Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lots of Spyware [RESOLVED]


  • This topic is locked This topic is locked

#1
ajkaneo

ajkaneo

    Member

  • Member
  • PipPip
  • 23 posts
Hi,
Got lots of spyware. Loads of popups comig up, Explorer freezes alot and the clock freezes! Even my girlfriend has started messing with things!

Hope someone can sort it

Thanks



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:12 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Eroca\Eroca.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [4 dog bin grim] C:\Documents and Settings\All Users.WINDOWS\Application Data\second regs grim software\tick army knob.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS\Application Data\Software rule flag owns\bib bash.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Build Love] C:\DOCUME~1\Aj\APPLIC~1\IDOLHE~1\UpTonsHtm.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Eroca] C:\Program Files\Eroca\Eroca.exe
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab57176.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 10249 bytes
  • 0

Advertisements


#2
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello ajkaneo, and welcome at Geekstogo,

I am Thunderbird1988 and I am going to fix your Malwareproblems, if you have questions, feel free to ask :)

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.




Note: You must be logged on to the system with an account that has Administrator privileges to run this program.




  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • Reg - BotCheck

      File - Additional Folder Scans

      File - Lop Check

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].




If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thunderbird1988
  • 0

#3
ajkaneo

ajkaneo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
[code=auto:0]
OTScanIt logfile created on: 6/21/2008 2:36:13 PM
OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Documents and Settings\Aj\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 490.94 Mb Available Physical Memory | 51.22% Memory free
2.26 Gb Paging File | 1.79 Gb Available in Paging File | 79.31% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 66.84 Gb Free Space | 47.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 6.96 Gb Total Space | 1.07 Gb Free Space | 15.31% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: AJ-DF81D87BDABB
Current User Name: Aj
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]
wusb54gsv2.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe -> Linksys [Ver = 1.0.1.5 | Size = 5230080 bytes | Modified Date = 11/14/2005 3:40:00 AM | Attr = ]
soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 11:28:22 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 PM | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 11/28/2006 10:12:12 PM | Attr = ]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 36352 bytes | Modified Date = 4/1/2008 7:49:42 PM | Attr = ]
ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 7:23:34 PM | Attr = ]
orbtray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ]
eroca.exe -> %ProgramFiles%\Eroca\Eroca.exe -> [Ver = | Size = 125952 bytes | Modified Date = 6/1/2008 10:37:20 AM | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 10:21:10 PM | Attr = ]
winamptbserver.exe -> %ProgramFiles%\Winamp Toolbar\winampTbServer.exe -> AOL LLC. [Ver = 5.1.20.3 | Size = 140640 bytes | Modified Date = 3/19/2008 11:36:36 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 6/20/2008 1:47:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 6/13/2007 10:29:00 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 7/6/2007 3:55:46 AM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 10:21:10 PM | Attr = ]
(WUSB54GSv2SVC) WUSB54GSv2SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 1/14/2008 3:14:14 PM | Attr = ]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 6/29/2004 5:07:18 PM | Attr = ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6240 built by: WinDDK | Size = 4030144 bytes | Modified Date = 4/26/2007 12:20:48 AM | Attr = ]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6698 | Size = 2155520 bytes | Modified Date = 6/13/2007 8:24:13 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
(Jukebox3) Jukebox3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctpdusb.sys -> Creative Technology Ltd. [Ver = 1.27.02.00 | Size = 16880 bytes | Modified Date = 9/30/2004 9:27:00 AM | Attr = ]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10/10/2006 4:54:34 PM | Attr = ]
(Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/8/2007 12:51:00 AM | Attr = ]
