hi gringo
Please note that i ran combofix first, then winpfind3u and finally fsblHere is the combofix log:ComboFix 08-01-07.4 - B h a r a t 2008-01-07 6:17:46.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.84 [GMT -8:00]
Running from: C:\Documents and Settings\B h a r a t\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\B h a r a t\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\autorun.inf
C:\n1deiect.com
C:\nideiect.com
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo1.dll
F:\autorun.inf
F:\n1deiect.com
F:\nideiect.com
.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.
2008-01-07 06:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 13:09 . 2008-01-06 13:09 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-01-05 23:32 . 2008-01-05 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-05 23:32 . 2008-01-05 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-05 23:31 . 2008-01-05 23:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 02:12 . 2008-01-05 02:12 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-01-05 02:12 . 2004-05-11 08:14 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-01-05 02:12 . 2006-05-11 18:32 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-01-05 02:12 . 2006-12-12 14:15 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2008-01-05 02:12 . 2006-11-12 13:44 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-05 02:12 . 2005-11-10 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-01-05 02:12 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-01-05 02:12 . 2004-01-03 00:08 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-01-05 02:12 . 2004-01-03 00:08 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-01-05 02:12 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-01-05 02:12 . 2005-07-11 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-01-05 01:45 . 2008-01-05 01:45 <DIR> d-------- C:\Program Files\eRightSoft
2008-01-04 23:37 . 2008-01-04 23:37 <DIR> d-------- C:\Program Files\Broadcom
2008-01-04 23:37 . 2006-11-21 04:25 45,568 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2008-01-04 03:13 . 2008-01-04 03:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 05:35 . 2007-12-28 05:35 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\PrevxCSI
2007-12-28 05:35 . 2007-12-28 05:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-26 04:48 . 2007-12-26 04:48 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Nokia Multimedia Player
2007-12-25 09:53 . 2007-12-25 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-25 09:52 . 2007-12-25 09:53 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-24 13:13 . 2007-12-24 13:14 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-23 13:40 . 2008-01-07 02:10 <DIR> d-------- C:\Documents and Settings\B h a r a t\Shared
2007-12-23 13:40 . 2008-01-07 06:19 <DIR> d-------- C:\Documents and Settings\B h a r a t\Incomplete
2007-12-23 13:39 . 2007-12-23 13:39 <DIR> d-------- C:\Program Files\LimeWire
2007-12-23 13:39 . 2008-01-04 23:51 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\LimeWire
2007-12-22 01:48 . 2007-12-22 01:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-22 01:46 . 2008-01-06 05:10 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Nokia
2007-12-22 01:46 . 2007-12-22 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Nokia
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-22 01:45 . 2007-12-22 08:12 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\PC Suite
2007-12-22 01:45 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-22 01:45 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-22 01:45 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-22 01:45 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-22 01:45 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-22 01:45 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-22 01:44 . 2007-12-22 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-12-21 03:25 . 2007-12-21 03:26 <DIR> d-------- C:\TALLYNL
2007-12-20 02:34 . 2007-12-20 02:34 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Camfrog
2007-12-20 02:32 . 2007-12-20 02:44 <DIR> d-------- C:\Program Files\Camfrog
2007-12-19 14:12 . 2007-12-19 14:12 <DIR> d-------- C:\WINDOWS\Sun
2007-12-19 04:08 . 2008-01-07 00:05 <DIR> d-------- C:\Program Files\WebcamMax
2007-12-19 03:17 . 2007-12-29 03:54 230,424 --a------ C:\DC6810xp-001.raw
2007-12-18 05:31 . 2007-12-18 05:31 <DIR> d-------- C:\Program Files\LeechGet 2007
2007-12-16 04:58 . 2007-12-16 04:58 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-16 01:48 . 2008-01-07 04:50 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-16 00:28 . 2007-12-16 00:28 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-16 00:28 . 2007-12-16 00:28 <DIR> d-------- C:\Program Files\Ahead
2007-12-16 00:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-16 00:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-16 00:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-16 00:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-16 00:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-16 00:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-16 00:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-16 00:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-14 14:15 . 2004-08-03 10:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-14 14:14 . 2006-09-16 03:02 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-14 03:01 . 2007-12-14 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-13 12:40 . 2007-12-13 12:48 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-13 10:15 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-13 10:14 . 2007-12-13 10:15 <DIR> d-------- C:\Program Files\Java
2007-12-13 08:46 . 2007-12-13 08:46 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-12 08:51 . 2007-07-12 15:31 765,952 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-12-12 04:48 . 2007-12-12 04:48 <DIR> d--hs---- C:\INCINERATE
2007-12-12 04:44 . 2007-12-14 22:35 <DIR> d-------- C:\Program Files\iolo
2007-12-12 04:44 . 2007-12-12 04:44 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-11 12:10 . 2007-12-14 14:15 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-11 09:56 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-11 09:56 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-11 09:56 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-11 08:51 . 2008-01-07 01:37 89 --a------ C:\WINDOWS\cdplayer.ini
2007-12-11 08:49 . 2007-12-11 08:49 <DIR> d-------- C:\Program Files\Real
2007-12-11 08:49 . 2007-12-11 08:49 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-11 08:49 . 2007-12-11 08:49 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-11 07:03 . 2007-12-11 07:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-10 22:51 . 2007-03-30 19:58 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-10 10:30 . 2007-12-10 10:30 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-10 07:50 . 2007-12-11 06:28 <DIR> d-------- C:\Program Files\Windows Live
2007-12-10 07:50 . 2007-12-10 10:20 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-10 07:49 . 2007-12-11 06:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-10 06:14 . 2007-12-10 06:16 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2007-12-10 06:08 . 2007-12-17 23:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-10 05:44 . 2007-12-10 05:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 05:07 . 2005-07-04 16:03 1,650,688 --a------ C:\WINDOWS\system32\qdiagdwc.ocx
2007-12-10 05:07 . 2005-02-09 13:08 7,168 --a------ C:\WINDOWS\system32\DLPT64.sys
2007-12-10 05:07 . 2005-02-08 13:04 5,632 --a------ C:\WINDOWS\system32\GPCIEn64.sys
2007-12-10 05:07 . 2005-02-08 15:46 5,120 --a------ C:\WINDOWS\system32\GTKCMO64.sys
2007-12-10 05:07 . 2005-02-07 19:07 4,608 --a------ C:\WINDOWS\system32\DDMI64.sys
