[code] OTScanIt logfile created on: 7/20/2008 10:51:03 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Adrian\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy 511.48 Mb Total Physical Memory | 211.63 Mb Available Physical Memory | 41.37% Memory free 2.91 Gb Paging File | 2.63 Gb Available in Paging File | 90.21% Paging File free Paging file location(s): C:\pagefile.sys 2500 3000; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 19.46 Gb Free Space | 52.24% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 660.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OFFICE Current User Name: Adrian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/29/2007 2:56:34 AM | Attr = ] incdsrv.exe -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 0, 0, 4 | Size = 670208 bytes | Modified Date = 10/14/2005 12:02:02 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/29/2007 2:56:34 AM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr = ] avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 7/5/2008 8:39:22 PM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] dcfssvc.exe -> %SystemRoot%\system32\drivers\dcfssvc.exe -> Eastman Kodak Company [Ver = 1.1.1600.0 | Size = 75324 bytes | Modified Date = 5/18/2000 3:00:12 PM | Attr = ] nsl.exe -> %ProgramFiles%\AnalogX\NetStat Live\nsl.exe -> [Ver = | Size = 126980 bytes | Modified Date = 1/26/2008 11:55:56 AM | Attr = ] avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 7/5/2008 8:39:20 PM | Attr = ] avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 7/5/2008 8:39:40 PM | Attr = ] avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 7/5/2008 8:39:24 PM | Attr = ] yahoom~1.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 1/26/2008 12:10:41 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/29/2007 2:56:34 AM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 2/21/2006 9:05:00 PM | Attr = ] (avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 7/5/2008 8:39:24 PM | Attr = ] (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 7/5/2008 8:39:22 PM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] (Dcfssvc) Dcfssvc [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\dcfssvc.exe -> Eastman Kodak Company [Ver = 1.1.1600.0 | Size = 75324 bytes | Modified Date = 5/18/2000 3:00:12 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:56:50 AM | Attr = ] (InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 0, 0, 4 | Size = 670208 bytes | Modified Date = 10/14/2005 12:02:02 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] [Driver Services - Non-Microsoft Only] (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 36352 bytes | Modified Date = 3/9/2005 3:53:00 PM | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6727 | Size = 2456064 bytes | Modified Date = 9/29/2007 3:06:00 AM | Attr = ] (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Modified Date = 7/5/2008 8:39:19 PM | Attr = ] (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 7/5/2008 8:39:20 PM | Attr = ] (AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Modified Date = 7/5/2008 8:39:36 PM | Attr = ] (DcCam) Kodak Camera Proxy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\DcCam.sys -> Eastman Kodak Company [Ver = 1.4.7300.0 | Size = 29104 bytes | Modified Date = 6/8/2000 4:22:12 PM | Attr = ] (DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcFpoint.sys -> Eastman Kodak Company [Ver = 1.4.7300.0 | Size = 61424 bytes | Modified Date = 6/8/2000 4:22:30 PM | Attr = ] (DCFS2k) DCFS2k [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\DCFS2k.sys -> Eastman Kodak Company [Ver = 1.0.2500.0 | Size = 35637 bytes | Modified Date = 5/29/2000 6:57:32 PM | Attr = ] (DcLps) Legacy Polling Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\DcLps.sys -> Eastman Kodak Company [Ver = 1.4.7300.0 | Size = 8272 bytes | Modified Date = 6/8/2000 4:22:20 PM | Attr = ] (DcPTP) %DcPTP.SvcDesc% [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcPtp.sys -> Eastman Kodak Company [Ver = 1.4.7300.0 | Size = 47728 bytes | Modified Date = 6/8/2000 4:22:44 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:07:18 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:07:18 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ] (EPScanMemory) EPScanMemory [Kernel | On_Demand | Stopped] -> %ProgramFiles%\EPoX\EPTP\ScanMemory32.sys -> [Ver = | Size = 2432 bytes | Modified Date = 6/21/2005 4:27:36 PM | Attr = ] (Exportit) Exportit [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\ExportIt.sys -> Eastman Kodak Company [Ver = 1.0.4700.0 | Size = 115509 bytes | Modified Date = 6/27/2000 10:59:42 AM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr = ] (InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDfs.sys -> Nero AG [Ver = 5, 0, 0, 4 | Size = 101760 bytes | Modified Date = 10/14/2005 12:00:36 PM | Attr = ] (InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDPass.sys -> Nero AG [Ver = 5, 0, 0, 4 | Size = 29440 bytes | Modified Date = 10/14/2005 12:01:56 PM | Attr = ] (incdrm) InCD Reader [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\InCDRm.sys -> Nero AG [Ver = 5, 0, 0, 4 | Size = 22016 bytes | Modified Date = 10/14/2005 12:00:26 PM | Attr = ] (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5253 built by: WinDDK | Size = 4271616 bytes | Modified Date = 5/4/2006 4:13:52 PM | Attr = R ] (nvata) nvata [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvata.sys -> NVIDIA Corporation [Ver = 5.10.2600.0650 built by: WinDDK | Size = 99584 bytes | Modified Date = 1/27/2006 2:04:16 PM | Attr = R ] (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.05023 | Size = 34176 bytes | Modified Date = 2/17/2006 10:28:30 AM | Attr = R ] (nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.05023 | Size = 13056 bytes | Modified Date = 2/17/2006 10:28:32 AM | Attr = R ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/8/2007 7:51:00 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 PM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr = ] (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssm_bus.sys -> MCCI [Ver = V4.34 | Size = 58320 bytes | Modified Date = 8/30/2005 1:47:38 AM | Attr = ] (ssm_mdfl) SAMSUNG Mobile USB Modem II 1.0 Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssm_mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Modified Date = 8/30/2005 1:49:34 AM | Attr = ] (ssm_mdm) SAMSUNG Mobile USB Modem II 1.0 Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssm_mdm.sys -> MCCI [Ver = V4.34 | Size = 94000 bytes | Modified Date = 8/30/2005 1:49:38 AM | Attr = ] (StarOpen) StarOpen [File_System | System | Running] -> %SystemRoot%\System32\drivers\StarOpen.sys -> [Ver = | Size = 5632 bytes | Modified Date = 7/24/2006 4:05:00 PM | Attr = ] (WUSB54GPV4SRV) Linksys Home Wireless-G USB Adaptor Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt2500usb.sys -> Ralink Technology Inc. [Ver = 2.00.02.0000 | Size = 239488 bytes | Modified Date = 5/5/2004 9:25:00 AM | Attr = R ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 7/5/2008 8:39:40 PM | Attr = ] NetStat Live -> %ProgramFiles%\AnalogX\NetStat Live\nsl.exe [C:\Program Files\AnalogX\NetStat Live\nsl.exe] -> [Ver = | Size = 126980 bytes | Modified Date = 1/26/2008 11:55:56 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe ["C:\Program Files\BitTorrent\bittorrent.exe"] -> File not found BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> File not found EPSON Stylus C90 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIBZP.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZP.EXE /FU "C:\WINDOWS\TEMP\E_S5EE.tmp" /EF "HKCU"] -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 139264 bytes | Modified Date = 9/27/2006 12:00:00 PM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ] < Adrian Startup Folder > -> C:\Documents and Settings\Adrian\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 7/5/2008 8:39:20 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 6:56:52 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 11:36:51 AM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 9/29/2007 2:57:56 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 4:59:54 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomATAPI_CD-ROM_52XMax_____________________C.01____\5&a15b9e2&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomLITE-ON_COMBO_SOHC-5232K________________NK0E____\5&a15b9e2&0&0.1.0 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 1/26/2008 10:49:21 AM | Attr = ] autorun.inf [] -> %SystemDrive%\autorun.inf [ NTFS ] -> [Folder | Modified Date = 3/5/2008 9:31:42 PM | Attr = RHS] < HOSTS File > (698 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.136 | Size = 455960 bytes | Modified Date = 7/5/2008 8:39:24 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 2/22/2005 1:50:34 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 2/22/2005 1:50:34 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 2/22/2005 1:50:34 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 1/9/2008 3:01:48 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 1/9/2008 3:01:48 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 7/5/2008 8:39:24 PM | Attr = ] vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] -> [Ver = | Size = 844314 bytes | Modified Date = 8/4/2004 4:51:04 AM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/16/2005 1:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:56:44 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 888 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 6:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 6:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 59 4C DC E2 56 AD E2 9F A5 2A C2 90 64 C5 D2 2F 64 64 33 33 37 32 39 35 00 68 07 00 01 00 00 00 DC 00 00 00 E0 00 00 00 48 FA 06 00 97 55 