[code] OTScanIt logfile created on: 8/8/2008 1:02:30 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Kelly\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.48 Mb Total Physical Memory | 543.61 Mb Available Physical Memory | 56.72% Memory free 2.26 Gb Paging File | 2.02 Gb Available in Paging File | 89.48% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 224.03 Gb Total Space | 179.05 Gb Free Space | 79.92% Space Free | Partition Type: NTFS Drive D: | 8.84 Gb Total Space | 0.60 Gb Free Space | 6.79% Space Free | Partition Type: FAT32 Drive E: | 593.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-4DACD0EA75 Current User Name: Kelly Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:35 AM | Attr = R ] aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr = ] arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 1:19:16 AM | Attr = ] aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 3:54:12 PM | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 1:01:00 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 5:50:00 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr = ] sansasvr.exe -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 61440 bytes | Modified Date = 1/22/2007 3:33:40 PM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ] arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/3/2005 1:19:16 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] ctsyncu.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> [Ver = 6.2.10.0 | Size = 851968 bytes | Modified Date = 11/23/2006 5:12:30 PM | Attr = ] kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 6:44:24 PM | Attr = ] hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 11:04:38 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:35 AM | Attr = R ] (AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr = ] (ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 1:19:16 AM | Attr = ] (AVP) Kaspersky Anti-Virus 7.0 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 227856 bytes | Modified Date = 2/8/2008 6:36:14 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 1:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 7:12:17 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 6/2/2008 11:13:16 AM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 5:50:00 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr = ] (SansaService) Sansa Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 61440 bytes | Modified Date = 1/22/2007 3:33:40 PM | Attr = ] (SvcOnlineArmor) Online Armor [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Tall Emu\Online Armor\oasrv.exe -> Tall Emu [Ver = 2.1.0.131 | Size = 5449280 bytes | Modified Date = 4/17/2008 5:22:36 AM | Attr = ] [Driver Services - Non-Microsoft Only] (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 36352 bytes | Modified Date = 3/9/2005 4:53:00 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 1:44:48 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 1:44:46 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] (ftsata2) ftsata2 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\DRIVERS\ftsata2.sys -> File not found (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ] (giveio) giveio [Kernel | Boot | Running] -> %SystemRoot%\system32\giveio.sys -> [Ver = | Size = 5248 bytes | Modified Date = 4/3/1996 2:33:26 PM | Attr = ] (gmer) gmer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 8/7/2008 12:27:19 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 11:36:05 AM | Attr = ] (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 241664 bytes | Modified Date = 12/6/2005 1:20:50 PM | Attr = ] (HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DP.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 936448 bytes | Modified Date = 12/6/2005 1:20:40 PM | Attr = ] (iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> Intel Corporation [Ver = 5.1.0.1022 | Size = 872064 bytes | Modified Date = 6/17/2005 8:33:40 AM | Attr = ] (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5268 built by: WinDDK | Size = 4299264 bytes | Modified Date = 6/14/2006 1:04:12 PM | Attr = ] (kl1) kl1 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.30.0 | Size = 112144 bytes | Modified Date = 7/15/2008 9:16:57 AM | Attr = ] (klif) klif [Kernel | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.377 | Size = 195344 bytes | Modified Date = 12/28/2007 7:51:04 PM | Attr = ] (klim5) Kaspersky Anti-Virus NDIS Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\klim5.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 24592 bytes | Modified Date = 12/13/2007 1:28:40 PM | Attr = ] (L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\L8042pr2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 51486 bytes | Modified Date = 11/7/2003 4:50:00 AM | Attr = ] (LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Modified Date = 11/7/2003 4:50:00 AM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/5/2005 5:57:08 PM | Attr = ] (MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMPR5.sys -> Motive, Inc. [Ver = 503.1658.1 | Size = 19345 bytes | Modified Date = 11/22/2004 6:36:34 PM | Attr = ] (MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 11/22/2004 6:36:39 PM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 3535680 bytes | Modified Date = 5/9/2006 5:50:00 PM | Attr = ] (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.05024 | Size = 34176 bytes | Modified Date = 3/3/2006 5:31:02 PM | Attr = ] (nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.05024 | Size = 13056 bytes | Modified Date = 3/3/2006 5:31:04 PM | Attr = ] (OADevice) OADriver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\OADriver.sys -> Tall Emu Pty Ltd [Ver = 2, 1, 0, 5 | Size = 75776 bytes | Modified Date = 7/9/2008 7:05:36 PM | Attr = ] (OAmon) OAmon [Kernel | System | Running] -> %SystemRoot%\system32\drivers\OAmon.sys -> Tall Emu Pty Ltd [Ver = 2, 1, 0, 0 | Size = 25600 bytes | Modified Date = 7/9/2008 7:05:37 PM | Attr = ] (OAnet) OAnet [Kernel | System | Running] -> %SystemRoot%\system32\drivers\oanet.sys -> Tall Emu Pty Ltd [Ver = 2, 0, 0, 0 | Size = 28872 bytes | Modified Date = 4/17/2008 5:22:46 AM | Attr = ] (PCAMPR5) PCAMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCAMPR5.SYS -> File not found (Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 19072 bytes | Modified Date = 12/12/2005 7:27:00 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.67a | Size = 43872 bytes | Modified Date = 7/26/2007 3:00:00 AM | Attr = ] (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 4:31:34 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 5/28/2008 10:33:38 AM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ] (spcstb) spcstb [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\DRIVERS\spcstb.sys -> File not found (TVICHW32) TVICHW32 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TVICHW32.SYS -> EnTech Taiwan [Ver = 6.0 | Size = 23600 bytes | Modified Date = 10/9/2005 5:05:00 PM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ] (winachsx) winachsx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 670208 bytes | Modified Date = 12/6/2005 1:20:42 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AlwaysReady Power Message APP -> %SystemRoot%\arpwrmsg.exe [ARPWRMSG.EXE] -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/3/2005 1:19:16 AM | Attr = ] AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe ["C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"] -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 227856 bytes | Modified Date = 2/8/2008 6:36:14 PM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ] HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> Hewlett-Packard Company [Ver = 3, 0, 0, 0 | Size = 249856 bytes | Modified Date = 2/16/2006 12:34:58 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 7311360 bytes | Modified Date = 5/9/2006 5:50:00 PM | Attr = ] OnlineArmor GUI -> %ProgramFiles%\Tall Emu\Online Armor\oaui.exe ["C:\Program Files\Tall Emu\Online Armor\oaui.exe"] -> Tall Emu [Ver = 2.1.0.131 | Size = 5606464 bytes | Modified Date = 4/17/2008 5:22:36 AM | Attr = ] PCDrProfiler -> %ProgramFiles%\PC-Doctor 5 for Windows\RunProfiler.exe ["C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r] -> [Ver = | Size = 53248 bytes | Modified Date = 4/6/2006 1:17:58 PM | Attr = ] PCDrSmartMonitor -> %ProgramFiles%\PC-Doctor 5 for Windows\PcdSmartMonitor.exe ["C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r] -> [Ver = | Size = 376832 bytes | Modified Date = 5/10/2006 5:44:28 PM | Attr = ] PwrUpTweakMe -> %SystemRoot%\system32\puxptwks.exe [C:\WINDOWS\system32\PuXpTwks.exe /TWEAK] -> ashampoo GmbH & Co. KG [Ver = 1.05.0004 | Size = 45056 bytes | Modified Date = 9/12/2005 11:36:48 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ] Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/23/2005 12:14:00 AM | Attr = ] SmartDefrag -> %ProgramFiles%\IObit\IObit SmartDefrag\IObit SmartDefrag.exe ["C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp] -> IObit [Ver = 0.0.6.0 | Size = 2231624 bytes | Modified Date = 8/4/2008 6:26:06 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. -> MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. -> MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe ["C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"] -> [Ver = 6.2.10.0 | Size = 851968 bytes | Modified Date = 11/23/2006 5:12:30 PM | Attr = ] HostsMan -> %ProgramFiles%\HostsMan\hm.exe ["C:\Program Files\HostsMan\hm.exe" -s] -> abelhadigital.com [Ver = 3.2.66.0 | Size = 2847232 bytes | Modified Date = 6/16/2008 4:19:04 AM | Attr = ] kdx -> %ProgramFiles%\kontiki\KHost.exe [C:\Program Files\Kontiki\KHost.exe -all] -> Kontiki Inc. [Ver = 5.02.61030.0 | Size = 1040832 bytes | Modified Date = 11/28/2006 12:47:16 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Kelly Startup Folder > -> C:\Documents and Settings\Kelly\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:35 PM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [SpywareGuard] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/2/2003 11:20:57 PM | Attr = R ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 7:12:19 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 7:12:24 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 7:12:41 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> klogon -> %SystemRoot%\system32\klogon.dll -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 219664 bytes | Modified Date = 2/8/2008 6:37:44 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 1:40:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_TS-H652L_______________0603____\5&3b6e5ef6&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/27/2001 8:07:38 AM | Attr = HS] autorun.inf [[autorun] | open=Start.exe | icon=SIMSCD.ICO | ] -> E:\autorun.inf [ CDFS ] -> [Ver = | Size = 44 bytes | Modified Date = 7/24/2001 1:15:36 PM | Attr = R ] < HOSTS File > (254384 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://att.my.yahoo.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3499 domain(s) found. -> 26 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 8/2/2003 11:24:01 PM | Attr = R ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> Hewlett-Packard [Ver = 1.0.0.1 | Size = 208896 bytes | Modified Date = 7/31/2006 9:43:01 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {A58686ED-FC46-44C3-95C6-4A812AB776F1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FerretSoft\WebFerret\FerretBand.dll [WebFerret] -> [Ver = | Size = 23040 bytes | Modified Date = 3/26/2007 1:12:15 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{A58686ED-FC46-44C3-95C6-4A812AB776F1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FerretSoft\WebFerret\FerretBand.dll [WebFerret] -> [Ver = | Size = 23040 bytes | Modified Date = 3/26/2007 1:12:15 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 223760 bytes | Modified Date = 2/8/2008 6:37:52 PM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found &WordWeb... -> %SystemRoot%\system32\wweb32.dll -> Antony Lewis [Ver = 4.0.0.0 | Size = 691712 bytes | Modified Date = 4/22/2006 3:26:23 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7FF696E4-F7F5-4CEA-AF40-47390CFFA864} -> (1394 Net Adapter) -> {892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> {9F07652D-9842-404D-B979-93C3DBD38885} -> (Windows Mobile-based Device) -> {BC66573B-7393-429F-9833-129CDC3EBDFC} -> (NVIDIA nForce Networking Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15030/CTSUEng.cab[Creative Software AutoUpdate] -> {127CE7BA-AD89-4108-A913-C52EFC037C36}[HKEY_LOCAL_MACHINE] -> http://kdx.omn.org/securedelivery/omn/PlayerSupport.cab[Reg Error: Key does not exist or could not be opened.] -> {193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://download.