(RT73) Wireless-G USB Network Adapter with RangeBooster Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.04.0000 | Size = 252928 bytes | Modified Date = 1/13/2006 3:46:28 AM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:34 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1034 | Size = 30720 bytes | Modified Date = 1/9/2007 3:09:48 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 11:25:53 AM | Attr = ]
(StreamSurge) StreamSurge Driver (miniport) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ss.sys -> File not found
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 11:15:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
4 dog bin grim -> %AllUsersProfile%\Application Data\second regs grim software\tick army knob.exe [C:\Documents and Settings\All Users.WINDOWS\Application Data\second regs grim software\tick army knob.exe] -> File not found
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 PM | Attr = ]
Flag Owns Live Grim -> %AllUsersProfile%\Application Data\Software rule flag owns\bib bash.exe [C:\Documents and Settings\All Users.WINDOWS\Application Data\Software rule flag owns\bib bash.exe] -> [Ver = | Size = 4037120 bytes | Modified Date = 6/21/2008 2:35:23 PM | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup] -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 11/28/2006 10:12:12 PM | Attr = ]
PKR Pal -> %ProgramFiles%\PKR\pkrpal.exe ["C:\Program Files\PKR\pkrpal.exe" -osboot] -> File not found
SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 11:28:22 PM | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe] -> [Ver = | Size = 90112 bytes | Modified Date = 11/10/2006 8:35:24 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe [C:\Program Files\Winamp\winampa.exe] -> [Ver = | Size = 36352 bytes | Modified Date = 4/1/2008 7:49:42 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Build Love -> %AppData%\Idol heck\UpTonsHtm.exe [C:\DOCUME~1\Aj\APPLIC~1\IDOLHE~1\UpTonsHtm.exe] -> [Ver = | Size = 465920 bytes | Modified Date = 5/30/2008 3:19:50 PM | Attr = ]
Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe [C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R] -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 7:23:34 PM | Attr = ]
Eroca -> %ProgramFiles%\Eroca\Eroca.exe [C:\Program Files\Eroca\Eroca.exe] -> [Ver = | Size = 125952 bytes | Modified Date = 6/1/2008 10:37:20 AM | Attr = ]
MessengerPlus3 -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe ["C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart] -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 6/29/2007 6:36:44 AM | Attr = ]
Orb -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe ["C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background] -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ]
QdrPack16 -> %ProgramFiles%\QdrPack\QdrPack16.exe ["C:\Program Files\QdrPack\QdrPack16.exe"] -> File not found
Steam -> %ProgramFiles%\Steam\Steam.exe ["C:\Program Files\Steam\Steam.exe" -silent] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 3:40:54 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 1/10/2007 4:14:36 PM | Attr = ]
< Aj Startup Folder > -> C:\Documents and Settings\Aj\Start Menu\Programs\Startup ->
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{129FA2A1-408C-4824-83A4-5001581FD01E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRHywvw.dll [] -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rtmipr.dll [delayingly] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 10/19/2006 10:12:20 AM | Attr = ]
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 118784 bytes | Modified Date = 6/13/2007 8:16:59 PM | Attr = ]
rqRHywvw -> %SystemRoot%\system32\rqRHywvw.dll -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\start -> %ProgramFiles%\NetProject\sbmntr.exe [C:\Program Files\NetProject\sbmntr.exe] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRRW_GCA-4164B_______________E.D0____\5&1c5c6e99&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 11/9/2004 2:20:04 PM | Attr = ]
AUTOEXEC.BAT [] -> H:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/28/2001 7:07:38 AM | Attr = HS]
Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> H:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2004 11:01:14 PM | Attr = HS]
< HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://internetsearchservice.com ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://internetsearc...ce.com/ie6.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://internetsearchservice.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://internetsearchservice.com ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://internetsearchservice.com ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://internetsearc...ce.com/ie6.html ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://internetsearchservice.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://internetsearchservice.com ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.co.uk/0...S01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 41 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 8:02:04 PM | Attr = ]