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 EE 85 D4 DF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 02 D4 4B F6 DC E1 90 22 5D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 9D C9 0D 29 BF A3 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 58 E5 C1 F4 4A A3 A1 11 08 B4 F9 40 4A F2 D7 9F [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> B2 8F 6A 48 75 80 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 5E 94 25 AD 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 5E 94 25 AD 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 5E 94 25 AD 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12942 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 6:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> %ProgramFiles%\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> %ProgramFiles%\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\Orb.exe -> %ProgramFiles%\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> Orb Networks, Inc. [Ver = 1, 2007, 731, 1315 | Size = 73728 bytes | Modified Date = 8/2/2007 9:02:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbTray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> Orb Networks [Ver = 2, 2008, 105, 1830 | Size = 495616 bytes | Modified Date = 1/8/2008 4:02:54 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe -> %ProgramFiles%\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> Orb Networks [Ver = 2, 2007, 1106, 1700 | Size = 5824512 bytes | Modified Date = 11/7/2007 9:02:24 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 3/30/2008 10:36:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 640280 bytes | Modified Date = 7/3/2008 8:47:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 7/5/2008 8:39:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 11/30/2006 9:49:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 6:56:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 6:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 7/9/2008 8:19:54 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 7/10/2008 7:39:53 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 7/10/2008 8:11:48 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 7/10/2008 8:11:47 PM | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 7/8/2008 9:47:27 PM | Attr = HS] [Files Created - Additional Folder Scans - Non-Microsoft Only] WinZip -> %AllUsersProfile%\Application Data\WinZip -> [Folder | Created Date = 6/23/2008 7:38:46 PM | Attr = ] Runscanner.net -> %UserProfile%\Local Settings\Application Data\Runscanner.net -> [Folder | Created Date = 7/20/2008 9:55:53 PM | Attr = ] avg.csv -> %UserProfile%\My Documents\avg.csv -> [Ver = | Size = 23092 bytes | Created Date = 7/14/2008 9:44:21 PM | Attr = ] For Filing -> %UserProfile%\My Documents\For Filing -> [Folder | Created Date = 7/10/2008 7:20:03 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 7/10/2008 8:11:48 PM | Attr = ] 2x2 pic tricia.JPG -> %UserProfile%\Desktop\2x2 pic tricia.JPG -> [Ver = | Size = 63398 bytes | Created Date = 7/18/2008 6:59:11 AM | Attr = ] fixthis.bat -> %UserProfile%\Desktop\fixthis.bat -> [Ver = | Size = 65 bytes | Created Date = 7/20/2008 9:09:36 PM | Attr = ] for wikipedia.doc -> %UserProfile%\Desktop\for wikipedia.doc -> [Ver = | Size = 475136 bytes | Created Date = 7/14/2008 10:17:14 PM | Attr = ] HostsXpert -> %UserProfile%\Desktop\HostsXpert -> [Folder | Created Date = 7/10/2008 7:37:36 PM | Attr = ] HostsXpert.zip -> %UserProfile%\Desktop\HostsXpert.zip -> [Ver = | Size = 353386 bytes | Created Date = 7/10/2008 7:36:57 PM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.20 | Size = 1774048 bytes | Created Date = 7/10/2008 7:47:32 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Created Date = 7/10/2008 7:39:04 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 7/20/2008 10:30:09 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 7/20/2008 10:26:45 PM | Attr = ] UP JMA Orgspon Click the Cityl.doc -> %UserProfile%\Desktop\UP JMA Orgspon Click the Cityl.doc -> [Ver = | Size = 218624 bytes | Created Date = 7/14/2008 10:04:20 PM | Attr = ] Updated_Adoption_1stsem_0809.xls -> %UserProfile%\Desktop\Updated_Adoption_1stsem_0809.xls -> [Ver = | Size = 34816 bytes | Created Date = 7/20/2008 9:08:00 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 7/10/2008 8:11:46 PM | Attr = ] WinZip -> %ProgramFiles%\WinZip -> [Folder | Created Date = 6/23/2008 7:38:35 PM | Attr = ] [Files/Folders - Modified Within 30 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 7/16/2008 11:00:07 AM | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 7/9/2008 8:19:54 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 7/20/2008 9:12:50 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/10/2008 8:11:46 PM | Attr = R ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/10/2008 7:19:35 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 7/10/2008 7:39:53 