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] -> {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5}[HKEY_LOCAL_MACHINE] -> http://kdx.omn.org/securedelivery/omn/MediaPublisher.cab[Reg Error: Key does not exist or could not be opened.] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll[Installation Support] -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[Reg Error: Key does not exist or could not be opened.] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165348971449[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15030/CTPID.cab[Creative Software AutoUpdate Support Package] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file:///C:/WINDOWS/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/America Online 9.0a/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/America Online 9.0a/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/America Online 9.0a/unicows.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Yahoo!/Common/yinsthelper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Yahoo!/Common/yinsthelper.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Yahoo!/Common/yinsthelper.dll\\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> {F6ACF75C-C32C-447B-9BEF-46B766368D29} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\.Owner -> {193C772A-87BE-4B19-A7BB-445B226FE9A1} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 7:11:56 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 7:12:08 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1152 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 7:12:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 3F 88 85 84 7E 18 C2 5D BC 18 F3 8B DF C1 23 7B 37 37 63 61 63 65 34 34 00 00 00 00 A1 65 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 4C 5C D6 7B 4D 04 CA 31 D2 A6 8B 77 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> D1 9E A1 1A B9 B3 7F 9A 48 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 0C 11 C4 02 CB 63 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> B7 46 CE B4 6E 66 FC 0F FA 9F 3A DC C6 8F 85 47 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> C8 DD 37 44 9D F8 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 16771 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 7:11:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/13/2008 7:12:28 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 2:17:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 7:50:37 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:35 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.02.000 | Size = 37464 bytes | Modified Date = 11/19/2004 12:54:58 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 3:54:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1164757353\EE\AOLServiceHost.exe -> %CommonProgramFiles%\AOL\1164757353\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1164757353\EE\AOLServiceHost.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 1.0.0.6 | Size = 110680 bytes | Modified Date = 11/3/2004 4:03:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> %CommonProgramFiles%\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> AOL LLC [Ver = 2, 4, 1, 1 | Size = 161328 bytes | Modified Date = 1/10/2007 3:40:42 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> %CommonProgramFiles%\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> Gteko Ltd. [Ver = 1, 0, 0, 35 | Size = 59992 bytes | Modified Date = 10/14/2004 5:34:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe -> %ProgramFiles%\America Online 9.0a\waol.exe [C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.02.000 | Size = 37464 bytes | Modified Date = 7/12/2005 12:17:51 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Paltalk Messenger\paltalk.exe -> %ProgramFiles%\Paltalk Messenger\paltalk.exe [C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9 beta] -> AVM Software Inc. [Ver = 9.92.2952.1026 | Size = 10452992 bytes | Modified Date = 5/8/2008 5:17:47 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe -> %ProgramFiles%\Microsoft Games\Zoo Tycoon 2\zt.exe [C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable] -> Microsoft Corporation [Ver = 20, 11, 0, 7 | Size = 3935744 bytes | Modified Date = 12/18/2004 3:08:22 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\kontiki\KService.exe -> %ProgramFiles%\kontiki\KService.exe [C:\Program Files\kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> [Ver = | Size = 3068352 bytes | Modified Date = 10/30/2006 5:53:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 6/2/2008 11:13:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20566:TCP -> 20566:TCP:*:Enabled:BitComet 20566 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20566:UDP -> 20566:UDP:*:Enabled:BitComet 20566 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 7:12:11 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 7:12:04 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/13/2008 7:12:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 7:12:04 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> [Files/Folders - Created Within 60 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 8/4/2008 1:21:22 PM | Attr = ] backup.reg -> %SystemDrive%\backup.reg -> [Ver = | Size = 6735942 bytes | Created Date = 7/11/2008 10:21:50 AM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 8/3/2008 4:37:26 PM | Attr = ] fullross.jpg -> %SystemDrive%\fullross.jpg -> [Ver = | Size = 39060 bytes | Created Date = 6/22/2008 7:09:21 PM | Attr = ] HaxFix -> %SystemDrive%\HaxFix -> [Folder | Created Date = 8/5/2008 11:26:50 AM | Attr = ] HaxFix.exe -> %SystemDrive%\HaxFix.exe -> Marckie [Ver = 5. 1. 2. 