26 19:58:26 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat -> [2008-11-10 13:22:44 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat -> [2008-10-24 15:15:27 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat -> [2008-10-29 15:53:46 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat -> [2008-12-07 13:50:35 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat -> [2008-11-16 21:41:08 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_604.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_604.dat -> [2008-10-29 16:24:47 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_60c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat -> [2008-10-24 21:47:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_614.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_614.dat -> [2008-11-20 14:13:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_620.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_620.dat -> [2008-12-09 16:03:51 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_62c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat -> [2008-11-06 18:33:08 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_634.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_634.dat -> [2008-12-09 17:07:20 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_640.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_640.dat -> [2008-12-09 19:25:49 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_64c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat -> [2008-12-07 13:46:08 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_660.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_660.dat -> [2008-11-07 12:43:00 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat -> [2008-12-04 21:48:44 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6d0.dat -> [2008-12-16 15:37:10 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat -> [2008-12-15 15:20:34 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat -> [2008-11-27 13:53:03 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_714.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_714.dat -> [2008-11-05 14:31:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_72c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat -> [2008-09-22 21:25:39 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_734.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_734.dat -> [2008-12-01 10:36:15 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_77c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_77c.dat -> [2008-11-08 15:16:52 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_804.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_804.dat -> [2008-12-04 15:08:41 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8bc.dat -> [2008-11-24 18:36:30 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8c.dat -> [2008-11-09 12:43:54 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8c0.dat -> [2008-10-24 19:22:59 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_8d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8d0.dat -> [2008-09-05 18:39:35 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_978.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_978.dat -> [2008-10-22 22:49:06 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_998.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_998.dat -> [2008-10-26 11:48:53 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_abc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_abc.dat -> [2008-11-15 13:55:32 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_ae8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_ae8.dat -> [2008-11-16 12:58:42 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_aec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_aec.dat -> [2008-10-10 18:19:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_b3c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b3c.dat -> [2008-11-15 17:00:56 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_b54.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b54.dat -> [2008-11-11 12:47:09 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_b5c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b5c.dat -> [2008-11-12 20:15:44 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_b88.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b88.dat -> [2008-11-10 19:07:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bc.dat -> [2008-11-20 20:02:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_c1c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c1c.dat -> [2008-12-02 14:09:38 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_c38.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c38.dat -> [2008-11-14 17:23:39 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_cd4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_cd4.dat -> [2008-12-03 14:46:12 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_d4.dat -> [2008-12-07 14:01:35 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_e74.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_e74.dat -> [2008-09-05 15:22:02 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_fe8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_fe8.dat -> [2008-10-22 20:19:03 | 00,016,384 | ---- | M] ()