{129FA2A1-408C-4824-83A4-5001581FD01E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRHywvw.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ]
{514A5C49-0C7D-42c3-A71B-38864A269B7A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\muutwswe.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 92160 bytes | Modified Date = 6/20/2008 4:44:12 PM | Attr = ]
{5D975859-CF56-4845-B558-E49A4DAB7134} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\WGI9IO12\3077ahntdksr[1].dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 88576 bytes | Modified Date = 6/20/2008 11:26:40 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{77C988F4-5D0F-4BA2-A252-997D62F434C1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\usegnnfb.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 49664 bytes | Modified Date = 6/13/2008 10:09:30 PM | Attr = ]
{813d1b1a-2f4e-4659-b40d-b417a475f59b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\plktumgo.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 98816 bytes | Modified Date = 6/20/2008 4:23:18 AM | Attr = ]
{A321EBBF-3691-4A0E-9F12-5383C17E715D} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\efcBuUMF.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 373248 bytes | Modified Date = 5/31/2008 10:31:49 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ]
{51D81DD5-55B7-497F-95DB-D356429BB54E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ]
WebBrowser\\{51D81DD5-55B7-497F-95DB-D356429BB54E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{9034A523-D068-4BE8-A284-9DF278BE776E}:Exec -> [IE Anti-Spyware] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Winamp Search -> %AllUsersProfile%\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html -> [Ver = | Size = 748 bytes | Modified Date = 3/19/2008 11:21:40 PM | Attr = ]
Add to Windows &Live Favorites -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 9:56:24 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2CED90EE-1B8C-48EE-8F32-8A7C15415E77} -> (Linksys Wireless-G USB Network Adapter with SpeedBooster v2) ->
{86FF0F7E-5F08-4846-B546-F8C274041E45} -> (1394 Net Adapter) ->
{CFF53A29-92B0-4CC4-B7CF-B63DD07098A8} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{10093E98-C073-4C75-8D0E-FB5CD3A71D33}[HKEY_LOCAL_MACHINE] -> http://messenger.zon...ds.cab57176.cab[ZoneUpwords Object] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zon...kr.cab56986.cab[Checkers Class] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail....es/MSNPUpld.cab[MSN Photo Upload Tool] ->
{5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zon...1/GAME_UNO1.cab[UnoCtrl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://messenger.zon...ro.cab56649.cab[MSN Games - Installer] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zon...nt.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.m...ash/swflash.cab[Shockwave Flash Object] ->
{DA758BB1-5F89-4465-975F-8D7179A4BCF3}[HKEY_LOCAL_MACHINE] -> http://messenger.zon...oF.cab57176.cab[WheelofFortune Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\.Owner -> {5D6F45B3-9043-443D-A792-115447494D24} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\{5D6F45B3-9043-443D-A792-115447494D24} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\\.Owner -> {10093E98-C073-4C75-8D0E-FB5CD3A71D33} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\\{10093E98-C073-4C75-8D0E-FB5CD3A71D33} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\\.Owner -> {DA758BB1-5F89-4465-975F-8D7179A4BCF3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\\{DA758BB1-5F89-4465-975F-8D7179A4BCF3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
C:\WINDOWS\system32\efcBuUMF -> %SystemRoot%\system32\efcBuUMF.dll -> [Ver = | Size = 373248 bytes | Modified Date = 5/31/2008 10:31:49 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.3087 (xpsp_sp2_qfe.070219-2253) | Size = 299008 bytes | Modified Date = 4/15/2007 10:22:15 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 3:21:15 PM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.3027 (xpsp_sp2_qfe.061105-2318) | Size = 49152 bytes | Modified Date = 4/15/2007 10:23:44 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> A3 B3 71 06 7B D5 F9 F1 38 14 98 B7 D1 32 1D 9A 31 34 32 63 32 39 36 64 00 FD 07 00 06 99 00 00 34 FA 07 00 76 92 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 28 2D 3A 36 28 3F 2C F9 F1 05 83 14 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> E9 C1 96 9E 88 F7 D0 A6 D3 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 97 CD 4E 32 00 11 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> DF 20 7E CD 89 F2 58 81 22 1B EB 6F 99 9E AE 78 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> AE DE 7B CA 08 BA C7 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
  • 0

