Author Topic: Any suggestion...??? (Read 17434 times)

MeDIeVaL · « **on:** January 23, 2008, 05:16:53 AM »

Got this Win32/PossibleHostsFileHijack. Done e'thing I could but still can't get rid of this thing. Scanned with avast! found none, Ad-Aware2007 none, SAS none, run ComboFix none, upload HijackThis log found nuthin' suspicious. Could it be false alarm from Windows Defender? But it was totally annoying, I've cleaned, quarantines, deleted and even set to ignore but the alarm keep poping up. So a'one got any suggestion regarding this thing please help me.

And it make me more curious when I've got this tiny white dot on top left of my desktop. After done with all the security s'ware still found nuthin'.

MeDIeVaL · « **Reply #1 on:** January 24, 2008, 10:57:30 AM »

I really need help with this. Can a'one help me, I can't handle this thing by myself.

essexboy · « **Reply #2 on:** January 24, 2008, 09:49:36 PM »

How about a deep look at your system

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Under Additional Scans click the checkboxes in front of the following items to select them:
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and attach the log. I will review it when it comes in.

MeDIeVaL · « **Reply #3 on:** January 25, 2008, 02:34:53 PM »

WinPFind3 logfile created on: 1/25/2008 8:54:11 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\MeDIeVaL\My Documents\Downloads\Programs\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)

1022.80 Mb Total Physical Memory | 593.77 Mb Available Physical Memory | 58.05% Memory free
2.40 Gb Paging File | 1.99 Gb Available in Paging File | 82.82% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 28.43 Gb Free Space | 76.30% Space Free
Drive D: | 149.04 Gb Total Space | 115.13 Gb Free Space | 77.25% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: BELOVED
Current User Name: MeDIeVaL
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:24 PM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 8:59:54 PM | Attr = ]
ashserv.exe -> %ProgramFiles%\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 PM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 8:59:02 PM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 10:36:34 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 12/21/2007 10:57:28 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 12/21/2007 10:57:28 AM | Attr = ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 7/17/2007 11:13:34 AM | Attr = ]
dkservice.exe -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.526.0 | Size = 622700 bytes | Modified Date = 4/26/2005 5:02:56 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.8.13.1 | Size = 79136 bytes | Modified Date = 6/28/2007 11:31:38 AM | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 7/17/2007 11:13:56 AM | Attr = ]
rocketdock.exe -> %SystemRoot%\Vista Inspirat 2\RocketDock\RocketDock.exe -> [Ver = | Size = 630784 bytes | Modified Date = 3/19/2007 6:05:02 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
twmaster.exe -> %ProgramFiles%\TweakMASTER\TwMaster.exe -> Hagel Technologies [Ver = 1.71 Build 310 | Size = 1746944 bytes | Modified Date = 12/4/2002 3:18:40 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]
winpatrol.exe -> %ProgramFiles%\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 12, 2, 2007, 0 | Size = 292152 bytes | Modified Date = 10/27/2007 12:06:48 AM | Attr = ]
winpfind3u.exe -> %UserDocuments%\Downloads\Programs\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]
zlclient.exe -> %ProgramFiles%\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 10:36:34 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 12/21/2007 10:57:28 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 12/20/2007 9:05:00 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 PM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 8:59:54 PM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 8:59:02 PM | Attr = ]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.526.0 | Size = 622700 bytes | Modified Date = 4/26/2005 5:02:56 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.8.13.1 | Size = 79136 bytes | Modified Date = 6/28/2007 11:31:38 AM | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 267560 bytes | Modified Date = 7/4/2007 2:01:52 PM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 12/10/2007 1:59:04 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

MeDIeVaL · « **Reply #4 on:** January 25, 2008, 02:36:30 PM »