0 | Size = 466502 bytes | Created Date = 8/5/2008 11:26:50 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Created Date = 8/4/2008 2:57:47 PM | Attr = HS] kav -> %SystemDrive%\kav -> [Folder | Created Date = 7/15/2008 9:06:33 AM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 7/24/2008 6:19:27 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 8/6/2008 11:25:00 AM | Attr = HS] adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 7/1/2008 12:48:05 AM | Attr = ] adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 7/1/2008 12:48:05 AM | Attr = ] adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 7/1/2008 12:48:05 AM | Attr = ] adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 7/1/2008 12:48:05 AM | Attr = ] adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 7/1/2008 12:48:05 AM | Attr = ] adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 7/1/2008 12:48:05 AM | Attr = ] adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 7/1/2008 12:48:05 AM | Attr = ] amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Created Date = 7/1/2008 12:48:05 AM | Attr = ] ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 7/1/2008 12:48:09 AM | Attr = ] cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 7/1/2008 12:48:13 AM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 37716256 bytes | Created Date = 7/15/2008 9:08:03 AM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 506060 bytes | Created Date = 7/15/2008 9:08:03 AM | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 299296 bytes | Created Date = 7/15/2008 9:08:03 AM | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 29012 bytes | Created Date = 7/15/2008 9:08:03 AM | Attr = HS] gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 8/7/2008 12:27:19 PM | Attr = ] hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 7/1/2008 12:48:22 AM | Attr = ] hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 7/1/2008 12:48:22 AM | Attr = ] hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 7/1/2008 12:48:22 AM | Attr = ] klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 87855 bytes | Created Date = 7/15/2008 9:08:46 AM | Attr = ] klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 96976 bytes | Created Date = 7/15/2008 9:08:46 AM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 7/19/2008 2:37:19 PM | Attr = ] mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 7/1/2008 12:49:11 AM | Attr = ] mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 7/1/2008 12:49:11 AM | Attr = ] mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 7/1/2008 12:49:12 AM | Attr = ] netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 7/1/2008 12:49:15 AM | Attr = ] ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 7/1/2008 12:49:17 AM | Attr = ] OADriver.sys -> %SystemRoot%\System32\drivers\OADriver.sys -> Tall Emu Pty Ltd [Ver = 2, 1, 0, 5 | Size = 75776 bytes | Created Date = 7/9/2008 6:45:34 PM | Attr = ] OAmon.sys -> %SystemRoot%\System32\drivers\OAmon.sys -> Tall Emu Pty Ltd [Ver = 2, 1, 0, 0 | Size = 25600 bytes | Created Date = 7/9/2008 6:45:34 PM | Attr = ] oanet.sys -> %SystemRoot%\System32\drivers\oanet.sys -> Tall Emu Pty Ltd [Ver = 2, 0, 0, 0 | Size = 28872 bytes | Created Date = 7/9/2008 6:45:34 PM | Attr = ] recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 7/1/2008 12:49:27 AM | Attr = ] s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 7/1/2008 12:49:30 AM | Attr = ] siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 7/1/2008 12:49:34 AM | Attr = ] sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Created Date = 7/1/2008 12:49:34 AM | Attr = ] slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 7/1/2008 12:49:35 AM | Attr = ] slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 7/1/2008 12:49:35 AM | Attr = ] slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 7/1/2008 12:49:35 AM | Attr = ] slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 7/1/2008 12:49:35 AM | Attr = ] vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 7/1/2008 12:49:50 AM | Attr = ] wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 7/1/2008 12:49:52 AM | Attr = ] wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 7/1/2008 12:49:52 AM | Attr = ] wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 7/1/2008 12:49:52 AM | Attr = ] wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 7/1/2008 12:49:52 AM | Attr = ] watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 7/1/2008 12:49:52 AM | Attr = ] watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 7/1/2008 12:49:52 AM | Attr = ] ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 7/1/2008 12:48:07 AM | Attr = ] ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 7/1/2008 12:48:08 AM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 7/1/2008 1:04:23 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 6/12/2008 3:32:24 PM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Created Date = 7/1/2008 1:04:24 AM | Attr = ] hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 7/1/2008 12:48:22 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/14/2008 11:08:45 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 6/27/2008 11:32:55 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/14/2008 11:08:45 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 7/14/2008 11:08:45 AM | Attr = ] mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 7/1/2008 12:49:12 AM | Attr = ] pcdhdm.cpl -> %SystemRoot%\System32\pcdhdm.cpl -> [Ver = | Size = 38400 bytes | Created Date = 7/26/2008 1:07:33 AM | Attr = ] pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 974 bytes | Created Date = 7/1/2008 12:48:28 AM | Attr = ] s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 7/1/2008 12:49:30 AM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 7/1/2008 1:04:25 AM | Attr = ] slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 7/1/2008 12:49:34 AM | Attr = ] slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 7/1/2008 12:49:34 AM | Attr = ] slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 7/1/2008 12:49:35 AM | Attr = ] slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 7/1/2008 12:49:35 AM | Attr = ] slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 7/1/2008 12:49:35 AM | Attr = ] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 7/1/2008 12:55:28 AM | Attr = H ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 7/24/2008 6:20:05 PM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 6/23/2008 5:06:15 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 7/24/2008 6:19:26 PM | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 