#4
ajkaneo

ajkaneo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> A3 B3 71 06 7B D5 F9 F1 38 14 98 B7 D1 32 1D 9A 31 34 32 63 32 39 36 64 00 FD 07 00 06 99 00 00 34 FA 07 00 76 92 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 28 2D 3A 36 28 3F 2C F9 F1 05 83 14 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> E9 C1 96 9E 88 F7 D0 A6 D3 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 97 CD 4E 32 00 11 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> DF 20 7E CD 89 F2 58 81 22 1B EB 6F 99 9E AE 78 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> AE DE 7B CA 08 BA C7 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18107 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 4/15/2007 10:23:54 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 4/15/2007 10:23:54 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\nessystyle\counter-strike\hl.exe -> %ProgramFiles%\Steam\SteamApps\nessystyle\counter-strike\hl.exe [C:\Program Files\Steam\SteamApps\nessystyle\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 8/7/2007 12:44:12 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 4/16/2007 7:25:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\World of Warcraft\BackgroundDownloader.exe -> %ProgramFiles%\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> Blizzard Entertainment [Ver = 1, 8, 1, 406 | Size = 1065616 bytes | Modified Date = 5/14/2008 7:49:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.20772 (vista_ldr.080213-1606) | Size = 625664 bytes | Modified Date = 2/22/2008 10:40:22 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\Steam.exe -> %ProgramFiles%\Steam\Steam.exe [C:\Program Files\Steam\Steam.exe:*:Enabled:Steam] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 3:40:54 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\[email protected]\counter-strike\hl.exe -> %ProgramFiles%\Steam\SteamApps\[email protected]\counter-strike\hl.exe [C:\Program Files\Steam\SteamApps\[email protected]\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 6/14/2008 12:12:30 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 5/5/2008 6:55:41 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\Orb.exe -> %ProgramFiles%\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> Orb Networks, Inc. [Ver = 1, 2008, 129, 1700 | Size = 73728 bytes | Modified Date = 1/30/2008 3:19:32 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbTray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe -> %ProgramFiles%\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> Orb Networks [Ver = 2, 2008, 327, 1400 | Size = 5844992 bytes | Modified Date = 3/28/2008 2:00:24 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\[email protected]\team fortress classic\hl.exe -> %ProgramFiles%\Steam\SteamApps\[email protected]\team fortress classic\hl.exe [C:\Program Files\Steam\SteamApps\[email protected]\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 6/13/2008 7:03:32 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3724:TCP -> 3724:TCP:*:Enabled:Blizzard Downloader: 3724 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.8.0.2694 built by: dnsrv(wmbla) | Size = 18392 bytes | Modified Date = 4/15/2007 10:23:53 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2948 (xpsp.060710-0156) | Size = 399360 bytes | Modified Date = 4/15/2007 10:23:17 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2948 (xpsp.060710-0156) | Size = 399360 bytes | Modified Date = 4/15/2007 10:23:17 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
[Files/Folders - Created Within 30 days]