RjyHV3wo.dat -> C:\WINDOWS\Temp\RjyHV3wo.dat -> [2008-08-23 00:00:22 | 00,010,947 | ---- | M] ()
s17iwB36.dat -> C:\WINDOWS\Temp\s17iwB36.dat -> [2008-09-09 12:00:59 | 00,010,489 | ---- | M] ()
136 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [2008-01-11 13:30:29 | 00,000,000 | --SD | M]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2008-11-20 22:30:59 | 00,016,384 | ---- | M] ()
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [2008-01-11 13:30:29 | 00,000,000 | --SD | M]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2008-11-20 22:30:59 | 00,032,768 | ---- | M] ()
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [2008-11-03 22:06:01 | 00,000,000 | --SD | M]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008-11-20 22:32:04 | 00,081,920 | ---- | M] ()
Wireless Configuration Utility HW.32.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Wireless Configuration Utility HW.32.lnk -> [2008-12-16 22:43:56 | 00,002,657 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2008-12-16 22:43:47 | 00,194,987 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008-12-16 22:43:17 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008-12-16 22:43:05 | 00,002,048 | --S- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008-12-16 19:43:06 | 00,647,677 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008-12-16 15:36:47 | 00,002,206 | ---- | M] ()
At38.job -> %SystemRoot%\tasks\At38.job -> [2008-12-15 15:20:22 | 00,000,350 | ---- | M] ()
At39.job -> %SystemRoot%\tasks\At39.job -> [2008-12-14 14:00:23 | 00,000,350 | ---- | M] ()
At15.job -> %SystemRoot%\tasks\At15.job -> [2008-12-14 14:00:00 | 00,000,350 | ---- | M] ()
At14.job -> %SystemRoot%\tasks\At14.job -> [2008-12-14 13:00:00 | 00,000,350 | ---- | M] ()
At37.job -> %SystemRoot%\tasks\At37.job -> [2008-12-13 16:02:13 | 00,000,350 | ---- | M] ()
At13.job -> %SystemRoot%\tasks\At13.job -> [2008-12-13 12:00:00 | 00,000,350 | ---- | M] ()
At42.job -> %SystemRoot%\tasks\At42.job -> [2008-12-13 11:30:33 | 00,000,350 | ---- | M] ()
At18.job -> %SystemRoot%\tasks\At18.job -> [2008-12-11 17:00:00 | 00,000,350 | ---- | M] ()
At46.job -> %SystemRoot%\tasks\At46.job -> [2008-12-11 16:14:06 | 00,000,350 | ---- | M] ()
At22.job -> %SystemRoot%\tasks\At22.job -> [2008-12-10 21:00:00 | 00,000,350 | ---- | M] ()
At43.job -> %SystemRoot%\tasks\At43.job -> [2008-12-09 16:03:44 | 00,000,350 | ---- | M] ()
wallpapermercskenk1.JPG -> %UserProfile%\My Documents\wallpapermercskenk1.JPG -> [2008-12-08 21:53:36 | 00,811,514 | ---- | M] ()
2n6yd1i.jpg -> %UserProfile%\My Documents\2n6yd1i.jpg -> [2008-12-08 21:51:32 | 00,631,616 | ---- | M] ()
At19.job -> %SystemRoot%\tasks\At19.job -> [2008-12-08 18:00:00 | 00,000,350 | ---- | M] ()
Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk -> [2008-12-07 22:29:34 | 00,001,734 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008-12-04 21:34:22 | 00,017,920 | ---- | M] ()
avisplit.exe -> %UserProfile%\Desktop\avisplit.exe -> [2008-12-04 21:18:54 | 00,731,711 | ---- | M] ()
At45.job -> %SystemRoot%\tasks\At45.job -> [2008-12-04 20:01:01 | 00,000,350 | ---- | M] ()
At21.job -> %SystemRoot%\tasks\At21.job -> [2008-12-04 20:00:00 | 00,000,350 | ---- | M] ()
At44.job -> %SystemRoot%\tasks\At44.job -> [2008-12-04 19:00:47 | 00,000,350 | ---- | M] ()
At20.job -> %SystemRoot%\tasks\At20.job -> [2008-12-04 19:00:00 | 00,000,350 | ---- | M] ()
At41.job -> %SystemRoot%\tasks\At41.job -> [2008-12-04 16:00:42 | 00,000,350 | ---- | M] ()
At17.job -> %SystemRoot%\tasks\At17.job -> [2008-12-04 16:00:00 | 00,000,350 | ---- | M] ()
At48.job -> %SystemRoot%\tasks\At48.job -> [2008-12-03 23:00:40 | 00,000,350 | ---- | M] ()
At24.job -> %SystemRoot%\tasks\At24.job -> [2008-12-03 23:00:00 | 00,000,350 | ---- | M] ()
ImTOO Video to Audio Converter.lnk -> %UserProfile%\Desktop\ImTOO Video to Audio Converter.lnk -> [2008-12-03 22:36:31 | 00,001,747 | ---- | M] ()
r-mp3-converter.exe.download -> %UserProfile%\My Documents\r-mp3-converter.exe.download -> [2008-12-03 22:35:00 | 00,147,993 | ---- | M] ()
At47.job -> %SystemRoot%\tasks\At47.job -> [2008-12-03 22:00:36 | 00,000,350 | ---- | M] ()
At23.job -> %SystemRoot%\tasks\At23.job -> [2008-12-03 22:00:00 | 00,000,350 | ---- | M] ()
testbeeld2.gif -> %UserProfile%\My Documents\testbeeld2.gif -> [2008-12-03 19:31:10 | 00,018,742 | ---- | M] ()
At40.job -> %SystemRoot%\tasks\At40.job -> [2008-12-03 15:03:19 | 00,000,350 | ---- | M] ()
At16.job -> %SystemRoot%\tasks\At16.job -> [2008-12-03 15:00:00 | 00,000,350 | ---- | M] ()
BB2K__Gigi_Ravelli__009.mpg.mpeg -> %UserProfile%\Desktop\BB2K__Gigi_Ravelli__009.mpg.mpeg -> [2008-12-02 20:20:53 | 22,850,811 | ---- | M] ()
DVD gedicht.doc -> %UserProfile%\My Documents\DVD gedicht.doc -> [2008-12-02 20:11:43 | 00,024,576 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008-12-01 22:06:00 | 00,000,284 | ---- | M] ()
kaal lol.JPG -> %UserProfile%\My Documents\kaal lol.JPG -> [2008-12-01 15:35:43 | 01,276,595 | ---- | M] ()
At36.job -> %SystemRoot%\tasks\At36.job -> [2008-12-01 11:00:38 | 00,000,350 | ---- | M] ()