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:24 PM | Attr = ]
Cmaudio -> cmicnfg.CPL -> File not found
DiskeeperSystray -> %ProgramFiles%\Executive Software\Diskeeper\DkIcon.exe -> Executive Software International, Inc. [Ver = 9.0.526.0 | Size = 196696 bytes | Modified Date = 4/25/2005 4:49:40 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 3:27:36 PM | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 11/10/2006 12:35:24 PM | Attr = ]
TweakMASTER -> %ProgramFiles%\TweakMASTER\TwMaster.exe -> Hagel Technologies [Ver = 1.71 Build 310 | Size = 1746944 bytes | Modified Date = 12/4/2002 3:18:40 PM | Attr = ]
WinPatrol -> %ProgramFiles%\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 12, 2, 2007, 0 | Size = 292152 bytes | Modified Date = 10/27/2007 12:06:48 AM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\MeDIeVaL\Start Menu\Programs\Startup ->
%UserStartup%\RocketDock.lnk -> %SystemRoot%\Vista Inspirat 2\RocketDock\RocketDock.exe -> [Ver = | Size = 630784 bytes | Modified Date = 3/19/2007 6:05:02 AM | Attr = ]
%UserStartup%\TransBar.lnk -> %SystemRoot%\Vista Inspirat 2\TransBar\TransBar.exe -> AKSoftware [Ver = 1.4.2.0 | Size = 65536 bytes | Modified Date = 6/2/2005 3:41:18 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 12/21/2007 10:58:56 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->

MeDIeVaL · « **Reply #5 on:** January 25, 2008, 02:37:04 PM »

< HOSTS File > (2520 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
64.78.237.108 www.lsi.com -> ->
129.253.170.35 support.wdc.com -> ->
192.55.21.79 search.seagate.com -> ->
125.252.236.134 www.seagate.com -> ->
68.142.197.63 rds.yahoo.com -> ->
213.61.92.193 usa.asus.com -> ->
213.61.92.195 support.asus.com -> ->
205.158.107.130 www.asus.com -> ->
211.72.249.198 my.asus.com -> ->
217.160.227.232 www.cmedia.com.tw -> ->
213.61.92.197 www.asrock.com -> ->
203.106.50.10 www.intel.com -> ->
203.106.50.17 i.d.com.com -> ->
216.239.116.65 bwp.download.com -> ->
216.239.116.76 software-files.download.com -> ->
192.198.164.161 downloadcenter.intel.com -> ->
65.55.184.253 www.update.microsoft.com -> ->
207.46.16.243 c.microsoft.com -> ->
20.134.32.196 www.maybank2u.com.my -> ->
65.242.27.66 view.atdmt.com -> ->
202.176.217.12 www.zdnetasia.com -> ->
216.239.122.225 music.download.com -> ->
208.116.55.219 www.metal-archives.com -> ->
208.73.34.52 www.rockombia.org -> ->
85.214.34.145 forum.hijackthis.de -> ->
66.246.102.79 www.blastclick.com -> ->
62.1.206.117 www.metalperspective.com -> ->
209.85.66.220 dg.specificclick.net -> ->
69.147.91.81 webmessenger.yahoo.com -> ->
207.68.178.45 rad.msn.com -> ->
65.55.240.13 onecare.live.com -> ->
65.55.162.252 help.live.com -> ->
65.54.199.140 get.live.com -> ->
65.55.159.254 home.live.com -> ->
66.163.169.186 login.yahoo.com -> ->
66.218.77.78 geocities.yahoo.com -> ->
66.218.77.89 themis.geocities.yahoo.com -> ->
66.218.77.68 www.geocities.com -> ->
209.131.36.158 www.yahoo.com -> ->
67.228.112.195 www.avast.com -> ->
217.119.55.50 www.nuclearblast-musicshop.de -> ->
74.6.146.119 search.yahoo.com -> ->
212.87.154.122 www.nuclearblast.de -> ->
208.65.153.253 www.youtube.com -> ->
75.125.29.226 forum.avast.com -> ->
38.119.59.5 www.gomplayer.com -> ->
64.233.189.165 pagead2.googlesyndication.com -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKLM] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 5, 12, 5, 0 | Size = 95664 bytes | Modified Date = 1/21/2008 10:15:36 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} [HKLM] -> %ProgramFiles%\TweakMASTER\TweakBHO.dll [Implements TweakBHO] -> Hagel Technologies [Ver = 1.71 Build 310 | Size = 202752 bytes | Modified Date = 12/4/2002 3:18:40 PM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKLM] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 1/22/2008 1:30:38 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKLM] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 1/22/2008 1:30:38 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 1/22/2008 1:30:38 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
Download all links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 10/20/2003 6:13:14 PM | Attr = ]
Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm -> [Ver = | Size = 278 bytes | Modified Date = 7/2/2007 2:19:12 PM | Attr = ]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 12/3/2004 12:31:10 AM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Scan link by Dr.Web -> http:\www.drweb.com\online\drweb-online-en.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{793554CC-88E2-413E-B8D4-7C832B2B1E76} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200942291187 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> get_atlcom Class - CodeBase = http://www.adobe.com/products/acrobat/nos/gp.cab ->

