[code] OTScanIt logfile created on: 6/21/2008 11:48:39 PM OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Documents and Settings\Aj\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.48 Mb Total Physical Memory | 442.59 Mb Available Physical Memory | 46.18% Memory free 2.26 Gb Paging File | 1.74 Gb Available in Paging File | 77.11% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.07 Gb Total Space | 66.84 Gb Free Space | 47.05% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 6.96 Gb Total Space | 1.07 Gb Free Space | 15.31% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: AJ-DF81D87BDABB Current User Name: Aj Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] wlservice.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ] wusb54gsv2.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe -> Linksys [Ver = 1.0.1.5 | Size = 5230080 bytes | Modified Date = 11/14/2005 3:40:00 AM | Attr = ] soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 11:28:22 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 PM | Attr = ] launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 11/28/2006 10:12:12 PM | Attr = ] winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 36352 bytes | Modified Date = 4/1/2008 7:49:42 PM | Attr = ] servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 10:21:10 PM | Attr = ] ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 7:23:34 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 1/10/2007 4:14:36 PM | Attr = ] orbtray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ] eroca.exe -> %ProgramFiles%\Eroca\Eroca.exe -> [Ver = | Size = 125952 bytes | Modified Date = 6/1/2008 10:37:20 AM | Attr = ] winamptbserver.exe -> %ProgramFiles%\Winamp Toolbar\winampTbServer.exe -> AOL LLC. [Ver = 5.1.20.3 | Size = 140640 bytes | Modified Date = 3/19/2008 11:36:36 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 6/20/2008 1:47:40 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 6/13/2007 10:29:00 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 7/6/2007 3:55:46 AM | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 10:21:10 PM | Attr = ] (WUSB54GSv2SVC) WUSB54GSv2SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ] [Driver Services - Non-Microsoft Only] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 1/14/2008 3:14:14 PM | Attr = ] (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 6/29/2004 5:07:18 PM | Attr = ] (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6240 built by: WinDDK | Size = 4030144 bytes | Modified Date = 4/26/2007 12:20:48 AM | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6698 | Size = 2155520 bytes | Modified Date = 6/13/2007 8:24:13 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] (Jukebox3) Jukebox3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctpdusb.sys -> Creative Technology Ltd. [Ver = 1.27.02.00 | Size = 16880 bytes | Modified Date = 9/30/2004 9:27:00 AM | Attr = ] (Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ] (Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ] (Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10/10/2006 4:54:34 PM | Attr = ] (Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/8/2007 12:51:00 AM | Attr = ] (RT73) Wireless-G USB Network Adapter with RangeBooster Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.04.0000 | Size = 252928 bytes | Modified Date = 1/13/2006 3:46:28 AM | Attr = ] (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:34 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1034 | Size = 30720 bytes | Modified Date = 1/9/2007 3:09:48 PM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 11:25:53 AM | Attr = ] (StreamSurge) StreamSurge Driver (miniport) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ss.sys -> File not found (GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 11:15:32 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 4 dog bin grim -> %AllUsersProfile%\Application Data\second regs grim software\tick army knob.exe [C:\Documents and Settings\All Users.WINDOWS\Application Data\second regs grim software\tick army knob.exe] -> File not found AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 PM | Attr = ] Flag Owns Live Grim -> %AllUsersProfile%\Application Data\Software rule flag owns\bib bash.exe [C:\Documents and Settings\All Users.WINDOWS\Application Data\Software rule flag owns\bib bash.exe] -> [Ver = | Size = 4037120 bytes | Modified Date = 6/21/2008 11:46:44 PM | Attr = ] PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup] -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 11/28/2006 10:12:12 PM | Attr = ] PKR Pal -> %ProgramFiles%\PKR\pkrpal.exe ["C:\Program Files\PKR\pkrpal.exe" -osboot] -> File not found SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 11:28:22 PM | Attr = ] StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe] -> [Ver = | Size = 90112 bytes | Modified Date = 11/10/2006 8:35:24 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] WinampAgent -> %ProgramFiles%\Winamp\winampa.exe [C:\Program Files\Winamp\winampa.exe] -> [Ver = | Size = 36352 bytes | Modified Date = 4/1/2008 7:49:42 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Build Love -> %AppData%\Idol heck\UpTonsHtm.exe [C:\DOCUME~1\Aj\APPLIC~1\IDOLHE~1\UpTonsHtm.exe] -> [Ver = | Size = 465920 bytes | Modified Date = 5/30/2008 3:19:50 PM | Attr = ] Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe [C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R] -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 7:23:34 PM | Attr = ] Eroca -> %ProgramFiles%\Eroca\Eroca.exe [C:\Program Files\Eroca\Eroca.exe] -> [Ver = | Size = 125952 bytes | Modified Date = 6/1/2008 10:37:20 AM | Attr = ] MessengerPlus3 -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe ["C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart] -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 6/29/2007 6:36:44 AM | Attr = ] Orb -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe ["C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background] -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ] QdrPack16 -> %ProgramFiles%\QdrPack\QdrPack16.exe ["C:\Program Files\QdrPack\QdrPack16.exe"] -> File not found Steam -> %ProgramFiles%\Steam\Steam.exe ["C:\Program Files\Steam\Steam.exe" -silent] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 3:40:54 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 1/10/2007 4:14:36 PM | Attr = ] < Aj Startup Folder > -> C:\Documents and Settings\Aj\Start Menu\Programs\Startup -> < All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {129FA2A1-408C-4824-83A4-5001581FD01E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRHywvw.dll [] -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ] < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rtmipr.dll [delayingly] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 10/19/2006 10:12:20 AM | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 118784 bytes | Modified Date = 6/13/2007 8:16:59 PM | Attr = ] rqRHywvw -> %SystemRoot%\system32\rqRHywvw.dll -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\start -> %ProgramFiles%\NetProject\sbmntr.exe [C:\Program Files\NetProject\sbmntr.exe] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRRW_GCA-4164B_______________E.D0____\5&1c5c6e99&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 11/9/2004 2:20:04 PM | Attr = ] AUTOEXEC.BAT [] -> H:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/28/2001 7:07:38 AM | Attr = HS] Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> H:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2004 11:01:14 PM | Attr = HS] < HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://internetsearchservice.com -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://internetsearchservice.com/ie6.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://internetsearchservice.com -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://internetsearchservice.com -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ] < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://internetsearchservice.com -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://internetsearchservice.com/ie6.html -> HKEY_CURRENT_USER\: Main\\Search Page -> http://internetsearchservice.com -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://internetsearchservice.com -> HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 41 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 8:02:04 PM | Attr = ] {129FA2A1-408C-4824-83A4-5001581FD01E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRHywvw.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ] {3808D4FE-6EE6-4AFD-9EF0-0CC23880FD4C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\efcBuUMF.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 373248 bytes | Modified Date = 5/31/2008 10:31:49 AM | Attr = ] {4e34508e-580d-4d1c-8d80-274aad65a236} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\xgpnmcrc.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 99328 bytes | Modified Date = 6/21/2008 4:51:24 PM | Attr = ] {514A5C49-0C7D-42c3-A71B-38864A269B7A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wbxvtmff.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 92160 bytes | Modified Date = 6/21/2008 4:45:25 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {77C988F4-5D0F-4BA2-A252-997D62F434C1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\usegnnfb.