[code] OTScanIt logfile created on: 6/26/2008 4:51:33 PM OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Documents and Settings\Aj\Desktop\Unused Desktop Shortcuts\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.48 Mb Total Physical Memory | 638.08 Mb Available Physical Memory | 66.57% Memory free 2.26 Gb Paging File | 1.88 Gb Available in Paging File | 83.26% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.07 Gb Total Space | 66.92 Gb Free Space | 47.10% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 6.96 Gb Total Space | 1.07 Gb Free Space | 15.31% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: AJ-DF81D87BDABB Current User Name: Aj Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] wlservice.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ] wusb54gsv2.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe -> Linksys [Ver = 1.0.1.5 | Size = 5230080 bytes | Modified Date = 11/14/2005 3:40:00 AM | Attr = ] soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 11:28:22 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 PM | Attr = ] launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 11/28/2006 10:12:12 PM | Attr = ] winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 36352 bytes | Modified Date = 4/1/2008 7:49:42 PM | Attr = ] ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 7:23:34 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 1/10/2007 4:14:36 PM | Attr = ] orbtray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ] servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 10:21:10 PM | Attr = ] steam.exe -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 3:40:54 PM | Attr = ] winamptbserver.exe -> %ProgramFiles%\Winamp Toolbar\winampTbServer.exe -> AOL LLC. [Ver = 5.1.20.3 | Size = 140640 bytes | Modified Date = 3/19/2008 11:36:36 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\Unused Desktop Shortcuts\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 6/20/2008 1:47:40 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 6/13/2007 10:29:00 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 7/6/2007 3:55:46 AM | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 10:21:10 PM | Attr = ] (WUSB54GSv2SVC) WUSB54GSv2SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ] [Driver Services - Non-Microsoft Only] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 1/14/2008 3:14:14 PM | Attr = ] (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 6/29/2004 5:07:18 PM | Attr = ] (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6240 built by: WinDDK | Size = 4030144 bytes | Modified Date = 4/26/2007 12:20:48 AM | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6698 | Size = 2155520 bytes | Modified Date = 6/13/2007 8:24:13 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] (Jukebox3) Jukebox3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctpdusb.sys -> Creative Technology Ltd. [Ver = 1.27.02.00 | Size = 16880 bytes | Modified Date = 9/30/2004 9:27:00 AM | Attr = ] (Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ] (Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ] (Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10/10/2006 4:54:34 PM | Attr = ] (Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/8/2007 12:51:00 AM | Attr = ] (RT73) Wireless-G USB Network Adapter with RangeBooster Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.04.0000 | Size = 252928 bytes | Modified Date = 1/13/2006 3:46:28 AM | Attr = ] (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:34 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1034 | Size = 30720 bytes | Modified Date = 1/9/2007 3:09:48 PM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 11:25:53 AM | Attr = ] (StreamSurge) StreamSurge Driver (miniport) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ss.sys -> File not found (GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 11:15:32 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 PM | Attr = ] PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup] -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 11/28/2006 10:12:12 PM | Attr = ] PKR Pal -> %ProgramFiles%\PKR\pkrpal.exe ["C:\Program Files\PKR\pkrpal.exe" -osboot] -> File not found SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 11:28:22 PM | Attr = ] StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe] -> [Ver = | Size = 90112 bytes | Modified Date = 11/10/2006 8:35:24 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] WinampAgent -> %ProgramFiles%\Winamp\winampa.exe [C:\Program Files\Winamp\winampa.exe] -> [Ver = | Size = 36352 bytes | Modified Date = 4/1/2008 7:49:42 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe [C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R] -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 7:23:34 PM | Attr = ] MessengerPlus3 -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe ["C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart] -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 6/29/2007 6:36:44 AM | Attr = ] Orb -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe ["C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background] -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ] Steam -> %ProgramFiles%\Steam\Steam.exe ["C:\Program Files\Steam\Steam.exe" -silent] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 3:40:54 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 1/10/2007 4:14:36 PM | Attr = ] < Aj Startup Folder > -> C:\Documents and Settings\Aj\Start Menu\Programs\Startup -> < All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 10/19/2006 10:12:20 AM | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 118784 bytes | Modified Date = 6/13/2007 8:16:59 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRRW_GCA-4164B_______________E.D0____\5&1c5c6e99&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 11/9/2004 2:20:04 PM | Attr = ] AUTOEXEC.BAT [] -> H:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/28/2001 7:07:38 AM | Attr = HS] Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> H:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2004 11:01:14 PM | Attr = HS] < HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ] < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 41 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 8:02:04 PM | Attr = ] {68bc0286-40e5-4197-8603-300cfc1d0407} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\bmhngruj.