Code:
OTScanIt logfile created on: 30/09/2008 20:51:20
OTScanIt by OldTimer - Version 1.0.19.0 Folder = d:\My Documents\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
767.48 Mb Total Physical Memory | 257.82 Mb Available Physical Memory | 33.59% Memory free
1.08 Gb Paging File | 0.61 Gb Available in Paging File | 56.06% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.25 Gb Free Space | 2.54% Space Free | Partition Type: NTFS
Drive D: | 27.49 Gb Total Space | 6.14 Gb Free Space | 22.34% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STANISLAVS
Current User Name: oemstudent
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
[Processes - Non-Microsoft Only]
oasrv.exe -> D:\My Documents\Online Armor\oasrv.exe -> Tall Emu [Ver = 2.1.0.131 | Size = 5435968 bytes | Modified Date = 17/04/2008 05:25:28 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.41.33 | Size = 35328 bytes | Modified Date = 19/09/2001 09:41:00 | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr = ]
iobit smartdefrag.exe -> %ProgramFiles%\IObit\IObit SmartDefrag\IObit SmartDefrag.exe -> [Ver = | Size = 2736384 bytes | Modified Date = 19/10/2007 13:25:54 | Attr = ]
oaui.exe -> D:\My Documents\Online Armor\oaui.exe -> Tall Emu [Ver = 2.1.0.131 | Size = 5545536 bytes | Modified Date = 17/04/2008 05:25:26 | Attr = ]
daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12/11/2006 11:48:46 | Attr = ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 11/08/2008 17:46:50 | Attr = R ]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 2.0.0.58 | Size = 76744 bytes | Modified Date = 11/08/2008 17:46:50 | Attr = R ]
opera.exe -> %ProgramFiles%\Opera\opera.exe -> Opera Software [Ver = 10108 | Size = 98816 bytes | Modified Date = 14/08/2008 15:52:32 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(SLService) SmartLinkService [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 21/11/2001 07:14:00 | Attr = ]
(SvcOnlineArmor) Online Armor [Win32_Own | Auto | Running] -> D:\My Documents\Online Armor\oasrv.exe -> Tall Emu [Ver = 2.1.0.131 | Size = 5435968 bytes | Modified Date = 17/04/2008 05:25:28 | Attr = ]
[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Modified Date = 19/07/2008 15:32:15 | Attr = ]
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Modified Date = 19/07/2008 15:37:42 | Attr = ]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Modified Date = 19/07/2008 15:37:21 | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Modified Date = 19/07/2008 15:33:42 | Attr = ]
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Modified Date = 19/07/2008 15:35:18 | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Modified Date = 19/07/2008 15:32:36 | Attr = ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 0 | Size = 8064 bytes | Modified Date = 22/04/2006 02:44:39 | Attr = ]
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\drivers\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 0 | Size = 4608 bytes | Modified Date = 12/04/2005 09:41:20 | Attr = ]
(hpt3xx) hpt3xx [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\drivers\hpt3xx.sys -> HighPoint Technologies, Inc. [Ver = Revision v1.0.5 (XPClient.010817-1148) | Size = 38144 bytes | Modified Date = 17/08/2001 14:52:24 | Attr = ]
(ip6fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\ip6fw.sys -> File not found
(l8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\drivers\L8042Pr2.sys -> Logitech [Ver = 9.41.1.17 | Size = 50432 bytes | Modified Date = 19/09/2001 10:11:00 | Attr = ]
(LKbdFlt2) Logitech Keyboard Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\drivers\LKbdFlt2.sys -> Logitech [Ver = 9.41.1.5 | Size = 5840 bytes | Modified Date = 19/09/2001 10:11:00 | Attr = ]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\drivers\LMouFlt2.sys -> Logitech [Ver = 9.41.1.26 | Size = 67440 bytes | Modified Date = 19/09/2001 10:11:00 | Attr = ]
(mmx19g) MMX virtualization service [Kernel | System | Stopped] -> %SystemRoot%\system32\mmx19g.sys -> File not found
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 17/08/2001 14:52:12 | Attr = ]
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\drivers\mtlmnt5.sys -> [Ver = 1.53 | Size = 181472 bytes | Modified Date = 23/02/2002 07:00:56 | Attr = R ]
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\drivers\mtlstrm.sys -> [Ver = 0.98 | Size = 2388228 bytes | Modified Date = 05/02/2002 09:21:42 | Attr = R ]
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\drivers\ntmtlfax.sys -> [Ver = 2.86.08 | Size = 607732 bytes | Modified Date = 29/11/2001 09:09:20 | Attr = R ]