At12.job -> %SystemRoot%\tasks\At12.job -> [2008-12-01 11:00:00 | 00,000,350 | ---- | M] ()
At26.job -> %SystemRoot%\tasks\At26.job -> [2008-11-30 01:00:40 | 00,000,350 | ---- | M] ()
At2.job -> %SystemRoot%\tasks\At2.job -> [2008-11-30 01:00:00 | 00,000,350 | ---- | M] ()
At1.job -> %SystemRoot%\tasks\At1.job -> [2008-11-30 00:51:00 | 00,000,350 | ---- | M] ()
At25.job -> %SystemRoot%\tasks\At25.job -> [2008-11-30 00:22:28 | 00,000,350 | ---- | M] ()
Buy DivX for Windows.lnk -> %AllUsersProfile%\Desktop\Buy DivX for Windows.lnk -> [2008-11-28 13:21:21 | 00,001,122 | ---- | M] ()
DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [2008-11-28 13:21:05 | 00,000,806 | ---- | M] ()
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [2008-11-28 13:20:50 | 00,001,469 | ---- | M] ()
samson.JPG -> %UserProfile%\My Documents\samson.JPG -> [2008-11-27 22:46:50 | 00,192,016 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008-11-27 19:11:55 | 01,550,792 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008-11-27 19:10:15 | 00,001,393 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008-11-27 19:09:49 | 00,000,660 | ---- | M] ()
MFC71.dll -> %SystemRoot%\System32\MFC71.dll -> [2008-11-27 10:55:30 | 01,060,864 | ---- | M] (Microsoft Corporation)
RealMediaSplitter.ax -> %SystemRoot%\System32\RealMediaSplitter.ax -> [2008-11-27 10:55:30 | 00,421,888 | ---- | M] (Gabest)
pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> [2008-11-27 10:55:30 | 00,278,528 | ---- | M] (Real Networks, Inc)
Gedicht Dirk Jan.doc -> %UserProfile%\My Documents\Gedicht Dirk Jan.doc -> [2008-11-26 15:14:51 | 00,024,576 | ---- | M] ()
sint.doc -> %UserProfile%\My Documents\sint.doc -> [2008-11-26 14:41:18 | 00,414,720 | ---- | M] ()
don2.jpg -> %UserProfile%\My Documents\don2.jpg -> [2008-11-22 22:46:46 | 00,016,492 | ---- | M] ()
don3.jpg -> %UserProfile%\My Documents\don3.jpg -> [2008-11-22 22:40:37 | 00,011,107 | ---- | M] ()
50cent.jpg -> %UserProfile%\My Documents\50cent.jpg -> [2008-11-22 22:39:09 | 00,017,979 | ---- | M] ()
dl.php.jpg -> %UserProfile%\Desktop\dl.php.jpg -> [2008-11-22 18:36:57 | 00,092,281 | ---- | M] ()
donn-e1.JPG -> %UserProfile%\My Documents\donn-e1.JPG -> [2008-11-20 22:46:41 | 00,111,999 | ---- | M] ()
donn-e.JPG -> %UserProfile%\My Documents\donn-e.JPG -> [2008-11-20 22:45:31 | 00,058,718 | ---- | M] ()
1772607_5_4rYe.jpeg -> %UserProfile%\My Documents\1772607_5_4rYe.jpeg -> [2008-11-20 22:44:16 | 00,058,718 | ---- | M] ()
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [2008-11-19 18:34:08 | 00,000,236 | ---- | M] ()
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [2008-11-19 18:34:08 | 00,000,200 | ---- | M] ()
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [2008-11-17 17:08:47 | 00,000,236 | ---- | M] ()
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [2008-11-17 17:08:47 | 00,000,200 | ---- | M] ()
brastk.exe -> %SystemRoot%\brastk.exe -> [2008-11-17 15:14:54 | 00,009,728 | ---- | M] ()
karna.dat -> %SystemRoot%\System32\karna.dat -> [2008-11-17 15:14:54 | 00,006,144 | ---- | M] ()
karna.dat -> %SystemRoot%\karna.dat -> [2008-11-17 15:14:54 | 00,006,144 | ---- | M] ()
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [2008-11-17 14:28:46 | 00,000,236 | ---- | M] ()
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [2008-11-17 14:28:46 | 00,000,200 | ---- | M] ()
[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008-11-09 18:54:40 | 00,000,000 | RH-D | M]
Bluetooth -> C:\Documents and Settings\All Users\Application Data\Bluetooth -> [2008-08-01 18:31:25 | 00,000,000 | ---D | M]
CanonBJ -> C:\Documents and Settings\All Users\Application Data\CanonBJ -> [2008-10-15 17:55:17 | 00,000,000 | -H-D | M]
CanonIJPLM -> C:\Documents and Settings\All Users\Application Data\CanonIJPLM -> [2008-10-15 18:10:35 | 00,000,000 | ---D | M]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2008-07-18 12:52:49 | 00,000,000 | ---D | M]
Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2008-06-19 13:01:13 | 00,000,000 | ---D | M]
Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! -> [2008-01-02 18:17:51 | 00,000,000 | ---D | M]
SwiftKit -> C:\Documents and Settings\All Users\Application Data\SwiftKit -> [2008-06-22 15:12:06 | 00,000,000 | ---D | M]
SwiftSwitch -> C:\Documents and Settings\All Users\Application Data\SwiftSwitch -> [2008-01-13 18:58:30 | 00,000,000 | ---D | M]
Teleca -> C:\Documents and Settings\All Users\Application Data\Teleca -> [2008-10-14 18:24:48 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008-12-03 22:33:47 | 00,000,000 | ---D | M]
WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2007-12-24 22:24:25 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Hidde\Application Data -> [2008-12-03 22:36:55 | 00,000,000 | RH-D | M]
Atari -> C:\Documents and Settings\Hidde\Application Data\Atari -> [2008-05-16 17:09:06 | 00,000,000 | ---D | M]
AVG7 -> C:\Documents and Settings\Hidde\Application Data\AVG7 -> [2008-06-19 12:32:48 | 00,000,000 | ---D | M]
BitTorrent -> C:\Documents and Settings\Hidde\Application Data\BitTorrent -> [2008-10-14 20:21:52 | 00,000,000 | ---D | M]