MeDIeVaL · « **Reply #6 on:** January 25, 2008, 02:42:26 PM »

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 760 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> Þ…{Ñ¿øSèZ‰{
EÕcG8994a5f7

MeDIeVaL · « **Reply #7 on:** January 25, 2008, 02:42:53 PM »

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> ‘¨„p³—` ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> ±B™ýS ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> tö›m½õyhCd0c ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> & !ËY\È ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

MeDIeVaL · « **Reply #8 on:** January 25, 2008, 02:43:15 PM »

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 340 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

MeDIeVaL · « **Reply #9 on:** January 25, 2008, 02:44:26 PM »

[Files/Folders - Created Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 1/22/2008 12:54:53 AM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 321 bytes | Created Date = 1/22/2008 8:39:13 AM | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/22/2008 12:54:53 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 1/22/2008 8:40:17 AM | Attr = ]
Intel -> %SystemDrive%\Intel -> [Folder | Created Date = 1/22/2008 9:59:09 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/22/2008 12:54:53 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/22/2008 12:54:53 AM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 1/22/2008 8:41:31 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 1/22/2008 2:18:49 AM | Attr = HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 1/23/2008 11:34:09 AM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 1/23/2008 11:34:09 AM | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 2/28/1749 2:34:14 AM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 1/22/2008 2:30:19 AM | Attr = H ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 1/22/2008 2:30:39 AM | Attr = H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 1/22/2008 7:21:08 AM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 1/22/2008 7:20:53 AM | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 1/22/2008 4:15:18 AM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 1/22/2008 7:24:20 AM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 1/22/2008 7:24:15 AM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 1/22/2008 3:03:25 AM | Attr = H ]
$NtUninstallKB887472$ -> %SystemRoot%\$NtUninstallKB887472$ -> [Folder | Created Date = 1/22/2008 4:14:46 AM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 1/22/2008 4:11:48 AM | Attr = H ]
$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Created Date = 1/22/2008 4:13:10 AM | Attr = H ]
$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Created Date = 1/22/2008 3:01:09 AM | Attr = H ]
$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Created Date = 1/22/2008 4:13:39 AM | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Created Date = 1/22/2008 4:16:54 AM | Attr = H ]
$NtUninstallKB894391$ -> %SystemRoot%\$NtUninstallKB894391$ -> [Folder | Created Date = 1/22/2008 4:10:34 AM | Attr = H ]
$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Created Date = 1/22/2008 4:14:36 AM | Attr = H ]
$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Created Date = 1/22/2008 4:15:57 AM | Attr = H ]
$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Created Date = 1/22/2008 3:03:02 AM | Attr = H ]
$NtUninstallKB898461$ -> %SystemRoot%\$NtUninstallKB898461$ -> [Folder | Created Date = 1/22/2008 2:30:19 AM | Attr = H ]
$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Created Date = 1/22/2008 7:25:26 AM | Attr = H ]
$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Created Date = 1/22/2008 7:23:20 AM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 1/22/2008 4:15:52 AM | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Created Date = 1/22/2008 4:11:43 AM | Attr = H ]
$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Created Date = 1/22/2008 7:23:26 AM | Attr = H ]
$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Created Date = 1/22/2008 4:12:18 AM | Attr = H ]
$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Created Date = 1/22/2008 4:13:16 AM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 1/22/2008 7:19:29 AM | Attr = H ]
$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Created Date = 1/22/2008 4:12:27 AM | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Created Date = 1/22/2008 3:03:16 AM | Attr = H ]
$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Created Date = 1/22/2008 3:02:13 AM | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Created Date = 1/22/2008 4:10:46 AM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 1/22/2008 4:14:10 AM | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 1/22/2008 4:16:39 AM | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 1/22/2008 4:16:19 AM | Attr = H ]
$NtUninstallKB911564$ -> %SystemRoot%\$NtUninstallKB911564$ -> [Folder | Created Date = 1/22/2008 3:04:59 AM | Attr = H ]
$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Created Date = 1/22/2008 7:23:33 AM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 1/22/2008 4:10:39 AM | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 1/22/2008 4:12:37 AM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 1/22/2008 3:01:53 AM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Created Date = 1/22/2008 7:19:37 AM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 1/22/2008 7:20:33 AM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 1/22/2008 4:11:18 AM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 1/22/2008 4:12:32 AM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 1/22/2008 4:12:03 AM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 1/22/2008 4:13:34 AM | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 1/22/2008 4:12:42 AM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 1/22/2008 4:11:32 AM | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 1/22/2008 4:13:45 AM | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 1/22/2008 4:10:29 AM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 1/22/2008 4:17:02 AM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 1/22/2008 4:13:01 AM | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 1/22/2008 4:14:52 AM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 1/22/2008 3:03:39 AM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 1/22/2008 7:24:57 AM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 1/22/2008 4:12:13 AM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 1/22/2008 7:24:04 AM | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 1/22/2008 4:16:47 AM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 1/22/2008 4:15:46 AM | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 1/22/2008 4:15:14 AM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 1/22/2008 4:16:02 AM | Attr = H ]