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 99328 bytes | Modified Date = 6/22/2008 8:07:58 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {7EE770C5-4EB2-4FAA-A48A-D7F25D892A59} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\efcBuUMF.dll [Reg Error: Value does not exist or could not be read.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ] WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Winamp Search -> %AllUsersProfile%\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html -> [Ver = | Size = 748 bytes | Modified Date = 3/19/2008 11:21:40 PM | Attr = ] Add to Windows &Live Favorites -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 9:56:24 PM | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {2CED90EE-1B8C-48EE-8F32-8A7C15415E77} -> (Linksys Wireless-G USB Network Adapter with SpeedBooster v2) -> {86FF0F7E-5F08-4846-B546-F8C274041E45} -> (1394 Net Adapter) -> {CFF53A29-92B0-4CC4-B7CF-B63DD07098A8} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {10093E98-C073-4C75-8D0E-FB5CD3A71D33}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/Upwords.cab57176.cab[ZoneUpwords Object] -> {20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[MSN Games - Installer] -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DA758BB1-5F89-4465-975F-8D7179A4BCF3}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/WoF.cab57176.cab[WheelofFortune Object] -> {E1E73B44-2D20-47A9-9CA2-B534CEBBF856}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab[F-Secure Health Check 1.0] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/auc_lib.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ca.pub\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/daas_s.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/fscax.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/gatelauncher.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsld32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsld32.dll\\.Owner -> {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsld32.dll\\{E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FSResource\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FSResource\\.Owner -> {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FSResource\\{E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\.Owner -> {5D6F45B3-9043-443D-A792-115447494D24} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\{5D6F45B3-9043-443D-A792-115447494D24} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncheradmin.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncheradmin.exe\\.Owner -> {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncheradmin.exe\\{E1E73B44-2D20-47A9-9CA2-B534CEBBF856} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\\.Owner -> {10093E98-C073-4C75-8D0E-FB5CD3A71D33} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\\{10093E98-C073-4C75-8D0E-FB5CD3A71D33} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\\.Owner -> {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\\{DA758BB1-5F89-4465-975F-8D7179A4BCF3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.3087 (xpsp_sp2_qfe.070219-2253) | Size = 299008 bytes | Modified Date = 4/15/2007 10:22:15 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 3:21:15 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.3027 (xpsp_sp2_qfe.061105-2318) | Size = 49152 bytes | Modified Date = 4/15/2007 10:23:44 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 772 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> A3 B3 71 06 7B D5 F9 F1 38 14 98 B7 D1 32 1D 9A 31 34 32 63 32 39 36 64 00 FD 07 00 06 99 00 00 34 FA 07 00 76 92 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 28 2D 3A 36 28 3F 2C F9 F1 05 83 14 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> E9 C1 96 9E 88 F7 D0 A6 D3 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 97 CD 4E 32 00 11 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> DF 20 7E CD 89 F2 58 81 22 1B EB 6F 99 9E AE 78 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 44 A0 67 FA 28 D5 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18447 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 4/15/2007 10:23:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 4/15/2007 10:23:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\nessystyle\counter-strike\hl.exe -> %ProgramFiles%\Steam\SteamApps\nessystyle\counter-strike\hl.exe [C:\Program Files\Steam\SteamApps\nessystyle\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 8/7/2007 12:44:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 4/16/2007 7:25:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\World of Warcraft\BackgroundDownloader.exe -> %ProgramFiles%\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> Blizzard Entertainment [Ver = 1, 8, 1, 406 | Size = 1065616 bytes | Modified Date = 5/14/2008 7:49:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.20772 (vista_ldr.080213-1606) | Size = 625664 bytes | Modified Date = 2/22/2008 10:40:22 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\Steam.exe -> %ProgramFiles%\Steam\Steam.exe [C:\Program Files\Steam\Steam.exe:*:Enabled:Steam] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 3:40:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\counter-strike\hl.exe -> %ProgramFiles%\Steam\SteamApps\aj_kaneo@hotmail.com\counter-strike\hl.exe [C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 6/26/2008 4:00:07 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\Orb.exe -> %ProgramFiles%\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> Orb Networks, Inc. [Ver = 1, 2008, 129, 1700 | Size = 73728 bytes | Modified Date = 1/30/2008 3:19:32 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbTray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe -> %ProgramFiles%\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> Orb Networks [Ver = 2, 2008, 327, 1400 | Size = 5844992 bytes | Modified Date = 3/28/2008 2:00:24 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\team fortress classic\hl.exe -> %ProgramFiles%\Steam\SteamApps\aj_kaneo@hotmail.com\team fortress classic\hl.exe [C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 6/25/2008 5:29:43 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\counter-strike source\hl2.exe -> %ProgramFiles%\Steam\SteamApps\aj_kaneo@hotmail.com\counter-strike source\hl2.exe [C:\Program Files\Steam\SteamApps\aj_kaneo@hotmail.com\counter-strike source\hl2.exe:*:Disabled:hl2] -> [Ver = | Size = 106496 bytes | Modified Date = 6/25/2008 8:14:39 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3724:TCP -> 3724:TCP:*:Enabled:Blizzard Downloader: 3724 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.8.0.2694 built by: dnsrv(wmbla) | Size = 18392 bytes | Modified Date = 4/15/2007 10:23:53 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2948 (xpsp.060710-0156) | Size = 399360 bytes | Modified Date = 4/15/2007 10:23:17 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2948 (xpsp.060710-0156) | Size = 399360 bytes | Modified Date = 4/15/2007 10:23:17 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 6/22/2008 8:10:32 PM | Attr = ] fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Created Date = 6/24/2008 4:51:12 AM | Attr = ] HiJackThis.exe -> %SystemDrive%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 6/20/2008 9:30:39 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\HiJackThis.exe:Zone.Identifier VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/24/2008 11:57:45 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 6/22/2008 8:22:17 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 6/22/2008 8:22:17 PM | Attr = ] bmhngruj.dll -> %SystemRoot%\System32\bmhngruj.dll -> [Ver = | Size = 99328 bytes | Created Date = 6/22/2008 8:07:58 PM | Attr = ] tqphencg.dll -> %SystemRoot%\System32\tqphencg.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/22/2008 7:48:04 PM | Attr = ] .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Created Date = 5/29/2008 7:19:32 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 6/22/2008 8:22:17 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 6/22/2008 8:22:19 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 4608 bytes | Created Date = 6/23/2008 3:58:35 AM | Attr = ] Grand Theft Anal 11 Porn DVDRiP.rar -> %UserProfile%\My Documents\Grand Theft Anal 11 Porn DVDRiP.rar -> [Ver = | Size = 808238043 bytes | Created Date = 6/14/2008 11:57:42 AM | Attr = ] My Chat Logs -> %UserProfile%\My Documents\My Chat Logs -> [Folder | Created Date = 6/23/2008 1:07:23 PM | Attr = ] OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Created Date = 6/21/2008 1:49:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\OTScanIt.exe:Zone.Identifier Playstation 2 Emulator v2.09.01 [Latest] + New Ps2 Bios -> %UserProfile%\My Documents\Playstation 2 Emulator v2.09.01 [Latest] + New Ps2 Bios -> [Folder | Created Date = 5/31/2008 10:25:50 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 704 bytes | Created Date = 6/22/2008 8:22:17 PM | Attr = ] Counter-Strike.lnk -> %UserProfile%\Desktop\Counter-Strike.lnk -> [Ver = | Size = 1570 bytes | Created Date = 6/5/2008 9:56:51 PM | Attr = ] VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0006 | Size = 119808 bytes | Created Date = 6/24/2008 11:57:24 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 6/22/2008 8:22:17 PM | Attr = ] Pcsx2 -> %ProgramFiles%\Pcsx2 -> [Folder | Created Date = 5/31/2008 10:28:04 AM | Attr = ] [Files/Folders - Modified Within 30 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 6/22/2008 8:13:01 PM | Attr = ] fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Modified Date = 6/24/2008 4:51:12 AM | Attr = ] HiJackThis.exe -> %SystemDrive%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 6/20/2008 9:30:47 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\HiJackThis.exe:Zone.Identifier Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/22/2008 8:22:17 PM | Attr = R ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/16/2008 7:03:02 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/16/2008 7:03:02 PM | Attr = H ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/24/2008 11:57:45 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/22/2008 8:14:51 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 6/22/2008 8:07:25 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 6/19/2008 5:47:58 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 6/19/2008 5:48:04 PM | Attr = ] bmhngruj.dll -> %SystemRoot%\System32\bmhngruj.dll -> [Ver = | Size = 99328 bytes | Modified Date = 6/22/2008 8:07:58 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/26/2008 1:08:42 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/13/2008 2:58:53 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/22/2008 8:22:17 PM | Attr = ] tqphencg.dll -> %SystemRoot%\System32\tqphencg.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/22/2008 7:48:04 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/26/2008 1:10:29 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/28/2008 6:01:36 PM | Attr = H ] .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 5/29/2008 7:19:32 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/26/2008 1:08:28 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/24/2008 4:59:41 AM | Attr = S] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/28/2008 6:01:52 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/16/2008 2:43:16 AM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/26/2008 4:50:34 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/22/2008 8:29:07 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/22/2008 8:10:39 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/26/2008 1:10:39 PM | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 6/26/2008 4:51:00 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/26/2008 1:08:34 PM | Attr = H ] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 6/22/2008 8:11:04 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4096 bytes | Modified Date = 6/22/2008 8:16:02 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4096 bytes | Modified Date = 6/22/2008 8:16:02 PM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\ -> C:\Documents and Settings\Aj\Local Settings\Temp -> [Folder | Modified Date = 6/26/2008 4:50:15 PM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Aj\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 4:55:46 PM | Attr = ] 14 C:\Documents and Settings\Aj\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Aj\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 6/24/2008 5:16:50 AM | Attr = ] fsgk32.