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 49664 bytes | Modified Date = 6/13/2008 10:09:30 PM | Attr = ] {9AF38391-25EA-4F1C-99B9-467435768B4B} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\9ZM5UYHY\3077ahntdksr[1].dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 88576 bytes | Modified Date = 6/21/2008 6:41:57 PM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ] {51D81DD5-55B7-497F-95DB-D356429BB54E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ] WebBrowser\\{51D81DD5-55B7-497F-95DB-D356429BB54E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {9034A523-D068-4BE8-A284-9DF278BE776E}:Exec -> [IE Anti-Spyware] -> File not found {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Winamp Search -> %AllUsersProfile%\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html -> [Ver = | Size = 748 bytes | Modified Date = 3/19/2008 11:21:40 PM | Attr = ] Add to Windows &Live Favorites -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 9:56:24 PM | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {2CED90EE-1B8C-48EE-8F32-8A7C15415E77} -> (Linksys Wireless-G USB Network Adapter with SpeedBooster v2) -> {86FF0F7E-5F08-4846-B546-F8C274041E45} -> (1394 Net Adapter) -> {CFF53A29-92B0-4CC4-B7CF-B63DD07098A8} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {10093E98-C073-4C75-8D0E-FB5CD3A71D33}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/Upwords.cab57176.cab[ZoneUpwords Object] -> {20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[MSN Games - Installer] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DA758BB1-5F89-4465-975F-8D7179A4BCF3}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/WoF.cab57176.cab[WheelofFortune Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\.Owner -> {5D6F45B3-9043-443D-A792-115447494D24} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\{5D6F45B3-9043-443D-A792-115447494D24} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\\.Owner -> {10093E98-C073-4C75-8D0E-FB5CD3A71D33} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\\{10093E98-C073-4C75-8D0E-FB5CD3A71D33} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\\.Owner -> {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\\{DA758BB1-5F89-4465-975F-8D7179A4BCF3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] C:\WINDOWS\system32\efcBuUMF -> %SystemRoot%\system32\efcBuUMF.dll -> [Ver = | Size = 373248 bytes | Modified Date = 5/31/2008 10:31:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.3087 (xpsp_sp2_qfe.070219-2253) | Size = 299008 bytes | Modified Date = 4/15/2007 10:22:15 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 3:21:15 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.3027 (xpsp_sp2_qfe.061105-2318) | Size = 49152 bytes | Modified Date = 4/15/2007 10:23:44 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> A3 B3 71 06 7B D5 F9 F1 38 14 98 B7 D1 32 1D 9A 31 34 32 63 32 39 36 64 00 FD 07 00 06 99 00 00 34 FA 07 00 76 92 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 28 2D 3A 36 28 3F 2C F9 F1 05 83 14 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> E9 C1 96 9E 88 F7 D0 A6 D3 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 97 CD 4E 32 00 11 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> DF 20 7E CD 89 F2 58 81 22 1B EB 6F 99 9E AE 78 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> AE DE 7B CA 08 BA C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18189 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 4/15/2007 10:23:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 4/15/2007 10:23:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\nessystyle\counter-strike\hl.exe -> %ProgramFiles%\Steam\SteamApps\nessystyle\counter-strike\hl.exe [C:\Program Files\Steam\SteamApps\nessystyle\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 8/7/2007 12:44:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 4/16/2007 7:25:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\World of Warcraft\BackgroundDownloader.exe -> %ProgramFiles%\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> Blizzard Entertainment [Ver = 1, 8, 1, 406 | Size = 1065616 bytes | Modified Date = 5/14/2008 7:49:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.20772 (vista_ldr.080213-1606) | Size = 625664 bytes | Modified Date = 2/22/2008 10:40:22 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\Steam.exe -> %ProgramFiles%\Steam\Steam.exe [C:\Program Files\Steam\Steam.exe:*:Enabled:Steam] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 3:40:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\counter-strike\hl.exe -> %ProgramFiles%\Steam\SteamApps\aj_kaneo@hotmail.com\counter-strike\hl.exe [C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 6/14/2008 12:12:30 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 5/5/2008 6:55:41 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\Orb.exe -> %ProgramFiles%\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> Orb Networks, Inc. [Ver = 1, 2008, 129, 1700 | Size = 73728 bytes | Modified Date = 1/30/2008 3:19:32 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbTray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe -> %ProgramFiles%\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> Orb Networks [Ver = 2, 2008, 327, 1400 | Size = 5844992 bytes | Modified Date = 3/28/2008 2:00:24 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\team fortress classic\hl.exe -> %ProgramFiles%\Steam\SteamApps\aj_kaneo@hotmail.com\team fortress classic\hl.exe [C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 6/13/2008 7:03:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3724:TCP -> 3724:TCP:*:Enabled:Blizzard Downloader: 3724 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.8.0.2694 built by: dnsrv(wmbla) | Size = 18392 bytes | Modified Date = 4/15/2007 10:23:53 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2948 (xpsp.060710-0156) | Size = 399360 bytes | Modified Date = 4/15/2007 10:23:17 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2948 (xpsp.060710-0156) | Size = 399360 bytes | Modified Date = 4/15/2007 10:23:17 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] HiJackThis.exe -> %SystemDrive%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 6/20/2008 9:30:39 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\HiJackThis.exe:Zone.Identifier ajijmhwh.ini -> %SystemRoot%\System32\ajijmhwh.ini -> [Ver = | Size = 1568883 bytes | Created Date = 6/5/2008 5:55:43 PM | Attr = HS] akaqtcjn.dll -> %SystemRoot%\System32\akaqtcjn.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/2/2008 3:25:10 PM | Attr = ] atdcrmqq.exe -> %SystemRoot%\System32\atdcrmqq.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/8/2008 6:09:43 PM | Attr = ] axkbmqoh.dll -> %SystemRoot%\System32\axkbmqoh.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/17/2008 3:07:30 PM | Attr = ] bctqpgle.ini -> %SystemRoot%\System32\bctqpgle.ini -> [Ver = | Size = 1542940 bytes | Created Date = 6/4/2008 5:58:59 PM | Attr = HS] bkfknakv.dll -> %SystemRoot%\System32\bkfknakv.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/13/2008 6:09:34 PM | Attr = ] brggjemb.dll -> %SystemRoot%\System32\brggjemb.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/12/2008 5:54:49 PM | Attr = ] bxvlxvfo.dll -> %SystemRoot%\System32\bxvlxvfo.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/13/2008 10:18:30 PM | Attr = ] chueysoc.dll -> %SystemRoot%\System32\chueysoc.dll -> [Ver = | Size = 126464 bytes | Created Date = 5/31/2008 10:34:31 PM | Attr = ] cnujelni.dll -> %SystemRoot%\System32\cnujelni.dll -> [Ver = | Size = 81408 bytes | Created Date = 6/13/2008 6:00:35 PM | Attr = ] ctcppjyh.dll -> %SystemRoot%\System32\ctcppjyh.dll -> [Ver = | Size = 100352 bytes | Created Date = 6/8/2008 5:51:44 PM | Attr = ] ctuafdxp.dll -> %SystemRoot%\System32\ctuafdxp.dll -> [Ver = | Size = 79360 bytes | Created Date = 6/20/2008 4:51:55 PM | Attr = ] ddatcewo.dll -> %SystemRoot%\System32\ddatcewo.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/19/2008 4:05:25 PM | Attr = ] dhqonwwp.ini -> %SystemRoot%\System32\dhqonwwp.ini -> [Ver = | Size = 1517275 bytes | Created Date = 6/3/2008 5:55:42 PM | Attr = HS] djviusqc.dll -> %SystemRoot%\System32\djviusqc.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/3/2008 5:49:29 PM | Attr = ] dmfnqrgs.ini -> %SystemRoot%\System32\dmfnqrgs.ini -> [Ver = | Size = 1580035 bytes | Created Date = 6/6/2008 5:56:35 PM | Attr = HS] dnusooui.dll -> %SystemRoot%\System32\dnusooui.dll -> [Ver = | Size = 125952 bytes | Created Date = 6/6/2008 5:53:24 PM | Attr = ] eclfkout.ini -> %SystemRoot%\System32\eclfkout.ini -> [Ver = | Size = 1484834 bytes | Created Date = 5/31/2008 10:33:14 AM | Attr = HS] efcAPJbA.dll -> %SystemRoot%\System32\efcAPJbA.dll -> [Ver = | Size = 59392 bytes | Created Date = 5/31/2008 10:26:49 AM | Attr = ] efcBuUMF.dll -> %SystemRoot%\System32\efcBuUMF.dll -> [Ver = | Size = 373248 bytes | Created Date = 5/31/2008 10:31:45 AM | Attr = ] ehqbpvhn.dll -> %SystemRoot%\System32\ehqbpvhn.dll -> [Ver = | Size = 136192 bytes | Created Date = 6/6/2008 5:59:24 PM | Attr = ] ehwvlnmt.dll -> %SystemRoot%\System32\ehwvlnmt.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/17/2008 2:59:07 PM | Attr = ] ekjcmraa.dll -> %SystemRoot%\System32\ekjcmraa.dll -> [Ver = | Size = 90112 bytes | Created Date = 6/16/2008 2:08:43 AM | Attr = ] elgpqtcb.dll -> %SystemRoot%\System32\elgpqtcb.dll -> [Ver = | Size = 116736 bytes | Created Date = 6/4/2008 5:58:40 PM | Attr = ] ffbafwwk.dll -> %SystemRoot%\System32\ffbafwwk.dll -> [Ver = | Size = 114176 bytes | Created Date = 6/2/2008 3:41:50 PM | Attr = ] fknfbhlw.ini -> %SystemRoot%\System32\fknfbhlw.ini -> [Ver = | Size = 1580089 bytes | Created Date = 6/7/2008 6:06:08 PM | Attr = HS] FMUuBcfe.ini -> %SystemRoot%\System32\FMUuBcfe.ini -> [Ver = | Size = 662801 bytes | Created Date = 5/31/2008 10:31:53 AM | Attr = HS] FMUuBcfe.ini2 -> %SystemRoot%\System32\FMUuBcfe.ini2 -> [Ver = | Size = 662801 bytes | Created Date = 5/31/2008 10:31:53 AM | Attr = HS] fsvwrsmh.dll -> %SystemRoot%\System32\fsvwrsmh.