HiJackThis.exe -> %SystemDrive%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 6/20/2008 9:30:39 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\HiJackThis.exe:Zone.Identifier
ajijmhwh.ini -> %SystemRoot%\System32\ajijmhwh.ini -> [Ver = | Size = 1568883 bytes | Created Date = 6/5/2008 5:55:43 PM | Attr = HS]
akaqtcjn.dll -> %SystemRoot%\System32\akaqtcjn.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/2/2008 3:25:10 PM | Attr = ]
atdcrmqq.exe -> %SystemRoot%\System32\atdcrmqq.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/8/2008 6:09:43 PM | Attr = ]
axkbmqoh.dll -> %SystemRoot%\System32\axkbmqoh.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/17/2008 3:07:30 PM | Attr = ]
bctqpgle.ini -> %SystemRoot%\System32\bctqpgle.ini -> [Ver = | Size = 1542940 bytes | Created Date = 6/4/2008 5:58:59 PM | Attr = HS]
bkfknakv.dll -> %SystemRoot%\System32\bkfknakv.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/13/2008 6:09:34 PM | Attr = ]
brggjemb.dll -> %SystemRoot%\System32\brggjemb.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/12/2008 5:54:49 PM | Attr = ]
bxvlxvfo.dll -> %SystemRoot%\System32\bxvlxvfo.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/13/2008 10:18:30 PM | Attr = ]
chueysoc.dll -> %SystemRoot%\System32\chueysoc.dll -> [Ver = | Size = 126464 bytes | Created Date = 5/31/2008 10:34:31 PM | Attr = ]
cnujelni.dll -> %SystemRoot%\System32\cnujelni.dll -> [Ver = | Size = 81408 bytes | Created Date = 6/13/2008 6:00:35 PM | Attr = ]
ctcppjyh.dll -> %SystemRoot%\System32\ctcppjyh.dll -> [Ver = | Size = 100352 bytes | Created Date = 6/8/2008 5:51:44 PM | Attr = ]
ctuafdxp.dll -> %SystemRoot%\System32\ctuafdxp.dll -> [Ver = | Size = 79360 bytes | Created Date = 6/20/2008 4:51:55 PM | Attr = ]
ddatcewo.dll -> %SystemRoot%\System32\ddatcewo.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/19/2008 4:05:25 PM | Attr = ]
dhqonwwp.ini -> %SystemRoot%\System32\dhqonwwp.ini -> [Ver = | Size = 1517275 bytes | Created Date = 6/3/2008 5:55:42 PM | Attr = HS]
djviusqc.dll -> %SystemRoot%\System32\djviusqc.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/3/2008 5:49:29 PM | Attr = ]
dmfnqrgs.ini -> %SystemRoot%\System32\dmfnqrgs.ini -> [Ver = | Size = 1580035 bytes | Created Date = 6/6/2008 5:56:35 PM | Attr = HS]
dnusooui.dll -> %SystemRoot%\System32\dnusooui.dll -> [Ver = | Size = 125952 bytes | Created Date = 6/6/2008 5:53:24 PM | Attr = ]
eclfkout.ini -> %SystemRoot%\System32\eclfkout.ini -> [Ver = | Size = 1484834 bytes | Created Date = 5/31/2008 10:33:14 AM | Attr = HS]
efcAPJbA.dll -> %SystemRoot%\System32\efcAPJbA.dll -> [Ver = | Size = 59392 bytes | Created Date = 5/31/2008 10:26:49 AM | Attr = ]
efcBuUMF.dll -> %SystemRoot%\System32\efcBuUMF.dll -> [Ver = | Size = 373248 bytes | Created Date = 5/31/2008 10:31:45 AM | Attr = ]
ehqbpvhn.dll -> %SystemRoot%\System32\ehqbpvhn.dll -> [Ver = | Size = 136192 bytes | Created Date = 6/6/2008 5:59:24 PM | Attr = ]
ehwvlnmt.dll -> %SystemRoot%\System32\ehwvlnmt.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/17/2008 2:59:07 PM | Attr = ]
ekjcmraa.dll -> %SystemRoot%\System32\ekjcmraa.dll -> [Ver = | Size = 90112 bytes | Created Date = 6/16/2008 2:08:43 AM | Attr = ]
elgpqtcb.dll -> %SystemRoot%\System32\elgpqtcb.dll -> [Ver = | Size = 116736 bytes | Created Date = 6/4/2008 5:58:40 PM | Attr = ]
ffbafwwk.dll -> %SystemRoot%\System32\ffbafwwk.dll -> [Ver = | Size = 114176 bytes | Created Date = 6/2/2008 3:41:50 PM | Attr = ]
fknfbhlw.ini -> %SystemRoot%\System32\fknfbhlw.ini -> [Ver = | Size = 1580089 bytes | Created Date = 6/7/2008 6:06:08 PM | Attr = HS]