(OADevice) OADriver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\drivers\OADriver.sys -> [Ver = | Size = 80584 bytes | Modified Date = 17/04/2008 05:25:32 | Attr = ]
(OAmon) OAmon [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\drivers\OAmon.sys -> [Ver = | Size = 32456 bytes | Modified Date = 17/04/2008 05:25:42 | Attr = ]
(OAnet) OAnet [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\drivers\oanet.sys -> [Ver = | Size = 28872 bytes | Modified Date = 17/04/2008 05:25:38 | Attr = ]
(Rmfc7) Rmfc7 [Kernel | Auto | Stopped] -> %SystemRoot%\System32\Rmfc7.sys -> File not found
(Slntamr) SmartLink AMR_PCI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\drivers\slntamr.sys -> [Ver = Feb 19 2002 14:55:18 | Size = 411464 bytes | Modified Date = 19/02/2002 07:55:24 | Attr = R ]
(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\drivers\slnthal.sys -> [Ver = 2.86.08 | Size = 181328 bytes | Modified Date = 05/02/2002 09:26:08 | Attr = R ]
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\drivers\slwdmsup.sys -> Vireo Software [Ver = 1.00 | Size = 33028 bytes | Modified Date = 29/11/2001 09:09:28 | Attr = R ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 17/08/2001 15:07:44 | Attr = ]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\drivers\sptd.sys -> [Ver = | Size = 646392 bytes | Modified Date = 27/03/2007 17:16:58 | Attr = ]
(TSP) TSP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> File not found
(V90drv) V90drv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\drivers\v90drv.sys -> [Ver = 2.79.03 | Size = 1432836 bytes | Modified Date = 29/11/2001 09:09:32 | Attr = R ]
(VClone) VClone [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\drivers\VClone.sys -> Elaborate Bytes AG [Ver = 5, 1, 1, 0 | Size = 24320 bytes | Modified Date = 22/04/2006 20:59:21 | Attr = ]
(xmm13g) MMX2 virtualization service [Kernel | Auto | Stopped] -> %SystemRoot%\system32\mmx19g.sys -> File not found
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> D:\My Documents\Reader\Reader_sl.exe ["D:\My Documents\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 22:16:38 | Attr = ]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 1, 0, 0 | Size = 111936 bytes | Modified Date = 03/09/2008 20:12:50 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr = ]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe [C:\Program Files\BroadJump\Client Foundation\CFD.exe] -> File not found
EM_EXEC -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE [C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE] -> Logitech Inc. [Ver = 9.41.33 | Size = 35328 bytes | Modified Date = 19/09/2001 09:41:00 | Attr = ]
iTunesHelper -> D:\My Documents\iTunes\iTunesHelper.exe ["D:\My Documents\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.0.35 | Size = 289576 bytes | Modified Date = 10/09/2008 17:40:06 | Attr = ]
OnlineArmor GUI -> D:\My Documents\Online Armor\oaui.exe ["D:\My Documents\Online Armor\oaui.exe"] -> Tall Emu [Ver = 2.1.0.131 | Size = 5545536 bytes | Modified Date = 17/04/2008 05:25:26 | Attr = ]
QuickTime Task -> D:\My Documents\qttask.exe ["D:\My Documents\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 06/09/2008 15:09:14 | Attr = ]
SmartDefrag -> %ProgramFiles%\IObit\IObit SmartDefrag\IObit SmartDefrag.exe ["C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp] -> [Ver = | Size = 2736384 bytes | Modified Date = 19/10/2007 13:25:54 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ]
VirtualCloneDrive -> F:\VirtualCloneDrive\VCDDaemon.exe ["F:\VirtualCloneDrive\VCDDaemon.exe" /s] -> File not found
WinampAgent -> d:\My Documents\Winamp\winampa.exe ["d:\My Documents\Winamp\winampa.exe"] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> File not found
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12/11/2006 11:48:46 | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 11/08/2008 17:46:50 | Attr = R ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< oemstudent Startup Folder > -> C:\Documents and Settings\oemstudent\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{4F07DA45-8170-4859-9B5F-037EF2970034} [HKEY_LOCAL_MACHINE] -> D:\MYDOCU~1\ONLINE~1\oaevent.dll [OA Shell Helper] -> Tall Emu [Ver = 2.1.0.131 | Size = 671432 bytes | Modified Date = 17/04/2008 05:25:46 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13/06/2007 11:23:07 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\SYSTEM32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\SYSTEM32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 04/08/2004 00:56:52 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 04:36:51 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