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/18/2008 3:00:55 PM | Attr = ] gcwktlvs.exe -> %SystemRoot%\System32\gcwktlvs.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/3/2008 5:58:28 PM | Attr = ] ghneohrb.dll -> %SystemRoot%\System32\ghneohrb.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/21/2008 4:54:24 PM | Attr = ] gixaipjg.ini -> %SystemRoot%\System32\gixaipjg.ini -> [Ver = | Size = 1658923 bytes | Created Date = 6/16/2008 2:19:01 AM | Attr = HS] gjpiaxig.dll -> %SystemRoot%\System32\gjpiaxig.dll -> [Ver = | Size = 81408 bytes | Created Date = 6/16/2008 2:18:50 AM | Attr = ] gmorfept.dll -> %SystemRoot%\System32\gmorfept.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/11/2008 5:59:02 PM | Attr = ] gpdspnay.dll -> %SystemRoot%\System32\gpdspnay.dll -> [Ver = | Size = 98816 bytes | Created Date = 6/12/2008 6:06:49 PM | Attr = ] hfwwpheu.dll -> %SystemRoot%\System32\hfwwpheu.dll -> [Ver = | Size = 132096 bytes | Created Date = 5/31/2008 10:52:31 PM | Attr = ] hgGwVNfg.dll -> %SystemRoot%\System32\hgGwVNfg.dll -> [Ver = | Size = 59392 bytes | Created Date = 5/31/2008 10:27:06 AM | Attr = ] hktsfhyb.dll -> %SystemRoot%\System32\hktsfhyb.dll -> [Ver = | Size = 126464 bytes | Created Date = 6/2/2008 3:26:56 PM | Attr = ] hqfonlrp.dll -> %SystemRoot%\System32\hqfonlrp.dll -> [Ver = | Size = 133120 bytes | Created Date = 6/5/2008 6:10:29 PM | Attr = ] hukswnjr.ini -> %SystemRoot%\System32\hukswnjr.ini -> [Ver = | Size = 1696321 bytes | Created Date = 6/21/2008 5:01:35 PM | Attr = HS] hwhmjija.dll -> %SystemRoot%\System32\hwhmjija.dll -> [Ver = | Size = 117248 bytes | Created Date = 6/5/2008 5:55:29 PM | Attr = ] ianbsitq.dll -> %SystemRoot%\System32\ianbsitq.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/9/2008 5:52:17 PM | Attr = ] iegsmrkb.dll -> %SystemRoot%\System32\iegsmrkb.dll -> [Ver = | Size = 108544 bytes | Created Date = 6/7/2008 5:56:56 PM | Attr = ] ihyymdqs.dll -> %SystemRoot%\System32\ihyymdqs.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/17/2008 2:58:50 PM | Attr = ] inlejunc.ini -> %SystemRoot%\System32\inlejunc.ini -> [Ver = | Size = 1658609 bytes | Created Date = 6/13/2008 6:01:20 PM | Attr = HS] irsudyfo.ini -> %SystemRoot%\System32\irsudyfo.ini -> [Ver = | Size = 1580332 bytes | Created Date = 6/8/2008 6:06:55 PM | Attr = HS] isvwpdtm.dll -> %SystemRoot%\System32\isvwpdtm.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/16/2008 2:06:30 AM | Attr = ] iwwylfrd.dll -> %SystemRoot%\System32\iwwylfrd.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/8/2008 5:54:43 PM | Attr = ] jfqenhgr.dll -> %SystemRoot%\System32\jfqenhgr.dll -> [Ver = | Size = 126976 bytes | Created Date = 6/5/2008 5:52:29 PM | Attr = ] jmppyeyq.dll -> %SystemRoot%\System32\jmppyeyq.dll -> [Ver = | Size = 125952 bytes | Created Date = 6/3/2008 5:52:28 PM | Attr = ] jntohflb.dll -> %SystemRoot%\System32\jntohflb.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/16/2008 2:11:49 AM | Attr = ] jxfufgjm.dll -> %SystemRoot%\System32\jxfufgjm.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/14/2008 10:10:15 PM | Attr = ] khpnaoee.dll -> %SystemRoot%\System32\khpnaoee.dll -> [Ver = | Size = 132608 bytes | Created Date = 6/4/2008 6:04:48 PM | Attr = ] kwwfabff.ini -> %SystemRoot%\System32\kwwfabff.ini -> [Ver = | Size = 1485465 bytes | Created Date = 6/2/2008 3:42:08 PM | Attr = HS] laftbupj.dll -> %SystemRoot%\System32\laftbupj.dll -> [Ver = | Size = 100864 bytes | Created Date = 6/9/2008 5:55:17 PM | Attr = ] lbqgycpm.dll -> %SystemRoot%\System32\lbqgycpm.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/18/2008 2:57:55 PM | Attr = ] lhuyqges.dll -> %SystemRoot%\System32\lhuyqges.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/5/2008 5:49:33 PM | Attr = ] ljxjnccd.dll -> %SystemRoot%\System32\ljxjnccd.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/11/2008 6:11:02 PM | Attr = ] llvjfrld.dll -> %SystemRoot%\System32\llvjfrld.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/11/2008 5:53:10 PM | Attr = ] lscdwrio.dll -> %SystemRoot%\System32\lscdwrio.dll -> [Ver = | Size = 99328 bytes | Created Date = 6/13/2008 6:03:35 PM | Attr = ] lsiisjay.dll -> %SystemRoot%\System32\lsiisjay.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/10/2008 5:57:22 PM | Attr = ] lvgjjupd.dll -> %SystemRoot%\System32\lvgjjupd.dll -> [Ver = | Size = 99328 bytes | Created Date = 6/13/2008 10:06:29 PM | Attr = ] mabjdshq.dll -> %SystemRoot%\System32\mabjdshq.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/9/2008 6:07:20 PM | Attr = ] malhibfd.dll -> %SystemRoot%\System32\malhibfd.dll -> [Ver = | Size = 98304 bytes | Created Date = 6/14/2008 10:07:15 PM | Attr = ] mbhkaagx.ini -> %SystemRoot%\System32\mbhkaagx.ini -> [Ver = | Size = 1667296 bytes | Created Date = 6/20/2008 4:23:33 AM | Attr = HS] mcnuvyio.exe -> %SystemRoot%\System32\mcnuvyio.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/4/2008 6:01:45 PM | Attr = ] mexytxfu.dll -> %SystemRoot%\System32\mexytxfu.dll -> [Ver = | Size = 147456 bytes | Created Date = 6/10/2008 6:00:22 PM | Attr = ] mfbohqxx.dll -> %SystemRoot%\System32\mfbohqxx.dll -> [Ver = | Size = 114176 bytes | Created Date = 5/31/2008 10:46:29 PM | Attr = ] mjgfufxj.ini -> %SystemRoot%\System32\mjgfufxj.ini -> [Ver = | Size = 1658923 bytes | Created Date = 6/14/2008 10:10:25 PM | Attr = HS] muutwswe.dll -> %SystemRoot%\System32\muutwswe.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/20/2008 4:44:11 PM | Attr = ] nbauwnfj.dll -> %SystemRoot%\System32\nbauwnfj.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/13/2008 10:03:29 PM | Attr = ] nnyydbyy.dll -> %SystemRoot%\System32\nnyydbyy.dll -> [Ver = | Size = 98816 bytes | Created Date = 6/11/2008 6:05:03 PM | Attr = ] npfvtdon.dll -> %SystemRoot%\System32\npfvtdon.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/6/2008 5:50:24 PM | Attr = ] npikuevf.dll -> %SystemRoot%\System32\npikuevf.dll -> [Ver = | Size = 90112 bytes | Created Date = 6/17/2008 2:57:08 PM | Attr = ] odjaashy.dll -> %SystemRoot%\System32\odjaashy.dll -> [Ver = | Size = 99328 bytes | Created Date = 6/17/2008 3:04:26 PM | Attr = ] ofydusri.dll -> %SystemRoot%\System32\ofydusri.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/8/2008 6:06:43 PM | Attr = ] ojowcooj.dll -> %SystemRoot%\System32\ojowcooj.dll -> [Ver = | Size = 184320 bytes | Created Date = 6/10/2008 6:12:22 PM | Attr = ] ovmvnkqv.dll -> %SystemRoot%\System32\ovmvnkqv.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/18/2008 7:33:42 PM | Attr = ] owmwvoff.dll -> %SystemRoot%\System32\owmwvoff.dll -> [Ver = | Size = 98816 bytes | Created Date = 6/18/2008 3:03:55 PM | Attr = ] oyawkspc.dll -> %SystemRoot%\System32\oyawkspc.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/11/2008 5:56:02 PM | Attr = ] oytsbobb.dll -> %SystemRoot%\System32\oytsbobb.dll -> [Ver = | Size = 109056 bytes | Created Date = 6/9/2008 6:04:17 PM | Attr = ] pbbfattm.exe -> %SystemRoot%\System32\pbbfattm.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/5/2008 6:07:34 PM | Attr = ] phhqerdt.dll -> %SystemRoot%\System32\phhqerdt.dll -> [Ver = | Size = 157184 bytes | Created Date = 6/10/2008 5:54:23 PM | Attr = ] plktumgo.dll -> %SystemRoot%\System32\plktumgo.dll -> [Ver = | Size = 98816 bytes | Created Date = 6/20/2008 4:23:17 AM | Attr = ] pwwnoqhd.dll -> %SystemRoot%\System32\pwwnoqhd.dll -> [Ver = | Size = 115200 bytes | Created Date = 6/3/2008 5:55:28 PM | Attr = ] pxdfautc.ini -> %SystemRoot%\System32\pxdfautc.ini -> [Ver = | Size = 1696321 bytes | Created Date = 6/20/2008 4:52:12 PM | Attr = HS] qhsdjbam.ini -> %SystemRoot%\System32\qhsdjbam.ini -> [Ver = | Size = 1583903 bytes | Created Date = 6/9/2008 6:07:30 PM | Attr = HS] qlvfyaur.dll -> %SystemRoot%\System32\qlvfyaur.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/12/2008 5:57:48 PM | Attr = ] qngkwsde.dll -> %SystemRoot%\System32\qngkwsde.dll -> [Ver = | Size = 3072 bytes | Created Date = 6/4/2008 5:55:39 PM | Attr = ] qsstiusu.dll -> %SystemRoot%\System32\qsstiusu.dll -> [Ver = | Size = 108544 bytes | Created Date = 6/8/2008 5:57:43 PM | Attr = ] rbkoufhx.dll -> %SystemRoot%\System32\rbkoufhx.dll -> [Ver = | Size = 81408 bytes | Created Date = 6/13/2008 10:18:29 PM | Attr = ] rehglmdp.dll -> %SystemRoot%\System32\rehglmdp.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/19/2008 4:03:16 PM | Attr = ] rjnwskuh.dll -> %SystemRoot%\System32\rjnwskuh.dll -> [Ver = | Size = 81408 bytes | Created Date = 6/21/2008 5:00:24 PM | Attr = ] rqRHywvw.dll -> %SystemRoot%\System32\rqRHywvw.dll -> [Ver = | Size = 59392 bytes | Created Date = 5/31/2008 10:26:39 AM | Attr = ] ryjtewrq.dll -> %SystemRoot%\System32\ryjtewrq.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/12/2008 6:09:49 PM | Attr = ] scjavbag.exe -> %SystemRoot%\System32\scjavbag.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/6/2008 6:02:24 PM | Attr = ] sgrqnfmd.dll -> %SystemRoot%\System32\sgrqnfmd.dll -> [Ver = | Size = 118272 bytes | Created Date = 6/6/2008 5:56:24 PM | Attr = ] tmnlvwhe.ini -> %SystemRoot%\System32\tmnlvwhe.ini -> [Ver = | Size = 1630588 bytes | Created Date = 6/17/2008 2:59:19 PM | Attr = HS] tpdykowb.dll -> %SystemRoot%\System32\tpdykowb.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/14/2008 10:01:48 PM | Attr = ] tpefromg.ini -> %SystemRoot%\System32\tpefromg.ini -> [Ver = | Size = 1630588 bytes | Created Date = 6/11/2008 5:59:13 PM | Attr = HS] tuokflce.dll -> %SystemRoot%\System32\tuokflce.dll -> [Ver = | Size = 114176 bytes | Created Date = 5/31/2008 10:33:03 AM | Attr = ] ufxtyxem.ini -> %SystemRoot%\System32\ufxtyxem.ini -> [Ver = | Size = 1579534 bytes | Created Date = 6/10/2008 6:00:34 PM | Attr = HS] ugtsllel.dll -> %SystemRoot%\System32\ugtsllel.