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fssm32.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fsgk32.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fssm32.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus -> [Folder | Modified Date = 6/24/2008 4:51:51 AM | Attr = ] fsgk32.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.13470.29802 | Size = 400896 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] fssm32.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.13470.29802 | Size = 478208 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin -> [Folder | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] fsgk32.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.13470.29802 | Size = 400896 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] fssm32.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin\fssm32.exe -> F-Secure Corp. [Ver = 7.60.13470.29802 | Size = 478208 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 6/24/2008 5:16:50 AM | Attr = ] AVPFPI0.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] avpproxy.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] daas_s.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr = ] fm4av.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fpinor.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fsbl.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fsbld.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 6/24/2008 5:02:11 AM | Attr = ] fsecr32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsgkiapi.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fsmart.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 6/24/2008 5:02:38 AM | Attr = ] fspe32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fssubmit.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 6/24/2008 5:02:24 AM | Attr = ] fsup32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupcx32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupfg32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupmw32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupnp32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupux32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupwu32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsusscr.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 6/24/2008 5:02:38 AM | Attr = ] Nse_w32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 6/24/2008 5:02:21 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] AVPFPI0.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] avpproxy.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fm4av.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fpinor.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fsbl.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] fsgkiapi.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 6/24/2008 5:02:34 AM | Attr = ] fsecr32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fspe32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsup32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupcx32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupfg32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupmw32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupnp32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupux32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupwu32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\mlcwin -> [Folder | Modified Date = 6/24/2008 5:02:38 AM | Attr = ] fsmart.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 6/24/2008 5:02:38 AM | Attr = ] fsusscr.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 6/24/2008 5:02:38 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb -> [Folder | Modified Date = 6/24/2008 5:02:21 AM | Attr = ] Nse_w32.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 6/24/2008 5:02:21 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_33_bin -> [Folder | Modified Date = 6/24/2008 5:02:24 AM | Attr = ] fssubmit.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 6/24/2008 5:02:24 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_bl -> [Folder | Modified Date = 6/24/2008 5:02:11 AM | Attr = ] fsblu.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 6/24/2008 5:02:11 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus -> [Folder | Modified Date = 6/24/2008 4:51:51 AM | Attr = ] daas_s.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.13345 | Size = 495616 bytes | Modified Date = 3/7/2008 6:50:50 PM | Attr = ] fm4av.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] fsgkiapi.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.6841 | Size = 82432 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] fsmart.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 6/24/2008 4:51:35 AM | Attr = ] fsusscr.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 6/24/2008 4:51:35 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat -> [Folder | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] AVManagerUnified.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\AVManagerUnified.dll -> OPSWAT, Inc. [Ver = 2, 5, 8, 1 | Size = 702000 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] fsmaapi.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\fsmaapi.dll -> F-Secure Corporation [Ver = 1.0.13430 | Size = 94208 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] fsopswat.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\fsopswat.dll -> F-Secure Corporation [Ver = 1.1.14220 | Size = 65536 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] FWManager.