8/7/2008 12:27:19 PM | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 8/7/2008 12:27:19 PM | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 8/7/2008 12:27:20 PM | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 8/7/2008 12:27:19 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 7/24/2008 6:19:26 PM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 7/1/2008 1:04:24 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 7/24/2008 6:19:26 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 7/1/2008 1:15:01 AM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 7/24/2008 6:19:26 PM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 7/1/2008 1:02:31 AM | Attr = ] slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 7/1/2008 12:49:35 AM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 7/24/2008 6:19:26 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 7/24/2008 6:19:26 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 7/24/2008 6:19:26 PM | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Created Date = 8/6/2008 11:13:32 AM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 7/24/2008 6:19:26 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 7/24/2008 6:19:26 PM | Attr = ] zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Created Date = 6/28/2008 11:59:58 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] abelhadigital.com -> %AllUsersProfile%\Application Data\abelhadigital.com -> [Folder | Created Date = 7/11/2008 10:24:46 AM | Attr = ] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Created Date = 6/12/2008 3:29:32 PM | Attr = ] ESET -> %AllUsersProfile%\Application Data\ESET -> [Folder | Created Date = 6/28/2008 2:40:13 PM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 7/15/2008 9:08:03 AM | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Created Date = 7/22/2008 8:51:10 PM | Attr = ] OnlineArmor -> %AllUsersProfile%\Application Data\OnlineArmor -> [Folder | Created Date = 7/9/2008 6:45:48 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 6/15/2008 9:31:48 PM | Attr = ] abelhadigital.com -> %AppData%\abelhadigital.com -> [Folder | Created Date = 7/11/2008 10:24:46 AM | Attr = ] OnlineArmor -> %AppData%\OnlineArmor -> [Folder | Created Date = 7/9/2008 6:45:48 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 6/15/2008 9:31:41 PM | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 492 bytes | Created Date = 7/29/2008 10:20:28 AM | Attr = ] HostsMan Backups -> %AllUsersProfile%\Documents\HostsMan Backups -> [Folder | Created Date = 7/4/2008 2:02:03 PM | Attr = ] bass poppers 7-12-08.jpg -> %UserProfile%\My Documents\bass poppers 7-12-08.jpg -> [Ver = | Size = 183119 bytes | Created Date = 7/12/2008 7:44:07 PM | Attr = ] Bass Poppers 7-13-08.jpg -> %UserProfile%\My Documents\Bass Poppers 7-13-08.jpg -> [Ver = | Size = 229396 bytes | Created Date = 7/13/2008 5:24:20 PM | Attr = ] Bass Poppers B 7-13-08.jpg -> %UserProfile%\My Documents\Bass Poppers B 7-13-08.jpg -> [Ver = | Size = 200837 bytes | Created Date = 7/13/2008 5:25:41 PM | Attr = ] Flathead 2.jpg -> %UserProfile%\My Documents\Flathead 2.jpg -> [Ver = | Size = 227280 bytes | Created Date = 6/17/2008 11:30:16 PM | Attr = ] flies A 7-13-08.jpg -> %UserProfile%\My Documents\flies A 7-13-08.jpg -> [Ver = | Size = 367522 bytes | Created Date = 7/13/2008 2:20:26 PM | Attr = ] Flies b 7-13-08.jpg -> %UserProfile%\My Documents\Flies b 7-13-08.jpg -> [Ver = | Size = 291999 bytes | Created Date = 7/13/2008 2:35:04 PM | Attr = ] HD Tune file.CLP -> %UserProfile%\My Documents\HD Tune file.CLP -> [Ver = | Size = 515 bytes | Created Date = 7/4/2008 12:08:11 AM | Attr = ] jre-6u6-windows-i586-p.exe -> %UserProfile%\My Documents\jre-6u6-windows-i586-p.exe -> [Ver = | Size = 15951256 bytes | Created Date = 6/27/2008 11:34:38 PM | Attr = ] Kaspersky findings detected 7-23-08.bmp -> %UserProfile%\My Documents\Kaspersky findings detected 7-23-08.bmp -> [Ver = | Size = 2359350 bytes | Created Date = 7/23/2008 6:07:28 PM | Attr = ] Kaspersky online scan 7-20-08.html -> %UserProfile%\My Documents\Kaspersky online scan 7-20-08.html -> [Ver = | Size = 2927 bytes | Created Date = 7/20/2008 11:40:05 PM | Attr = ] music notes layout.wps -> %UserProfile%\My Documents\music notes layout.wps -> [Ver = | Size = 19968 bytes | Created Date = 7/29/2008 10:21:55 AM | Attr = ] paint splatter skinny layout.wps -> %UserProfile%\My Documents\paint splatter skinny layout.wps -> [Ver = | Size = 28160 bytes | Created Date = 7/29/2008 10:21:00 AM | Attr = ] poppers & flies7-12-08.jpg -> %UserProfile%\My Documents\poppers & flies7-12-08.jpg -> [Ver = | Size = 250583 bytes | Created Date = 7/12/2008 7:43:23 PM | Attr = ] poppers 7-12-08.jpg -> %UserProfile%\My Documents\poppers 7-12-08.jpg -> [Ver = | Size = 325236 bytes | Created Date = 7/12/2008 7:42:43 PM | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\My Documents\SUPERAntiSpyware.exe -> [Ver = | Size = 6467096 bytes | Created Date = 6/15/2008 9:29:09 PM | Attr = ] Test Event Logs - Hard Drive - WDC WD2500JS-60NCB1.html -> %UserProfile%\My Documents\Test Event Logs - Hard Drive - WDC WD2500JS-60NCB1.html -> [Ver = | Size = 451242 bytes | Created Date = 7/26/2008 12:39:31 AM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Created Date = 6/15/2008 9:31:43 PM | Attr = ] CWShredder.lnk -> %UserProfile%\Desktop\CWShredder.lnk -> [Ver = | Size = 1736 bytes | Created Date = 7/26/2008 1:24:37 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 8/3/2008 4:36:39 PM | Attr = ] ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 603 bytes | Created Date = 7/26/2008 1:57:37 PM | Attr = ] FlySim.lnk -> %UserProfile%\Desktop\FlySim.lnk -> [Ver = | Size = 665 bytes | Created Date = 7/17/2008 9:50:54 PM | Attr = ] flysim_setup.exe -> %UserProfile%\Desktop\flysim_setup.exe -> FlySim.com [Ver = | Size = 5348489 bytes | Created Date = 7/17/2008 9:49:16 PM | Attr = ] gmer -> %UserProfile%\Desktop\gmer -> [Folder | Created Date = 8/8/2008 12:08:52 PM | Attr = ] HD Tune.lnk -> %UserProfile%\Desktop\HD Tune.lnk -> [Ver = | Size = 624 bytes | Created Date = 7/3/2008 10:34:19 PM | Attr = ] HostsMan.lnk -> %UserProfile%\Desktop\HostsMan.lnk -> [Ver = | Size = 747 bytes | Created Date = 7/4/2008 9:13:27 PM | Attr = ] log -> %UserProfile%\Desktop\log -> [Folder | Created Date = 8/8/2008 11:08:47 AM | Attr = ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 622 bytes | Created Date = 7/26/2008 1:57:37 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/7/2008 12:11:44 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/7/2008 10:04:06 AM | Attr = ] Regfix -> %UserProfile%\Desktop\Regfix -> [Folder | Created Date = 7/26/2008 12:40:23 PM | Attr = ] Regfix.zip -> %UserProfile%\Desktop\Regfix.zip -> [Ver = | Size = 288 bytes | Created Date = 7/26/2008 12:39:44 PM | Attr = ] sarsfx.exe -> %UserProfile%\Desktop\sarsfx.exe -> [Ver = | Size = 1181383 bytes | Created Date = 8/8/2008 10:55:07 AM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 701 bytes | Created Date = 6/28/2008 4:58:31 PM | Attr = ] SpywareGuard.lnk -> %UserProfile%\Desktop\SpywareGuard.lnk -> [Ver = | Size = 649 bytes | Created Date = 6/28/2008 3:11:46 PM | Attr = ] The Sims..1024x768.lnk -> %UserProfile%\Desktop\The Sims..1024x768.lnk -> [Ver = | Size = 1657 bytes | Created Date = 7/31/2008 10:25:09 PM | Attr = ] Trillian.lnk -> %UserProfile%\Desktop\Trillian.lnk -> [Ver = | Size = 1633 bytes | Created Date = 8/8/2008 11:27:42 AM | Attr = ] SpywareGuard.lnk -> %UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> [Ver = | Size = 661 bytes | Created Date = 6/28/2008 3:11:46 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 6/27/2008 11:32:13 PM | Attr = ] Motive -> %CommonProgramFiles%\Motive -> [Folder | Created Date = 7/29/2008 2:12:12 PM | Attr = ] Apple Software Update -> %ProgramFiles%\Apple Software Update -> [Folder | Created Date = 6/12/2008 3:29:32 PM | Attr = ] ATT -> %ProgramFiles%\ATT -> [Folder | Created Date = 7/29/2008 2:11:25 PM | Attr = ] ERUNT -> %ProgramFiles%\ERUNT -> [Folder | Created Date = 7/26/2008 1:57:36 PM | Attr = ] ESET -> %ProgramFiles%\ESET -> [Folder | Created Date = 6/28/2008 2:40:13 PM | Attr = ] FlySim -> %ProgramFiles%\FlySim -> [Folder | Created Date = 7/17/2008 9:50:47 PM | Attr = ] HD Tune -> %ProgramFiles%\HD Tune -> [Folder | Created Date = 7/3/2008 10:34:18 PM | Attr = ] HostsMan -> %ProgramFiles%\HostsMan -> [Folder | Created Date = 7/4/2008 2:02:01 PM | Attr = ] InterMute -> %ProgramFiles%\InterMute -> [Folder | Created Date = 7/26/2008 1:24:31 PM | Attr = ] iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 6/12/2008 3:35:16 PM | Attr = ] iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 6/12/2008 3:35:06 PM | Attr = ] Kaspersky Lab -> %ProgramFiles%\Kaspersky Lab -> [Folder | Created Date = 7/15/2008 9:08:03 AM | Attr = ] PC-Doctor 5 for Windows -> %ProgramFiles%\PC-Doctor 5 for Windows -> [Folder | Created Date = 7/26/2008 12:01:16 AM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 6/12/2008 3:34:02 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 6/15/2008 9:31:41 PM | Attr = ] Tall Emu -> %ProgramFiles%\Tall Emu -> [Folder | Created Date = 7/9/2008 6:45:34 PM | Attr = ] Trillian -> %ProgramFiles%\Trillian -> [Folder | Created Date = 7/26/2008 1:43:17 PM | Attr = ] [Files/Folders - Modified Within 30 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 8/4/2008 3:15:06 PM | Attr = ] backup.reg -> %SystemDrive%\backup.reg -> [Ver = | Size = 6735942 bytes | Modified Date = 8/4/2008 2:56:40 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 262 bytes | Modified Date = 7/30/2008 5:26:15 PM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/4/2008 12:35:04 PM | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 8/3/2008 4:37:26 PM | Attr = ] HaxFix -> %SystemDrive%\HaxFix -> [Folder | Modified Date = 8/5/2008 11:35:17 AM | Attr = ] HaxFix.exe -> %SystemDrive%\HaxFix.exe -> Marckie [Ver = 5. 1. 2. 0 | Size = 466502 bytes | Modified Date = 8/5/2008 12:19:14 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Modified Date = 8/8/2008 12:45:15 PM | Attr = HS] hp -> %SystemDrive%\hp -> [Folder | Modified Date = 7/28/2008 4:05:52 PM | Attr = H ] Install ICQ -> %SystemDrive%\Install ICQ -> [Folder | Modified Date = 7/21/2008 12:02:09 PM | Attr = ] kav -> %SystemDrive%\kav -> [Folder | Modified Date = 7/15/2008 9:06:33 AM | Attr = ] Legacy -> %SystemDrive%\Legacy -> [Folder | Modified Date = 8/7/2008 5:57:56 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/31/2008 6:23:58 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 8/6/2008 11:13:29 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/6/2008 11:25:00 AM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/4/2008 8:32:15 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/8/2008 12:45:30 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/7/2008 5:44:30 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 254384 bytes | Modified Date = 8/7/2008 5:44:50 PM | Attr = ] hosts.20080711-121515.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080711-121515.backup -> [Ver = | Size = 2100597 bytes | Modified Date = 7/11/2008 9:30:43 AM | Attr = R ] hosts.20080711-124541.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080711-124541.backup -> [Ver = | Size = 2289346 bytes | Modified Date = 7/11/2008 12:15:16 PM | Attr = R ] hosts.20080711-124543.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080711-124543.backup -> [Ver = | Size = 2289309 bytes | Modified Date = 7/11/2008 12:45:42 PM | Attr = R ] hosts.20080711-124545.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080711-124545.backup -> [Ver = | Size = 2289276 bytes | Modified Date = 7/11/2008 12:45:44 PM | Attr = R ] hosts.20080711-124547.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080711-124547.backup -> [Ver = | Size = 2289256 bytes | Modified Date = 7/11/2008 12:45:46 PM | Attr = R ] hosts.20080713-152209.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080713-152209.backup -> [Ver = | Size = 2100907 bytes | Modified Date = 7/13/2008 10:51:46 AM | Attr = R ] hosts.20080717-000046.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080717-000046.backup -> [Ver = | Size = 2101016 bytes | Modified Date = 7/14/2008 8:26:57 AM | Attr = R ] hosts.20080717-000049.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080717-000049.backup -> [Ver = | Size = 2101154 bytes | Modified Date = 7/17/2008 12:00:47 AM | Attr = R ] hosts.20080717-000050.