Canon -> C:\Documents and Settings\Hidde\Application Data\Canon -> [2008-10-15 19:47:43 | 00,000,000 | ---D | M]
DAEMON Tools -> C:\Documents and Settings\Hidde\Application Data\DAEMON Tools -> [2008-01-12 18:01:14 | 00,000,000 | ---D | M]
DNA -> C:\Documents and Settings\Hidde\Application Data\DNA -> [2008-12-16 23:13:54 | 00,000,000 | ---D | M]
dvdcss -> C:\Documents and Settings\Hidde\Application Data\dvdcss -> [2008-10-22 15:16:45 | 00,000,000 | ---D | M]
Hamachi -> C:\Documents and Settings\Hidde\Application Data\Hamachi -> [2008-03-30 12:07:56 | 00,000,000 | ---D | M]
ImTOO Software Studio -> C:\Documents and Settings\Hidde\Application Data\ImTOO Software Studio -> [2008-12-03 22:36:55 | 00,000,000 | ---D | M]
Leadertech -> C:\Documents and Settings\Hidde\Application Data\Leadertech -> [2008-01-18 19:58:28 | 00,000,000 | ---D | M]
mIRC -> C:\Documents and Settings\Hidde\Application Data\mIRC -> [2008-12-03 14:51:27 | 00,000,000 | ---D | M]
Nexon -> C:\Documents and Settings\Hidde\Application Data\Nexon -> [2007-12-19 12:04:33 | 00,000,000 | ---D | M]
Paltalk -> C:\Documents and Settings\Hidde\Application Data\Paltalk -> [2008-09-30 16:17:53 | 00,000,000 | ---D | M]
Soldat -> C:\Documents and Settings\Hidde\Application Data\Soldat -> [2007-12-19 20:43:42 | 00,000,000 | ---D | M]
SoundSpectrum -> C:\Documents and Settings\Hidde\Application Data\SoundSpectrum -> [2008-07-08 15:33:14 | 00,000,000 | ---D | M]
SPORE Creature Creator -> C:\Documents and Settings\Hidde\Application Data\SPORE Creature Creator -> [2008-11-14 18:23:57 | 00,000,000 | ---D | M]
Subversion -> C:\Documents and Settings\Hidde\Application Data\Subversion -> [2008-08-24 17:16:32 | 00,000,000 | ---D | M]
SystemRequirementsLab -> C:\Documents and Settings\Hidde\Application Data\SystemRequirementsLab -> [2008-11-11 13:59:28 | 00,000,000 | ---D | M]
teamspeak2 -> C:\Documents and Settings\Hidde\Application Data\teamspeak2 -> [2008-01-30 15:47:22 | 00,000,000 | ---D | M]
TeamViewer -> C:\Documents and Settings\Hidde\Application Data\TeamViewer -> [2008-04-24 14:56:21 | 00,000,000 | ---D | M]
TortoiseSVN -> C:\Documents and Settings\Hidde\Application Data\TortoiseSVN -> [2008-08-24 17:21:21 | 00,000,000 | ---D | M]
Turbine -> C:\Documents and Settings\Hidde\Application Data\Turbine -> [2008-10-18 14:38:07 | 00,000,000 | ---D | M]
vghd -> C:\Documents and Settings\Hidde\Application Data\vghd -> [2008-08-15 23:40:00 | 00,000,000 | ---D | M]
WNR -> C:\Documents and Settings\Hidde\Application Data\WNR -> [2008-05-15 22:14:11 | 00,000,000 | ---D | M]
Xfire -> C:\Documents and Settings\Hidde\Application Data\Xfire -> [2007-12-20 14:54:40 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008-12-04 19:19:51 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008-12-01 22:06:00 | 00,000,284 | ---- | M] ()
At1.job -> C:\WINDOWS\Tasks\At1.job -> [2008-11-30 00:51:00 | 00,000,350 | ---- | M] ()
At10.job -> C:\WINDOWS\Tasks\At10.job -> [2008-10-03 08:00:00 | 00,000,350 | ---- | M] ()
At11.job -> C:\WINDOWS\Tasks\At11.job -> [2008-10-30 10:00:00 | 00,000,350 | ---- | M] ()
At12.job -> C:\WINDOWS\Tasks\At12.job -> [2008-12-01 11:00:00 | 00,000,350 | ---- | M] ()
At13.job -> C:\WINDOWS\Tasks\At13.job -> [2008-12-13 12:00:00 | 00,000,350 | ---- | M] ()
At14.job -> C:\WINDOWS\Tasks\At14.job -> [2008-12-14 13:00:00 | 00,000,350 | ---- | M] ()
At15.job -> C:\WINDOWS\Tasks\At15.job -> [2008-12-14 14:00:00 | 00,000,350 | ---- | M] ()
At16.job -> C:\WINDOWS\Tasks\At16.job -> [2008-12-03 15:00:00 | 00,000,350 | ---- | M] ()
At17.job -> C:\WINDOWS\Tasks\At17.job -> [2008-12-04 16:00:00 | 00,000,350 | ---- | M] ()
At18.job -> C:\WINDOWS\Tasks\At18.job -> [2008-12-11 17:00:00 | 00,000,350 | ---- | M] ()
At19.job -> C:\WINDOWS\Tasks\At19.job -> [2008-12-08 18:00:00 | 00,000,350 | ---- | M] ()
At2.job -> C:\WINDOWS\Tasks\At2.job -> [2008-11-30 01:00:00 | 00,000,350 | ---- | M] ()
At20.job -> C:\WINDOWS\Tasks\At20.job -> [2008-12-04 19:00:00 | 00,000,350 | ---- | M] ()
At21.job -> C:\WINDOWS\Tasks\At21.job -> [2008-12-04 20:00:00 | 00,000,350 | ---- | M] ()
At22.job -> C:\WINDOWS\Tasks\At22.job -> [2008-12-10 21:00:00 | 00,000,350 | ---- | M] ()
At23.job -> C:\WINDOWS\Tasks\At23.job -> [2008-12-03 22:00:00 | 00,000,350 | ---- | M] ()
At24.job -> C:\WINDOWS\Tasks\At24.job -> [2008-12-03 23:00:00 | 00,000,350 | ---- | M] ()
At25.job -> C:\WINDOWS\Tasks\At25.job -> [2008-11-30 00:22:28 | 00,000,350 | ---- | M] ()
At26.job -> C:\WINDOWS\Tasks\At26.job -> [2008-11-30 01:00:40 | 00,000,350 | ---- | M] ()
At27.job -> C:\WINDOWS\Tasks\At27.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At28.job -> C:\WINDOWS\Tasks\At28.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At29.job -> C:\WINDOWS\Tasks\At29.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At3.job -> C:\WINDOWS\Tasks\At3.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At30.job -> C:\WINDOWS\Tasks\At30.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At31.job -> C:\WINDOWS\Tasks\At31.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At32.job -> C:\WINDOWS\Tasks\At32.job -> [2008-07-15 16:36:32 | 00,000,350 | ---- | M] ()