PM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 7/20/2008 8:17:22 PM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 25598687 bytes | Modified Date = 7/20/2008 8:17:20 PM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 50290 bytes | Modified Date = 7/20/2008 8:17:18 PM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 162021 bytes | Modified Date = 7/17/2008 11:33:34 AM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Modified Date = 7/5/2008 8:39:19 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 7/5/2008 8:39:20 PM | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Modified Date = 7/5/2008 8:39:36 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/7/2008 5:35:30 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 7/7/2008 5:35:36 PM | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 7/5/2008 8:39:20 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/20/2008 9:51:09 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/10/2008 7:19:00 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7/10/2008 8:11:48 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 295664 bytes | Modified Date = 7/9/2008 7:51:55 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 7/20/2008 8:00:50 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 7/9/2008 7:57:33 PM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/20/2008 10:05:36 PM | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 7/20/2008 9:13:36 PM | Attr = HS] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 7/8/2008 10:41:50 PM | Attr = R S] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/25/2008 9:52:20 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/20/2008 9:51:11 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/14/2008 10:06:57 PM | Attr = HS] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 536440832 bytes | Modified Date = 6/26/2008 8:41:57 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1862 bytes | Modified Date = 7/2/2008 9:35:51 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 6/21/2008 12:17:34 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/20/2008 10:30:32 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 6/26/2008 9:02:59 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 7/10/2008 7:19:00 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 7/20/2008 10:51:33 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/20/2008 10:05:42 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/26/2008 11:33:59 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6780 bytes | Modified Date = 7/20/2008 10:06:33 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6780 bytes | Modified Date = 7/20/2008 10:06:33 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 1/26/2008 4:38:01 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 1/26/2008 4:38:01 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\ -> C:\Documents and Settings\Adrian\Local Settings\Temp -> [Folder | Modified Date = 7/20/2008 10:51:01 PM | Attr = ] nircmd.exe -> C:\Documents and Settings\Adrian\Local Settings\Temp\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 26112 bytes | Modified Date = 7/24/2006 1:38:26 AM | Attr = ] setup_wm.exe -> C:\Documents and Settings\Adrian\Local Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 9.00.00.3250 | Size = 774144 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] wmp11-windowsxp-x86-enu.exe -> C:\Documents and Settings\Adrian\Local Settings\Temp\wmp11-windowsxp-x86-enu.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 25752376 bytes | Modified Date = 11/15/2006 11:06:34 AM | Attr = ] 2677 C:\Documents and Settings\Adrian\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Adrian\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 4/10/2008 12:03:37 AM | Attr = ] fsgk32.exe -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fssm32.exe -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 4/8/2008 11:42:35 PM | Attr = ] fsgk32.exe -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fssm32.exe -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\ -> C:\Documents and Settings\Adrian\Local Settings\Temp -> [Folder | Modified Date = 7/20/2008 10:51:01 PM | Attr = ] CmdLineExt02.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\CmdLineExt02.dll -> [Ver = | Size = 36864 bytes | Modified Date = 6/9/2008 8:19:45 PM | Attr = ] fxdecod1.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\fxdecod1.dll -> Foxit Software Company [Ver = 2, 0, 2008, 523 | Size = 470272 bytes | Modified Date = 6/14/2008 10:31:35 AM | Attr = ] SIntf16.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\SIntf16.dll -> [Ver = | Size = 12067 bytes | Modified Date = 6/9/2008 8:19:47 PM | Attr = ] SIntf32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\SIntf32.dll -> [Ver = | Size = 19924 bytes | Modified Date = 6/9/2008 8:19:47 PM | Attr = ] SIntfNT.