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080717-000050.backup -> [Ver = | Size = 2101121 bytes | Modified Date = 7/17/2008 12:00:49 AM | Attr = R ] hosts.20080718-094224.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080718-094224.backup -> [Ver = | Size = 2100980 bytes | Modified Date = 7/18/2008 9:42:24 AM | Attr = R ] hosts.20080718-094227.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080718-094227.backup -> [Ver = | Size = 2100960 bytes | Modified Date = 7/18/2008 9:42:26 AM | Attr = R ] hosts.20080724-214037.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080724-214037.backup -> [Ver = | Size = 27 bytes | Modified Date = 7/24/2008 9:22:14 PM | Attr = ] hosts.20080724-214236.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080724-214236.backup -> [Ver = | Size = 255052 bytes | Modified Date = 7/24/2008 9:40:37 PM | Attr = R ] hosts.20080730-150626.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080730-150626.backup -> [Ver = | Size = 27 bytes | Modified Date = 7/25/2008 7:43:35 PM | Attr = ] hosts.20080806-204233.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080806-204233.backup -> [Ver = | Size = 253374 bytes | Modified Date = 7/30/2008 3:07:49 PM | Attr = ] hosts.20080807-174430.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080807-174430.backup -> [Ver = | Size = 254384 bytes | Modified Date = 8/6/2008 8:43:49 PM | Attr = ] hosts.idx -> %SystemRoot%\System32\drivers\etc\hosts.idx -> [Ver = | Size = 559732 bytes | Modified Date = 8/8/2008 12:45:27 PM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 37716256 bytes | Modified Date = 8/8/2008 1:00:19 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 506060 bytes | Modified Date = 8/8/2008 12:44:22 PM | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 299296 bytes | Modified Date = 8/8/2008 1:00:06 PM | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 29012 bytes | Modified Date = 8/8/2008 12:44:23 PM | Attr = HS] gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 8/7/2008 12:27:19 PM | Attr = ] kl1.sys -> %SystemRoot%\System32\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.30.0 | Size = 112144 bytes | Modified Date = 7/15/2008 9:16:57 AM | Attr = ] klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 87855 bytes | Modified Date = 7/24/2008 8:58:36 AM | Attr = ] klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 96976 bytes | Modified Date = 8/6/2008 12:01:10 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/30/2008 8:07:52 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 7/30/2008 8:07:56 PM | Attr = ] OADriver.sys -> %SystemRoot%\System32\drivers\OADriver.sys -> Tall Emu Pty Ltd [Ver = 2, 1, 0, 5 | Size = 75776 bytes | Modified Date = 7/9/2008 7:05:36 PM | Attr = ] OAmon.sys -> %SystemRoot%\System32\drivers\OAmon.sys -> Tall Emu Pty Ltd [Ver = 2, 1, 0, 0 | Size = 25600 bytes | Modified Date = 7/9/2008 7:05:37 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/8/2008 12:47:47 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 7/25/2008 7:41:17 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/9/2008 1:55:01 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/7/2008 12:27:19 PM | Attr = ] initdebug.nfo -> %SystemRoot%\System32\initdebug.nfo -> [Ver = | Size = 220 bytes | Modified Date = 7/25/2008 10:24:07 PM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 63146 bytes | Modified Date = 8/8/2008 12:45:43 PM | Attr = ] pcdhdm.cpl -> %SystemRoot%\System32\pcdhdm.cpl -> [Ver = | Size = 38400 bytes | Modified Date = 8/8/2008 12:47:27 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/4/2008 8:32:15 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/8/2008 12:47:41 PM | Attr = ] hpsysdrv.DAT -> %SystemRoot%\System\hpsysdrv.DAT -> [Ver = | Size = 186 bytes | Modified Date = 8/8/2008 12:52:25 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 8/6/2008 11:11:14 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/8/2008 12:45:17 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/4/2008 9:58:28 AM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 7/26/2008 3:08:44 PM | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 8/7/2008 12:27:19 PM | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 8/8/2008 12:09:17 PM | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 8/7/2008 12:27:19 PM | Attr = ] GREUninstall.exe -> %SystemRoot%\GREUninstall.exe -> [Ver = | Size = 118784 bytes | Modified Date = 7/16/2008 5:29:21 AM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 7/20/2008 10:04:45 AM | Attr = ] HPCPCUninstall-9972322 -> %SystemRoot%\HPCPCUninstall-9972322 -> [Folder | Modified Date = 7/15/2008 8:28:22 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 7/9/2008 1:54:55 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/26/2008 12:59:33 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/4/2008 12:35:05 PM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 7/9/2008 6:43:17 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 7/25/2008 11:54:29 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 16903 bytes | Modified Date = 8/7/2008 8:30:21 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/8/2008 12:54:02 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/8/2008 12:47:25 PM | Attr = ] SeaMonkeyUninstall.exe -> %SystemRoot%\SeaMonkeyUninstall.exe -> [Ver = | Size = 118784 bytes | Modified Date = 7/16/2008 5:29:52 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/6/2008 11:12:08 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/8/2008 12:47:26 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/27/2008 9:35:49 PM | Attr = S] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 8/8/2008 12:59:43 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 971 bytes | Modified Date = 8/8/2008 11:38:34 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/1/2008 3:40:08 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/8/2008 12:45:28 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 12/6/2006 2:03:55 PM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1307 bytes | Modified Date = 12/6/2006 2:03:55 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 6/29/2008 10:35:00 AM | Attr = ] CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 3340 bytes | Modified Date = 11/20/2007 7:27:52 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/9/2007 4:29:48 