At33.job -> C:\WINDOWS\Tasks\At33.job -> [2008-09-15 17:57:18 | 00,000,350 | ---- | M] ()
At34.job -> C:\WINDOWS\Tasks\At34.job -> [2008-10-03 10:25:20 | 00,000,350 | ---- | M] ()
At35.job -> C:\WINDOWS\Tasks\At35.job -> [2008-10-30 10:03:33 | 00,000,350 | ---- | M] ()
At36.job -> C:\WINDOWS\Tasks\At36.job -> [2008-12-01 11:00:38 | 00,000,350 | ---- | M] ()
At37.job -> C:\WINDOWS\Tasks\At37.job -> [2008-12-13 16:02:13 | 00,000,350 | ---- | M] ()
At38.job -> C:\WINDOWS\Tasks\At38.job -> [2008-12-15 15:20:22 | 00,000,350 | ---- | M] ()
At39.job -> C:\WINDOWS\Tasks\At39.job -> [2008-12-14 14:00:23 | 00,000,350 | ---- | M] ()
At4.job -> C:\WINDOWS\Tasks\At4.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At40.job -> C:\WINDOWS\Tasks\At40.job -> [2008-12-03 15:03:19 | 00,000,350 | ---- | M] ()
At41.job -> C:\WINDOWS\Tasks\At41.job -> [2008-12-04 16:00:42 | 00,000,350 | ---- | M] ()
At42.job -> C:\WINDOWS\Tasks\At42.job -> [2008-12-13 11:30:33 | 00,000,350 | ---- | M] ()
At43.job -> C:\WINDOWS\Tasks\At43.job -> [2008-12-09 16:03:44 | 00,000,350 | ---- | M] ()
At44.job -> C:\WINDOWS\Tasks\At44.job -> [2008-12-04 19:00:47 | 00,000,350 | ---- | M] ()
At45.job -> C:\WINDOWS\Tasks\At45.job -> [2008-12-04 20:01:01 | 00,000,350 | ---- | M] ()
At46.job -> C:\WINDOWS\Tasks\At46.job -> [2008-12-11 16:14:06 | 00,000,350 | ---- | M] ()
At47.job -> C:\WINDOWS\Tasks\At47.job -> [2008-12-03 22:00:36 | 00,000,350 | ---- | M] ()
At48.job -> C:\WINDOWS\Tasks\At48.job -> [2008-12-03 23:00:40 | 00,000,350 | ---- | M] ()
At5.job -> C:\WINDOWS\Tasks\At5.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At6.job -> C:\WINDOWS\Tasks\At6.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At7.job -> C:\WINDOWS\Tasks\At7.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At8.job -> C:\WINDOWS\Tasks\At8.job -> [2008-07-15 16:23:47 | 00,000,350 | ---- | M] ()
At9.job -> C:\WINDOWS\Tasks\At9.job -> [2008-09-15 07:00:00 | 00,000,350 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004-08-04 02:07:00 | 00,000,065 | RH-- | M] ()
GoogleUpdateTaskUser.job -> C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job -> [2008-12-13 11:49:08 | 00,001,196 | ---- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008-12-16 22:43:17 | 00,000,006 | -H-- | M] ()
[File - Signature Check]
< Cached Copy > -> < OS Copy > -> < MD5's >
C:\WINDOWS\system32\dllcache\explorer.exe [2007-06-13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2007-06-13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -> Cached Copy = 97BD6515465659FF8F3B7BE375B2EA87 \ OS Copy = 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\system32\dllcache\csrss.exe [2004-08-04 02:07:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2004-08-04 02:07:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = F12B178B1678D778CFD3FF1FC38C71FB \ OS Copy = F12B178B1678D778CFD3FF1FC38C71FB
C:\WINDOWS\system32\dllcache\lsass.exe [2004-08-04 02:07:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2004-08-04 02:07:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = 84885F9B82F4D55C6146EBF6065D75D2 \ OS Copy = 84885F9B82F4D55C6146EBF6065D75D2
C:\WINDOWS\system32\dllcache\rundll32.exe [2004-08-04 02:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2004-08-04 02:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = DA285490BBD8A1D0CE6623577D5BA1FF \ OS Copy = DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\system32\dllcache\services.exe [2004-08-04 02:07:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2004-08-04 02:07:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -> Cached Copy = C6CE6EEC82F187615D1002BB3BB50ED4 \ OS Copy = C6CE6EEC82F187615D1002BB3BB50ED4
C:\WINDOWS\system32\dllcache\smss.exe [2004-08-04 02:07:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2004-08-04 02:07:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = BD7FB0957C716F1A60333AEE04DE2178 \ OS Copy = BD7FB0957C716F1A60333AEE04DE2178
C:\WINDOWS\system32\dllcache\spoolsv.exe [2005-06-11 00:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2005-06-11 00:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = DA81EC57ACD4CDC3D4C51CF3D409AF9F \ OS Copy = DA81EC57ACD4CDC3D4C51CF3D409AF9F
C:\WINDOWS\system32\dllcache\svchost.exe [2004-08-04 02:07:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 8F078AE4ED187AAABC0A305146DE6716 \ OS Copy = 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\dllcache\taskmgr.exe [2004-08-04 02:07:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2004-08-04 02:07:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = FC160ACE21C81837692B339D230DD4BE \ OS Copy = FC160ACE21C81837692B339D230DD4BE
C:\WINDOWS\system32\dllcache\userinit.exe [2004-08-04 02:07:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2004-08-04 02:07:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -> Cached Copy = 39B1FFB03C2296323832ACBAE50D2AFF \ OS Copy = 39B1FFB03C2296323832ACBAE50D2AFF
C:\WINDOWS\system32\dllcache\winlogon.exe [2004-08-04 02:07:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2004-08-04 02:07:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -> Cached Copy = 01C3346C241652F43AED8E2149881BFE \ OS Copy = 01C3346C241652F43AED8E2149881BFE
 