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\SIntfNT.dll -> [Ver = | Size = 24516 bytes | Modified Date = 6/9/2008 8:19:47 PM | Attr = ] 2677 C:\Documents and Settings\Adrian\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Adrian\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 4/10/2008 12:03:37 AM | Attr = ] AVPFPI0.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] avpproxy.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] daas_s.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr = ] fm4av.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fpinor.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fsbl.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fsbld.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 4/8/2008 11:41:01 PM | Attr = ] fsecr32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsgkiapi.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fsmart.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 28 | Size = 147456 bytes | Modified Date = 4/8/2008 11:42:08 PM | Attr = ] fspe32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fssubmit.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 4/8/2008 11:40:53 PM | Attr = ] fsup32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupcx32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupfg32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupmw32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupnp32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupux32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupwu32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> [Ver = | Size = 126976 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsusscr.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14093 | Size = 880640 bytes | Modified Date = 4/8/2008 11:42:08 PM | Attr = ] Nse_w32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [Ver = | Size = 506936 bytes | Modified Date = 4/8/2008 11:40:44 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 4/8/2008 11:42:35 PM | Attr = ] AVPFPI0.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] avpproxy.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fm4av.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fpinor.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fsbl.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] fsgkiapi.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 4/9/2008 11:51:18 PM | Attr = ] fsecr32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fspe32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsup32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupcx32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupfg32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupmw32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupnp32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupux32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupwu32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> [Ver = | Size = 126976 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\mlcwin -> [Folder | Modified Date = 4/8/2008 11:42:09 PM | Attr = ] fsmart.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 28 | Size = 147456 bytes | Modified Date = 4/8/2008 11:42:08 PM | Attr = ] fsusscr.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14093 | Size = 880640 bytes | Modified Date = 4/8/2008 11:42:08 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb -> [Folder | Modified Date = 4/8/2008 11:40:44 PM | Attr = ] Nse_w32.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [Ver = | Size = 506936 bytes | Modified Date = 4/8/2008 11:40:44 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_33_bin -> [Folder | Modified Date = 4/8/2008 11:40:53 PM | Attr = ] fssubmit.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 4/8/2008 11:40:53 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_bl -> [Folder | Modified Date = 4/8/2008 11:41:01 PM | Attr = ] fsblu.dll -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 4/8/2008 11:41:01 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\ -> C:\Documents and Settings\Adrian\Local Settings\Temp -> [Folder | Modified Date = 7/20/2008 10:51:01 PM | Attr = ] Perflib_Perfdata_14c.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_14c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/3/2008 8:43:12 PM | Attr = ] Perflib_Perfdata_1c8.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_1c8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/8/2008 10:52:43 PM | Attr = ] Perflib_Perfdata_224.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_224.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/20/2008 10:05:56 PM | Attr = ] Perflib_Perfdata_250.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_250.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/8/2008 9:49:16 PM | Attr = ] Perflib_Perfdata_2b4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_2b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/12/2008 8:43:39 PM | Attr = ] Perflib_Perfdata_2fc.