klogon -> %SystemRoot%\SYSTEM32\klogon.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 206088 bytes | Modified Date = 28/06/2007 12:51:48 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03/08/2004 22:59:54 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 23/10/2001 21:54:40 | Attr = ]
< HOSTS File > (224610 bytes and 7926 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.ntlworld.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;*.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4800 domain(s) found. ->
46 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4822 domain(s) found. ->
www_excite.com [http] -> Trusted sites ->
45 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 12:43:28 | Attr = ]
{6165D324-3AAF-4C63-B545-C7D2285BEA1C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ReadAndWrite6\thbho.dll [baloudHelperObj Class] -> textHELP Systems Ltd [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 12/02/2002 11:19:18 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 12:43:28 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 12:43:28 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1809FEDC-1A7D-493A-93FB-72A99825E6DC} -> (SMC EZ Card 10/100 Fast Ethernet PCI Network Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 29/08/2008 09:53:50 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 11/08/2008 17:46:50 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> ->
[Files/Folders - Created Within 30 days]
rsit -> %SystemDrive%\rsit -> [Folder | Created Date = 30/09/2008 18:28:15 | Attr = ]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Created Date = 09/09/2008 08:30:20 | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
[Files/Folders - Modified Within 30 days]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 224610 bytes | Modified Date = 01/09/2008 07:12:03 | Attr = ]
hosts.idx -> %SystemRoot%\System32\drivers\etc\hosts.idx -> [Ver = | Size = 72540 bytes | Modified Date = 30/09/2008 17:38:12 | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 17/09/2008 16:21:49 | Attr = ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 30/09/2008 17:37:59 | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 18/09/2008 12:39:36 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 19/09/2008 10:15:37 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 30/09/2008 17:38:18 | Attr = H ]
SmartDefrag.job -> %SystemRoot%\tasks\SmartDefrag.job -> [Ver = | Size = 356 bytes | Modified Date = 21/09/2008 22:00:00 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 13/08/2007 08:54:17 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 18/09/2008 08:32:46 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5514 bytes | Modified Date = 18/09/2008 08:32:46 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 10/10/2006 10:59:31 | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1388 bytes | Modified Date = 02/07/2007 16:27:21 | Attr = ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp -> [Folder | Modified Date = 30/09/2008 20:45:15 | Attr = ]
A~NSISu_.exe -> C:\Documents and Settings\oemstudent\Local Settings\Temp\A~NSISu_.exe -> Lime Wire LLC [Ver = 4.18.8 | Size = 124421 bytes | Modified Date = 19/09/2008 09:55:58 | Attr = ]
182 C:\Documents and Settings\oemstudent\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\oemstudent\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\oemstudent\Local Settings\Temp\~nsu.tmp\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\~nsu.tmp\ -> [Folder | Modified Date = 30/09/2008 20:41:48 | Attr = ]
Au_.exe -> C:\Documents and Settings\oemstudent\Local Settings\Temp\~nsu.tmp\Au_.exe -> [Ver = | Size = 34196 bytes | Modified Date = 10/02/2008 13:05:02 | Attr = ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp -> [Folder | Modified Date = 30/05/2002 11:31:02 | Attr = ]
Setup.exe -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 52, 164, 0 | Size = 73728 bytes | Modified Date = 12/01/1999 11:42:20 | Attr = R ]
_ISDel.exe -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 27/10/1998 12:06:48 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader -> [Folder | Modified Date = 30/05/2002 11:30:35 | Attr = ]
AcroRd32.exe -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 5.0.1.2001032700 | Size = 3870784 bytes | Modified Date = 27/03/2001 21:44:58 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp -> [Folder | Modified Date = 30/09/2008 20:45:15 | Attr = ]