MeDIeVaL · « **Reply #10 on:** January 25, 2008, 02:44:49 PM »

$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 1/22/2008 4:14:31 AM | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Created Date = 1/22/2008 4:14:04 AM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 1/22/2008 4:13:57 AM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 1/22/2008 12:59:20 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 1/22/2008 4:11:58 AM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 1/22/2008 4:13:06 AM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 1/22/2008 7:25:20 AM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 1/22/2008 7:25:14 AM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 1/22/2008 4:15:03 AM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 1/22/2008 7:23:53 AM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 1/22/2008 4:10:17 AM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 1/22/2008 4:13:50 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 1/22/2008 1:32:59 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 1/22/2008 4:12:46 AM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 1/22/2008 4:11:13 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 1/22/2008 4:15:41 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 1/22/2008 7:23:40 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 1/22/2008 4:12:23 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 1/22/2008 4:17:10 AM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 1/22/2008 3:02:35 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 1/22/2008 4:11:27 AM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 1/22/2008 4:16:28 AM | Attr = H ]
$NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Created Date = 1/22/2008 4:14:57 AM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 1/22/2008 1:33:18 PM | Attr = H ]
$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 1/22/2008 4:15:33 AM | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 1/22/2008 4:11:37 AM | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 1/22/2008 4:16:08 AM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 1/22/2008 4:14:42 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 1/22/2008 1:33:55 PM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 1/22/2008 4:12:09 AM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 1/22/2008 4:11:53 AM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 1/22/2008 3:04:39 AM | Attr = H ]
$NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Created Date = 1/22/2008 4:15:09 AM | Attr = H ]
$NtUninstallKB942615$ -> %SystemRoot%\$NtUninstallKB942615$ -> [Folder | Created Date = 1/22/2008 7:19:44 AM | Attr = H ]
$NtUninstallKB942615_0$ -> %SystemRoot%\$NtUninstallKB942615_0$ -> [Folder | Created Date = 1/22/2008 4:10:57 AM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 1/22/2008 4:12:54 AM | Attr = H ]
$NtUninstallKB942840$ -> %SystemRoot%\$NtUninstallKB942840$ -> [Folder | Created Date = 1/22/2008 5:22:30 PM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 1/22/2008 7:25:06 AM | Attr = H ]
$NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Created Date = 1/22/2008 4:11:22 AM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 1/22/2008 4:10:25 AM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 1/22/2008 12:58:46 PM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 1/22/2008 2:56:56 AM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 1/22/2008 12:57:24 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 1/22/2008 12:58:16 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 1/22/2008 12:56:49 PM | Attr = H ]
$NtUninstallWudf01005$ -> %SystemRoot%\$NtUninstallWudf01005$ -> [Folder | Created Date = 1/22/2008 1:17:42 PM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
agrsmdel.exe -> %SystemRoot%\agrsmdel.exe -> Agere Systems [Ver = 1.70 | Size = 68096 bytes | Created Date = 1/22/2008 2:21:06 AM | Attr = R ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 3815 bytes | Created Date = 1/22/2008 1:02:19 AM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 1/22/2008 2:58:49 AM | Attr = R S]
ativpsrm.bin -> %SystemRoot%\ativpsrm.bin -> [Ver = | Size = 0 bytes | Created Date = 1/22/2008 3:07:42 AM | Attr = ]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]