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\FWManager.dll -> OPSWAT, Inc. [Ver = 2, 5, 8, 1 | Size = 118320 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] msvcp80.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 551984 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] msvcr80.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 629808 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] OPSWATProcessesScanner.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\OPSWATProcessesScanner.dll -> [Ver = 2, 5, 8, 1 | Size = 39984 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] UpdateVerify.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\UpdateVerify.dll -> OPSWAT, Inc. [Ver = 2, 0, 6, 7 | Size = 94208 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\mlcwin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\mlcwin -> [Folder | Modified Date = 6/24/2008 4:51:35 AM | Attr = ] fsmart.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 6/24/2008 4:51:35 AM | Attr = ] fsusscr.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 6/24/2008 4:51:35 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin -> [Folder | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] AVManagerUnified.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\AVManagerUnified.dll -> OPSWAT, Inc. [Ver = 2, 5, 8, 1 | Size = 702000 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] fsmaapi.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\fsmaapi.dll -> F-Secure Corporation [Ver = 1.0.13430 | Size = 94208 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] fsopswat.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\fsopswat.dll -> F-Secure Corporation [Ver = 1.1.14220 | Size = 65536 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] FWManager.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\FWManager.dll -> OPSWAT, Inc. [Ver = 2, 5, 8, 1 | Size = 118320 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] msvcp80.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 551984 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] msvcr80.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 629808 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] OPSWATProcessesScanner.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\OPSWATProcessesScanner.dll -> [Ver = 2, 5, 8, 1 | Size = 39984 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] UpdateVerify.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\UpdateVerify.dll -> OPSWAT, Inc. [Ver = 2, 0, 6, 7 | Size = 94208 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin -> [Folder | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] fm4av.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] fsgkiapi.dll -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.6841 | Size = 82432 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 6/24/2008 5:16:50 AM | Attr = ] ext.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] fsedb.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [Ver = | Size = 956586 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupdllb.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupplgn.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsuptmpl.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> [Ver = | Size = 5828 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] perf.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> [Ver = | Size = 128 bytes | Modified Date = 6/24/2008 5:02:55 AM | Attr = ] sae.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] sai.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avmisc -> [Folder | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] ext.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] sae.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] sai.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 6/24/2008 5:02:34 AM | Attr = ] fsedb.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [Ver = | Size = 956586 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupdllb.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsupplgn.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] fsuptmpl.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> [Ver = | Size = 5828 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus -> [Folder | Modified Date = 6/24/2008 4:51:51 AM | Attr = ] perf.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\perf.dat -> [Ver = | Size = 128 bytes | Modified Date = 6/24/2008 4:59:05 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat -> [Folder | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] epupdate.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\epupdate.dat -> [Ver = | Size = 5538 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin -> [Folder | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] epupdate.dat -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\epupdate.dat -> [Ver = | Size = 5538 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 6/24/2008 5:16:50 AM | Attr = ] FS@av.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini -> [Ver = | Size = 203 bytes | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] FS@avpe.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini -> [Ver = | Size = 205 bytes | Modified Date = 6/24/2008 5:02:04 AM | Attr = ] FS@bleng.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini -> [Ver = | Size = 241 bytes | Modified Date = 6/24/2008 5:02:11 AM | Attr = ] FS@corp.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini -> [Ver = | Size = 176 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] FS@hydra.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini -> [Ver = | Size = 250 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] FS@mlc.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 6/24/2008 5:02:38 AM | Attr = ] FS@ols.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini -> [Ver = | Size = 168 bytes | Modified Date = 6/24/2008 5:02:24 AM | Attr = ] FS@peg.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini -> [Ver = | Size = 204 bytes | Modified Date = 6/24/2008 5:02:21 AM | Attr = ] verdicts.