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_2fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/8/2008 9:42:16 PM | Attr = ] Perflib_Perfdata_490.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_490.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/2/2008 10:03:55 PM | Attr = ] Perflib_Perfdata_4c4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_4c4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/15/2008 9:47:33 PM | Attr = ] Perflib_Perfdata_4e0.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_4e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/7/2008 6:54:39 PM | Attr = ] Perflib_Perfdata_528.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_528.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/26/2008 9:04:41 PM | Attr = ] Perflib_Perfdata_5f4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_5f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/10/2008 7:26:51 PM | Attr = ] Perflib_Perfdata_5f8.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_5f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/19/2008 12:24:02 PM | Attr = ] Perflib_Perfdata_608.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_608.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/28/2008 11:00:33 PM | Attr = ] Perflib_Perfdata_60c.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_60c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/20/2008 9:18:18 PM | Attr = ] Perflib_Perfdata_62c.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_62c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/29/2008 11:43:43 AM | Attr = ] Perflib_Perfdata_660.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_660.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/9/2008 11:02:36 AM | Attr = ] Perflib_Perfdata_680.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_680.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/7/2008 7:58:59 PM | Attr = ] Perflib_Perfdata_69c.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_69c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/18/2008 11:06:57 AM | Attr = ] Perflib_Perfdata_6a0.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_6a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/26/2008 7:39:36 PM | Attr = ] Perflib_Perfdata_6b4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_6b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/28/2008 7:55:07 PM | Attr = ] Perflib_Perfdata_78c.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_78c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/3/2008 7:46:03 PM | Attr = ] Perflib_Perfdata_7c4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_7c4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/8/2008 9:37:27 PM | Attr = ] Perflib_Perfdata_7f0.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_7f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/3/2008 9:05:08 PM | Attr = ] Perflib_Perfdata_7f4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_7f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/4/2008 11:18:20 AM | Attr = ] Perflib_Perfdata_82c.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_82c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/7/2008 8:01:12 PM | Attr = ] Perflib_Perfdata_83c.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_83c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/20/2008 10:08:35 PM | Attr = ] Perflib_Perfdata_868.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_868.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/21/2008 9:00:47 PM | Attr = ] Perflib_Perfdata_8d4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_8d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/26/2008 8:42:30 PM | Attr = ] Perflib_Perfdata_918.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_918.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/16/2008 6:31:13 PM | Attr = ] Perflib_Perfdata_98c.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_98c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/21/2008 10:22:08 PM | Attr = ] Perflib_Perfdata_9b4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_9b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/28/2008 10:59:04 PM | Attr = ] Perflib_Perfdata_a88.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_a88.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/8/2008 10:54:26 PM | Attr = ] Perflib_Perfdata_ab4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_ab4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/3/2008 10:31:20 PM | Attr = ] Perflib_Perfdata_b08.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_b08.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/20/2008 9:38:32 PM | Attr = ] Perflib_Perfdata_b10.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_b10.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/10/2008 8:33:55 PM | Attr = ] Perflib_Perfdata_b38.