2007-12-10 04:43 . 2007-12-10 04:43 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2007-12-10 04:43 . 2006-04-26 14:59 217,185 --a------ C:\WINDOWS\system32\GTDownDE_130.ocx
2007-12-10 04:42 . 2007-12-10 04:42 <DIR> d-------- C:\Program Files\Dell Support
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 13:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-10 08:48 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-10 08:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-10 08:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 08:41 --------- d-----w C:\Program Files\Microsoft PowerToys
2007-12-10 08:41 --------- d-----w C:\Program Files\HashTab Shell Extension
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 17:20 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-31 03:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 03:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 19:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\TALLYNL ----
2008-01-06 21:52 7811 --a------ C:\TALLYNL\TALLY.SAV
2008-01-06 21:52 0 --a------ C:\TALLYNL\DATA\3210\Exclusv.TSM
2008-01-06 21:49 0 --a------ C:\TALLYNL\DATA\
0010\Exclusv.TSM
2007-12-27 10:21 0 --a------ C:\TALLYNL\DATA\
0005\Exclusv.TSM
2007-12-27 10:20 9216 --a------ C:\TALLYNL\DATA\
0005\Manager.500
2007-12-27 10:20 7040 --a------ C:\TALLYNL\DATA\
0005\Tr01294.500
2007-12-27 10:20 128 --a------ C:\TALLYNL\DATA\
0005\TrnTNos.500
2007-12-27 10:20 128 --a------ C:\TALLYNL\DATA\
0005\TrnRefs.500
2007-12-27 10:20 128 --a------ C:\TALLYNL\DATA\
0005\TrnOrds.500
2007-12-27 10:20 128 --a------ C:\TALLYNL\DATA\
0005\TrnLots.500
2007-12-27 10:20 1152 --a------ C:\TALLYNL\DATA\
0005\Company.500
2007-12-27 10:20 1152 --a------ C:\TALLYNL\DATA\
0005\CmpSave.500
2007-12-27 10:02 9600 --a------ C:\TALLYNL\DATA\
0005\Tr01292.500
2007-12-27 10:02 8576 --a------ C:\TALLYNL\DATA\
0005\Tr01293.500
2007-12-27 10:02 12800 --a------ C:\TALLYNL\DATA\
0005\Tr01291.500
2007-12-27 10:02 128 --a------ C:\TALLYNL\DATA\
0005\MsgRead.TSM
2007-12-26 10:23 91264 --a------ C:\TALLYNL\DATA\
0003\Tr01284.500
2007-12-26 10:23 81280 --a------ C:\TALLYNL\DATA\
0003\Tr01292.500
2007-12-26 10:23 76544 --a------ C:\TALLYNL\DATA\
0003\Tr01286.500
2007-12-26 10:23 75776 --a------ C:\TALLYNL\DATA\
0003\Tr01289.500
2007-12-26 10:23 70144 --a------ C:\TALLYNL\DATA\
0003\Tr01287.500
2007-12-26 10:23 55808 --a------ C:\TALLYNL\DATA\
0003\Tr01290.500
2007-12-26 10:23 512 --a------ C:\TALLYNL\DATA\
0003\Tr01295.500
2007-12-26 10:23 51072 --a------ C:\TALLYNL\DATA\
0003\Tr01293.500
2007-12-26 10:23 47360 --a------ C:\TALLYNL\DATA\
0003\Tr01291.500
2007-12-26 10:23 44288 --a------ C:\TALLYNL\DATA\
0003\Tr01294.500
2007-12-26 10:23 431616 --a------ C:\TALLYNL\DATA\
0003\TrnLots.500
2007-12-26 10:23 392064 --a------ C:\TALLYNL\DATA\
0003\Manager.500
2007-12-26 10:23 128 --a------ C:\TALLYNL\DATA\
0003\TrnTNos.500
2007-12-26 10:23 128 --a------ C:\TALLYNL\DATA\
0003\TrnRefs.500
2007-12-26 10:23 128 --a------ C:\TALLYNL\DATA\
0003\TrnOrds.500
2007-12-26 10:23 128 --a------ C:\TALLYNL\DATA\
0003\MsgRead.TSM
2007-12-26 10:23 116352 --a------ C:\TALLYNL\DATA\
0003\Tr01285.500
2007-12-26 10:23 115968 --a------ C:\TALLYNL\DATA\
0003\Tr01288.500
2007-12-26 10:23 1152 --a------ C:\TALLYNL\DATA\
0003\Company.500
2007-12-26 10:23 0 --a------ C:\TALLYNL\DATA\
0003\Exclusv.TSM
2007-12-26 09:44 9856 --a------ C:\TALLYNL\DATA\3210\Tr01294.500
2007-12-26 09:44 62720 --a------ C:\TALLYNL\DATA\3210\Tr01291.500
2007-12-26 09:44 51072 --a------ C:\TALLYNL\DATA\3210\Manager.500
2007-12-26 09:44 46720 --a------ C:\TALLYNL\DATA\3210\Tr01284.500
2007-12-26 09:44 43392 --a------ C:\TALLYNL\DATA\3210\Tr01292.500
2007-12-26 09:44 42496 --a------ C:\TALLYNL\DATA\3210\Tr01286.500
2007-12-26 09:44 39680 --a------ C:\TALLYNL\DATA\3210\Tr01290.500
2007-12-26 09:44 39296 --a------ C:\TALLYNL\DATA\3210\Tr01289.500
2007-12-26 09:44 384 --a------ C:\TALLYNL\DATA\3210\TrnRefs.500
2007-12-26 09:44 36352 --a------ C:\TALLYNL\DATA\3210\Tr01293.500
2007-12-26 09:44 35200 --a------ C:\TALLYNL\DATA\3210\Tr01288.500
2007-12-26 09:44 34176 --a------ C:\TALLYNL\DATA\3210\Tr01285.500
2007-12-26 09:44 32640 --a------ C:\TALLYNL\DATA\3210\Tr01287.500
2007-12-26 09:44 1536 --a------ C:\TALLYNL\DATA\3210\Company.500
2007-12-26 09:44 1408 --a------ C:\TALLYNL\DATA\3210\Tr01295.500
2007-12-26 09:44 128 --a------ C:\TALLYNL\DATA\3210\TrnTNos.500
2007-12-26 09:44 128 --a------ C:\TALLYNL\DATA\3210\TrnOrds.500
2007-12-26 09:44 128 --a------ C:\TALLYNL\DATA\3210\TrnLots.500
2007-12-26 09:44 128 --a------ C:\TALLYNL\DATA\3210\MsgRead.TSM
2007-12-24 03:53 94592 --a------ C:\TALLYNL\DATA\
0010\Tr01294.500
2007-12-24 03:53 48512 --a------ C:\TALLYNL\DATA\
0010\Manager.500
2007-12-24 03:53 1920 --a------ C:\TALLYNL\DATA\
0010\Tr01295.500
2007-12-24 03:53 1664 --a------ C:\TALLYNL\DATA\
0010\Company.500
2007-12-24 03:53 1664 --a------ C:\TALLYNL\DATA\
0010\CmpSave.500
2007-12-24 03:53 128 --a------ C:\TALLYNL\DATA\
0010\TrnTNos.500
2007-12-24 03:53 128 --a------ C:\TALLYNL\DATA\
0010\TrnRefs.500
2007-12-24 03:53 128 --a------ C:\TALLYNL\DATA\
0010\TrnOrds.500
2007-12-24 03:53 128 --a------ C:\TALLYNL\DATA\
0010\TrnLots.500
2007-12-24 03:45 91776 --a------ C:\TALLYNL\DATA\
0010\Tr01289.500
2007-12-24 03:45 78720 --a------ C:\TALLYNL\DATA\
0010\Tr01288.500
2007-12-24 03:45 78336 --a------ C:\TALLYNL\DATA\
0010\Tr01287.500
2007-12-24 03:45 65152 --a------ C:\TALLYNL\DATA\
0010\Tr01293.500
2007-12-24 03:45 64512 --a------ C:\TALLYNL\DATA\
0010\Tr01284.500
2007-12-24 03:45 61696 --a------ C:\TALLYNL\DATA\
0010\Tr01290.500
2007-12-24 03:45 60672 --a------ C:\TALLYNL\DATA\
0010\Tr01285.500
2007-12-24 03:45 54912 --a------ C:\TALLYNL\DATA\
0010\Tr01286.500
2007-12-24 03:45 17920 --a------ C:\TALLYNL\DATA\
0010\Tr01291.500
2007-12-24 03:45 17792 --a------ C:\TALLYNL\DATA\
0010\Tr01292.500
2007-12-24 03:45 128 --a------ C:\TALLYNL\DATA\
0010\MsgRead.TSM
2007-12-21 03:25 768 --a------ C:\TALLYNL\DATA\
0001\Company.500
2007-12-21 03:25 768 --a------ C:\TALLYNL\DATA\
0001\CmpSave.500
2007-12-21 03:25 6656 --a------ C:\TALLYNL\DATA\
0001\Manager.500
2007-12-21 03:25 128 --a------ C:\TALLYNL\DATA\
0001\MsgRead.TSM
2007-12-21 03:25 0 --a------ C:\TALLYNL\DATA\
0001\Exclusv.TSM
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 10:26 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 10:29 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 11:41 771704]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-06-29 15:55 994096]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 15:54 269104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 20:00 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 19:59 138008]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-11 08:49 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\CAMTHINS.exe" [2006-07-20 05:25 73728]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49 4579328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
C:\Documents and Settings\B h a r a t\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-08-16 14:07:08]
R0 ENO;ENO;C:\WINDOWS\system32\drivers\ENO.sys [2003-10-22 12:57]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2006-07-02 22:39]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-29 15:54]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-06-29 15:56]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 12:11]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 12:11]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{218994ac-a727-11dc-b66b-0015c51718f5}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d594374-b264-11dc-b6a9-0015c51718f5}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{916adc1a-a714-11dc-b669-c852667f7a4e}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef87abfe-a974-11dc-b681-0015c51718f5}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com
*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 10:32:46 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-07 06:19:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-07 6:20:51
.