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/13/2008 5:54:35 PM | Attr = ] umhdckun.dll -> %SystemRoot%\System32\umhdckun.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/4/2008 5:49:40 PM | Attr = ] urqNFuRi.dll -> %SystemRoot%\System32\urqNFuRi.dll -> [Ver = | Size = 59392 bytes | Created Date = 5/31/2008 10:27:24 AM | Attr = ] usegnnfb.dll -> %SystemRoot%\System32\usegnnfb.dll -> [Ver = | Size = 49664 bytes | Created Date = 6/13/2008 10:09:29 PM | Attr = ] vdpmmclp.dll -> %SystemRoot%\System32\vdpmmclp.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/13/2008 10:01:15 PM | Attr = ] vnhcvqtu.dll -> %SystemRoot%\System32\vnhcvqtu.dll -> [Ver = | Size = 99840 bytes | Created Date = 6/16/2008 2:21:50 AM | Attr = ] vnpshehi.exe -> %SystemRoot%\System32\vnpshehi.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/7/2008 6:08:56 PM | Attr = ] vnvhnbml.dll -> %SystemRoot%\System32\vnvhnbml.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/18/2008 7:31:47 PM | Attr = ] vphcqlev.dll -> %SystemRoot%\System32\vphcqlev.dll -> [Ver = | Size = 101376 bytes | Created Date = 6/7/2008 5:53:56 PM | Attr = ] vpvbnnre.dll -> %SystemRoot%\System32\vpvbnnre.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/14/2008 10:04:15 PM | Attr = ] vqknvmvo.ini -> %SystemRoot%\System32\vqknvmvo.ini -> [Ver = | Size = 1650720 bytes | Created Date = 6/18/2008 7:33:53 PM | Attr = HS] wbxvtmff.dll -> %SystemRoot%\System32\wbxvtmff.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/21/2008 4:45:25 PM | Attr = ] wjssxmje.dll -> %SystemRoot%\System32\wjssxmje.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/13/2008 5:57:28 PM | Attr = ] wlhbfnkf.dll -> %SystemRoot%\System32\wlhbfnkf.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/7/2008 6:05:57 PM | Attr = ] wnqvrwri.dll -> %SystemRoot%\System32\wnqvrwri.dll -> [Ver = | Size = 90112 bytes | Created Date = 6/20/2008 4:46:21 PM | Attr = ] wpterqjo.dll -> %SystemRoot%\System32\wpterqjo.dll -> [Ver = | Size = 92160 bytes | Created Date = 5/31/2008 10:37:29 PM | Attr = ] wqwqdwrn.dll -> %SystemRoot%\System32\wqwqdwrn.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/20/2008 4:48:56 PM | Attr = ] wrcbpqny.ini -> %SystemRoot%\System32\wrcbpqny.ini -> [Ver = | Size = 1660559 bytes | Created Date = 6/12/2008 6:13:00 PM | Attr = HS] wyltdviq.dll -> %SystemRoot%\System32\wyltdviq.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/19/2008 4:03:08 PM | Attr = ] xdkwywpf.exe -> %SystemRoot%\System32\xdkwywpf.exe -> [Ver = | Size = 2560 bytes | Created Date = 5/31/2008 10:43:30 PM | Attr = ] xdvteorj.dll -> %SystemRoot%\System32\xdvteorj.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/16/2008 2:11:43 AM | Attr = ] xfrabrbj.dll -> %SystemRoot%\System32\xfrabrbj.dll -> [Ver = | Size = 90112 bytes | Created Date = 6/21/2008 4:48:24 PM | Attr = ] xgaakhbm.dll -> %SystemRoot%\System32\xgaakhbm.dll -> [Ver = | Size = 79360 bytes | Created Date = 6/20/2008 4:23:22 AM | Attr = ] xgpnmcrc.dll -> %SystemRoot%\System32\xgpnmcrc.dll -> [Ver = | Size = 99328 bytes | Created Date = 6/21/2008 4:51:24 PM | Attr = ] xgqkjlmx.dll -> %SystemRoot%\System32\xgqkjlmx.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/10/2008 6:03:22 PM | Attr = ] xhfuokbr.ini -> %SystemRoot%\System32\xhfuokbr.ini -> [Ver = | Size = 1658923 bytes | Created Date = 6/13/2008 10:18:40 PM | Attr = HS] xxiiiagf.dll -> %SystemRoot%\System32\xxiiiagf.dll -> [Ver = | Size = 126976 bytes | Created Date = 6/4/2008 5:52:40 PM | Attr = ] xxqhobfm.ini -> %SystemRoot%\System32\xxqhobfm.ini -> [Ver = | Size = 1485866 bytes | Created Date = 5/31/2008 10:46:42 PM | Attr = HS] ycqtetcg.dll -> %SystemRoot%\System32\ycqtetcg.dll -> [Ver = | Size = 133120 bytes | Created Date = 6/3/2008 6:07:28 PM | Attr = ] yjjbgaoj.dll -> %SystemRoot%\System32\yjjbgaoj.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/14/2008 10:16:15 PM | Attr = ] yjpeyjca.dll -> %SystemRoot%\System32\yjpeyjca.dll -> [Ver = | Size = 3072 bytes | Created Date = 6/5/2008 6:13:29 PM | Attr = ] yndosomn.dll -> %SystemRoot%\System32\yndosomn.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/15/2008 10:16:12 PM | Attr = ] ynqpbcrw.dll -> %SystemRoot%\System32\ynqpbcrw.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/12/2008 6:12:49 PM | Attr = ] ywnqmwsq.dll -> %SystemRoot%\System32\ywnqmwsq.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/7/2008 5:50:57 PM | Attr = ] .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Created Date = 5/29/2008 7:19:32 PM | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> BM0d554be5.xml -> %SystemRoot%\BM0d554be5.xml -> [Ver = | Size = 110321 bytes | Created Date = 5/31/2008 10:34:45 PM | Attr = ] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 2583 bytes | Created Date = 6/2/2008 4:39:09 PM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 5/31/2008 10:34:48 PM | Attr = ] AAB191E4918E0678.job -> %SystemRoot%\tasks\AAB191E4918E0678.job -> [Ver = | Size = 258 bytes | Created Date = 5/30/2008 3:23:59 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] OrbNetworks -> %AllUsersProfile%\Application Data\OrbNetworks -> [Folder | Created Date = 5/26/2008 7:36:21 PM | Attr = ] Winamp Toolbar -> %AllUsersProfile%\Application Data\Winamp Toolbar -> [Folder | Created Date = 5/26/2008 7:36:28 PM | Attr = ] Winamp Toolbar -> %UserProfile%\Local Settings\Application Data\Winamp Toolbar -> [Folder | Created Date = 5/26/2008 8:03:28 PM | Attr = ] Grand Theft Anal 11 Porn DVDRiP.rar -> %UserProfile%\My Documents\Grand Theft Anal 11 Porn DVDRiP.rar -> [Ver = | Size = 808238043 bytes | Created Date = 6/14/2008 11:57:42 AM | Attr = ] My Chat Logs -> %UserProfile%\My Documents\My Chat Logs -> [Folder | Created Date = 6/13/2008 11:26:50 AM | Attr = ] My Stationery -> %UserProfile%\My Documents\My Stationery -> [Folder | Created Date = 5/26/2008 5:03:20 PM | Attr = R S] Omen-r74823.2.zip -> %UserProfile%\My Documents\Omen-r74823.2.zip -> [Ver = | Size = 324486 bytes | Created Date = 5/25/2008 3:12:30 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Omen-r74823.2.zip:Zone.Identifier Playstation 2 Emulator v2.09.01 [Latest] + New Ps2 Bios -> %UserProfile%\My Documents\Playstation 2 Emulator v2.09.01 [Latest] + New Ps2 Bios -> [Folder | Created Date = 5/31/2008 10:25:50 AM | Attr = ] SOTK VOL2Disc 1 -> %UserProfile%\My Documents\SOTK VOL2Disc 1 -> [Folder | Created Date = 5/25/2008 3:29:32 PM | Attr = ] SOTK VOL2Disc 1.zip -> %UserProfile%\My Documents\SOTK VOL2Disc 1.zip -> [Ver = | Size = 78385158 bytes | Created Date = 5/25/2008 12:08:03 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\SOTK VOL2Disc 1.zip:Zone.Identifier SOTK VOL2Disc 2 -> %UserProfile%\My Documents\SOTK VOL2Disc 2 -> [Folder | Created Date = 5/25/2008 3:29:48 PM | Attr = ] SOTK VOL2Disc 2.zip -> %UserProfile%\My Documents\SOTK VOL2Disc 2.zip -> [Ver = | Size = 68571582 bytes | Created Date = 5/25/2008 12:07:35 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\SOTK VOL2Disc 2.zip:Zone.Identifier Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 80896 bytes | Created Date = 5/24/2008 4:23:11 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable WSH VOL10Disc 1 -> %UserProfile%\My Documents\WSH VOL10Disc 1 -> [Folder | Created Date = 5/24/2008 11:46:32 PM | Attr = ] WSH VOL10Disc 1.zip -> %UserProfile%\My Documents\WSH VOL10Disc 1.zip -> [Ver = | Size = 72588455 bytes | Created Date = 5/24/2008 11:46:15 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\WSH VOL10Disc 1.zip:Zone.Identifier WSH VOL10Disc 2 -> %UserProfile%\My Documents\WSH VOL10Disc 2 -> [Folder | Created Date = 5/24/2008 11:48:01 PM | Attr = ] WSH VOL10Disc 2.zip -> %UserProfile%\My Documents\WSH VOL10Disc 2.zip -> [Ver = | Size = 68655742 bytes | Created Date = 5/24/2008 11:47:33 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\WSH VOL10Disc 2.zip:Zone.Identifier Winamp Remote.lnk -> %AllUsersProfile%\Desktop\Winamp Remote.lnk -> [Ver = | Size = 1668 bytes | Created Date = 5/26/2008 7:36:25 PM | Attr = ] Counter-Strike.lnk -> %UserProfile%\Desktop\Counter-Strike.lnk -> [Ver = | Size = 1570 bytes | Created Date = 6/5/2008 9:56:51 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/21/2008 1:49:33 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Created Date = 6/21/2008 1:49:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Eroca -> %ProgramFiles%\Eroca -> [Folder | Created Date = 6/1/2008 10:37:20 AM | Attr = ] Idol heck -> %ProgramFiles%\Idol heck -> [Folder | Created Date = 5/30/2008 3:20:09 PM | Attr = ] ISM -> %ProgramFiles%\ISM -> [Folder | Created Date = 6/1/2008 10:42:12 AM | Attr = ] Pcsx2 -> %ProgramFiles%\Pcsx2 -> [Folder | Created Date = 5/31/2008 10:28:04 AM | Attr = ] Winamp Remote -> %ProgramFiles%\Winamp Remote -> [Folder | Created Date = 5/26/2008 7:36:18 PM | Attr = ] Winamp Toolbar -> %ProgramFiles%\Winamp Toolbar -> [Folder | Created Date = 5/26/2008 7:36:28 PM | Attr = ] [Files/Folders - Modified Within 30 days] HiJackThis.exe -> %SystemDrive%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 6/20/2008 9:30:47 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\HiJackThis.exe:Zone.Identifier Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/11/2008 3:50:05 PM | Attr = R ] 1 C:\*.tmp files -> C:\*.tmp -> sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/16/2008 7:03:02 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/16/2008 7:03:02 PM | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/3/2008 8:05:52 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 6/21/2008 11:48:26 PM | Attr = ] ajijmhwh.ini -> %SystemRoot%\System32\ajijmhwh.ini -> [Ver = | Size = 1568883 bytes | Modified Date = 6/5/2008 5:55:56 PM | Attr = HS] akaqtcjn.dll -> %SystemRoot%\System32\akaqtcjn.