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162451 bytes | Modified Date = 1/9/2007 4:31:28 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] abelhadigital.com -> %AllUsersProfile%\Application Data\abelhadigital.com -> [Folder | Modified Date = 7/11/2008 10:24:46 AM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 8/8/2008 12:47:29 PM | Attr = ] Kontiki -> %AllUsersProfile%\Application Data\Kontiki -> [Folder | Modified Date = 7/9/2008 8:52:11 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 7/21/2008 10:11:17 AM | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Modified Date = 7/22/2008 8:51:10 PM | Attr = ] OnlineArmor -> %AllUsersProfile%\Application Data\OnlineArmor -> [Folder | Modified Date = 8/8/2008 12:30:01 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 8/8/2008 12:55:02 PM | Attr = ] @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 abelhadigital.com -> %AppData%\abelhadigital.com -> [Folder | Modified Date = 7/11/2008 10:24:46 AM | Attr = ] OnlineArmor -> %AppData%\OnlineArmor -> [Folder | Modified Date = 8/8/2008 1:00:32 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 7/31/2008 5:49:18 PM | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 492 bytes | Modified Date = 7/29/2008 10:21:55 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 7/15/2008 8:28:21 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 18944 bytes | Modified Date = 7/22/2008 11:31:57 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 7/31/2008 5:49:39 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 6369018 bytes | Modified Date = 8/1/2008 10:41:24 PM | Attr = H ] bass poppers 7-12-08.jpg -> %UserProfile%\My Documents\bass poppers 7-12-08.jpg -> [Ver = | Size = 183119 bytes | Modified Date = 7/12/2008 7:44:07 PM | Attr = ] Bass Poppers 7-13-08.jpg -> %UserProfile%\My Documents\Bass Poppers 7-13-08.jpg -> [Ver = | Size = 229396 bytes | Modified Date = 7/13/2008 5:24:20 PM | Attr = ] Bass Poppers B 7-13-08.jpg -> %UserProfile%\My Documents\Bass Poppers B 7-13-08.jpg -> [Ver = | Size = 200837 bytes | Modified Date = 7/13/2008 5:25:41 PM | Attr = ] flies A 7-13-08.jpg -> %UserProfile%\My Documents\flies A 7-13-08.jpg -> [Ver = | Size = 367522 bytes | Modified Date = 7/13/2008 2:20:26 PM | Attr = ] Flies b 7-13-08.jpg -> %UserProfile%\My Documents\Flies b 7-13-08.jpg -> [Ver = | Size = 291999 bytes | Modified Date = 7/13/2008 2:35:04 PM | Attr = ] Kaspersky findings detected 7-23-08.bmp -> %UserProfile%\My Documents\Kaspersky findings detected 7-23-08.bmp -> [Ver = | Size = 2359350 bytes | Modified Date = 7/23/2008 6:07:29 PM | Attr = ] Kaspersky online scan 7-20-08.html -> %UserProfile%\My Documents\Kaspersky online scan 7-20-08.html -> [Ver = | Size = 2927 bytes | Modified Date = 7/20/2008 11:40:05 PM | Attr = ] music notes layout.wps -> %UserProfile%\My Documents\music notes layout.wps -> [Ver = | Size = 19968 bytes | Modified Date = 7/29/2008 10:21:55 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 7/26/2008 11:44:27 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 7/13/2008 7:39:50 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 7/22/2008 11:31:56 PM | Attr = R ] paint splatter skinny layout.wps -> %UserProfile%\My Documents\paint splatter skinny layout.wps -> [Ver = | Size = 28160 bytes | Modified Date = 7/29/2008 10:21:01 AM | Attr = ] poppers & flies7-12-08.jpg -> %UserProfile%\My Documents\poppers & flies7-12-08.jpg -> [Ver = | Size = 250583 bytes | Modified Date = 7/12/2008 7:43:23 PM | Attr = ] poppers 7-12-08.jpg -> %UserProfile%\My Documents\poppers 7-12-08.jpg -> [Ver = | Size = 325236 bytes | Modified Date = 7/12/2008 7:42:43 PM | Attr = ] Test Event Logs - Hard Drive - WDC WD2500JS-60NCB1.html -> %UserProfile%\My Documents\Test Event Logs - Hard Drive - WDC WD2500JS-60NCB1.html -> [Ver = | Size = 451242 bytes | Modified Date = 7/26/2008 12:39:31 AM | Attr = ] SeaMonkey.lnk -> %AllUsersProfile%\Desktop\SeaMonkey.lnk -> [Ver = | Size = 1731 bytes | Modified Date = 7/16/2008 5:29:47 AM | Attr = ] CWShredder.lnk -> %UserProfile%\Desktop\CWShredder.lnk -> [Ver = | Size = 1736 bytes | Modified Date = 7/26/2008 1:30:47 PM | Attr = ] download exe files -> %UserProfile%\Desktop\download exe files -> [Folder | Modified Date = 8/8/2008 12:09:50 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 8/3/2008 4:36:29 PM | Attr = ] ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 603 bytes | Modified Date = 7/26/2008 1:57:37 PM | Attr = ] FlySim.lnk -> %UserProfile%\Desktop\FlySim.lnk -> [Ver = | Size = 665 bytes | Modified Date = 7/17/2008 9:50:54 PM | Attr = ] flysim_setup.exe -> %UserProfile%\Desktop\flysim_setup.exe -> FlySim.com [Ver = | Size = 5348489 bytes | Modified Date = 7/17/2008 9:49:14 PM | Attr = ] gmer -> %UserProfile%\Desktop\gmer -> [Folder | Modified Date = 8/8/2008 12:08:52 PM | Attr = ] Kelly briefcase -> %UserProfile%\Desktop\Kelly briefcase -> [Folder | Modified Date = 7/24/2008 10:32:21 PM | Attr = R ] log -> %UserProfile%\Desktop\log -> [Folder | Modified Date = 8/8/2008 11:08:47 AM | Attr = ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 622 bytes | Modified Date = 7/26/2008 1:57:37 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/7/2008 4:40:42 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/7/2008 10:03:52 AM | Attr = ] PaltalkScene.lnk -> %UserProfile%\Desktop\PaltalkScene.lnk -> [Ver = | Size = 1631 bytes | Modified Date = 8/2/2008 1:06:38 PM | Attr = ] Regfix -> %UserProfile%\Desktop\Regfix -> [Folder | Modified Date = 7/26/2008 12:40:23 PM | Attr = ] Regfix.zip -> %UserProfile%\Desktop\Regfix.zip -> [Ver = | Size = 288 bytes | Modified Date = 7/26/2008 12:39:44 PM | Attr = ] sarsfx.exe -> %UserProfile%\Desktop\sarsfx.exe -> [Ver = | Size = 1181383 bytes | Modified Date = 8/8/2008 10:55:05 AM | Attr = ] The Sims..1024x768.lnk -> %UserProfile%\Desktop\The Sims..1024x768.lnk -> [Ver = | Size = 1657 bytes | Modified Date = 7/31/2008 10:25:09 PM | Attr = ] Trillian.lnk -> %UserProfile%\Desktop\Trillian.lnk -> [Ver = | Size = 1633 bytes | Modified Date = 8/8/2008 11:27:56 AM | Attr = ] Motive -> %CommonProgramFiles%\Motive -> [Folder | Modified Date = 7/29/2008 2:12:46 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 7/31/2008 5:50:26 PM | Attr = ] < End of report > [/code]