2007-12-15 11:06:04 --- E O F ---
--------------------------------------------------------------------------------------------------------------------
Here is the winpfind3u log:WinPFind3 logfile created on: 1/7/2008 6:25:17 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\B h a r a t\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
502.37 Mb Total Physical Memory | 95.52 Mb Available Physical Memory | 19.01% Memory free
1.20 Gb Paging File | 0.56 Gb Available in Paging File | 47.04% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.56 Gb Total Space | 26.35 Gb Free Space | 72.08% Space Free
Drive D: | 36.56 Gb Total Space | 7.10 Gb Free Space | 19.41% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: BHARAT
Current User Name: B h a r a t
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
ad-watch2007.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe -> Lavasoft AB [Ver = 7.0.2.5 | Size = 4579328 bytes | Modified Date = 11/7/2007 3:49:36 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 12:49:28 PM | Attr = ]
camthins.exe -> %ProgramFiles%\WebcamMax\CAMTHINS.exe -> [Ver = | Size = 73728 bytes | Modified Date = 7/20/2006 5:25:28 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 10:29:52 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
cyberoamclient.exe -> %ProgramFiles%\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe -> eLitecore Technologies Ltd. [Ver = 1.3.6.1 | Size = 245760 bytes | Modified Date = 1/6/2004 11:12:22 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 162584 bytes | Modified Date = 3/30/2007 8:00:16 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 138008 bytes | Modified Date = 3/30/2007 7:59:36 PM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 252696 bytes | Modified Date = 3/30/2007 7:59:26 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
limewire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 8/16/2007 2:07:10 PM | Attr = ]
nclrssrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclRSSrv.exe -> [Ver = 6, 85, 4, 4 | Size = 117248 bytes | Modified Date = 10/23/2007 10:03:00 AM | Attr = ]
nclusbsrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclUSBSrv.exe -> [Ver = 6, 85, 6, 7 | Size = 122880 bytes | Modified Date = 12/10/2007 1:59:40 PM | Attr = ]
pcsuite.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe -> [Ver = 6, 85, 11, 8 | Size = 695808 bytes | Modified Date = 12/10/2007 10:12:22 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 12/11/2007 8:49:46 AM | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 12/10/2007 1:59:04 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 5:20:44 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 12/11/2007 9:56:08 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 10:26:50 AM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/14/2007 11:41:06 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 12/10/2007 1:59:04 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 12/11/2007 9:56:08 AM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 12:49:28 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Ad-Watch -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe -> Lavasoft AB [Ver = 7.0.2.5 | Size = 4579328 bytes | Modified Date = 11/7/2007 3:49:36 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 10:29:52 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 162584 bytes | Modified Date = 3/30/2007 8:00:16 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/14/2007 11:41:10 AM | Attr = ]
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 138008 bytes | Modified Date = 3/30/2007 7:59:36 PM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 5:20:44 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 12/11/2007 8:49:46 AM | Attr = ]
WebcamMaxMoniter -> %ProgramFiles%\WebcamMax\CAMTHINS.exe -> [Ver = | Size = 73728 bytes | Modified Date = 7/20/2006 5:25:28 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
PC Suite Tray -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe -> [Ver = 6, 85, 11, 8 | Size = 695808 bytes | Modified Date = 12/10/2007 10:12:22 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\24Online Client.lnk -> %ProgramFiles%\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe -> eLitecore Technologies Ltd. [Ver = 1.3.6.1 | Size = 245760 bytes | Modified Date = 1/6/2004 11:12:22 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\B h a r a t\Start Menu\Programs\Startup ->
%UserStartup%\LimeWire On Startup.lnk -> %ProgramFiles%\LimeWire\LimeWire.exe -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 8/16/2007 2:07:10 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 204800 bytes | Modified Date = 3/30/2007 7:59:06 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL ->
http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL ->
http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page ->
http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page ->
http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page ->
http://yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download using LeechGet -> %ProgramFiles%\LeechGet 2007\AddUrl.htm -> File not found
Download using LeechGet Wizard -> %ProgramFiles%\LeechGet 2007\Wizard.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Parse with LeechGet -> %ProgramFiles%\LeechGet 2007\Parser.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{13194BDE-B386-465C-AE1B-FBC5506F749A} -> (1394 Net Adapter) ->
{569682C4-0837-4F79-A726-B922B94F3166} -> () ->
{9CDA4C1E-8A2F-4654-9288-8E02F7A045AE} -> 172.16.77.254 (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ewidoOnlineScan Control - CodeBase =
http://downloads.ewido.net/ewidoOnlineScan.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase =
http://cdn.scan.onecare.live.com/resour ... se4009.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://fpdownload2.macromedia.com/get/s ... wflash.cab ->
[Registry - Additional Scans - Non-Microsoft Only]
< ControlSets > -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Security Settings > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1065 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
[Files/Folders - Created Within 60 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = ]
autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Created Date = 12/15/2007 11:16:25 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Created Date = 12/9/2007 4:32:06 PM | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = ]
DC6810xp-001.raw -> %SystemDrive%\DC6810xp-001.raw -> [Ver = | Size = 230424 bytes | Created Date = 12/19/2007 3:17:40 AM | Attr = ]
dell -> %SystemDrive%\dell -> [Folder | Created Date = 12/10/2007 1:30:23 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 12/9/2007 4:32:51 PM | Attr = ]
INCINERATE -> %SystemDrive%\INCINERATE -> [Folder | Created Date = 12/12/2007 4:48:28 AM | Attr = HS]
Intel -> %SystemDrive%\Intel -> [Folder | Created Date = 12/10/2007 10:50:05 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 12/9/2007 4:34:35 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 1/7/2008 6:16:54 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 12/10/2007 7:25:34 AM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 12/28/1753 9:52:52 PM | Attr = HS]
TALLYNL -> %SystemDrive%\TALLYNL -> [Folder | Created Date = 12/21/2007 3:25:28 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 12/11/2007 12:10:14 PM | Attr = H ]
$NtUninstallKB884020$ -> %SystemRoot%\$NtUninstallKB884020$ -> [Folder | Created Date = 12/13/2007 12:05:16 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Created Date = 12/14/2007 3:01:39 AM | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 12/12/2007 3:00:55 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 12/11/2007 12:10:15 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 12/12/2007 3:01:09 AM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 12/12/2007 3:01:02 AM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 12/14/2007 2:14:56 PM | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Created Date = 12/13/2007 3:01:42 AM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 12/13/2007 3:01:34 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 12/14/2007 3:02:18 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 12/13/2007 3:01:19 AM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 12/13/2007 3:01:12 AM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 12/14/2007 3:02:50 AM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 12/13/2007 3:01:27 AM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 12/14/2007 2:15:46 PM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 12/12/2007 3:00:44 AM | Attr = H ]
$NtUninstallWudf01005$ -> %SystemRoot%\$NtUninstallWudf01005$ -> [Folder | Created Date = 12/22/2007 1:48:37 AM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 12/10/2007 12:52:11 AM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 89 bytes | Created Date = 12/11/2007 8:51:44 AM | Attr = ]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Config -> %SystemRoot%\Config -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 12/10/2007 12:43:06 AM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 12/14/2007 10:14:02 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 12/24/2007 1:13:56 PM | Attr = ]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = R S]
ftpcache -> %SystemRoot%\ftpcache -> [Folder | Created Date = 12/16/2007 4:58:53 AM | Attr = HS]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 12/13/2007 3:00:58 AM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Created Date = 12/9/2007 4:34:44 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 12/9/2007 4:34:41 PM | Attr = HS]
java -> %SystemRoot%\java -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