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/2/2008 3:25:11 PM | Attr = ] atdcrmqq.exe -> %SystemRoot%\System32\atdcrmqq.exe -> [Ver = | Size = 2560 bytes | Modified Date = 6/8/2008 6:09:43 PM | Attr = ] axkbmqoh.dll -> %SystemRoot%\System32\axkbmqoh.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/17/2008 3:07:30 PM | Attr = ] bctqpgle.ini -> %SystemRoot%\System32\bctqpgle.ini -> [Ver = | Size = 1542940 bytes | Modified Date = 6/4/2008 10:10:53 PM | Attr = HS] bkfknakv.dll -> %SystemRoot%\System32\bkfknakv.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/13/2008 6:09:41 PM | Attr = ] brggjemb.dll -> %SystemRoot%\System32\brggjemb.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/12/2008 5:54:50 PM | Attr = ] bxvlxvfo.dll -> %SystemRoot%\System32\bxvlxvfo.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/13/2008 10:18:31 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/21/2008 11:44:54 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> chueysoc.dll -> %SystemRoot%\System32\chueysoc.dll -> [Ver = | Size = 126464 bytes | Modified Date = 5/31/2008 10:34:31 PM | Attr = ] cnujelni.dll -> %SystemRoot%\System32\cnujelni.dll -> [Ver = | Size = 81408 bytes | Modified Date = 6/13/2008 6:01:10 PM | Attr = ] ctcppjyh.dll -> %SystemRoot%\System32\ctcppjyh.dll -> [Ver = | Size = 100352 bytes | Modified Date = 6/8/2008 5:51:45 PM | Attr = ] ctuafdxp.dll -> %SystemRoot%\System32\ctuafdxp.dll -> [Ver = | Size = 79360 bytes | Modified Date = 6/20/2008 4:51:58 PM | Attr = ] ddatcewo.dll -> %SystemRoot%\System32\ddatcewo.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/19/2008 4:05:26 PM | Attr = ] dhqonwwp.ini -> %SystemRoot%\System32\dhqonwwp.ini -> [Ver = | Size = 1517275 bytes | Modified Date = 6/3/2008 8:40:55 PM | Attr = HS] djviusqc.dll -> %SystemRoot%\System32\djviusqc.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/3/2008 5:49:29 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/13/2008 2:58:53 PM | Attr = RHS] dmfnqrgs.ini -> %SystemRoot%\System32\dmfnqrgs.ini -> [Ver = | Size = 1580035 bytes | Modified Date = 6/6/2008 8:16:05 PM | Attr = HS] dnusooui.dll -> %SystemRoot%\System32\dnusooui.dll -> [Ver = | Size = 125952 bytes | Modified Date = 6/6/2008 5:53:24 PM | Attr = ] eclfkout.ini -> %SystemRoot%\System32\eclfkout.ini -> [Ver = | Size = 1484834 bytes | Modified Date = 5/31/2008 10:33:17 AM | Attr = HS] efcAPJbA.dll -> %SystemRoot%\System32\efcAPJbA.dll -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:49 AM | Attr = ] efcBuUMF.dll -> %SystemRoot%\System32\efcBuUMF.dll -> [Ver = | Size = 373248 bytes | Modified Date = 5/31/2008 10:31:49 AM | Attr = ] ehqbpvhn.dll -> %SystemRoot%\System32\ehqbpvhn.dll -> [Ver = | Size = 136192 bytes | Modified Date = 6/6/2008 5:59:24 PM | Attr = ] ehwvlnmt.dll -> %SystemRoot%\System32\ehwvlnmt.dll -> [Ver = | Size = 80896 bytes | Modified Date = 6/17/2008 2:59:08 PM | Attr = ] ekjcmraa.dll -> %SystemRoot%\System32\ekjcmraa.dll -> [Ver = | Size = 90112 bytes | Modified Date = 6/16/2008 2:08:44 AM | Attr = ] elgpqtcb.dll -> %SystemRoot%\System32\elgpqtcb.dll -> [Ver = | Size = 116736 bytes | Modified Date = 6/4/2008 5:58:46 PM | Attr = ] ffbafwwk.dll -> %SystemRoot%\System32\ffbafwwk.dll -> [Ver = | Size = 114176 bytes | Modified Date = 6/2/2008 3:41:52 PM | Attr = ] fknfbhlw.ini -> %SystemRoot%\System32\fknfbhlw.ini -> [Ver = | Size = 1580089 bytes | Modified Date = 6/7/2008 8:58:49 PM | Attr = HS] FMUuBcfe.ini -> %SystemRoot%\System32\FMUuBcfe.ini -> [Ver = | Size = 662801 bytes | Modified Date = 6/21/2008 11:48:55 PM | Attr = HS] FMUuBcfe.ini2 -> %SystemRoot%\System32\FMUuBcfe.ini2 -> [Ver = | Size = 662801 bytes | Modified Date = 6/21/2008 11:48:00 PM | Attr = HS] fsvwrsmh.dll -> %SystemRoot%\System32\fsvwrsmh.dll -> [Ver = | Size = 89600 bytes | Modified Date = 6/18/2008 3:00:56 PM | Attr = ] gcwktlvs.exe -> %SystemRoot%\System32\gcwktlvs.exe -> [Ver = | Size = 2560 bytes | Modified Date = 6/3/2008 5:58:28 PM | Attr = ] ghneohrb.dll -> %SystemRoot%\System32\ghneohrb.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/21/2008 4:54:25 PM | Attr = ] gixaipjg.ini -> %SystemRoot%\System32\gixaipjg.ini -> [Ver = | Size = 1658923 bytes | Modified Date = 6/16/2008 2:19:08 AM | Attr = HS] gjpiaxig.dll -> %SystemRoot%\System32\gjpiaxig.dll -> [Ver = | Size = 81408 bytes | Modified Date = 6/16/2008 2:18:50 AM | Attr = ] gmorfept.dll -> %SystemRoot%\System32\gmorfept.dll -> [Ver = | Size = 80896 bytes | Modified Date = 6/11/2008 5:59:03 PM | Attr = ] gpdspnay.dll -> %SystemRoot%\System32\gpdspnay.dll -> [Ver = | Size = 98816 bytes | Modified Date = 6/12/2008 6:06:49 PM | Attr = ] hfwwpheu.dll -> %SystemRoot%\System32\hfwwpheu.dll -> [Ver = | Size = 132096 bytes | Modified Date = 5/31/2008 10:52:32 PM | Attr = ] hgGwVNfg.dll -> %SystemRoot%\System32\hgGwVNfg.dll -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:27:06 AM | Attr = ] hktsfhyb.dll -> %SystemRoot%\System32\hktsfhyb.dll -> [Ver = | Size = 126464 bytes | Modified Date = 6/2/2008 3:26:58 PM | Attr = ] hqfonlrp.dll -> %SystemRoot%\System32\hqfonlrp.dll -> [Ver = | Size = 133120 bytes | Modified Date = 6/5/2008 6:10:30 PM | Attr = ] hukswnjr.ini -> %SystemRoot%\System32\hukswnjr.ini -> [Ver = | Size = 1696321 bytes | Modified Date = 6/21/2008 5:01:47 PM | Attr = HS] hwhmjija.dll -> %SystemRoot%\System32\hwhmjija.dll -> [Ver = | Size = 117248 bytes | Modified Date = 6/5/2008 5:55:30 PM | Attr = ] ianbsitq.dll -> %SystemRoot%\System32\ianbsitq.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/9/2008 5:52:18 PM | Attr = ] iegsmrkb.dll -> %SystemRoot%\System32\iegsmrkb.dll -> [Ver = | Size = 108544 bytes | Modified Date = 6/7/2008 5:56:57 PM | Attr = ] ihyymdqs.dll -> %SystemRoot%\System32\ihyymdqs.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/17/2008 2:58:50 PM | Attr = ] inlejunc.ini -> %SystemRoot%\System32\inlejunc.ini -> [Ver = | Size = 1658609 bytes | Modified Date = 6/13/2008 6:03:16 PM | Attr = HS] irsudyfo.ini -> %SystemRoot%\System32\irsudyfo.ini -> [Ver = | Size = 1580332 bytes | Modified Date = 6/9/2008 12:45:46 AM | Attr = HS] isvwpdtm.dll -> %SystemRoot%\System32\isvwpdtm.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/16/2008 2:06:30 AM | Attr = ] iwwylfrd.dll -> %SystemRoot%\System32\iwwylfrd.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/8/2008 5:54:44 PM | Attr = ] jfqenhgr.dll -> %SystemRoot%\System32\jfqenhgr.dll -> [Ver = | Size = 126976 bytes | Modified Date = 6/5/2008 5:52:29 PM | Attr = ] jmppyeyq.dll -> %SystemRoot%\System32\jmppyeyq.dll -> [Ver = | Size = 125952 bytes | Modified Date = 6/3/2008 5:52:30 PM | Attr = ] jntohflb.dll -> %SystemRoot%\System32\jntohflb.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/16/2008 2:11:49 AM | Attr = ] jxfufgjm.dll -> %SystemRoot%\System32\jxfufgjm.dll -> [Ver = | Size = 80896 bytes | Modified Date = 6/14/2008 10:10:15 PM | Attr = ] khpnaoee.dll -> %SystemRoot%\System32\khpnaoee.dll -> [Ver = | Size = 132608 bytes | Modified Date = 6/4/2008 6:04:49 PM | Attr = ] kwwfabff.ini -> %SystemRoot%\System32\kwwfabff.ini -> [Ver = | Size = 1485465 bytes | Modified Date = 6/2/2008 5:03:29 PM | Attr = HS] laftbupj.dll -> %SystemRoot%\System32\laftbupj.dll -> [Ver = | Size = 100864 bytes | Modified Date = 6/9/2008 5:55:18 PM | Attr = ] lbqgycpm.dll -> %SystemRoot%\System32\lbqgycpm.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/18/2008 2:57:56 PM | Attr = ] lhuyqges.dll -> %SystemRoot%\System32\lhuyqges.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/5/2008 5:49:33 PM | Attr = ] ljxjnccd.dll -> %SystemRoot%\System32\ljxjnccd.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/11/2008 6:11:02 PM | Attr = ] llvjfrld.dll -> %SystemRoot%\System32\llvjfrld.dll -> [Ver = | Size = 89600 bytes | Modified Date = 6/11/2008 5:53:10 PM | Attr = ] lscdwrio.dll -> %SystemRoot%\System32\lscdwrio.dll -> [Ver = | Size = 99328 bytes | Modified Date = 6/13/2008 6:03:58 PM | Attr = ] lsiisjay.dll -> %SystemRoot%\System32\lsiisjay.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/10/2008 5:57:22 PM | Attr = ] lvgjjupd.dll -> %SystemRoot%\System32\lvgjjupd.dll -> [Ver = | Size = 99328 bytes | Modified Date = 6/13/2008 10:06:30 PM | Attr = ] mabjdshq.dll -> %SystemRoot%\System32\mabjdshq.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/9/2008 6:07:20 PM | Attr = ] malhibfd.dll -> %SystemRoot%\System32\malhibfd.dll -> [Ver = | Size = 98304 bytes | Modified Date = 6/14/2008 10:07:15 PM | Attr = ] mbhkaagx.ini -> %SystemRoot%\System32\mbhkaagx.ini -> [Ver = | Size = 1667296 bytes | Modified Date = 6/20/2008 4:23:41 AM | Attr = HS] mcnuvyio.exe -> %SystemRoot%\System32\mcnuvyio.exe -> [Ver = | Size = 2560 bytes | Modified Date = 6/4/2008 6:01:45 PM | Attr = ] mexytxfu.dll -> %SystemRoot%\System32\mexytxfu.dll -> [Ver = | Size = 147456 bytes | Modified Date = 6/10/2008 6:00:23 PM | Attr = ] mfbohqxx.dll -> %SystemRoot%\System32\mfbohqxx.dll -> [Ver = | Size = 114176 bytes | Modified Date = 5/31/2008 10:46:30 PM | Attr = ] mjgfufxj.ini -> %SystemRoot%\System32\mjgfufxj.ini -> [Ver = | Size = 1658923 bytes | Modified Date = 6/14/2008 10:10:34 PM | Attr = HS] muutwswe.dll -> %SystemRoot%\System32\muutwswe.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/20/2008 4:44:12 PM | Attr = ] nbauwnfj.dll -> %SystemRoot%\System32\nbauwnfj.dll -> [Ver = | Size = 89600 bytes | Modified Date = 6/13/2008 10:03:30 PM | Attr = ] nnyydbyy.dll -> %SystemRoot%\System32\nnyydbyy.dll -> [Ver = | Size = 98816 bytes | Modified Date = 6/11/2008 6:05:03 PM | Attr = ] npfvtdon.dll -> %SystemRoot%\System32\npfvtdon.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/6/2008 5:50:24 PM | Attr = ] npikuevf.dll -> %SystemRoot%\System32\npikuevf.dll -> [Ver = | Size = 90112 bytes | Modified Date = 6/17/2008 2:57:08 PM | Attr = ] odjaashy.dll -> %SystemRoot%\System32\odjaashy.dll -> [Ver = | Size = 99328 bytes | Modified Date = 6/17/2008 3:04:27 PM | Attr = ] ofydusri.dll -> %SystemRoot%\System32\ofydusri.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/8/2008 6:06:44 PM | Attr = ] ojowcooj.dll -> %SystemRoot%\System32\ojowcooj.dll -> [Ver = | Size = 184320 bytes | Modified Date = 6/10/2008 6:12:23 PM | Attr = ] ovmvnkqv.dll -> %SystemRoot%\System32\ovmvnkqv.dll -> [Ver = | Size = 80896 bytes | Modified Date = 6/18/2008 7:33:42 PM | Attr = ] owmwvoff.dll -> %SystemRoot%\System32\owmwvoff.dll -> [Ver = | Size = 98816 bytes | Modified Date = 6/18/2008 3:03:56 PM | Attr = ] oyawkspc.dll -> %SystemRoot%\System32\oyawkspc.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/11/2008 5:56:03 PM | Attr = ] oytsbobb.dll -> %SystemRoot%\System32\oytsbobb.dll -> [Ver = | Size = 109056 bytes | Modified Date = 6/9/2008 6:04:18 PM | Attr = ] pbbfattm.exe -> %SystemRoot%\System32\pbbfattm.exe -> [Ver = | Size = 2560 bytes | Modified Date = 6/5/2008 6:07:34 PM | Attr = ] phhqerdt.dll -> %SystemRoot%\System32\phhqerdt.dll -> [Ver = | Size = 157184 bytes | Modified Date = 6/10/2008 5:54:23 PM | Attr = ] plktumgo.dll -> %SystemRoot%\System32\plktumgo.dll -> [Ver = | Size = 98816 bytes | Modified Date = 6/20/2008 4:23:18 AM | Attr = ] pwwnoqhd.dll -> %SystemRoot%\System32\pwwnoqhd.dll -> [Ver = | Size = 115200 bytes | Modified Date = 6/3/2008 5:55:29 PM | Attr = ] pxdfautc.ini -> %SystemRoot%\System32\pxdfautc.ini -> [Ver = | Size = 1696321 bytes | Modified Date = 6/20/2008 4:52:27 PM | Attr = HS] qhsdjbam.ini -> %SystemRoot%\System32\qhsdjbam.ini -> [Ver = | Size = 1583903 bytes | Modified Date = 6/9/2008 6:28:27 PM | Attr = HS] qlvfyaur.dll -> %SystemRoot%\System32\qlvfyaur.dll -> [Ver = | Size = 89600 bytes | Modified Date = 6/12/2008 5:57:49 PM | Attr = ] qngkwsde.dll -> %SystemRoot%\System32\qngkwsde.dll -> [Ver = | Size = 3072 bytes | Modified Date = 6/4/2008 5:55:39 PM | Attr = ] qsstiusu.dll -> %SystemRoot%\System32\qsstiusu.dll -> [Ver = | Size = 108544 bytes | Modified Date = 6/8/2008 5:57:44 PM | Attr = ] rbkoufhx.dll -> %SystemRoot%\System32\rbkoufhx.dll -> [Ver = | Size = 81408 bytes | Modified Date = 6/13/2008 10:18:29 PM | Attr = ] rehglmdp.dll -> %SystemRoot%\System32\rehglmdp.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/19/2008 4:03:16 PM | Attr = ] rjnwskuh.dll -> %SystemRoot%\System32\rjnwskuh.dll -> [Ver = | Size = 81408 bytes | Modified Date = 6/21/2008 5:01:23 PM | Attr = ] rqRHywvw.dll -> %SystemRoot%\System32\rqRHywvw.dll -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ] ryjtewrq.dll -> %SystemRoot%\System32\ryjtewrq.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/12/2008 6:09:49 PM | Attr = ] scjavbag.exe -> %SystemRoot%\System32\scjavbag.exe -> [Ver = | Size = 2560 bytes | Modified Date = 6/6/2008 6:02:24 PM | Attr = ] sgrqnfmd.dll -> %SystemRoot%\System32\sgrqnfmd.dll -> [Ver = | Size = 118272 bytes | Modified Date = 6/6/2008 5:56:24 PM | Attr = ] tmnlvwhe.ini -> %SystemRoot%\System32\tmnlvwhe.ini -> [Ver = | Size = 1630588 bytes | Modified Date = 6/17/2008 3:01:32 PM | Attr = HS] tpdykowb.dll -> %SystemRoot%\System32\tpdykowb.dll -> [Ver = | Size = 89600 bytes | Modified Date = 6/14/2008 10:01:48 PM | Attr = ] tpefromg.ini -> %SystemRoot%\System32\tpefromg.ini -> [Ver = | Size = 1630588 bytes | Modified Date = 6/12/2008 3:39:05 AM | Attr = HS] tuokflce.dll -> %SystemRoot%\System32\tuokflce.dll -> [Ver = | Size = 114176 bytes | Modified Date = 5/31/2008 10:33:03 AM | Attr = ] ufxtyxem.ini -> %SystemRoot%\System32\ufxtyxem.ini -> [Ver = | Size = 1579534 bytes | Modified Date = 6/10/2008 6:58:26 PM | Attr = HS] ugtsllel.dll -> %SystemRoot%\System32\ugtsllel.dll -> [Ver = | Size = 89600 bytes | Modified Date = 6/13/2008 5:54:57 PM | Attr = ] umhdckun.dll -> %SystemRoot%\System32\umhdckun.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/4/2008 5:49:42 PM | Attr = ] urqNFuRi.dll -> %SystemRoot%\System32\urqNFuRi.dll -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:27:24 AM | Attr = ] usegnnfb.dll -> %SystemRoot%\System32\usegnnfb.dll -> [Ver = | Size = 49664 bytes | Modified Date = 6/13/2008 10:09:30 PM | Attr = ] vdpmmclp.dll -> %SystemRoot%\System32\vdpmmclp.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/13/2008 10:01:15 PM | Attr = ] vnhcvqtu.dll -> %SystemRoot%\System32\vnhcvqtu.dll -> [Ver = | Size = 99840 bytes | Modified Date = 6/16/2008 2:21:51 AM | Attr = ] vnpshehi.exe -> %SystemRoot%\System32\vnpshehi.exe -> [Ver = | Size = 2560 bytes | Modified Date = 6/7/2008 6:08:56 PM | Attr = ] vnvhnbml.dll -> %SystemRoot%\System32\vnvhnbml.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/18/2008 7:31:47 PM | Attr = ] vphcqlev.dll -> %SystemRoot%\System32\vphcqlev.dll -> [Ver = | Size = 101376 bytes | Modified Date = 6/7/2008 5:53:57 PM | Attr = ] vpvbnnre.dll -> %SystemRoot%\System32\vpvbnnre.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/14/2008 10:04:15 PM | Attr = ] vqknvmvo.ini -> %SystemRoot%\System32\vqknvmvo.ini -> [Ver = | Size = 1650720 bytes | Modified Date = 6/18/2008 9:08:33 PM | Attr = HS] wbxvtmff.dll -> %SystemRoot%\System32\wbxvtmff.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/21/2008 4:45:25 PM | Attr = ] wjssxmje.dll -> %SystemRoot%\System32\wjssxmje.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/13/2008 5:57:36 PM | Attr = ] wlhbfnkf.dll -> %SystemRoot%\System32\wlhbfnkf.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/7/2008 6:05:57 PM | Attr = ] wnqvrwri.dll -> %SystemRoot%\System32\wnqvrwri.dll -> [Ver = | Size = 90112 bytes | Modified Date = 6/20/2008 4:46:24 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/21/2008 11:44:53 PM | Attr = ] wpterqjo.dll -> %SystemRoot%\System32\wpterqjo.dll -> [Ver = | Size = 92160 bytes | Modified Date = 5/31/2008 10:37:29 PM | Attr = ] wqwqdwrn.dll -> %SystemRoot%\System32\wqwqdwrn.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/20/2008 4:48:58 PM | Attr = ] wrcbpqny.ini -> %SystemRoot%\System32\wrcbpqny.ini -> [Ver = | Size = 1660559 bytes | Modified Date = 6/12/2008 6:13:34 PM | Attr = HS] wyltdviq.dll -> %SystemRoot%\System32\wyltdviq.dll -> [Ver = | Size = 89600 bytes | Modified Date = 6/19/2008 4:03:08 PM | Attr = ] xdkwywpf.exe -> %SystemRoot%\System32\xdkwywpf.exe -> [Ver = | Size = 2560 bytes | Modified Date = 5/31/2008 10:43:30 PM | Attr = ] xdvteorj.dll -> %SystemRoot%\System32\xdvteorj.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/16/2008 2:11:43 AM | Attr = ] xfrabrbj.dll -> %SystemRoot%\System32\xfrabrbj.dll -> [Ver = | Size = 90112 bytes | Modified Date = 6/21/2008 4:48:24 PM | Attr = ] xgaakhbm.dll -> %SystemRoot%\System32\xgaakhbm.dll -> [Ver = | Size = 79360 bytes | Modified Date = 6/20/2008 4:23:22 AM | Attr = ] xgpnmcrc.dll -> %SystemRoot%\System32\xgpnmcrc.dll -> [Ver = | Size = 99328 bytes | Modified Date = 6/21/2008 4:51:24 PM | Attr = ] xgqkjlmx.dll -> %SystemRoot%\System32\xgqkjlmx.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/10/2008 6:03:22 PM | Attr = ] xhfuokbr.ini -> %SystemRoot%\System32\xhfuokbr.ini -> [Ver = | Size = 1658923 bytes | Modified Date = 6/13/2008 10:18:48 PM | Attr = HS] xxiiiagf.dll -> %SystemRoot%\System32\xxiiiagf.dll -> [Ver = | Size = 126976 bytes | Modified Date = 6/4/2008 5:52:41 PM | Attr = ] xxqhobfm.ini -> %SystemRoot%\System32\xxqhobfm.ini -> [Ver = | Size = 1485866 bytes | Modified Date = 6/1/2008 1:00:44 AM | Attr = HS] ycqtetcg.dll -> %SystemRoot%\System32\ycqtetcg.dll -> [Ver = | Size = 133120 bytes | Modified Date = 6/3/2008 6:07:29 PM | Attr = ] yjjbgaoj.dll -> %SystemRoot%\System32\yjjbgaoj.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/14/2008 10:16:15 PM | Attr = ] yjpeyjca.dll -> %SystemRoot%\System32\yjpeyjca.dll -> [Ver = | Size = 3072 bytes | Modified Date = 6/5/2008 6:13:29 PM | Attr = ] yndosomn.dll -> %SystemRoot%\System32\yndosomn.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/15/2008 10:16:12 PM | Attr = ] ynqpbcrw.dll -> %SystemRoot%\System32\ynqpbcrw.dll -> [Ver = | Size = 80896 bytes | Modified Date = 6/12/2008 6:12:49 PM | Attr = ] ywnqmwsq.dll -> %SystemRoot%\System32\ywnqmwsq.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/7/2008 5:50:57 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/28/2008 6:01:36 PM | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 5/29/2008 7:19:32 PM | Attr = ] BM0d554be5.xml -> %SystemRoot%\BM0d554be5.xml -> [Ver = | Size = 110321 bytes | Modified Date = 6/21/2008 4:48:31 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/21/2008 11:44:19 PM | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 2583 bytes | Modified Date = 6/18/2008 9:08:40 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/12/2008 6:59:56 PM | Attr = S] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/28/2008 6:01:52 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/16/2008 2:43:16 AM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/21/2008 11:42:03 PM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 6/21/2008 4:48:39 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/21/2008 5:01:47 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/30/2008 3:23:59 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/21/2008 11:46:05 PM | Attr = ] AAB191E4918E0678.job -> %SystemRoot%\tasks\AAB191E4918E0678.job -> [Ver = | Size = 258 bytes | Modified Date = 6/21/2008 11:00:00 PM | Attr = H ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 6/21/2008 10:51:00 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/21/2008 11:44:30 PM | Attr = H ] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 6/29/2007 6:42:26 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5522 bytes | Modified Date = 6/20/2008 6:24:51 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5522 bytes | Modified Date = 6/20/2008 6:24:51 PM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\ -> C:\Documents and Settings\Aj\Local Settings\Temp -> [Folder | Modified Date = 6/21/2008 11:45:38 PM | Attr = ] Install_Messenger.