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_b38.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/28/2008 10:30:27 PM | Attr = ] Perflib_Perfdata_b44.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_b44.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/20/2008 11:07:42 AM | Attr = ] Perflib_Perfdata_bd0.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_bd0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/8/2008 9:25:59 PM | Attr = ] Perflib_Perfdata_c54.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_c54.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/29/2008 12:01:03 PM | Attr = ] Perflib_Perfdata_c58.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_c58.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/26/2008 7:41:18 PM | Attr = ] Perflib_Perfdata_cd4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_cd4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/31/2008 10:44:37 PM | Attr = ] Perflib_Perfdata_e74.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_e74.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/26/2008 9:13:43 PM | Attr = ] Perflib_Perfdata_f00.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_f00.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/21/2008 7:30:33 PM | Attr = ] Perflib_Perfdata_f3c.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_f3c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/3/2008 7:50:02 PM | Attr = ] Perflib_Perfdata_f40.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_f40.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/3/2008 9:26:57 PM | Attr = ] Perflib_Perfdata_fb4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_fb4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/8/2008 9:27:03 PM | Attr = ] Perflib_Perfdata_ff4.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_ff4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/8/2008 9:39:16 PM | Attr = ] 2677 C:\Documents and Settings\Adrian\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Adrian\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 4/10/2008 12:03:37 AM | Attr = ] ext.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] fsedb.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [Ver = | Size = 718730 bytes | Modified Date = 4/9/2008 11:51:18 PM | Attr = ] fsupdllb.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupplgn.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsuptmpl.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> [Ver = | Size = 5858 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] perf.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> [Ver = | Size = 128 bytes | Modified Date = 4/10/2008 12:13:20 AM | Attr = ] sae.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] sai.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avmisc -> [Folder | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] ext.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] sae.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] sai.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 4/9/2008 11:51:18 PM | Attr = ] fsedb.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [Ver = | Size = 718730 bytes | Modified Date = 4/9/2008 11:51:18 PM | Attr = ] fsupdllb.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsupplgn.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] fsuptmpl.dat -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> [Ver = | Size = 5858 bytes | Modified Date = 4/8/2008 11:41:52 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 4/10/2008 12:03:37 AM | Attr = ] FS@av.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini -> [Ver = | Size = 203 bytes | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] FS@avpe.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini -> [Ver = | Size = 205 bytes | Modified Date = 4/9/2008 11:51:15 PM | Attr = ] FS@bleng.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini -> [Ver = | Size = 241 bytes | Modified Date = 4/8/2008 11:41:01 PM | Attr = ] FS@corp.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini -> [Ver = | Size = 176 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] FS@hydra.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini -> [Ver = | Size = 250 bytes | Modified Date = 4/9/2008 11:51:18 PM | Attr = ] FS@mlc.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 4/8/2008 11:42:08 PM | Attr = ] FS@ols.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini -> [Ver = | Size = 168 bytes | Modified Date = 4/8/2008 11:40:53 PM | Attr = ] FS@peg.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini -> [Ver = | Size = 204 bytes | Modified Date = 4/8/2008 11:40:44 PM | Attr = ] verdicts.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini -> [Ver = | Size = 2539 bytes | Modified Date = 4/8/2008 11:40:00 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avmisc -> [Folder | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] FS@av.