meta4.exe -> %SystemRoot%\meta4.exe -> [Ver = | Size = 217073 bytes | Created Date = 1/5/2008 2:12:13 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 1/4/2008 11:48:08 PM | Attr = ]
MOTA113.exe -> %SystemRoot%\MOTA113.exe -> [Ver = | Size = 66560 bytes | Created Date = 1/5/2008 2:12:13 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Created Date = 12/16/2007 1:48:29 AM | Attr = ]
Network Diagnostic -> %SystemRoot%\Network Diagnostic -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/7/2008 6:16:40 AM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 5:44:23 AM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Created Date = 12/10/2007 2:15:15 AM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4303 bytes | Created Date = 12/9/2007 4:34:40 PM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 12/10/2007 12:43:06 AM | Attr = ]
pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 12/10/2007 2:34:34 AM | Attr = H ]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 12/10/2007 12:53:21 AM | Attr = ]
Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 12/10/2007 12:43:25 AM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 12/10/2007 12:53:06 AM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 12/10/2007 12:41:17 AM | Attr = ]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 12/10/2007 12:41:17 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
SET3.tmp -> %SystemRoot%\SET3.tmp -> [Ver = | Size = 1042903 bytes | Created Date = 12/9/2007 4:33:38 PM | Attr = R ]
SET4.tmp -> %SystemRoot%\SET4.tmp -> [Ver = | Size = 1086058 bytes | Created Date = 12/9/2007 4:33:39 PM | Attr = R ]
SET8.tmp -> %SystemRoot%\SET8.tmp -> [Ver = | Size = 13753 bytes | Created Date = 12/9/2007 4:33:43 PM | Attr = R ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1031087 bytes | Created Date = 12/9/2007 4:33:26 PM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Created Date = 12/10/2007 2:13:40 AM | Attr = ]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
speed.reg -> %SystemRoot%\speed.reg -> [Ver = | Size = 666 bytes | Created Date = 12/10/2007 1:30:37 AM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 12/10/2007 12:45:11 AM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Created Date = 12/10/2007 1:34:40 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 12/19/2007 2:12:46 PM | Attr = ]
super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 9292 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = H ]
system -> %SystemRoot%\system -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
system32 -> %System32% -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 12/10/2007 12:45:17 AM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 1/7/2008 6:20:54 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
UnGins.exe -> %SystemRoot%\UnGins.exe -> [Ver = | Size = 128000 bytes | Created Date = 12/10/2007 3:44:18 AM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 12/10/2007 12:43:32 AM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 12/10/2007 12:43:32 AM | Attr = ]
wbem -> %SystemRoot%\wbem -> [Folder | Created Date = 12/10/2007 12:43:05 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = R ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 12/10/2007 12:45:30 AM | Attr = HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 12/10/2007 12:45:30 AM | Attr = HS]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 12/10/2007 12:48:02 AM | Attr = ]
x2.64.exe -> %SystemRoot%\x2.64.exe -> [Ver = | Size = 502784 bytes | Created Date = 1/5/2008 2:12:13 AM | Attr = ]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 12/10/2007 12:41:17 AM | Attr = ]
desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 12/10/2007 12:45:17 AM | Attr = RH ]
Norton AntiVirus - Run Full System Scan - B h a r a t.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job -> [Ver = | Size = 568 bytes | Created Date = 12/10/2007 2:32:45 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 12/10/2007 12:53:21 AM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 12/9/2007 4:32:02 PM | Attr = ]
1025 -> %System32%\1025 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1028 -> %System32%\1028 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1031 -> %System32%\1031 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1037 -> %System32%\1037 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1041 -> %System32%\1041 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1042 -> %System32%\1042 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1054 -> %System32%\1054 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
2052 -> %System32%\2052 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
3076 -> %System32%\3076 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
3com_dmi -> %System32%\3com_dmi -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ac3DX.ax -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 12/10/2007 12:48:03 AM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 12/10/2007 6:00:44 AM | Attr = ]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 12/9/2007 4:34:13 PM | Attr = ]
AVCDX.ax -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
avisynth.dll -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 7, 0 | Size = 306688 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
AVSredirect.dll -> %System32%\AVSredirect.dll -> [Ver = | Size = 27648 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Created Date = 12/11/2007 4:47:43 AM | Attr = ]
Bliss.avi -> %System32%\Bliss.avi -> [Ver = | Size = 1472512 bytes | Created Date = 12/10/2007 12:42:16 AM | Attr = ]
Bliss.scr -> %System32%\Bliss.scr -> Microsoft [Ver = 1.0.0.0 | Size = 291840 bytes | Created Date = 12/10/2007 12:42:17 AM | Attr = ]
bopomofo.uce -> %System32%\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Created Date = 12/9/2007 4:33:32 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Created Date = 12/9/2007 4:33:32 PM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Created Date = 12/10/2007 2:34:11 AM | Attr = ]
Com -> %System32%\Com -> [Folder | Created Date = 12/10/2007 12:40:59 AM | Attr = ]
config -> %System32%\config -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = ]
CONFIG.TMP -> %System32%\CONFIG.TMP -> [Ver = | Size = 2577 bytes | Created Date = 12/9/2007 4:34:14 PM | Attr = ]
CoreAAC.ax -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
c_10006.nls -> %System32%\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_10007.nls -> %System32%\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:27 PM | Attr = ]
c_10010.nls -> %System32%\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_10017.nls -> %System32%\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:27 PM | Attr = ]
c_10029.nls -> %System32%\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_10081.nls -> %System32%\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:29 PM | Attr = ]
c_10082.nls -> %System32%\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_28603.nls -> %System32%\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:30 PM | Attr = ]
c_737.nls -> %System32%\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_852.nls -> %System32%\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_855.nls -> %System32%\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:24 PM | Attr = ]
c_857.nls -> %System32%\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:29 PM | Attr = ]
c_866.nls -> %System32%\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:24 PM | Attr = ]
c_869.nls -> %System32%\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_875.nls -> %System32%\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 12/10/2007 10:30:58 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 12/10/2007 12:56:50 AM | Attr = ]
DDMI64.sys -> %System32%\DDMI64.sys -> Gteko Ltd. [Ver = 1, 0, 0, 9 | Size = 4608 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
devil.dll -> %System32%\devil.dll -> Abysmal Software [Ver = 1.6.6 | Size = 719872 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
dhcp -> %System32%\dhcp -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
DiracSplitter.ax -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
DirectX -> %System32%\DirectX -> [Folder | Created Date = 12/10/2007 12:45:57 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = RHS]
DLPT64.sys -> %System32%\DLPT64.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 7168 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 12/10/2007 12:48:41 AM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 12/10/2007 12:43:47 AM | Attr = ]
en -> %System32%\en -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
en-us -> %System32%\en-us -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
export -> %System32%\export -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
flvDX.dll -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 120544 bytes | Created Date = 12/9/2007 4:32:50 PM | Attr = ]
gb2312.uce -> %System32%\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
GPCIEn64.sys -> %System32%\GPCIEn64.sys -> Gteko Ltd. [Ver = 2, 0, 0, 9 | Size = 5632 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
GTDownDE_130.ocx -> %System32%\GTDownDE_130.ocx -> Gteko Ltd. [Ver = 1, 0, 0, 130 | Size = 217185 bytes | Created Date = 12/10/2007 4:43:36 AM | Attr = ]
GTKCMO64.sys -> %System32%\GTKCMO64.sys -> Gteko Ltd. [Ver = 1, 0, 0, 7 | Size = 5120 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
hccutils.dll -> %System32%\hccutils.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 102400 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 162584 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 12/10/2007 12:41:19 AM | Attr = ]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 12/10/2007 12:41:05 AM | Attr = ]
i420vfw.dll -> %System32%\i420vfw.dll ->
http://www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
ias -> %System32%\ias -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