MeDIeVaL · « **Reply #11 on:** January 25, 2008, 02:46:45 PM »

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 1/22/2008 12:57:06 AM | Attr = S]
BricoPack Wallpaper.bmp -> %SystemRoot%\BricoPack Wallpaper.bmp -> [Ver = | Size = 2359350 bytes | Created Date = 1/22/2008 1:57:14 PM | Attr = ]
BricoPackFoldersDelete.cmd -> %SystemRoot%\BricoPackFoldersDelete.cmd -> [Ver = | Size = 4660 bytes | Created Date = 1/22/2008 8:14:40 PM | Attr = ]
BricoPacks -> %SystemRoot%\BricoPacks -> [Folder | Created Date = 1/22/2008 8:13:58 PM | Attr = ]
BricoPackUninst.cmd -> %SystemRoot%\BricoPackUninst.cmd -> [Ver = | Size = 65108 bytes | Created Date = 1/22/2008 1:57:27 PM | Attr = ]
CMCDPLAY.INI -> %SystemRoot%\CMCDPLAY.INI -> [Ver = | Size = 26 bytes | Created Date = 1/22/2008 2:03:15 AM | Attr = ]
CMIRmDriver.dll -> %SystemRoot%\CMIRmDriver.dll -> [Ver = | Size = 28672 bytes | Created Date = 1/22/2008 2:03:08 AM | Attr = ]
CmiRmRedundDir.exe -> %SystemRoot%\CmiRmRedundDir.exe -> [Ver = 1, 0, 0, 2 | Size = 225280 bytes | Created Date = 1/22/2008 2:03:08 AM | Attr = ]
CMISETUP.INI -> %SystemRoot%\CMISETUP.INI -> [Ver = | Size = 92 bytes | Created Date = 1/22/2008 2:03:16 AM | Attr = ]
CMIUninstall.exe -> %SystemRoot%\CMIUninstall.exe -> [Ver = 2, 0, 0, 9 | Size = 266240 bytes | Created Date = 1/22/2008 2:03:08 AM | Attr = ]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]
Config -> %SystemRoot%\Config -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 1/22/2008 12:54:53 AM | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 1/22/2008 12:52:43 AM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 1/22/2008 3:31:11 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 1/22/2008 12:53:30 AM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 1/22/2008 5:09:02 PM | Attr = ]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = R S]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 1/22/2008 5:52:08 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 1/22/2008 7:22:53 AM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 1/22/2008 8:41:39 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 1/22/2008 8:41:37 AM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 1/22/2008 1:27:57 PM | Attr = ]
java -> %SystemRoot%\java -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
ltmsg.exe -> %SystemRoot%\ltmsg.exe -> Agere Systems [Ver = 3, 0, 0, 4 | Size = 40960 bytes | Created Date = 1/22/2008 9:18:34 PM | Attr = ]
ltremove.exe -> %SystemRoot%\ltremove.exe -> Agere Systems [Ver = 1.60 | Size = 65024 bytes | Created Date = 1/22/2008 9:18:34 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Created Date = 1/22/2008 2:58:04 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 1/22/2008 10:54:45 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 1/22/2008 7:19:38 AM | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/22/2008 5:08:19 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Created Date = 1/22/2008 8:30:08 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Created Date = 1/22/2008 8:41:36 AM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 1/22/2008 12:53:30 AM | Attr = R ]
OPTIONS -> %SystemRoot%\OPTIONS -> [Folder | Created Date = 1/22/2008 1:05:07 AM | Attr = ]
pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]