i6hhuksj.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\i6hhuksj.dll -> [Ver = | Size = 0 bytes | Modified Date = 19/05/2008 08:37:08 | Attr = ]
swt-awt-win32-3346.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\swt-awt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 32768 bytes | Modified Date = 05/02/2008 19:51:23 | Attr = ]
swt-win32-3346.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\swt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 05/02/2008 19:51:23 | Attr = ]
182 C:\Documents and Settings\oemstudent\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\oemstudent\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp -> [Folder | Modified Date = 30/05/2002 11:31:02 | Attr = ]
_Setup.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 29/09/1998 16:34:56 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader -> [Folder | Modified Date = 30/05/2002 11:30:35 | Attr = ]
AceLite.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\AceLite.dll -> Adobe Systems, Incorporated [Ver = 1.02.00 | Size = 397312 bytes | Modified Date = 28/02/2001 09:29:36 | Attr = R ]
ACROFX32.DLL -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\ACROFX32.DLL -> [Ver = | Size = 53248 bytes | Modified Date = 12/05/2000 18:30:02 | Attr = R ]
Agm.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\Agm.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1138688 bytes | Modified Date = 14/03/2001 10:06:02 | Attr = R ]
Bib.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\Bib.dll -> Adobe Systems, Incorporated [Ver = 1.0.20 | Size = 147456 bytes | Modified Date = 20/01/2001 22:13:36 | Attr = R ]
CoolType.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\CoolType.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1441792 bytes | Modified Date = 14/03/2001 10:06:02 | Attr = R ]
msvcp60.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\msvcp60.dll -> Microsoft Corporation [Ver = 6.00.8168.0 | Size = 401462 bytes | Modified Date = 01/12/1999 00:40:28 | Attr = R ]
msvcrt.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\msvcrt.dll -> Microsoft Corporation [Ver = 6.00.8397.0 | Size = 266293 bytes | Modified Date = 11/02/1999 03:33:58 | Attr = R ]
oleaut32.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\oleaut32.dll -> Microsoft Corporation [Ver = 2.30.4261 | Size = 598288 bytes | Modified Date = 18/06/1998 11:33:08 | Attr = R ]
WHA Library.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\WHA Library.dll -> Adobe Systems Incorporated [Ver = 0.2.0.0 | Size = 167936 bytes | Modified Date = 15/03/2001 06:14:38 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\Browser\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\Browser -> [Folder | Modified Date = 30/05/2002 11:30:35 | Attr = ]
nppdf32.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\Browser\nppdf32.dll -> Adobe Systems Inc. [Ver = 5.0.0.2001031500 | Size = 103312 bytes | Modified Date = 26/02/2001 21:48:44 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\plug_ins\InterTrust\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\plug_ins\InterTrust -> [Folder | Modified Date = 30/05/2002 11:30:35 | Attr = ]
NPDocBox.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 14/03/2001 04:52:06 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\plug_ins\Movie\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\plug_ins\Movie -> [Folder | Modified Date = 30/05/2002 11:30:35 | Attr = ]
QT2.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\plug_ins\Movie\QT2.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 24576 bytes | Modified Date = 15/03/2001 06:00:24 | Attr = R ]
QT3.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\plug_ins\Movie\QT3.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 32768 bytes | Modified Date = 15/03/2001 06:00:42 | Attr = R ]
QT4.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\plug_ins\Movie\QT4.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 36864 bytes | Modified Date = 15/03/2001 06:01:02 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\Uninstall\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\Uninstall -> [Folder | Modified Date = 30/05/2002 11:30:35 | Attr = ]
Uninst.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Reader\Uninstall\Uninst.dll -> Adobe Systems, Inc. [Ver = 4.0.11 | Size = 81920 bytes | Modified Date = 26/02/2001 21:48:44 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SVG Files\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SVG Files -> [Folder | Modified Date = 30/05/2002 11:30:36 | Attr = ]