icrav03.rat -> %System32%\icrav03.rat -> [Ver = | Size = 8798 bytes | Created Date = 12/10/2007 12:43:08 AM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ideograf.uce -> %System32%\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
IE7Eula.rtf -> %System32%\IE7Eula.rtf -> [Ver = | Size = 74715 bytes | Created Date = 12/10/2007 12:43:08 AM | Attr = ]
igfxcfg.exe -> %System32%\igfxcfg.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 535320 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxCoIn_v4814.dll -> %System32%\igfxCoIn_v4814.dll -> [Ver = | Size = 204800 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxcpl.cpl -> %System32%\igfxcpl.cpl -> Intel Corporation [Ver = 6.14.10.4814 | Size = 122880 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxdev.dll -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 204800 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxdo.dll -> %System32%\igfxdo.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 135168 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxexps.dll -> %System32%\igfxexps.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 24576 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxext.exe -> %System32%\igfxext.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 166680 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 138008 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxpph.dll -> %System32%\igfxpph.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 200704 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxrchs.lrc -> %System32%\igfxrchs.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 110592 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrcht.lrc -> %System32%\igfxrcht.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 110592 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrdeu.lrc -> %System32%\igfxrdeu.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 192512 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrenu.lrc -> %System32%\igfxrenu.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 172032 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxres.dll -> %System32%\igfxres.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 172032 bytes | Created Date = 12/10/2007 10:51:06 PM | Attr = ]
igfxresp.lrc -> %System32%\igfxresp.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 188416 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxress.dll -> %System32%\igfxress.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 3293184 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxrfra.lrc -> %System32%\igfxrfra.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 184320 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrita.lrc -> %System32%\igfxrita.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 188416 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrjpn.lrc -> %System32%\igfxrjpn.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 131072 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrkor.lrc -> %System32%\igfxrkor.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 126976 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxrptb.lrc -> %System32%\igfxrptb.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 180224 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxsrvc.dll -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 47616 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 252696 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 138008 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxzoom.exe -> %System32%\igfxzoom.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 170776 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igldev32.dll -> %System32%\igldev32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 450560 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
iglicd32.dll -> %System32%\iglicd32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 2334720 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igxpdv32.dll -> %System32%\igxpdv32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 1612992 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igxpdx32.dll -> %System32%\igxpdx32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 2556928 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igxpgd32.dll -> %System32%\igxpgd32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 149504 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igxprd32.dll -> %System32%\igxprd32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 57344 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igxpun.exe -> %System32%\igxpun.exe -> Intel(R) Corporation [Ver = 1, 0, 38, 0 | Size = 400152 bytes | Created Date = 12/10/2007 10:50:20 PM | Attr = ]
igxpxk32.vp -> %System32%\igxpxk32.vp -> [Ver = | Size = 2096 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igxpxs32.vp -> %System32%\igxpxs32.vp -> [Ver = | Size = 25472 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
ImagX7.dll -> %System32%\ImagX7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 1568768 bytes | Created Date = 12/16/2007 12:28:24 AM | Attr = ]
ImagXpr7.dll -> %System32%\ImagXpr7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 476320 bytes | Created Date = 12/16/2007 12:28:24 AM | Attr = ]
ImagXR7.dll -> %System32%\ImagXR7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 262144 bytes | Created Date = 12/16/2007 12:28:25 AM | Attr = ]
ImagXRA7.dll -> %System32%\ImagXRA7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 471040 bytes | Created Date = 12/16/2007 12:28:25 AM | Attr = ]
IME -> %System32%\IME -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ioloBootDefrag.cfg -> %System32%\ioloBootDefrag.cfg -> [Ver = | Size = 406 bytes | Created Date = 12/12/2007 4:44:47 AM | Attr = ]
IScrNB.bmp -> %System32%\IScrNB.bmp -> [Ver = | Size = 121232 bytes | Created Date = 12/10/2007 10:50:20 PM | Attr = ]
IScrNBR.bmp -> %System32%\IScrNBR.bmp -> [Ver = | Size = 121232 bytes | Created Date = 12/10/2007 10:50:20 PM | Attr = ]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 12/10/2007 12:44:49 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/13/2007 10:15:32 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 12/13/2007 10:15:32 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/13/2007 10:15:32 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 12/13/2007 10:15:32 AM | Attr = ]
kanji_1.uce -> %System32%\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
kanji_2.uce -> %System32%\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 1/4/2008 3:13:53 AM | Attr = ]
korean.uce -> %System32%\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
Lang -> %System32%\Lang -> [Folder | Created Date = 12/10/2007 10:50:20 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 12/22/2007 1:48:52 AM | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 12/10/2007 12:46:34 AM | Attr = RH ]
Macromed -> %System32%\Macromed -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
MatroskaDX.ax -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
Microsoft -> %System32%\Microsoft -> [Folder | Created Date = 12/10/2007 12:53:20 AM | Attr = S]
MsDtc -> %System32%\MsDtc -> [Folder | Created Date = 12/10/2007 12:41:01 AM | Attr = ]
msdtcprf.h -> %System32%\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 12/10/2007 12:41:13 AM | Attr = ]
msdtcprf.ini -> %System32%\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 12/10/2007 12:41:13 AM | Attr = ]
msfDX.dll -> %System32%\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
mui -> %System32%\mui -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
NeroCheck.exe -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 12/16/2007 12:28:24 AM | Attr = ]
nmwcdcls.dll -> %System32%\nmwcdcls.dll -> Nokia [Ver = 6.83.6.0 | Size = 90624 bytes | Created Date = 12/22/2007 1:45:04 AM | Attr = ]
nmwcdcocls.dll -> %System32%\nmwcdcocls.dll -> Nokia [Ver = 6.83.6.0 | Size = 65536 bytes | Created Date = 12/22/2007 1:45:07 AM | Attr = ]
npp -> %System32%\npp -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 12/10/2007 12:48:03 AM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
oobe -> %System32%\oobe -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Created Date = 12/9/2007 4:34:41 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 12/11/2007 8:49:47 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 12/11/2007 8:49:48 AM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 12/11/2007 8:49:48 AM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
qdiagdwc.ocx -> %System32%\qdiagdwc.ocx -> Gteko Ltd. [Ver = 1, 0, 1, 483 | Size = 1650688 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
ras -> %System32%\ras -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
RealMediaDX.ax -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
Restore -> %System32%\Restore -> [Folder | Created Date = 12/10/2007 12:44:50 AM | Attr = ]
rixdicon.dll -> %System32%\rixdicon.dll -> [Ver = | Size = 16480 bytes | Created Date = 12/10/2007 1:37:49 AM | Attr = ]
RLAPEDec.ax -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLMPCDec.ax -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLOgg.ax -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLSpeexDec.ax -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLTheoraDec.ax -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLVorbisDec.ax -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2049 | Size = 176167 bytes | Created Date = 12/11/2007 8:49:53 AM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Created Date = 12/10/2007 2:26:34 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
shiftjis.uce -> %System32%\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
Smab.dll -> %System32%\Smab.dll -> [Ver = | Size = 471552 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