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini -> [Ver = | Size = 203 bytes | Modified Date = 4/8/2008 11:40:04 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avpe\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avpe -> [Folder | Modified Date = 4/9/2008 11:51:16 PM | Attr = ] FS@avpe.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini -> [Ver = | Size = 205 bytes | Modified Date = 4/9/2008 11:51:15 PM | Attr = ] verdicts.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini -> [Ver = | Size = 2539 bytes | Modified Date = 4/8/2008 11:40:00 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 4/8/2008 11:42:35 PM | Attr = ] FS@corp.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini -> [Ver = | Size = 176 bytes | Modified Date = 4/8/2008 11:42:34 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 4/9/2008 11:51:18 PM | Attr = ] FS@hydra.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini -> [Ver = | Size = 250 bytes | Modified Date = 4/9/2008 11:51:18 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\mlcwin -> [Folder | Modified Date = 4/8/2008 11:42:09 PM | Attr = ] FS@mlc.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 4/8/2008 11:42:08 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb -> [Folder | Modified Date = 4/8/2008 11:40:44 PM | Attr = ] FS@peg.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini -> [Ver = | Size = 204 bytes | Modified Date = 4/8/2008 11:40:44 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_33_bin -> [Folder | Modified Date = 4/8/2008 11:40:53 PM | Attr = ] FS@ols.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini -> [Ver = | Size = 168 bytes | Modified Date = 4/8/2008 11:40:53 PM | Attr = ] C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_bl -> [Folder | Modified Date = 4/8/2008 11:41:01 PM | Attr = ] FS@bleng.ini -> C:\Documents and Settings\Adrian\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini -> [Ver = | Size = 241 bytes | Modified Date = 4/8/2008 11:41:01 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 6/21/2008 12:23:53 PM | Attr = ] LauncherAccess.dt -> %AllUsersProfile%\Application Data\LauncherAccess.dt -> [Ver = | Size = 0 bytes | Modified Date = 7/8/2008 10:16:07 PM | Attr = ] WinZip -> %AllUsersProfile%\Application Data\WinZip -> [Folder | Modified Date = 6/23/2008 7:43:34 PM | Attr = ] BitTorrent -> %AppData%\BitTorrent -> [Folder | Modified Date = 6/23/2008 6:49:42 PM | Attr = ] DNA -> %AppData%\DNA -> [Folder | Modified Date = 7/14/2008 11:43:38 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 79680 bytes | Modified Date = 7/9/2008 11:40:42 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1578568 bytes | Modified Date = 7/5/2008 11:28:08 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/26/2008 8:03:45 PM | Attr = ] Runscanner.net -> %UserProfile%\Local Settings\Application Data\Runscanner.net -> [Folder | Modified Date = 7/20/2008 9:55:53 PM | Attr = ] avg.csv -> %UserProfile%\My Documents\avg.csv -> [Ver = | Size = 23092 bytes | Modified Date = 7/14/2008 9:44:21 PM | Attr = ] BT Burn -> %UserProfile%\My Documents\BT Burn -> [Folder | Modified Date = 7/8/2008 10:17:41 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 6/21/2008 12:30:42 PM | Attr = ] For Filing -> %UserProfile%\My Documents\For Filing -> [Folder | Modified Date = 7/10/2008 9:07:43 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 7/8/2008 10:17:48 PM | Attr = R ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 7/10/2008 8:11:48 PM | Attr = ] 2x2 pic tricia.JPG -> %UserProfile%\Desktop\2x2 pic tricia.JPG -> [Ver = | Size = 63398 bytes | Modified Date = 7/18/2008 6:59:11 AM | Attr = ] fixthis.bat -> %UserProfile%\Desktop\fixthis.bat -> [Ver = | Size = 65 bytes | Modified Date = 7/20/2008 9:09:36 PM | Attr = ] for wikipedia.doc -> %UserProfile%\Desktop\for wikipedia.doc -> [Ver = | Size = 475136 bytes | Modified Date = 7/14/2008 10:20:49 PM | Attr = ] HostsXpert -> %UserProfile%\Desktop\HostsXpert -> [Folder | Modified Date = 7/20/2008 9:19:23 PM | Attr = ] HostsXpert.zip -> %UserProfile%\Desktop\HostsXpert.zip -> [Ver = | Size = 353386 bytes | Modified Date = 7/10/2008 7:37:06 PM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.20 | Size = 1774048 bytes | Modified Date = 7/10/2008 7:51:00 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Modified Date = 7/10/2008 7:39:20 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 7/20/2008 10:30:09 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 7/20/2008 10:25:57 PM | Attr = ] UP JMA Orgspon Click the Cityl.doc -> %UserProfile%\Desktop\UP JMA Orgspon Click the Cityl.doc -> [Ver = | Size = 218624 bytes | Modified Date = 7/14/2008 10:04:20 PM | Attr = ] Updated_Adoption_1stsem_0809.xls -> %UserProfile%\Desktop\Updated_Adoption_1stsem_0809.xls -> [Ver = | Size = 34816 bytes | Modified Date = 7/20/2008 9:07:59 PM | Attr = ] < End of report > [/code]