NPSVGVw.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SVG Files\NPSVGVw.dll -> Adobe Systems Inc. [Ver = 2, 0, 0, 55 | Size = 299059 bytes | Modified Date = 14/03/2001 14:10:56 | Attr = R ]
SVGControl.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SVG Files\SVGControl.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 491574 bytes | Modified Date = 14/03/2001 14:14:00 | Attr = R ]
SVGRSRC.DLL -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SVG Files\SVGRSRC.DLL -> [Ver = | Size = 12288 bytes | Modified Date = 14/03/2001 14:06:24 | Attr = R ]
SVGView.dll -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SVG Files\SVGView.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 1597491 bytes | Modified Date = 14/03/2001 14:07:52 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp -> [Folder | Modified Date = 30/05/2002 11:31:02 | Attr = ]
lang.dat -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\lang.dat -> [Ver = | Size = 23541 bytes | Modified Date = 12/01/1999 10:34:42 | Attr = R ]
os.dat -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\os.dat -> [Ver = | Size = 450 bytes | Modified Date = 27/07/1998 17:41:06 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp -> [Folder | Modified Date = 30/09/2008 20:45:15 | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\oemstudent\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 568 bytes | Modified Date = 12/02/2008 10:36:09 | Attr = ]
182 C:\Documents and Settings\oemstudent\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\oemstudent\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp -> [Folder | Modified Date = 30/05/2002 11:31:02 | Attr = ]
Abcpy.ini -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\Abcpy.ini -> [Ver = | Size = 3026 bytes | Modified Date = 04/04/2001 14:57:10 | Attr = R ]
SETUP.INI -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SETUP.INI -> [Ver = | Size = 103 bytes | Modified Date = 28/03/2001 15:30:20 | Attr = R ]
C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SVG Files\ -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SVG Files -> [Folder | Modified Date = 30/05/2002 11:30:36 | Attr = ]
SVGViewer.ini -> C:\Documents and Settings\oemstudent\Local Settings\Temp\pftAA~tmp\SVG Files\SVGViewer.ini -> [Ver = | Size = 0 bytes | Modified Date = 09/03/2001 11:13:50 | Attr = R ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 30/09/2008 17:44:13 | Attr = ]
QRImage.exe -> C:\WINDOWS\Temp\QRImage.exe -> [Ver = | Size = 1253376 bytes | Modified Date = 15/10/2001 11:01:04 | Attr = ]
ulogin125.exe -> C:\WINDOWS\Temp\ulogin125.exe -> [Ver = | Size = 353 bytes | Modified Date = 01/11/2006 00:56:58 | Attr = ]
732 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 30/09/2008 17:44:13 | Attr = ]
INSTALL.DLL -> C:\WINDOWS\Temp\INSTALL.DLL -> XSS [Ver = 1, 0, 0, 0 | Size = 45056 bytes | Modified Date = 20/06/2001 02:43:00 | Attr = ]
732 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 30/09/2008 17:44:13 | Attr = ]
Perflib_Perfdata_234.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_234.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/10/2006 17:55:08 | Attr = ]
Perflib_Perfdata_4e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 20/09/2007 07:47:06 | Attr = ]
Perflib_Perfdata_544.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_544.dat -> [Ver = | Size = 16384 bytes | Modified Date = 13/03/2008 10:18:44 | Attr = ]
Perflib_Perfdata_578.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_578.dat -> [Ver = | Size = 16384 bytes | Modified Date = 03/09/2008 16:21:35 | Attr = ]
Perflib_Perfdata_580.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_580.dat -> [Ver = | Size = 16384 bytes | Modified Date = 22/08/2008 16:29:31 | Attr = ]
Perflib_Perfdata_584.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_584.dat -> [Ver = | Size = 16384 bytes | Modified Date = 24/08/2008 08:48:03 | Attr = ]
Perflib_Perfdata_58c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 30/09/2008 14:13:47 | Attr = ]
Perflib_Perfdata_594.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_594.dat -> [Ver = | Size = 16384 bytes | Modified Date = 30/09/2008 17:38:19 | Attr = ]
Perflib_Perfdata_598.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_598.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/09/2008 17:24:20 | Attr = ]
Perflib_Perfdata_5a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 25/09/2008 15:05:21 | Attr = ]