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini -> [Ver = | Size = 4181 bytes | Modified Date = 6/24/2008 5:02:06 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avmisc -> [Folder | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] FS@av.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini -> [Ver = | Size = 203 bytes | Modified Date = 6/24/2008 5:02:08 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avpe\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avpe -> [Folder | Modified Date = 6/24/2008 5:02:07 AM | Attr = ] FS@avpe.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini -> [Ver = | Size = 205 bytes | Modified Date = 6/24/2008 5:02:04 AM | Attr = ] verdicts.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini -> [Ver = | Size = 4181 bytes | Modified Date = 6/24/2008 5:02:06 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] FS@corp.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini -> [Ver = | Size = 176 bytes | Modified Date = 6/24/2008 5:02:42 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 6/24/2008 5:02:34 AM | Attr = ] FS@hydra.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini -> [Ver = | Size = 250 bytes | Modified Date = 6/24/2008 5:02:33 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\mlcwin -> [Folder | Modified Date = 6/24/2008 5:02:38 AM | Attr = ] FS@mlc.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 6/24/2008 5:02:38 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb -> [Folder | Modified Date = 6/24/2008 5:02:21 AM | Attr = ] FS@peg.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini -> [Ver = | Size = 204 bytes | Modified Date = 6/24/2008 5:02:21 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_33_bin -> [Folder | Modified Date = 6/24/2008 5:02:24 AM | Attr = ] FS@ols.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini -> [Ver = | Size = 168 bytes | Modified Date = 6/24/2008 5:02:24 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_bl -> [Folder | Modified Date = 6/24/2008 5:02:11 AM | Attr = ] FS@bleng.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini -> [Ver = | Size = 241 bytes | Modified Date = 6/24/2008 5:02:11 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus -> [Folder | Modified Date = 6/24/2008 4:51:51 AM | Attr = ] FS@mlc.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 6/24/2008 4:51:35 AM | Attr = ] FS@pchc1bin.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\FS@pchc1bin.ini -> [Ver = | Size = 175 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] FS@vwswdb.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\FS@vwswdb.ini -> [Ver = | Size = 209 bytes | Modified Date = 6/24/2008 4:51:31 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat -> [Folder | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] FS@opswat.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\Anti-Virus\Opswat\FS@opswat.ini -> [Ver = | Size = 176 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\mlcwin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\mlcwin -> [Folder | Modified Date = 6/24/2008 4:51:35 AM | Attr = ] FS@mlc.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\mlcwin\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 6/24/2008 4:51:35 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin -> [Folder | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] FS@opswat.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\opswat_bin\FS@opswat.ini -> [Ver = | Size = 176 bytes | Modified Date = 6/24/2008 4:51:44 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin -> [Folder | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] FS@pchc1bin.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\pchc_10_bin\FS@pchc1bin.ini -> [Ver = | Size = 175 bytes | Modified Date = 6/24/2008 4:51:28 AM | Attr = ] C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\vuln_db\ -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\vuln_db -> [Folder | Modified Date = 6/24/2008 4:51:31 AM | Attr = ] FS@vwswdb.ini -> C:\Documents and Settings\Aj\Local Settings\Temp\PCHC_1_1\updates\vuln_db\FS@vwswdb.ini -> [Ver = | Size = 209 bytes | Modified Date = 6/24/2008 4:51:31 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 6/22/2008 8:22:17 PM | Attr = ] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Modified Date = 6/11/2008 3:50:01 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 6/5/2008 9:54:36 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 6/22/2008 8:22:19 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 6/16/2008 12:50:27 PM | Attr = ] ._Revolution_ -> %UserProfile%\Local Settings\Application Data\._Revolution_ -> [Folder | Modified Date = 6/25/2008 3:14:20 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 4608 bytes | Modified Date = 6/25/2008 3:08:03 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 6075800 bytes | Modified Date = 6/26/2008 5:39:24 AM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/17/2008 1:34:48 AM | Attr = S] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 5/31/2008 10:09:48 AM | Attr = ] My Chat Logs -> %UserProfile%\My Documents\My Chat Logs -> [Folder | Modified Date = 6/23/2008 1:07:23 PM | Attr = ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 6/26/2008 2:16:49 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 576 bytes | Modified Date = 6/26/2008 4:46:35 PM | Attr = ] OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Modified Date = 6/21/2008 1:49:29 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\OTScanIt.exe:Zone.Identifier Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 704 bytes | Modified Date = 6/22/2008 8:22:17 PM | Attr = ] Steam.lnk -> %AllUsersProfile%\Desktop\Steam.lnk -> [Ver = | Size = 2193 bytes | Modified Date = 6/25/2008 3:52:05 AM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 788 bytes | Modified Date = 6/16/2008 2:43:09 AM | Attr = ] Counter-Strike.lnk -> %UserProfile%\Desktop\Counter-Strike.lnk -> [Ver = | Size = 1570 bytes | Modified Date = 6/5/2008 9:56:51 PM | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 6/23/2008 1:24:38 PM | Attr = ] VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0006 | Size = 119808 bytes | Modified Date = 6/24/2008 11:57:36 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier < End of report > [/code]