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ab,3a,57,eb,bd,3d,b2,f8,2b,02,f2,bf,ff,86,4d,5b,c4,34,dc,18,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,7f,71,de,24,56,62,a2,73,31,a0,ea,21,e3,70,5f,c1,..
"khjeh"=hex:8c,3e,eb,cf,f8,dc,10,a0,bd,0c,e3,4b,70,b5,52,88,f8,c2,9b,be,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:92,8a,6d,b4,71,a5,d9,7d,c2,7d,6b,bc,04,c9,ad,e6,73,ce,43,4f,77,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a3,79,1e,fe,9e,bf,81,b7,73,8e,10,fa,36,13,e1,11,22,4e,68,e9,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:7a,52,56,8e,31,0a,a2,24,be,a0,8a,f7,c6,4a,26,3b,51,52,69,2f,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:49,1a,35,06,0c,db,dc,9b,7b,6b,c3,eb,8c,89,ec,11,25,46,1e,ac,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ab,3a,57,eb,bd,3d,b2,f8,2b,02,f2,bf,ff,86,4d,5b,c4,34,dc,18,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,7f,71,de,24,56,62,a2,73,31,a0,ea,21,e3,70,5f,c1,..
"khjeh"=hex:8c,3e,eb,cf,f8,dc,10,a0,bd,0c,e3,4b,70,b5,52,88,f8,c2,9b,be,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2f,f2,39,48,7a,45,99,18,3f,63,97,a8,61,88,31,44,48,01,a7,3b,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a3,79,1e,fe,9e,bf,81,b7,73,8e,10,fa,36,13,e1,11,22,4e,68,e9,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:7a,52,56,8e,31,0a,a2,24,be,a0,8a,f7,c6,4a,26,3b,51,52,69,2f,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:49,1a,35,06,0c,db,dc,9b,7b,6b,c3,eb,8c,89,ec,11,25,46,1e,ac,fd,..
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT 6144 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:3553E6B8 100 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D 120 bytes
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\arjan_demann@hotmail.com\DFSR\Staging\CS{6C1AD96D-3E0B-9B3B-EA0C-9E3AADD8FC39}\01\125-{6C1AD96D-3E0B-9B3B-EA0C-9E3AADD8FC39}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v125-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\ingevdhelm@hotmail.com\DFSR\Staging\CS{C93B56D6-3D12-B6D9-EB71-9A7AD94CDBE4}\01\130-{C93B56D6-3D12-B6D9-EB71-9A7AD94CDBE4}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v130-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\01\23-{28E03C34-841E-120A-5E84-FA74DE0B891D}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\20\120-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v120-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 912 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\20\120-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v120-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\75\75-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v75-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v75-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\80\80-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v80-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v80-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 750 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\80\80-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v80-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v80-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\87\87-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v87-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 786 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\87\87-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v87-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\98\98-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v98-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 678 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\lucasriechert@hotmail.com\DFSR\Staging\CS{28E03C34-841E-120A-5E84-FA74DE0B891D}\98\98-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v98-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\martinettema1991@hotmail.com\DFSR\Staging\CS{F58C7B51-33E2-7782-1AAF-74D95C6F3883}\01\126-{F58C7B51-33E2-7782-1AAF-74D95C6F3883}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v126-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\maxje1992@hotmail.com\DFSR\Staging\CS{16D6FC1E-0EB0-AE2D-B686-9E30927A5025}\01\19-{16D6FC1E-0EB0-AE2D-B686-9E30927A5025}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\nathan_the_best_5@hotmail.com\DFSR\Staging\CS{527C254C-0824-262C-0F5A-092E29CA9465}\01\20-{527C254C-0824-262C-0F5A-092E29CA9465}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\nathan_the_best_5@hotmail.com\DFSR\Staging\CS{527C254C-0824-262C-0F5A-092E29CA9465}\12\20-{54C55ADF-0819-42A5-9461-5ED06EFE3E0E}-v12-{54C55ADF-0819-42A5-9461-5ED06EFE3E0E}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\nathan_the_best_5@hotmail.com\DFSR\Staging\CS{527C254C-0824-262C-0F5A-092E29CA9465}\15\23-{54C55ADF-0819-42A5-9461-5ED06EFE3E0E}-v15-{54C55ADF-0819-42A5-9461-5ED06EFE3E0E}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1240 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\nielsettema1995@hotmail.com\DFSR\Staging\CS{7800B3F3-27FE-DAA1-7934-CBAB58402DE4}\01\10-{7800B3F3-27FE-DAA1-7934-CBAB58402DE4}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\rollerblader_gangstah@hotmail.com\DFSR\Staging\CS{328DE71C-05A3-18BA-CCC6-52C9ED48EDBB}\01\127-{328DE71C-05A3-18BA-CCC6-52C9ED48EDBB}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\01\12-{E45C1060-78BE-CACF-0A79-48D7B3216658}-v1-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\13\13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2730 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\13\13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 228 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\13\13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v14-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 642 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v14-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1830 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 192 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\14\14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\15\15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10560 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\15\15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 750 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\15\15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\16\16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4512 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\16\16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 372 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\16\16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\17\17-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v17-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1254 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\17\17-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v17-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\18\18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7050 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\18\18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 480 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\18\18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2312 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\19\19-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v19-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 768 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\19\19-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v19-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\21\21-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v21-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 660 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\21\21-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v21-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1008 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\22\22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 37596 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\22\22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2658 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\22\22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4184 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\24\24-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v24-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 768 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\24\24-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v24-{2E65FB82-D918-4069-A5AE-E8CE7DE047CD}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\36\136-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v136-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 192 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\36\136-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v136-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\38\138-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v138-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1668 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\38\138-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v138-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 192 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\41\141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17454 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\41\141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1236 bytes hidden from API
C:\Documents and Settings\Hidde\Local Settings\Application Data\Microsoft\Messenger\hidde_romkes@hotmail.com\SharingMetadata\timnowak1@hotmail.com\DFSR\Staging\CS{E45C1060-78BE-CACF-0A79-48D7B3216658}\41\141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-{90697A95-EE25-4BAD-AB3D-6F7E6DFC1AEB}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1944 bytes hidden from API
scan completed successfully
hidden files: 365
 