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\Install_Messenger.exe -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 18895728 bytes | Modified Date = 1/19/2007 11:54:17 PM | Attr = ] msgpl_33b3.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\msgpl_33b3.exe -> Patchou [Ver = 3, 63, 0, 148 | Size = 4843080 bytes | Modified Date = 6/29/2007 6:36:30 AM | Attr = ] pacificpokersetup.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pacificpokersetup.exe -> [Ver = | Size = 5818090 bytes | Modified Date = 9/14/2007 11:00:20 AM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Aj\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 4:55:46 PM | Attr = ] sta16B.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta16B.exe -> [Ver = | Size = 392192 bytes | Modified Date = 1/8/2008 3:45:34 AM | Attr = ] sta1C.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta1C.exe -> [Ver = | Size = 547328 bytes | Modified Date = 8/2/2007 7:46:36 PM | Attr = ] sta3.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta3.exe -> [Ver = | Size = 537600 bytes | Modified Date = 10/7/2007 11:49:15 AM | Attr = ] sta4.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta4.exe -> [Ver = | Size = 391680 bytes | Modified Date = 2/16/2008 8:30:43 AM | Attr = ] sta6.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta6.exe -> [Ver = | Size = 428032 bytes | Modified Date = 1/25/2008 9:38:45 AM | Attr = ] sta9.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta9.exe -> [Ver = | Size = 472576 bytes | Modified Date = 4/29/2008 3:46:18 PM | Attr = ] staB.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\staB.exe -> [Ver = | Size = 465920 bytes | Modified Date = 5/30/2008 3:19:50 PM | Attr = ] war3_install.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\war3_install.exe -> Blizzard Entertainment [Ver = 1, 5, 0, 0 | Size = 299008 bytes | Modified Date = 5/21/2003 6:11:46 PM | Attr = ] zfe1.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\zfe1.exe -> [Ver = | Size = 19968 bytes | Modified Date = 5/3/2008 11:39:55 PM | Attr = ] zfe2.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\zfe2.exe -> [Ver = | Size = 29184 bytes | Modified Date = 5/3/2008 11:39:51 PM | Attr = ] zfe3.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\zfe3.exe -> [Ver = | Size = 19968 bytes | Modified Date = 5/8/2008 4:50:13 PM | Attr = ] zfe4.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\zfe4.exe -> [Ver = | Size = 30208 bytes | Modified Date = 5/8/2008 4:50:11 PM | Attr = ] 660 C:\Documents and Settings\Aj\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Aj\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\ -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC -> [Folder | Modified Date = 6/21/2008 1:32:18 PM | Attr = ] setup.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\setup.exe -> InstallShield Software Corporation [Ver = 9.01.429 | Size = 116880 bytes | Modified Date = 11/11/2003 3:55:38 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\MSRedist\ -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\MSRedist -> [Folder | Modified Date = 6/21/2008 1:32:18 PM | Attr = ] Dxmedia.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\MSRedist\Dxmedia.exe -> [Ver = | Size = 4703784 bytes | Modified Date = 8/16/2000 7:01:26 PM | Attr = R ] wmdmdist.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\MSRedist\wmdmdist.exe -> Microsoft Corporation [Ver = 9.00.00.2980 | Size = 464464 bytes | Modified Date = 9/4/2003 11:06:04 PM | Attr = ] wmfdist.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\MSRedist\wmfdist.exe -> Microsoft Corporation [Ver = 9.00.00.2980 | Size = 4085904 bytes | Modified Date = 9/4/2003 11:06:04 PM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\Shared\ -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\Shared -> [Folder | Modified Date = 9/6/2007 5:54:29 AM | Attr = ] CamTray.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\Shared\CamTray.exe -> Creative Technology Ltd [Ver = 3.60.07 | Size = 299008 bytes | Modified Date = 10/28/2005 2:00:22 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\ICD1.tmp\ -> C:\Documents and Settings\Aj\Local Settings\Temp\ICD1.tmp\ -> [Folder | Modified Date = 7/6/2007 3:35:54 AM | Attr = ] jinstall.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\ICD1.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 364544 bytes | Modified Date = 3/14/2007 12:02:28 PM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\ -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp -> [Folder | Modified Date = 6/29/2007 6:31:43 AM | Attr = ] alcchkid.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\alcchkid.exe -> [Ver = 1, 0, 0, 3 | Size = 110592 bytes | Modified Date = 11/21/2003 11:48:00 PM | Attr = ] alcrmv.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\alcrmv.exe -> Realtek Semiconductor Corp. [Ver = 2, 0, 0, 4 | Size = 217088 bytes | Modified Date = 7/31/2006 7:27:30 PM | Attr = ] alcrmv64.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\alcrmv64.exe -> Realtek Semiconductor Corp. [Ver = 2, 0, 0, 4 | Size = 316416 bytes | Modified Date = 7/31/2006 7:27:14 PM | Attr = ] alcrmv9x.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\alcrmv9x.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 2 | Size = 126976 bytes | Modified Date = 11/22/2003 12:57:00 AM | Attr = ] alcupd.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\alcupd.exe -> Realtek Semiconductor Corp. [Ver = 2, 2, 0, 3 | Size = 315392 bytes | Modified Date = 7/31/2006 7:19:24 PM | Attr = ] AlcUpd64.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\AlcUpd64.exe -> Realtek Semiconductor Corp. [Ver = 2, 2, 0, 3 | Size = 475648 bytes | Modified Date = 7/31/2006 7:19:12 PM | Attr = ] ALCXDEV.EXE -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\ALCXDEV.EXE -> [Ver = | Size = 31388 bytes | Modified Date = 11/4/2003 8:55:00 PM | Attr = ] ChCfg.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\ChCfg.exe -> [Ver = | Size = 49152 bytes | Modified Date = 8/1/2006 11:02:32 PM | Attr = ] GETDXVER.EXE -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\GETDXVER.EXE -> [Ver = | Size = 40448 bytes | Modified Date = 8/8/2003 11:41:00 PM | Attr = ] SetCDfmt.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\SetCDfmt.exe -> [Ver = | Size = 23552 bytes | Modified Date = 12/3/2001 9:27:00 AM | Attr = ] setup.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\setup.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 121064 bytes | Modified Date = 11/15/2005 12:24:00 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM\ -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM -> [Folder | Modified Date = 6/29/2007 6:31:43 AM | Attr = ] alcrmv.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM\alcrmv.exe -> Realtek Semiconductor Corp. [Ver = 2, 0, 0, 4 | Size = 217088 bytes | Modified Date = 7/31/2006 7:27:30 PM | Attr = ] alcrmv64.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM\alcrmv64.exe -> Realtek Semiconductor Corp. [Ver = 2, 0, 0, 4 | Size = 316416 bytes | Modified Date = 7/31/2006 7:27:14 PM | Attr = ] ChCfg.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM\ChCfg.exe -> [Ver = | Size = 49152 bytes | Modified Date = 8/1/2006 11:02:32 PM | Attr = ] CPLUtl64.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM\CPLUtl64.exe -> [Ver = | Size = 37376 bytes | Modified Date = 3/31/2006 8:23:40 PM | Attr = ] RTLCPL.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM\RTLCPL.exe -> Realtek Semiconductor Corp. [Ver = 1.0.1.66 | Size = 10528768 bytes | Modified Date = 12/8/2006 11:20:14 PM | Attr = ] SoundMan.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM\SoundMan.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 11:28:22 PM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\Temporary Directory 1 for WDM_A400.zip\WDM_A400\ -> C:\Documents and Settings\Aj\Local Settings\Temp\Temporary Directory 1 for WDM_A400.zip\WDM_A400 -> [Folder | Modified Date = 6/29/2007 6:23:56 AM | Attr = ] setup.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\Temporary Directory 1 for WDM_A400.zip\WDM_A400\setup.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 121064 bytes | Modified Date = 11/15/2005 12:24:00 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\ -> C:\Documents and Settings\Aj\Local Settings\Temp -> [Folder | Modified Date = 6/21/2008 11:45:38 PM | Attr = ] CTWseAPI.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\CTWseAPI.dll -> Creative Technology Ltd. [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Modified Date = 7/3/2002 9:01:00 AM | Attr = ] drm_dialogs.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\drm_dialogs.dll -> Sony DADC Austria AG [Ver = 1, 2, 0, 1 | Size = 46592 bytes | Modified Date = 1/3/2008 2:33:30 PM | Attr = ] SIntf16.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\SIntf16.dll -> [Ver = | Size = 12067 bytes | Modified Date = 12/5/2007 10:13:10 AM | Attr = ] SIntf32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\SIntf32.dll -> [Ver = | Size = 19924 bytes | Modified Date = 12/5/2007 10:13:10 AM | Attr = ] SIntfNT.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\SIntfNT.dll -> [Ver = | Size = 24516 bytes | Modified Date = 12/5/2007 10:13:10 AM | Attr = ] 660 C:\Documents and Settings\Aj\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Aj\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\Shared\ -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\Shared -> [Folder | Modified Date = 9/6/2007 5:54:29 AM | Attr = ] CTHook.