snymsico.dll -> %System32%\snymsico.dll -> Sony Corporation [Ver = 1, 0, 0, 09120 | Size = 90112 bytes | Created Date = 12/10/2007 1:37:48 AM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 12/10/2007 4:36:22 AM | Attr = ]
spool -> %System32%\spool -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
stacapi.dll -> %System32%\stacapi.dll -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 172032 bytes | Created Date = 12/10/2007 1:34:31 AM | Attr = ]
staco.dll -> %System32%\staco.dll -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 built by: WinDDK | Size = 112128 bytes | Created Date = 12/10/2007 1:34:32 AM | Attr = ]
subrange.uce -> %System32%\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 12/14/2007 10:12:16 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 12/14/2007 10:12:16 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 12/14/2007 10:12:16 PM | Attr = ]
ticrf.rat -> %System32%\ticrf.rat -> [Ver = | Size = 1988 bytes | Created Date = 12/10/2007 12:43:06 AM | Attr = ]
tslabels.h -> %System32%\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 12/10/2007 12:41:14 AM | Attr = ]
tslabels.ini -> %System32%\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 12/10/2007 12:41:14 AM | Attr = ]
TwnLib20.dll -> %System32%\TwnLib20.dll -> Pegasus Software [Ver = 2.02.010 | Size = 106496 bytes | Created Date = 12/16/2007 12:28:26 AM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
usrlogon.cmd -> %System32%\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 12/10/2007 12:41:14 AM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 12/14/2007 10:12:16 PM | Attr = ]
Vista.Emulation.dll -> %System32%\Vista.Emulation.dll -> Rafael & ZoRoNaX [Ver = 1, 1, 0, 1 | Size = 61440 bytes | Created Date = 12/10/2007 12:42:24 AM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 12/10/2007 12:46:34 AM | Attr = RH ]
wins -> %System32%\wins -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
WinsockxpFix.exe -> %System32%\WinsockxpFix.exe -> Option^Explicit Software Solutions [Ver = 1.00 | Size = 1445888 bytes | Created Date = 12/10/2007 12:42:14 AM | Attr = ]
wmimgmt.msc -> %System32%\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 12/10/2007 12:41:06 AM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
x.264.exe -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
xircom -> %System32%\xircom -> [Folder | Created Date = 12/10/2007 12:48:54 AM | Attr = ]
yv12vfw.dll -> %System32%\yv12vfw.dll ->
http://www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
b57xp32.sys -> %System32%\dllcache\b57xp32.sys -> Broadcom Corporation [Ver = 2.16b.0.0 built by: WinDDK | Size = 96640 bytes | Created Date = 12/10/2007 1:55:41 AM | Attr = ]
bcm42xx5.sys -> %System32%\dllcache\bcm42xx5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 54271 bytes | Created Date = 12/10/2007 1:57:17 AM | Attr = ]
bcm4e5.sys -> %System32%\dllcache\bcm4e5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 26568 bytes | Created Date = 12/10/2007 2:00:23 AM | Attr = ]
big5.nls -> %System32%\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 12/10/2007 12:49:29 AM | Attr = ]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 12/10/2007 12:49:30 AM | Attr = ]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 12/10/2007 12:49:34 AM | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 12/10/2007 12:49:37 AM | Attr = ]
c_10006.nls -> %System32%\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_10007.nls -> %System32%\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:27 PM | Attr = ]
c_10010.nls -> %System32%\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_10017.nls -> %System32%\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:27 PM | Attr = ]
c_10029.nls -> %System32%\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_10081.nls -> %System32%\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:29 PM | Attr = ]
c_10082.nls -> %System32%\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_28603.nls -> %System32%\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:30 PM | Attr = ]
c_720.nls -> %System32%\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 12:49:33 AM | Attr = ]
c_737.nls -> %System32%\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_852.nls -> %System32%\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_855.nls -> %System32%\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:24 PM | Attr = ]
c_857.nls -> %System32%\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:29 PM | Attr = ]
c_866.nls -> %System32%\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:24 PM | Attr = ]
c_869.nls -> %System32%\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_875.nls -> %System32%\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 12/10/2007 12:49:48 AM | Attr = ]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 12/10/2007 12:49:48 AM | Attr = ]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 12/10/2007 12:49:48 AM | Attr = ]
FP4.CAT -> %System32%\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 12/10/2007 12:49:51 AM | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 12/10/2007 12:49:56 AM | Attr = ]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 12/10/2007 12:41:19 AM | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 12/10/2007 12:50:04 AM | Attr = ]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 12/10/2007 12:50:23 AM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 12/10/2007 12:50:26 AM | Attr = ]
IMS.CAT -> %System32%\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 12/10/2007 12:50:27 AM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 12/10/2007 12:44:49 AM | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 12/10/2007 12:50:37 AM | Attr = ]
ksc.nls -> %System32%\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 12/10/2007 12:50:38 AM | Attr = ]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 12/9/2007 4:34:36 PM | Attr = ]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
mediactr.cat -> %System32%\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 12/10/2007 12:45:08 AM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 12/10/2007 12:44:52 AM | Attr = ]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
nls302en.lex -> %System32%\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 12/10/2007 12:46:04 AM | Attr = ]
NT5.CAT -> %System32%\dllcache\NT5.CAT -> [Ver = | Size = 2012670 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT -> [Ver = | Size = 502724 bytes | Created Date = 12/9/2007 4:33:44 PM | Attr = ]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 12/10/2007 12:51:07 AM | Attr = ]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 12/10/2007 12:51:07 AM | Attr = ]
prc.nls -> %System32%\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 12/10/2007 12:51:09 AM | Attr = ]
prcp.nls -> %System32%\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 12/10/2007 12:51:09 AM | Attr = ]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 12/9/2007 4:34:37 PM | Attr = ]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 12/10/2007 12:51:15 AM | Attr = ]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 12/10/2007 12:51:15 AM | Attr = ]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 12/10/2007 12:51:15 AM | Attr = ]
sam.sdf -> %System32%\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 12/9/2007 4:34:37 PM | Attr = ]
sam.spd -> %System32%\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 12/9/2007 4:34:37 PM | Attr = ]
SP2.CAT -> %System32%\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
srframe.mmf -> %System32%\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 12/10/2007 12:45:22 AM | Attr = ]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
xjis.nls -> %System32%\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 12/10/2007 12:51:57 AM | Attr = ]
1028_DELL__.MRK -> %System32%\drivers\1028_DELL__.MRK -> [Ver = | Size = 5 bytes | Created Date = 12/10/2007 1:31:10 AM | Attr = ]
b57xp32.sys -> %System32%\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 2.16b.0.0 built by: WinDDK | Size = 96640 bytes | Created Date = 12/10/2007 1:55:41 AM | Attr = ]
bcm42xx5.sys -> %System32%\drivers\bcm42xx5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 54271 bytes | Created Date = 12/10/2007 1:57:17 AM | Attr = ]
BCM4E5.SYS -> %System32%\drivers\BCM4E5.SYS -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 26568 bytes | Created Date = 12/10/2007 2:00:23 AM | Attr = ]
bcm4sbxp.sys -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.60.0.0 built by: WinDDK | Size = 45568 bytes | Created Date = 1/4/2008 11:37:23 PM | Attr = R ]
COH_Mon.cat -> %System32%\drivers\COH_Mon.cat -> [Ver = | Size = 10592 bytes | Created Date = 12/11/2007 9:56:08 AM | Attr = ]
COH_Mon.inf -> %System32%\drivers\COH_Mon.inf -> [Ver = | Size = 705 bytes | Created Date = 12/11/2007 9:56:08 AM | Attr = ]
COH_Mon.sys -> %System32%\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,2,3 | Size = 22112 bytes | Created Date = 12/11/2007 9:56:07 AM | Attr = ]
DELL__.MRK -> %System32%\drivers\DELL__.MRK -> [Ver = | Size = 5 bytes | Created Date = 12/10/2007 1:31:10 AM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
igxpmp32.sys -> %System32%\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4814 | Size = 5704672 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
imagedrv.sys -> %System32%\drivers\imagedrv.sys -> Ahead Software AG [Ver = 2.27.0.0 built by: WinDDK | Size = 5504 bytes | Created Date = 12/16/2007 12:28:56 AM | Attr = ]
imagesrv.sys -> %System32%\drivers\imagesrv.sys -> Ahead Software AG [Ver = 2.27.0.0 built by: WinDDK | Size = 125184 bytes | Created Date = 12/16/2007 12:28:56 AM | Attr = ]
nmwcd.sys -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Created Date = 12/22/2007 1:45:07 AM | Attr = ]
nmwcdc.sys -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Created Date = 12/22/2007 1:45:13 AM | Attr = ]