MeDIeVaL · « **Reply #12 on:** January 25, 2008, 02:47:06 PM »

PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 1/22/2008 12:58:27 AM | Attr = ]
Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 1/22/2008 12:51:46 AM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 1/22/2008 12:58:13 AM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 1/22/2008 12:50:59 AM | Attr = ]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 1/22/2008 12:50:59 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
SET3.tmp -> %SystemRoot%\SET3.tmp -> [Ver = | Size = 1042903 bytes | Created Date = 1/22/2008 8:40:57 AM | Attr = R ]
SET4.tmp -> %SystemRoot%\SET4.tmp -> [Ver = | Size = 1086058 bytes | Created Date = 1/22/2008 8:40:59 AM | Attr = R ]
SET8.tmp -> %SystemRoot%\SET8.tmp -> [Ver = | Size = 13753 bytes | Created Date = 1/22/2008 8:41:02 AM | Attr = R ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 1/22/2008 8:27:41 PM | Attr = ]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 1/22/2008 12:58:35 AM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 1/22/2008 12:52:31 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 1/22/2008 8:00:31 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
system32 -> %System32% -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 1/22/2008 12:52:34 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 1/22/2008 12:51:51 AM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 1/22/2008 12:51:51 AM | Attr = ]
Vista Inspirat 2 -> %SystemRoot%\Vista Inspirat 2 -> [Folder | Created Date = 1/22/2008 8:13:58 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 1/22/2008 7:22:23 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = R ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 1/22/2008 12:53:24 AM | Attr = RH ]
Wininit.ini -> %SystemRoot%\Wininit.ini -> [Ver = | Size = 10 bytes | Created Date = 1/22/2008 2:03:14 AM | Attr = ]
winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 1/22/2008 12:52:43 AM | Attr = HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 1/22/2008 12:52:43 AM | Attr = HS]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 1/22/2008 12:54:43 AM | Attr = ]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 1/22/2008 12:50:59 AM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75248 bytes | Created Date = 1/22/2008 1:29:13 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 1/22/2008 3:54:10 AM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 260 bytes | Created Date = 1/22/2008 1:23:02 PM | Attr = ]
desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 1/22/2008 12:52:34 AM | Attr = RH ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Created Date = 1/22/2008 3:13:37 AM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 1/22/2008 12:58:27 AM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 1/22/2008 8:39:09 AM | Attr = ]

MeDIeVaL · « **Reply #13 on:** January 25, 2008, 02:47:36 PM »

MeDIeVaL · « **Reply #14 on:** January 25, 2008, 02:49:19 PM »