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\Shared\CTHook.dll -> Creative Technology Ltd [Ver = 1.00.02 | Size = 53248 bytes | Modified Date = 3/3/2004 7:42:28 PM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\WinSys\ -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\WinSys -> [Folder | Modified Date = 9/6/2007 5:54:28 AM | Attr = ] MFC42.DLL -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\WinSys\MFC42.DLL -> Microsoft Corporation [Ver = 6.00.8665.0 | Size = 995383 bytes | Modified Date = 2/12/2000 12:58:40 AM | Attr = ] msvcp60.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\WinSys\msvcp60.dll -> Microsoft Corporation [Ver = 6.00.8972.0 | Size = 401462 bytes | Modified Date = 8/29/2000 11:19:16 AM | Attr = ] MSVCRT.DLL -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\CTShared\WinSys\MSVCRT.DLL -> Microsoft Corporation [Ver = 6.00.8797.0 | Size = 278581 bytes | Modified Date = 3/7/2000 11:22:14 PM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\CTAdobe\ -> C:\Documents and Settings\Aj\Local Settings\Temp\CTAdobe -> [Folder | Modified Date = 6/29/2007 3:53:19 PM | Attr = ] CheckLang.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\CTAdobe\CheckLang.dll -> Creative Technology Ltd [Ver = 1, 0, 0, 0 | Size = 49152 bytes | Modified Date = 12/18/2001 9:00:00 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\ -> C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\ -> [Folder | Modified Date = 12/2/2007 6:23:26 AM | Attr = ] setuphook.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\setuphook.dll -> [Ver = | Size = 24576 bytes | Modified Date = 12/2/2007 6:22:58 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM\ -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM -> [Folder | Modified Date = 6/29/2007 6:31:43 AM | Attr = ] RtlCPAPI.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\WDM\RtlCPAPI.dll -> [Ver = 1, 0, 1, 4 | Size = 147456 bytes | Modified Date = 10/18/2006 10:53:26 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\Fake Profile\ -> C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\Fake Profile -> [Folder | Modified Date = 12/2/2007 6:23:24 AM | Attr = ] compreg.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\Fake Profile\compreg.dat -> [Ver = | Size = 147247 bytes | Modified Date = 12/2/2007 6:23:22 AM | Attr = ] xpti.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\Fake Profile\xpti.dat -> [Ver = | Size = 92986 bytes | Modified Date = 12/2/2007 6:23:19 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\ -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000 -> [Folder | Modified Date = 6/21/2008 1:32:18 PM | Attr = ] WCCWeb.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCCWeb.ini -> [Ver = | Size = 142 bytes | Modified Date = 1/3/2006 7:11:48 PM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\ -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC -> [Folder | Modified Date = 6/21/2008 1:32:18 PM | Attr = ] setup.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\setup.ini -> [Ver = | Size = 497 bytes | Modified Date = 12/23/2005 11:51:34 PM | Attr = ] SWUpdate.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\SWUpdate.ini -> [Ver = | Size = 28 bytes | Modified Date = 5/11/2004 9:00:00 AM | Attr = ] Version.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\CRF000\WCC\Version.ini -> [Ver = | Size = 146 bytes | Modified Date = 12/23/2005 10:31:26 PM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\Fake Profile\ -> C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\Fake Profile -> [Folder | Modified Date = 12/2/2007 6:23:24 AM | Attr = ] compatibility.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\GGS78.tmp\Fake Profile\compatibility.ini -> [Ver = | Size = 138 bytes | Modified Date = 12/2/2007 6:23:19 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\ -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp -> [Folder | Modified Date = 6/29/2007 6:31:43 AM | Attr = ] setup.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\setup.ini -> [Ver = | Size = 2815 bytes | Modified Date = 5/9/2007 12:49:08 AM | Attr = ] SetupEx.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\pft13~tmp\SetupEx.ini -> [Ver = | Size = 136 bytes | Modified Date = 11/6/2004 1:14:00 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] OrbNetworks -> %AllUsersProfile%\Application Data\OrbNetworks -> [Folder | Modified Date = 5/26/2008 7:36:49 PM | Attr = ] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Modified Date = 6/11/2008 3:50:01 PM | Attr = ] Software rule flag owns -> %AllUsersProfile%\Application Data\Software rule flag owns -> [Folder | Modified Date = 5/30/2008 3:21:46 PM | Attr = ] Winamp Toolbar -> %AllUsersProfile%\Application Data\Winamp Toolbar -> [Folder | Modified Date = 5/26/2008 7:36:28 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 6/5/2008 9:54:36 PM | Attr = ] Idol heck -> %AppData%\Idol heck -> [Folder | Modified Date = 5/30/2008 3:23:59 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 6/16/2008 12:50:27 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 59904 bytes | Modified Date = 5/26/2008 7:24:48 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 6077810 bytes | Modified Date = 6/21/2008 11:42:33 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/17/2008 1:34:48 AM | Attr = S] Winamp Toolbar -> %UserProfile%\Local Settings\Application Data\Winamp Toolbar -> [Folder | Modified Date = 5/26/2008 8:03:28 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 5/31/2008 10:09:48 AM | Attr = ] freq 16 -> %UserProfile%\My Documents\freq 16 -> [Folder | Modified Date = 5/24/2008 4:23:28 PM | Attr = ] freq 18 -> %UserProfile%\My Documents\freq 18 -> [Folder | Modified Date = 5/24/2008 4:23:27 PM | Attr = ] Hardcore Heaven Weekender 3 Vol.1 CD1 Darren Styles -> %UserProfile%\My Documents\Hardcore Heaven Weekender 3 Vol.1 CD1 Darren Styles -> [Folder | Modified Date = 5/24/2008 4:23:28 PM | Attr = ] My Chat Logs -> %UserProfile%\My Documents\My Chat Logs -> [Folder | Modified Date = 6/13/2008 11:26:50 AM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 5/24/2008 9:56:46 PM | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 6/13/2008 10:10:52 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 576 bytes | Modified Date = 6/21/2008 6:36:46 PM | Attr = ] My Stationery -> %UserProfile%\My Documents\My Stationery -> [Folder | Modified Date = 5/26/2008 7:24:46 PM | Attr = R S] Omen-r74823.2.zip -> %UserProfile%\My Documents\Omen-r74823.2.zip -> [Ver = | Size = 324486 bytes | Modified Date = 5/25/2008 3:12:36 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Omen-r74823.2.zip:Zone.Identifier Playstation 2 Emulator v2.09.01 [Latest] + New Ps2 Bios -> %UserProfile%\My Documents\Playstation 2 Emulator v2.09.01 [Latest] + New Ps2 Bios -> [Folder | Modified Date = 5/23/2008 3:26:54 PM | Attr = ] SOTK VOL2Disc 1 -> %UserProfile%\My Documents\SOTK VOL2Disc 1 -> [Folder | Modified Date = 5/25/2008 3:29:32 PM | Attr = ] SOTK VOL2Disc 1.zip -> %UserProfile%\My Documents\SOTK VOL2Disc 1.zip -> [Ver = | Size = 78385158 bytes | Modified Date = 5/25/2008 12:08:05 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\SOTK VOL2Disc 1.zip:Zone.Identifier SOTK VOL2Disc 2 -> %UserProfile%\My Documents\SOTK VOL2Disc 2 -> [Folder | Modified Date = 5/25/2008 3:29:48 PM | Attr = ] SOTK VOL2Disc 2.zip -> %UserProfile%\My Documents\SOTK VOL2Disc 2.zip -> [Ver = | Size = 68571582 bytes | Modified Date = 5/25/2008 12:07:42 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\SOTK VOL2Disc 2.zip:Zone.Identifier Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 80896 bytes | Modified Date = 5/24/2008 4:23:15 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable WSH VOL10Disc 1 -> %UserProfile%\My Documents\WSH VOL10Disc 1 -> [Folder | Modified Date = 5/24/2008 11:46:32 PM | Attr = ] WSH VOL10Disc 1.zip -> %UserProfile%\My Documents\WSH VOL10Disc 1.zip -> [Ver = | Size = 72588455 bytes | Modified Date = 5/24/2008 11:46:21 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\WSH VOL10Disc 1.zip:Zone.Identifier WSH VOL10Disc 2 -> %UserProfile%\My Documents\WSH VOL10Disc 2 -> [Folder | Modified Date = 5/24/2008 11:48:01 PM | Attr = ] WSH VOL10Disc 2.zip -> %UserProfile%\My Documents\WSH VOL10Disc 2.zip -> [Ver = | Size = 68655742 bytes | Modified Date = 5/24/2008 11:47:55 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\WSH VOL10Disc 2.zip:Zone.Identifier Steam.lnk -> %AllUsersProfile%\Desktop\Steam.lnk -> [Ver = | Size = 2193 bytes | Modified Date = 6/20/2008 2:51:21 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 788 bytes | Modified Date = 6/16/2008 2:43:09 AM | Attr = ] Winamp Remote.lnk -> %AllUsersProfile%\Desktop\Winamp Remote.lnk -> [Ver = | Size = 1668 bytes | Modified Date = 5/26/2008 7:36:25 PM | Attr = ] Winamp.lnk -> %AllUsersProfile%\Desktop\Winamp.lnk -> [Ver = | Size = 672 bytes | Modified Date = 5/26/2008 7:36:31 PM | Attr = ] Counter-Strike.lnk -> %UserProfile%\Desktop\Counter-Strike.lnk -> [Ver = | Size = 1570 bytes | Modified Date = 6/5/2008 9:56:51 PM | Attr = ] Mega drive -> %UserProfile%\Desktop\Mega drive -> [Folder | Modified Date = 5/31/2008 12:56:49 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/21/2008 1:52:13 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Modified Date = 6/21/2008 1:49:29 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier tunes.doc -> %UserProfile%\Desktop\tunes.doc -> [Ver = | Size = 1205 bytes | Modified Date = 5/24/2008 11:15:53 PM | Attr = ]