nmwcdcj.sys -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Created Date = 12/22/2007 1:45:15 AM | Attr = ]
nmwcdcm.sys -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Created Date = 12/22/2007 1:45:14 AM | Attr = ]
rimmptsk.sys -> %System32%\drivers\rimmptsk.sys -> REDC [Ver = 6.0.1.4 | Size = 32256 bytes | Created Date = 12/10/2007 1:37:49 AM | Attr = ]
rimsptsk.sys -> %System32%\drivers\rimsptsk.sys -> REDC [Ver = 6.00.01.04 | Size = 43520 bytes | Created Date = 12/10/2007 1:37:48 AM | Attr = ]
rixdptsk.sys -> %System32%\drivers\rixdptsk.sys -> REDC [Ver = 6.00.01.05 | Size = 37376 bytes | Created Date = 12/10/2007 1:37:49 AM | Attr = ]
srtsp.cat -> %System32%\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.inf -> %System32%\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.sys -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspl.cat -> %System32%\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.inf -> %System32%\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.sys -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspx.cat -> %System32%\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.inf -> %System32%\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.sys -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
sthda.sys -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4823.0 nd322 cp1 | Size = 1047816 bytes | Created Date = 12/10/2007 1:34:31 AM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Created Date = 12/10/2007 2:26:34 AM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 12/10/2007 2:26:34 AM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Created Date = 12/10/2007 2:26:34 AM | Attr = ]
symlcbrd.sys -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Created Date = 1/6/2008 1:09:38 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 736 bytes | Created Date = 12/10/2007 4:56:46 AM | Attr = ]
MsftWdf_user_01_05_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 12/22/2007 1:48:57 AM | Attr = H ]
Msft_User_PCCSWpdDriver_01_05_00.Wdf -> %System32%\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 12/22/2007 1:49:03 AM | Attr = H ]
[Files/Folders - Modified Within 60 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = ]
autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Modified Date = 12/15/2007 11:16:26 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/10/2007 12:39:40 AM | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = ]
DC6810xp-001.raw -> %SystemDrive%\DC6810xp-001.raw -> [Ver = | Size = 230424 bytes | Modified Date = 12/29/2007 3:54:58 AM | Attr = ]
dell -> %SystemDrive%\dell -> [Folder | Modified Date = 12/10/2007 1:30:24 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 12/10/2007 12:54:18 AM | Attr = ]
INCINERATE -> %SystemDrive%\INCINERATE -> [Folder | Modified Date = 12/12/2007 4:48:30 AM | Attr = HS]
Intel -> %SystemDrive%\Intel -> [Folder | Modified Date = 12/10/2007 10:50:06 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/5/2008 11:32:10 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 1/7/2008 6:20:54 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 12/10/2007 7:25:36 AM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 12/10/2007 12:53:26 AM | Attr = HS]
TALLYNL -> %SystemDrive%\TALLYNL -> [Folder | Modified Date = 12/21/2007 3:26:08 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/7/2008 6:20:56 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/14/2007 2:15:44 PM | Attr = H ]
$NtUninstallKB884020$ -> %SystemRoot%\$NtUninstallKB884020$ -> [Folder | Modified Date = 12/13/2007 12:05:18 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Modified Date = 12/14/2007 3:01:40 AM | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 12/12/2007 3:00:58 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 12/11/2007 12:10:16 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 12/12/2007 3:01:12 AM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 12/12/2007 3:01:04 AM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 12/14/2007 2:14:58 PM | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Modified Date = 12/13/2007 3:01:44 AM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 12/13/2007 3:01:36 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 12/14/2007 3:02:22 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 12/13/2007 3:01:22 AM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 12/13/2007 3:01:14 AM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 12/14/2007 3:02:52 AM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 12/13/2007 3:01:30 AM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 12/14/2007 2:15:48 PM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 12/12/2007 3:00:46 AM | Attr = H ]
$NtUninstallWudf01005$ -> %SystemRoot%\$NtUninstallWudf01005$ -> [Folder | Modified Date = 12/22/2007 1:48:40 AM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 12/9/2007 4:31:32 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/6/2008 8:09:14 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 89 bytes | Modified Date = 1/7/2008 1:37:24 AM | Attr = ]
Config -> %SystemRoot%\Config -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 12/10/2007 12:42:12 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 12/15/2007 3:04:38 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/4/2008 3:13:56 AM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 12/9/2007 4:29:14 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 12/14/2007 10:14:04 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 12/24/2007 1:14:12 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/10/2007 2:13:50 AM | Attr = R S]
ftpcache -> %SystemRoot%\ftpcache -> [Folder | Modified Date = 12/16/2007 4:58:54 AM | Attr = HS]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/10/2007 4:36:30 AM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 12/13/2007 3:01:00 AM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 12/10/2007 12:48:56 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/14/2007 2:15:52 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/4/2008 11:37:18 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/5/2008 11:32:46 PM | Attr = HS]
java -> %SystemRoot%\java -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 12/9/2007 4:31:36 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 12/10/2007 12:43:08 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/4/2008 11:48:10 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 12/9/2007 4:29:48 PM | Attr = ]
msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Modified Date = 12/9/2007 4:29:54 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/7/2008 4:50:12 AM | Attr = ]
Network Diagnostic -> %SystemRoot%\Network Diagnostic -> [Folder | Modified Date = 12/13/2007 3:38:14 AM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 5:44:24 AM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 12/30/2007 10:30:10 AM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4303 bytes | Modified Date = 12/30/2007 10:10:36 AM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 12/12/2007 7:06:34 AM | Attr = ]
pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 12/10/2007 11:23:48 AM | Attr = ]
PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 12/9/2007 4:30:36 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 12/10/2007 2:34:36 AM | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/7/2008 6:24:08 AM | Attr = ]
Provisioning -> %SystemRoot%\Provisioning -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/10/2007 12:47:38 AM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 12/10/2007 12:53:08 AM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Modified Date = 12/10/2007 12:48:54 AM | Attr = ]
Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 1/3/2008 1:05:58 PM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1031087 bytes | Modified Date = 12/11/2007 7:12:14 AM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 12/10/2007 2:14:26 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 12/13/2007 12:23:26 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 12/10/2007 12:46:06 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 12/19/2007 2:12:48 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/10/2007 2:12:04 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/7/2008 6:19:52 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/6/2008 8:13:40 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 12/10/2007 2:32:46 AM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/7/2008 6:20:56 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 12/10/2007 5:53:12 AM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 12/10/2007 12:43:34 AM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 12/10/2007 12:43:34 AM | Attr = ]
wbem -> %SystemRoot%\wbem -> [Folder | Modified Date = 12/10/2007 12:43:06 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 12/10/2007 12:46:40 AM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 603 bytes | Modified Date = 12/10/2007 2:14:58 AM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/14/2007 3:01:22 AM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 12/10/2007 12:48:04 AM | Attr = ]
Norton AntiVirus - Run Full System Scan - B h a r a t.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job -> [Ver = | Size = 568 bytes | Modified Date = 12/10/2007 2:32:48 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/6/2008 8:09:22 PM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 12/10/2007 12:52:12 AM | Attr = ]
1025 -> %System32%\1025 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1028 -> %System32%\1028 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1031 -> %System32%\1031 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Modified Date = 12/9/2007 4:31:10 PM | Attr = ]