[Alternate Data Streams]
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:C980DA7D
@Alternate Data Stream - 100 bytes -> %AllUsersProfile%\Application Data\TEMP:3553E6B8
< End of report >


Did the file that deletes itself too.
Coño
Active Member
 
Posts: 12
Joined: December 7th, 2008, 2:37 pm

Re: I would like to get some help with my pc problems.

Unread postby Odd dude » December 17th, 2008, 11:23 am

Well, I've run a blacklight scan again, and again, I can't find the log. :l It found 1 hidden file, that was something like reboot mode or something.

This might be very bad news.

The log is located at C:\fsbl-xxxx-xxxx.txt where x's are numbers.

If you still can't find it we will run a different program:

GMER
Do not touch the computer while GMER is running! If you do, it'll go completely unresponsive and you'll have to shut it down using the power switch. Just don't touch the PC while GMER is working.
Please download gmer.zip by GMER and save it to your desktop.

  • Right click the file you just downloaded and choose Extract all
  • Click Next
  • Click Browse
  • Click the + next to My Computer
  • Click Local Disk (C:)
  • Click Make new folder
  • Enter GMER
  • Click OK, then Next
  • Check Show extracted files and click Finish
  • Double click on GMER.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the GMER scan log and post it in your next reply.
  • Close GMER.

Backup the registry
  1. Download ERUNT to your desktop from HERE
  2. Double-click on the file to install the program
  3. Uncheck the NTREGOPT desktop shortcut option
  4. Click No when you get the option to run ERUNT at Windows startup.
  5. During the installation, check Launch ERUNT
  6. Accept the defaults for running a backup
  7. ERUNT will then back up your registry

Open OTScanIt, copy and paste the following under Paste fix here, then click Run fix:
Code: Select all
[Registry - Safe List]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\AutoRun -> 
YN -> \{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> \{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Explore\command -> 
YN -> \{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Explore\command\\"" -> F:\system.exe [F:\system.exe]
YN -> \{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Open\command -> 
YN -> \{73a895fe-b6ce-11dc-a4ac-0040f4dcee7b}\Shell\Open\command\\"" -> F:\system.exe [F:\system.exe]
YN -> \{c82ccc74-b274-11dd-a710-0040f4dcec58} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell -> 
YN -> \{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\1\Command -> 
YN -> \{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\1\Command\\"" -> F:\Recycled.exe [F:\Recycled.exe]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\2\Command -> 
YN -> \{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\2\Command\\"" -> F:\Recycled.exe [F:\Recycled.exe]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\AutoRun -> 
YN -> \{c82ccc74-b274-11dd-a710-0040f4dcec58}\Shell\AutoRun\\"" -> [Auto&Play]
[Files/Folders - Modified Within 30 Days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> C:\Documents and Settings\Hidde\Local Settings\Temp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp
NY -> 11524.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\11524.exe
NY -> 9c29e5chp9e5c0.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\9c29e5chp9e5c0.exe
NY -> gtb2k1033.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\gtb2k1033.exe
NY -> ildownloader_install.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\ildownloader_install.exe
NY -> 1342 C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Hidde\Local Settings\Temp\*.tmp
NY -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe_Downloads\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe_Downloads
NY -> pase320_en_US.exe -> C:\Documents and Settings\Hidde\Local Settings\Temp\Adobe_Downloads\pase320_en_US.exe
NY -> C:\Documents and Settings\Hidde\Local Settings\Temp\bye6C.tmp\Disk1\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\bye6C.tmp\Disk1
NY -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\ -> C:\Documents and Settings\Hidde\Local Settings\Temp\IS1C.tmp\
NY -> 136 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY -> At38.job -> %SystemRoot%\tasks\At38.job
NY -> At39.job -> %SystemRoot%\tasks\At39.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At37.job -> %SystemRoot%\tasks\At37.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At42.job -> %SystemRoot%\tasks\At42.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At46.job -> %SystemRoot%\tasks\At46.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At43.job -> %SystemRoot%\tasks\At43.job
NY -> At45.job -> %SystemRoot%\tasks\At45.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At44.job -> %SystemRoot%\tasks\At44.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At41.job -> %SystemRoot%\tasks\At41.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At48.job -> %SystemRoot%\tasks\At48.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At47.job -> %SystemRoot%\tasks\At47.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At40.job -> %SystemRoot%\tasks\At40.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At36.job -> %SystemRoot%\tasks\At36.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At26.job -> %SystemRoot%\tasks\At26.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At25.job -> %SystemRoot%\tasks\At25.job
NY -> brastk.exe -> %SystemRoot%\brastk.exe
NY -> karna.dat -> %SystemRoot%\System32\karna.dat
NY -> karna.dat -> %SystemRoot%\karna.dat
[File - Lop Check]
NY -> At11.job -> C:\WINDOWS\Tasks\At11.job
NY -> At12.job -> C:\WINDOWS\Tasks\At12.job
NY -> At13.job -> C:\WINDOWS\Tasks\At13.job
NY -> At14.job -> C:\WINDOWS\Tasks\At14.job
NY -> At15.job -> C:\WINDOWS\Tasks\At15.job
NY -> At16.job -> C:\WINDOWS\Tasks\At16.job
NY -> At17.job -> C:\WINDOWS\Tasks\At17.job
NY -> At18.job -> C:\WINDOWS\Tasks\At18.job
NY -> At19.job -> C:\WINDOWS\Tasks\At19.job
NY -> At2.job -> C:\WINDOWS\Tasks\At2.job
NY -> At20.job -> C:\WINDOWS\Tasks\At20.job
NY -> At21.job -> C:\WINDOWS\Tasks\At21.job
NY -> At22.job -> C:\WINDOWS\Tasks\At22.job
NY -> At23.job -> C:\WINDOWS\Tasks\At23.job
NY -> At24.job -> C:\WINDOWS\Tasks\At24.job
NY -> At25.job -> C:\WINDOWS\Tasks\At25.job
NY -> At26.job -> C:\WINDOWS\Tasks\At26.job
NY -> At27.job -> C:\WINDOWS\Tasks\At27.job
NY -> At28.job -> C:\WINDOWS\Tasks\At28.job
NY -> At29.job -> C:\WINDOWS\Tasks\At29.job
NY -> At3.job -> C:\WINDOWS\Tasks\At3.job
NY -> At30.job -> C:\WINDOWS\Tasks\At30.job
NY -> At31.job -> C:\WINDOWS\Tasks\At31.job
NY -> At32.job -> C:\WINDOWS\Tasks\At32.job
NY -> At33.job -> C:\WINDOWS\Tasks\At33.job
NY -> At34.job -> C:\WINDOWS\Tasks\At34.job
NY -> At35.job -> C:\WINDOWS\Tasks\At35.job
NY -> At36.job -> C:\WINDOWS\Tasks\At36.job
NY -> At37.job -> C:\WINDOWS\Tasks\At37.job
NY -> At38.job -> C:\WINDOWS\Tasks\At38.job
NY -> At39.job -> C:\WINDOWS\Tasks\At39.job
NY -> At4.job -> C:\WINDOWS\Tasks\At4.job
NY -> At40.job -> C:\WINDOWS\Tasks\At40.job
NY -> At41.job -> C:\WINDOWS\Tasks\At41.job
NY -> At42.job -> C:\WINDOWS\Tasks\At42.job
NY -> At43.job -> C:\WINDOWS\Tasks\At43.job
NY -> At44.job -> C:\WINDOWS\Tasks\At44.job
NY -> At45.job -> C:\WINDOWS\Tasks\At45.job
NY -> At46.job -> C:\WINDOWS\Tasks\At46.job
NY -> At47.job -> C:\WINDOWS\Tasks\At47.job
NY -> At48.job -> C:\WINDOWS\Tasks\At48.job
NY -> At5.job -> C:\WINDOWS\Tasks\At5.job
NY -> At6.job -> C:\WINDOWS\Tasks\At6.job
NY -> At7.job -> C:\WINDOWS\Tasks\At7.job
NY -> At8.job -> C:\WINDOWS\Tasks\At8.job
NY -> At9.job -> C:\WINDOWS\Tasks\At9.job
NY -> At1.job -> C:\WINDOWS\Tasks\At1.job
[CatchMe Rootkit Scan by GMER]
NY -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT 6144 bytes -> 
[Registry - Safe List]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
NY -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019]