Perflib_Perfdata_5a8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5a8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 22/05/2008 17:32:58 | Attr = ]
Perflib_Perfdata_5e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 29/04/2008 07:26:13 | Attr = ]
Perflib_Perfdata_604.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_604.dat -> [Ver = | Size = 16384 bytes | Modified Date = 19/09/2008 09:49:21 | Attr = ]
Perflib_Perfdata_618.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_618.dat -> [Ver = | Size = 16384 bytes | Modified Date = 28/08/2008 18:51:10 | Attr = ]
Perflib_Perfdata_6b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/10/2007 07:21:59 | Attr = ]
Perflib_Perfdata_6cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/11/2007 13:21:30 | Attr = ]
Perflib_Perfdata_6d8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6d8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/11/2007 19:28:44 | Attr = ]
Perflib_Perfdata_6fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/03/2008 11:53:26 | Attr = ]
Perflib_Perfdata_734.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_734.dat -> [Ver = | Size = 16384 bytes | Modified Date = 15/02/2008 13:53:18 | Attr = ]
Perflib_Perfdata_73c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 26/02/2008 16:13:25 | Attr = ]
Perflib_Perfdata_750.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_750.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/02/2008 10:36:53 | Attr = ]
Perflib_Perfdata_754.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_754.dat -> [Ver = | Size = 16384 bytes | Modified Date = 05/03/2008 16:48:21 | Attr = ]
Perflib_Perfdata_778.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_778.dat -> [Ver = | Size = 16384 bytes | Modified Date = 22/02/2008 10:02:51 | Attr = ]
Perflib_Perfdata_77c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_77c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 21/01/2008 12:26:53 | Attr = ]
Perflib_Perfdata_79c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_79c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 13/01/2008 10:35:53 | Attr = ]
Perflib_Perfdata_7c4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7c4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 29/01/2008 09:37:03 | Attr = ]
732 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified Date = 28/05/2002 13:06:05 | Attr = S]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 13/11/2007 12:17:01 | Attr = ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 28/05/2002 13:06:05 | Attr = S]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 13/11/2007 12:17:01 | Attr = ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 28/05/2002 13:06:05 | Attr = S]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 13/11/2007 12:17:01 | Attr = ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 30/09/2008 17:44:13 | Attr = ]
QRImage.ini -> C:\WINDOWS\Temp\QRImage.ini -> [Ver = | Size = 181 bytes | Modified Date = 23/10/2001 23:21:28 | Attr = ]
732 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 28/05/2002 13:06:05 | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 28/05/2002 13:06:05 | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 28/05/2002 13:06:05 | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 28/05/2002 13:06:05 | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4HIVSHI3\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4HIVSHI3 -> [Folder | Modified Date = 28/05/2002 13:06:05 | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4HIVSHI3\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 28/05/2002 13:06:05 | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SHAJCLAR\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SHAJCLAR -> [Folder | Modified Date = 28/05/2002 13:06:05 | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SHAJCLAR\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 28/05/2002 13:06:05 | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPEFWXEV\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPEFWXEV -> [Folder | Modified Date = 28/05/2002 13:06:05 | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPEFWXEV\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 28/05/2002 13:06:05 | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPUBO5E3\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPUBO5E3 -> [Folder | Modified Date = 28/05/2002 13:06:05 | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPUBO5E3\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 28/05/2002 13:06:05 | Attr = HS]
< End of report >