desktop.ini -> %System32%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 1/22/2008 12:52:43 AM | Attr = ]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/22/2008 8:41:18 AM | Attr = ]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/22/2008 8:41:18 AM | Attr = ]
dhcp -> %System32%\dhcp -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Created Date = 1/22/2008 12:53:01 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 1/22/2008 1:15:18 PM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 1/22/2008 12:52:03 AM | Attr = ]
en-us -> %System32%\en-us -> [Folder | Created Date = 1/22/2008 3:00:38 AM | Attr = ]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/22/2008 8:41:17 AM | Attr = ]
export -> %System32%\export -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 113376 bytes | Created Date = 1/22/2008 8:40:16 AM | Attr = ]
fxscount.h -> %System32%\fxscount.h -> [Ver = | Size = 1361 bytes | Created Date = 1/23/2008 11:31:01 AM | Attr = ]
fxsperf.ini -> %System32%\fxsperf.ini -> [Ver = | Size = 1793 bytes | Created Date = 1/23/2008 11:31:01 AM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Created Date = 1/23/2008 11:31:19 AM | Attr = ]
gb2312.uce -> %System32%\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 1/22/2008 12:50:57 AM | Attr = ]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 1/22/2008 12:51:03 AM | Attr = ]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 1/22/2008 12:50:34 AM | Attr = ]
ias -> %System32%\ias -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
ideograf.uce -> %System32%\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 1/22/2008 12:50:57 AM | Attr = ]
idmmbc.dll -> %System32%\idmmbc.dll -> Tonec Inc. [Ver = 5, 12, 2, 0 | Size = 202160 bytes | Created Date = 1/21/2008 10:13:43 PM | Attr = ]
IME -> %System32%\IME -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/22/2008 12:52:16 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/22/2008 8:00:18 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/22/2008 8:00:18 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/22/2008 8:00:18 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/22/2008 8:00:18 PM | Attr = ]
kanji_1.uce -> %System32%\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 1/22/2008 12:50:57 AM | Attr = ]
kanji_2.uce -> %System32%\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 1/22/2008 12:50:57 AM | Attr = ]
korean.uce -> %System32%\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 1/22/2008 1:28:58 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 1/22/2008 12:56:58 PM | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 1/22/2008 12:53:30 AM | Attr = RH ]
Macromed -> %System32%\Macromed -> [Folder | Created Date = 1/22/2008 12:52:30 AM | Attr = ]
mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 535 bytes | Created Date = 1/23/2008 11:31:04 AM | Attr = ]
Microsoft -> %System32%\Microsoft -> [Folder | Created Date = 1/22/2008 12:58:27 AM | Attr = S]
MsDtc -> %System32%\MsDtc -> [Folder | Created Date = 1/22/2008 12:50:30 AM | Attr = ]
msdtcprf.h -> %System32%\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 1/22/2008 12:50:55 AM | Attr = ]
msdtcprf.ini -> %System32%\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 1/22/2008 12:50:55 AM | Attr = ]
mui -> %System32%\mui -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 1/22/2008 12:53:24 AM | Attr = RH ]
nmwcdcls.dll -> %System32%\nmwcdcls.dll -> Nokia [Ver = 6.83.6.0 | Size = 90624 bytes | Created Date = 1/22/2008 1:15:18 PM | Attr = ]
nmwcdcocls.dll -> %System32%\nmwcdcocls.dll -> Nokia [Ver = 6.83.6.0 | Size = 65536 bytes | Created Date = 1/22/2008 1:15:18 PM | Attr = ]
npp -> %System32%\npp -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 1/22/2008 12:54:44 AM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 1/22/2008 12:53:24 AM | Attr = RH ]
oobe -> %System32%\oobe -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 511486 bytes | Created Date = 1/22/2008 8:41:37 AM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Created Date = 1/22/2008 2:30:21 AM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Created Date = 1/10/2008 3:27:44 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Created Date = 1/10/2008 3:27:46 PM | Attr = ]
ras -> %System32%\ras -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Created Date = 1/22/2008 1:02:34 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Created Date = 1/22/2008 12:52:17 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 1/22/2008 12:53:24 AM | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
shiftjis.uce -> %System32%\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 1/22/2008 2:18:33 AM | Attr = ]
spool -> %System32%\spool -> [Folder | Created Date = 1/22/2008 8:33:52 AM | Attr = ]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/22/2008 8:41:18 AM | Attr = ]
subrange.uce -> %System32%\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 1/22/2008 12:50:58 AM | Attr = ]

Author Topic: Any suggestion...??? (Read 17434 times)

MeDIeVaL

Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

essexboy

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???

MeDIeVaL

Re: Any suggestion...???