Open hijackthis, put a check next to this and click fix checked with all open windows closed:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

ATF-Cleaner
Download ATF-Cleaner by Atribune to your desktop.
Start the program and place a check next to the following items:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Java Cache
  • Recycle Bin
Now click Empty Selected and click OK.

If you use FireFox, click the FireFox tab and place a check Select All. Click Empty Selected and answer No at the prompt.
If you use Opera, click the Opera tab and place a check Select All. Click Empty Selected and answer No at the prompt.

Kaspersky Online Scan
I would like you to run an online antivirus scan.

Please click HERE to be taken to the Kaspersky site.

  • The site will present you with a list of important items. Read those. If you're unsure about something, stop and ask! If you're sure everything is all right, close all other windows.
  • Now, click Accept.
  • It will start a download rougly 10 MB in size. If prompted by your firewall to allow internet access, allow.
  • Once the download has finished, click Next.
  • Under Please select a target to scan, choose My Computer
  • Get a cup of coffee and watch some TV. Do not run any other programs while Kaspersky is scanning! If you're on dial-up, you can now terminate the internet connection if you wish.
  • Once finished, you will be presented with the results. Click Save as text and save the log to your desktop.

Post the results in your next reply.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I would like to get some help with my pc problems.

Unread postby Coño » December 17th, 2008, 3:04 pm

Why is it bad news? :o

En if I try to download GMER it says :l


Not Found

The requested URL /suspended.page/ was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at whmadm.fuzzy.lunarbreeze.com Port 80
Coño
Active Member
 
Posts: 12
Joined: December 7th, 2008, 2:37 pm

Re: I would like to get some help with my pc problems.

Unread postby Odd dude » December 18th, 2008, 9:36 am

It is bad news because it means you might be infected with a rootkit.
Long story short - if you are infected with a rootkit Windows is now lying to you regarding what files and registry entries are present on your computer.

GMER has been hacked but it's accessible at this link: www2.gmer.net
Click download GMER from there.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I would like to get some help with my pc problems.

Unread postby Odd dude » December 21st, 2008, 11:57 am

Do you still need help?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I would like to get some help with my pc problems.

Unread postby Coño » December 21st, 2008, 4:43 pm

Odd dude wrote:Do you still need help?


Yes I do, but I've been busy last few days and every time I tried do do the GMER scan I got blue screen. Will post later the logs.
Coño
Active Member
 
Posts: 12
Joined: December 7th, 2008, 2:37 pm

Re: I would like to get some help with my pc problems.

Unread postby Odd dude » December 21st, 2008, 5:15 pm

Okie, no worries :)

If GMER continues to give a BSOD please inform me. I still have one more tool in the bag.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I would like to get some help with my pc problems.

Unread postby Odd dude » December 24th, 2008, 2:54 pm

Hi Coño
Just a heads up: if you do not reply within two days I will have to close this topic.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I would like to get some help with my pc problems.

Unread postby Coño » December 25th, 2008, 9:45 am

Not on my pc much lately, will add them up.
Coño
Active Member
 
Posts: 12
Joined: December 7th, 2008, 2:37 pm

Re: I would like to get some help with my pc problems.

Unread postby Shaba » December 29th, 2008, 9:00 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware