[code] OTScanIt2 logfile created on: 29/12/2008 12:38:19 PM - Run 4 OTScanIt2 by OldTimer - Version 1.0.4.0 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt2 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1023.48 Mb Total Physical Memory | 602.02 Mb Available Physical Memory | 58.82% Memory free 2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.93% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 2.68 Gb Free Space | 1.15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NIZAR Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Processes - Safe List] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2006/02/23 12:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/10/15 14:00:16 | 00,376,832 | ---- | M] (ATI Technologies Inc.) ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/10/15 14:00:16 | 00,376,832 | ---- | M] (ATI Technologies Inc.) atkkbservice.exe -> %SystemRoot%\ATKKBService.exe -> [2005/08/07 15:38:30 | 00,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> [2005/08/12 15:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> [2005/08/12 15:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) ctdevsrv.exe -> %ProgramFiles%\Creative\Shared Files\CTDevSrv.exe -> [2007/04/02 17:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/12/03 07:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) javaw.exe -> %SystemDrive%\Sun\SDK\jdk\bin\javaw.exe -> [2008/10/27 18:49:22 | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jucheck.exe -> [2008/06/10 04:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> [2006/02/01 17:45:54 | 00,098,304 | ---- | M] (Nero AG) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/21 18:43:24 | 00,477,184 | ---- | M] (OldTimer Tools) pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> [2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> [2006/03/18 13:24:16 | 00,184,320 | ---- | M] (PowerISO Computing, Inc.) rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> [2005/09/22 16:36:20 | 14,854,144 | R--- | M] (Realtek Semiconductor Corp.) smc11gmonitor.exe -> %ProgramFiles%\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe -> [2003/11/28 17:38:18 | 00,860,262 | ---- | M] () softauto.exe -> %ProgramFiles%\Creative\Software Update 3\SoftAuto.exe -> [2008/07/28 14:37:11 | 00,405,504 | ---- | M] (Creative Technology Ltd) softu.exe -> %ProgramFiles%\Creative\Software Update 3\SoftU.exe -> [2008/07/24 19:53:51 | 00,540,672 | ---- | M] () starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> [2005/04/02 02:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2007/01/21 13:37:11 | 01,174,152 | ---- | M] (Symantec Corporation) usnsvc.exe -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [2006/03/11 04:45:12 | 00,035,328 | ---- | M] () wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/14 11:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2005/10/15 14:00:16 | 00,376,832 | ---- | M] (ATI Technologies Inc.) (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2006/01/26 08:57:00 | 00,520,192 | ---- | M] () (ATKKeyboardService) ATK Keyboard Service [Win32_Own | Auto | Running] -> %SystemRoot%\ATKKBService.exe -> [2005/08/07 15:38:30 | 00,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2006/02/23 12:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (CTDevice_Srv) CT Device Query service [Win32_Own | Auto | Running] -> %ProgramFiles%\Creative\Shared Files\CTDevSrv.exe -> [2007/04/02 17:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) (CTUPnPSv) Creative Centrale Media Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Creative\Creative Centrale\CTUPnPSv.exe -> [2008/05/21 22:42:56 | 00,064,000 | ---- | M] (Creative Technology Ltd) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/14 11:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> [2006/02/23 12:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2005/12/19 22:00:00 | 00,089,136 | ---- | M] (Microsoft Corporation) (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> [2007/11/02 17:24:58 | 00,311,112 | ---- | M] (PC Tools) (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> [2007/11/02 17:25:04 | 01,418,056 | ---- | M] (PC Tools) (StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> [2005/04/02 02:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2007/01/21 13:37:11 | 01,174,152 | ---- | M] (Symantec Corporation) (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 19:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (2802W) SMC2802W 2.4GHz 54 Mbps Wireless PCI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\2802W.sys -> [2004/03/08 17:23:00 | 00,390,112 | ---- | M] (SMC Networks, Inc.) (2802W) SMC2802W 2.4GHz 54 Mbps Wireless PCI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\2802W.sys -> [2004/03/08 17:23:00 | 00,390,112 | ---- | M] (SMC Networks, Inc.) (ASPI32) ASPI32 [Kernel | System | Running] -> %SystemRoot%\System32\drivers\ASPI32.SYS -> [1999/09/10 13:06:00 | 00,025,244 | ---- | M] (Adaptec) (ASPI32) ASPI32 [Kernel | System | Running] -> %SystemRoot%\System32\drivers\ASPI32.SYS -> [1999/09/10 13:06:00 | 00,025,244 | ---- | M] (Adaptec) (asuskbnt) Enhanced Display Driver Helper Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\atkkbnt.sys -> [2005/06/09 15:10:58 | 00,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) (asuskbnt) Enhanced Display Driver Helper Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\atkkbnt.sys -> [2005/06/09 15:10:58 | 00,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2005/10/15 14:07:12 | 01,351,680 | ---- | M] (ATI Technologies Inc.) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2005/10/15 14:07:12 | 01,351,680 | ---- | M] (ATI Technologies Inc.) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\eengine\eectrl.sys -> [2007/04/04 19:00:00 | 00,389,432 | ---- | M] (Symantec Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\eengine\eectrl.sys -> [2007/04/04 19:00:00 | 00,389,432 | ---- | M] (Symantec Corporation) (EIO) EIO [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\EIO.sys -> [2005/08/31 12:55:00 | 00,011,264 | R--- | M] (ASUSTeK Computer Inc.) (EIO) EIO [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\EIO.sys -> [2005/08/31 12:55:00 | 00,011,264 | R--- | M] (ASUSTeK Computer Inc.) (ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Entech.sys -> [2004/10/25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) (ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Entech.sys -> [2004/10/25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/14 03:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/14 03:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (IKFileSec) File Security Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> [2008/06/04 10:57:53 | 00,041,288 | ---- | M] (PCTools Research Pty Ltd.) (IKFileSec) File Security Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> [2008/06/04 10:57:53 | 00,041,288 | ---- | M] (PCTools Research Pty Ltd.) (IKSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksysflt.sys -> [2007/12/14 12:13:11 | 00,056,832 | ---- | M] (PCTools Research Pty Ltd.) (IKSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksysflt.sys -> [2007/12/14 12:13:11 | 00,056,832 | ---- | M] (PCTools Research Pty Ltd.) (IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksyssec.sys -> [2007/12/14 12:13:11 | 00,074,240 | ---- | M] (PCTools Research Pty Ltd.) (IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksyssec.sys -> [2007/12/14 12:13:11 | 00,074,240 | ---- | M] (PCTools Research Pty Ltd.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> [2005/09/23 21:56:28 | 03,966,976 | R--- | M] (Realtek Semiconductor Corp.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> [2005/09/23 21:56:28 | 03,966,976 | R--- | M] (Realtek Semiconductor Corp.) (kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/14 05:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) (kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/14 05:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) (pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> [2006/08/19 14:26:22 | 00,047,360 | ---- | M] (VSO Software) (pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> [2006/08/19 14:26:22 | 00,047,360 | ---- | M] (VSO Software) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2006/04/19 09:34:55 | 00,020,640 | ---- | M] (Sonic Solutions) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2006/04/19 09:34:55 | 00,020,640 | ---- | M] (Sonic Solutions) (SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\System32\drivers\scdemu.sys -> [2006/03/18 13:24:59 | 00,026,844 | ---- | M] (PowerISO Computing, Inc.) (SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\System32\drivers\scdemu.sys -> [2006/03/18 13:24:59 | 00,026,844 | ---- | M] (PowerISO Computing, Inc.) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2006/05/09 08:19:55 | 00,010,344 | ---- | M] (Symantec Corporation) (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2006/05/09 08:19:55 | 00,010,344 | ---- | M] (Symantec Corporation) (Vax347b) Vax347b [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347b.sys -> [2005/04/25 11:43:58 | 00,159,616 | ---- | M] ( ) (Vax347b) Vax347b [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347b.sys -> [2005/04/25 11:43:58 | 00,159,616 | ---- | M] ( ) (Vax347s) Vax347s [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347s.sys -> [2004/04/30 10:33:00 | 00,005,248 | ---- | M] ( ) (Vax347s) Vax347s [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347s.sys -> [2004/04/30 10:33:00 | 00,005,248 | ---- | M] ( ) (w3304an5) WN3X0X Wireless Adapter [Kernel | On_Demand | Running] -> %ProgramFiles%\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\W3304AN5.sys -> [2002/10/07 05:14:26 | 00,015,104 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (w3304an5) WN3X0X Wireless Adapter [Kernel | On_Demand | Running] -> %ProgramFiles%\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\W3304AN5.sys -> [2002/10/07 05:14:26 | 00,015,104 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> [2004/10/27 07:24:00 | 00,223,104 | ---- | M] (Marvell) (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> [2004/10/27 07:24:00 | 00,223,104 | ---- | M] (Marvell) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\yj7mzreb.default\prefs.js -> browser.startup.homepage_override.mstone -> "rv:1.9.0.5" -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 -> < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006/01/12 21:38:22 | 00,063,128 | ---- | M] (Adobe Systems Incorporated) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2006/08/31 21:33:06 | 00,322,368 | ---- | M] (Microsoft Corporation) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar Helper] -> [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ATICCC" -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime] -> [2005/08/12 15:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) "NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2006/01/12 16:40:44 | 00,155,648 | ---- | M] (Nero AG) "PWRISOVM.EXE" -> %ProgramFiles%\PowerISO\PWRISOVM.EXE [C:\Program Files\PowerISO\PWRISOVM.EXE] -> [2006/03/18 13:24:16 | 00,184,320 | ---- | M] (PowerISO Computing, Inc.) "QuickTime Task" -> %ProgramFiles%\QuickTime Alternative\qttask.exe ["C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime] -> [2006/10/25 18:58:18 | 00,282,624 | ---- | M] (Apple Computer, Inc.) "RemoteControl" -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> [2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) "RTHDCPL" -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> [2005/09/22 16:36:20 | 14,854,144 | R--- | M] (Realtek Semiconductor Corp.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) "WinampAgent" -> %ProgramFiles%\Winamp\winampa.exe [C:\Program Files\Winamp\winampa.exe] -> [2006/03/11 04:45:12 | 00,035,328 | ---- | M] () < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"] -> [2006/02/01 17:45:54 | 00,098,304 | ---- | M] (Nero AG) "MsnMsgr" -> %ProgramFiles%\MSN Messenger\msnmsgr.exe ["C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background] -> [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) "SoftAuto.exe" -> %ProgramFiles%\Creative\Software Update 3\SoftAuto.exe ["C:\Program Files\Creative\Software Update 3\SoftAuto.exe"] -> [2008/07/28 14:37:11 | 00,405,504 | ---- | M] (Creative Technology Ltd) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) %AllUsersProfile%\Start Menu\Programs\Startup\Catalyst System Tray.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> [2005/08/12 15:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) %AllUsersProfile%\Start Menu\Programs\Startup\SMC2802W 54Mbps WLAN Monitor.lnk -> %ProgramFiles%\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe -> [2003/11/28 17:38:18 | 00,860,262 | ---- | M] () < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> [2006/07/05 21:29:11 | 00,256,000 | ---- | M] () %UserProfile%\Start Menu\Programs\Startup\SDK Tray Menu.lnk -> %SystemDrive%\Sun\SDK\jdk\bin\javaw.exe -> [2008/10/27 18:49:22 | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [227] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"DisableRegistryTools" -> [0] -> File not found \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm] -> [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx] -> File not found E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation) Open in new background tab -> %ProgramFiles%\Windows Live Toolbar\Components\en-au\msntabres.dll.mui [res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?613ac4889e6a4baea01a44b43514e697] -> [2007/10/19 12:12:40 | 00,095,232 | ---- | M] (Microsoft Corporation) Open in new foreground tab -> %ProgramFiles%\Windows Live Toolbar\Components\en-au\msntabres.dll.mui [res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?613ac4889e6a4baea01a44b43514e697] -> [2007/10/19 12:12:40 | 00,095,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/14 05:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {F4430FE8-2638-42e5-B849-800749B94EED}:Exec [HKLM] -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [Button: PartyPoker.net] -> [2006/06/28 18:57:48 | 00,110,592 | ---- | M] () {F4430FE8-2638-42e5-B849-800749B94EED}:Exec [HKLM] -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [Menu: PartyPoker.net] -> [2006/06/28 18:57:48 | 00,110,592 | ---- | M] () {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 11:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 11:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\"{F4430FE8-2638-42e5-B849-800749B94EED}" [HKLM] -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [PartyPoker.net] -> [2006/06/28 18:57:48 | 00,110,592 | ---- | M] () CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 11:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 42 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5] -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1F026CFA-307C-4F5E-AEF7-8A2A9FF920CC} -> (SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter) -> {89ADD7F3-265B-4D36-843F-8E58E9789055} -> (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) -> {D7FFC79E-59BC-4262-B185-11EC56BADD16} -> (1394 Net Adapter) -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2005/10/15 14:01:26 | 00,046,080 | ---- | M] (ATI Technologies Inc.) < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> explorer.exe -> %ProgramFiles%\Microsoft Common\svchost.exe [Debugger] -> [2008/11/04 13:19:14 | 00,024,576 | -H-- | M] () < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 05:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 11:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 05:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 11:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Documents and Settings\Owner\Local Settings\Temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe" -> C:\Documents and Settings\Owner\Local Settings\Temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe [C:\Documents and Settings\Owner\Local Settings\Temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary] -> File not found "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" -> C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe [C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer] -> [2008/04/21 03:05:51 | 01,691,648 | ---- | M] (SQUARE ENIX CO., LTD.) "C:\Program Files\Soulseek\slsk.exe" -> C:\Program Files\Soulseek\slsk.exe [C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek] -> [2005/04/18 09:08:10 | 03,112,960 | ---- | M] () "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2008/12/28 21:49:56 | 00,270,128 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> [2008/07/17 17:28:45 | 01,069,712 | ---- | M] (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/27 23:30:26 | 00,799,763 | ---- | M] (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/28 00:17:25 | 00,807,252 | ---- | M] (Blizzard Entertainment) "C:\Team17\Worms2\frontend.exe" -> C:\Team17\Worms2\frontend.exe [C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend] -> [2008/10/25 19:21:05 | 07,991,296 | ---- | M] (Team17 Software Ltd) "C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2008/04/14 11:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/14 11:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\system32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2008/04/14 11:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/14 05:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2006/03/03 12:50:46 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{b3733a1c-a600-11dc-a890-0013f70b1439} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3733a1c-a600-11dc-a890-0013f70b1439}\Shell\AutoRun \{b3733a1c-a600-11dc-a890-0013f70b1439}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found \{b3733a1c-a600-11dc-a890-0013f70b1439} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3733a1c-a600-11dc-a890-0013f70b1439}\Shell\Explore\command \{b3733a1c-a600-11dc-a890-0013f70b1439}\Shell\Explore\command\\"" -> K:\system.exe [K:\system.exe] -> File not found \{b3733a1c-a600-11dc-a890-0013f70b1439} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3733a1c-a600-11dc-a890-0013f70b1439}\Shell\Open\command \{b3733a1c-a600-11dc-a890-0013f70b1439}\Shell\Open\command\\"" -> K:\system.exe [K:\system.exe] -> File not found [Files/Folders - Created Within 30 Days] Microsoft Common -> %ProgramFiles%\Microsoft Common -> [2008/12/29 01:05:45 | 00,000,000 | ---D | C] uTorrent -> %ProgramFiles%\uTorrent -> [2008/12/28 21:49:56 | 00,000,000 | ---D | C] utorrent.exe -> %UserProfile%\Desktop\utorrent.exe -> [2008/12/28 21:49:43 | 00,270,128 | ---- | C] (BitTorrent, Inc.) The.Talented.Mr.Ripley.1999.iNTERNAL.DVDRip.XviD-CULTXviD.4188599.TPB.torrent -> %UserProfile%\Desktop\The.Talented.Mr.Ripley.1999.iNTERNAL.DVDRip.XviD-CULTXviD.4188599.TPB.torrent -> [2008/12/28 21:48:23 | 00,023,326 | ---- | C] () 3212_100_Classic_Book_Collection_EUR_NDS-XPA.zip -> %UserProfile%\Desktop\3212_100_Classic_Book_Collection_EUR_NDS-XPA.zip -> [2008/12/28 21:15:56 | 46,348,060 | ---- | C] () 3215_Mystery_PI_Portrait_of_a_Thief_USA_NDS-TRM.zip -> %UserProfile%\Desktop\3215_Mystery_PI_Portrait_of_a_Thief_USA_NDS-TRM.zip -> [2008/12/28 21:11:51 | 12,651,915 | ---- | C] () fsaua.data -> %SystemDrive%\fsaua.data -> [2008/12/26 14:03:10 | 00,000,000 | ---D | C] Avenger -> %SystemDrive%\Avenger -> [2008/12/26 13:52:16 | 00,000,000 | ---D | C] avenger.exe -> %UserProfile%\Desktop\avenger.exe -> [2008/12/26 13:50:17 | 00,731,136 | ---- | C] () avenger.zip -> %UserProfile%\Desktop\avenger.zip -> [2008/12/26 13:50:03 | 00,724,952 | ---- | C] () _OTScanIt -> %SystemDrive%\_OTScanIt -> [2008/12/26 12:48:27 | 00,000,000 | ---D | C] OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/26 12:47:25 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/26 12:46:40 | 00,648,118 | ---- | C] () Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [2008/12/24 12:15:46 | 00,000,000 | ---D | C] Mozilla -> %AppData%\Mozilla -> [2008/12/24 12:15:46 | 00,000,000 | ---D | C] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/24 12:15:18 | 00,001,635 | ---- | C] () Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox -> [2008/12/24 12:15:13 | 00,000,000 | ---D | C] Firefox Setup 3.0.5.exe -> %UserProfile%\Desktop\Firefox Setup 3.0.5.exe -> [2008/12/24 12:14:28 | 07,518,240 | ---- | C] (Mozilla) desktop junk -> %UserProfile%\Desktop\desktop junk -> [2008/12/23 13:42:52 | 00,000,000 | ---D | C] TubeHunter -> %SystemDrive%\TubeHunter -> [2008/12/17 02:36:20 | 00,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] 5 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008/12/29 12:31:59 | 00,000,604 | ---- | M] () sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [2008/12/29 11:55:23 | 00,000,232 | -H-- | M] () sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [2008/12/29 11:55:22 | 00,000,244 | -H-- | M] () Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [2008/12/29 11:47:00 | 00,000,256 | ---- | M] () NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2008/12/29 11:45:19 | 07,340,032 | -H-- | M] () NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/29 01:12:23 | 00,000,116 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/12/29 01:12:21 | 00,137,216 | ---- | M] () µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [2008/12/28 21:49:56 | 00,000,663 | ---- | M] () utorrent.exe -> %UserProfile%\Desktop\utorrent.exe -> [2008/12/28 21:49:43 | 00,270,128 | ---- | M] (BitTorrent, Inc.) The.Talented.Mr.Ripley.1999.iNTERNAL.DVDRip.XviD-CULTXviD.4188599.TPB.torrent -> %UserProfile%\Desktop\The.Talented.Mr.Ripley.1999.iNTERNAL.DVDRip.XviD-CULTXviD.4188599.TPB.torrent -> [2008/12/28 21:48:23 | 00,023,326 | ---- | M] () 3212_100_Classic_Book_Collection_EUR_NDS-XPA.zip -> %UserProfile%\Desktop\3212_100_Classic_Book_Collection_EUR_NDS-XPA.zip -> [2008/12/28 21:20:35 | 46,348,060 | ---- | M] () 3215_Mystery_PI_Portrait_of_a_Thief_USA_NDS-TRM.zip -> %UserProfile%\Desktop\3215_Mystery_PI_Portrait_of_a_Thief_USA_NDS-TRM.zip -> [2008/12/28 21:14:42 | 12,651,915 | ---- | M] () tray.pid -> %UserProfile%\tray.pid -> [2008/12/28 11:57:01 | 00,000,004 | ---- | M] () Perflib_Perfdata_a48.