1037 -> %System32%\1037 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1041 -> %System32%\1041 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1042 -> %System32%\1042 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1054 -> %System32%\1054 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
2052 -> %System32%\2052 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
3076 -> %System32%\3076 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
3com_dmi -> %System32%\3com_dmi -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 12/10/2007 12:48:04 AM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 12/10/2007 6:00:46 AM | Attr = ]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Modified Date = 12/11/2007 4:51:28 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/4/2008 4:11:22 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/6/2008 8:18:40 PM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Modified Date = 12/11/2007 9:36:46 AM | Attr = ]
Com -> %System32%\Com -> [Folder | Modified Date = 12/10/2007 12:43:50 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/12/2007 7:22:08 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 12/10/2007 10:31:00 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 12/10/2007 10:19:46 PM | Attr = ]
dhcp -> %System32%\dhcp -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 12/10/2007 6:14:44 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/19/2007 4:09:00 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/7/2008 6:17:54 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/4/2008 11:37:18 PM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Modified Date = 12/10/2007 12:43:48 AM | Attr = ]
en -> %System32%\en -> [Folder | Modified Date = 12/9/2007 4:31:16 PM | Attr = ]
en-us -> %System32%\en-us -> [Folder | Modified Date = 12/10/2007 12:43:10 AM | Attr = ]
export -> %System32%\export -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 120544 bytes | Modified Date = 12/10/2007 2:22:58 AM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 12/10/2007 12:47:24 AM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Modified Date = 12/9/2007 4:28:10 PM | Attr = ]
IME -> %System32%\IME -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
ioloBootDefrag.cfg -> %System32%\ioloBootDefrag.cfg -> [Ver = | Size = 406 bytes | Modified Date = 12/12/2007 4:44:48 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 1/4/2008 3:13:54 AM | Attr = ]
Lang -> %System32%\Lang -> [Folder | Modified Date = 12/10/2007 10:50:22 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 12/22/2007 1:48:54 AM | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 12/10/2007 12:46:36 AM | Attr = RH ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 12/10/2007 12:53:22 AM | Attr = S]
MsDtc -> %System32%\MsDtc -> [Folder | Modified Date = 12/10/2007 12:43:26 AM | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
npp -> %System32%\npp -> [Folder | Modified Date = 12/9/2007 4:29:58 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 12/10/2007 12:48:04 AM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
oobe -> %System32%\oobe -> [Folder | Modified Date = 12/10/2007 12:45:46 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 40394 bytes | Modified Date = 1/6/2008 8:13:40 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 312172 bytes | Modified Date = 1/6/2008 8:13:40 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 1/6/2008 8:13:40 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 12/11/2007 8:49:48 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 12/11/2007 8:49:50 AM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 12/11/2007 8:49:50 AM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
ras -> %System32%\ras -> [Folder | Modified Date = 12/9/2007 4:28:16 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/4/2008 11:25:42 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2049 | Size = 176167 bytes | Modified Date = 12/11/2007 8:49:54 AM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 12/11/2007 9:27:58 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 12/9/2007 4:31:18 PM | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 12/9/2007 4:31:32 PM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Modified Date = 12/10/2007 4:36:24 AM | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 12/10/2007 12:40:04 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 12/4/2007 1:00:44 AM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 12/9/2007 4:31:34 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 12/13/2007 11:31:20 PM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 12/10/2007 12:46:36 AM | Attr = RH ]
wins -> %System32%\wins -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/6/2008 8:10:06 PM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
xircom -> %System32%\xircom -> [Folder | Modified Date = 12/10/2007 12:48:56 AM | Attr = ]
1028_DELL__.MRK -> %System32%\drivers\1028_DELL__.MRK -> [Ver = | Size = 5 bytes | Modified Date = 12/10/2007 1:31:12 AM | Attr = ]
DELL__.MRK -> %System32%\drivers\DELL__.MRK -> [Ver = | Size = 5 bytes | Modified Date = 12/10/2007 1:31:12 AM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/2/2008 2:39:26 AM | Attr = ]
secdrv.sys -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:54 AM | Attr = ]
srtsp.cat -> %System32%\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.inf -> %System32%\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.sys -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspl.cat -> %System32%\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.inf -> %System32%\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.sys -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspx.cat -> %System32%\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.inf -> %System32%\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.sys -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 12/11/2007 9:27:58 AM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 12/11/2007 9:27:58 AM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 12/11/2007 9:27:58 AM | Attr = ]
symlcbrd.sys -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 1/6/2008 1:09:38 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 12/22/2007 8:12:42 AM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 686 bytes | Modified Date = 12/24/2007 1:15:38 PM | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 736 bytes | Modified Date = 1/4/2008 10:53:40 PM | Attr = ]
MsftWdf_user_01_05_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 12/22/2007 1:48:58 AM | Attr = H ]
Msft_User_PCCSWpdDriver_01_05_00.Wdf -> %System32%\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 12/22/2007 1:49:04 AM | Attr = H ]
[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\upx.exe -> The UPX Team
http://upx.sf.net [Ver = 3.00 (2007-04-27) | Size = 261120 bytes | Modified Date = 8/8/2007 4:56:52 AM | Attr = ]
UPX! , UPX0 , -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Modified Date = 9/12/2006 2:46:24 AM | Attr = RHS]
UPX! , UPX0 , -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Modified Date = 1/12/2006 2:23:26 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 7, 0 | Size = 306688 bytes | Modified Date = 11/12/2006 1:44:10 PM | Attr = ]
UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Modified Date = 8/16/2006 5:53:32 AM | Attr = RHS]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 3:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Modified Date = 1/17/2005 2:26:36 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Modified Date = 5/3/2006 1:06:54 AM | Attr = RHS]
UPX! , UPX0 , -> %System32%\i420vfw.dll ->
http://www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 1/3/2004 12:08:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Modified Date = 3/10/2006 12:48:48 PM | Attr = RHS]
PEC2 , PECompact2 , -> %System32%\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Modified Date = 2/21/2007 2:47:16 AM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Modified Date = 11/25/2005 11:46:34 AM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Modified Date = 11/20/2003 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Modified Date = 4/26/2004 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Modified Date = 2/12/2005 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Modified Date = 2/12/2005 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Modified Date = 2/12/2005 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Modified Date = 2/5/2005 2:00:00 PM | Attr = RHS]
PEC2 , PECompact2 , -> %System32%\Smab.dll -> [Ver = | Size = 471552 bytes | Modified Date = 12/12/2006 2:15:08 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 12/4/2007 1:00:44 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 3:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Modified Date = 11/10/2005 1:16:02 PM | Attr = ]
UPX! , UPX0 , -> %System32%\yv12vfw.dll ->
http://www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 1/3/2004 12:08:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 3:00:00 AM | Attr = ]
< End of report >
---------------------------------------------------------------------------------------------------------------------
Here is the fsbl log:01/07/08 06:37:20 [Info]: BlackLight Engine 1.0.67 initialized
01/07/08 06:37:20 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/07/08 06:37:20 [Note]: 7019 4
01/07/08 06:37:20 [Note]: 7005 0
01/07/08 06:37:33 [Note]: 7006 0
01/07/08 06:37:33 [Note]: 7022 0
01/07/08 06:37:33 [Note]: 7011 3776
01/07/08 06:37:33 [Note]: 7026 0
01/07/08 06:37:33 [Note]: 7026 0
01/07/08 06:37:36 [Note]: FSRAW library version 1.7.1024
01/07/08 06:39:35 [Note]: 2000 1012
01/07/08 06:40:03 [Note]: 7007 0
----------------------------------------------------------------------------------------------------------------------