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_a48.dat -> [2008/12/28 11:56:29 | 00,016,384 | ---- | M] () Perflib_Perfdata_338.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_338.dat -> [2008/12/28 11:56:29 | 00,016,384 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/28 11:55:16 | 00,013,646 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/28 11:53:49 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/28 11:53:46 | 00,002,048 | --S- | M] () sfdb.dat -> %UserProfile%\Local Settings\Temp\jkos-Owner\engine\bases\sfdb.dat -> [2008/12/27 18:41:55 | 00,000,084 | ---- | M] () kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\kosglue-7.0.25.0.dll -> [2008/12/27 18:41:17 | 00,729,152 | ---- | M] (Kaspersky Lab) msvcr80.dll -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\msvcr80.dll -> [2008/12/27 18:41:16 | 00,626,688 | ---- | M] (Microsoft Corporation) msvcp80.dll -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\msvcp80.dll -> [2008/12/27 18:41:16 | 00,548,864 | ---- | M] (Microsoft Corporation) msvcm80.dll -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\msvcm80.dll -> [2008/12/27 18:41:16 | 00,479,232 | ---- | M] (Microsoft Corporation) kave.dll -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\kave.dll -> [2008/12/27 18:41:16 | 00,282,624 | ---- | M] (Kaspersky Lab.) prLoader.dll -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\prLoader.dll -> [2008/12/27 18:41:16 | 00,184,320 | ---- | M] (Kaspersky Lab) ScanningProcess.exe -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe -> [2008/12/27 18:41:16 | 00,139,264 | ---- | M] (Kaspersky Lab.) prremote.dll -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\prremote.dll -> [2008/12/27 18:41:16 | 00,090,112 | ---- | M] (Kaspersky Lab) ikave.dll -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\ikave.dll -> [2008/12/27 18:41:16 | 00,065,536 | ---- | M] () FSSync.dll -> %UserProfile%\Local Settings\Temp\jkos-Owner\binaries\FSSync.dll -> [2008/12/27 18:41:16 | 00,038,400 | ---- | M] (Kaspersky Lab) qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/26 13:57:29 | 00,004,096 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/26 13:57:29 | 00,004,096 | ---- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2008/12/26 13:57:28 | 00,000,178 | -HS- | M] () avenger.zip -> %UserProfile%\Desktop\avenger.zip -> [2008/12/26 13:50:03 | 00,724,952 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/26 12:46:41 | 00,648,118 | ---- | M] () Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/24 12:15:18 | 00,001,635 | ---- | M] () Firefox Setup 3.0.5.exe -> %UserProfile%\Desktop\Firefox Setup 3.0.5.exe -> [2008/12/24 12:14:56 | 07,518,240 | ---- | M] (Mozilla) sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [2008/12/23 13:03:40 | 00,000,232 | -H-- | M] () sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [2008/12/23 13:03:39 | 00,000,244 | -H-- | M] () sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [2008/12/22 20:06:02 | 00,000,244 | -H-- | M] () sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [2008/12/22 20:06:02 | 00,000,232 | -H-- | M] () sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [2008/12/22 19:34:25 | 00,000,244 | -H-- | M] () sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [2008/12/22 19:34:25 | 00,000,232 | -H-- | M] () mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/12/13 17:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/12/13 17:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/12/11 03:03:51 | 00,001,393 | ---- | M] () win.ini -> %SystemRoot%\win.ini -> [2008/12/11 03:03:17 | 00,000,759 | ---- | M] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/01 22:05:49 | 02,647,916 | -H-- | M] () sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [2008/11/30 14:14:15 | 00,000,268 | -H-- | M] () sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [2008/11/30 14:14:15 | 00,000,244 | -H-- | M] () daas_s.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/02/27 15:59:28 | 00,495,616 | ---- | M] (F-Secure Corporation) opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2006/05/07 05:56:58 | 00,008,206 | ---- | M] () [Alternate Data Streams] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable < End of report > [/code]