FMUuBcfe.ini -> %SystemRoot%\System32\FMUuBcfe.ini -> [Ver = | Size = 672795 bytes | Created Date = 5/31/2008 10:31:53 AM | Attr = HS]
FMUuBcfe.ini2 -> %SystemRoot%\System32\FMUuBcfe.ini2 -> [Ver = | Size = 672489 bytes | Created Date = 5/31/2008 10:31:53 AM | Attr = HS]
fsvwrsmh.dll -> %SystemRoot%\System32\fsvwrsmh.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/18/2008 3:00:55 PM | Attr = ]
gcwktlvs.exe -> %SystemRoot%\System32\gcwktlvs.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/3/2008 5:58:28 PM | Attr = ]
gixaipjg.ini -> %SystemRoot%\System32\gixaipjg.ini -> [Ver = | Size = 1658923 bytes | Created Date = 6/16/2008 2:19:01 AM | Attr = HS]
gjpiaxig.dll -> %SystemRoot%\System32\gjpiaxig.dll -> [Ver = | Size = 81408 bytes | Created Date = 6/16/2008 2:18:50 AM | Attr = ]
gmorfept.dll -> %SystemRoot%\System32\gmorfept.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/11/2008 5:59:02 PM | Attr = ]
gpdspnay.dll -> %SystemRoot%\System32\gpdspnay.dll -> [Ver = | Size = 98816 bytes | Created Date = 6/12/2008 6:06:49 PM | Attr = ]
hfwwpheu.dll -> %SystemRoot%\System32\hfwwpheu.dll -> [Ver = | Size = 132096 bytes | Created Date = 5/31/2008 10:52:31 PM | Attr = ]
hgGwVNfg.dll -> %SystemRoot%\System32\hgGwVNfg.dll -> [Ver = | Size = 59392 bytes | Created Date = 5/31/2008 10:27:06 AM | Attr = ]
hktsfhyb.dll -> %SystemRoot%\System32\hktsfhyb.dll -> [Ver = | Size = 126464 bytes | Created Date = 6/2/2008 3:26:56 PM | Attr = ]
hqfonlrp.dll -> %SystemRoot%\System32\hqfonlrp.dll -> [Ver = | Size = 133120 bytes | Created Date = 6/5/2008 6:10:29 PM | Attr = ]
hwhmjija.dll -> %SystemRoot%\System32\hwhmjija.dll -> [Ver = | Size = 117248 bytes | Created Date = 6/5/2008 5:55:29 PM | Attr = ]
ianbsitq.dll -> %SystemRoot%\System32\ianbsitq.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/9/2008 5:52:17 PM | Attr = ]
iegsmrkb.dll -> %SystemRoot%\System32\iegsmrkb.dll -> [Ver = | Size = 108544 bytes | Created Date = 6/7/2008 5:56:56 PM | Attr = ]
ihyymdqs.dll -> %SystemRoot%\System32\ihyymdqs.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/17/2008 2:58:50 PM | Attr = ]
inlejunc.ini -> %SystemRoot%\System32\inlejunc.ini -> [Ver = | Size = 1658609 bytes | Created Date = 6/13/2008 6:01:20 PM | Attr = HS]
irsudyfo.ini -> %SystemRoot%\System32\irsudyfo.ini -> [Ver = | Size = 1580332 bytes | Created Date = 6/8/2008 6:06:55 PM | Attr = HS]
isvwpdtm.dll -> %SystemRoot%\System32\isvwpdtm.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/16/2008 2:06:30 AM | Attr = ]
iwwylfrd.dll -> %SystemRoot%\System32\iwwylfrd.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/8/2008 5:54:43 PM | Attr = ]
jfqenhgr.dll -> %SystemRoot%\System32\jfqenhgr.dll -> [Ver = | Size = 126976 bytes | Created Date = 6/5/2008 5:52:29 PM | Attr = ]
jmppyeyq.dll -> %SystemRoot%\System32\jmppyeyq.dll -> [Ver = | Size = 125952 bytes | Created Date = 6/3/2008 5:52:28 PM | Attr = ]
jntohflb.dll -> %SystemRoot%\System32\jntohflb.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/16/2008 2:11:49 AM | Attr = ]
jxfufgjm.dll -> %SystemRoot%\System32\jxfufgjm.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/14/2008 10:10:15 PM | Attr = ]
khpnaoee.dll -> %SystemRoot%\System32\khpnaoee.dll -> [Ver = | Size = 132608 bytes | Created Date = 6/4/2008 6:04:48 PM | Attr = ]
kwwfabff.ini -> %SystemRoot%\System32\kwwfabff.ini -> [Ver = | Size = 1485465 bytes | Created Date = 6/2/2008 3:42:08 PM | Attr = HS]
laftbupj.dll -> %SystemRoot%\System32\laftbupj.dll -> [Ver = | Size = 100864 bytes | Created Date = 6/9/2008 5:55:17 PM | Attr = ]
lbqgycpm.dll -> %SystemRoot%\System32\lbqgycpm.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/18/2008 2:57:55 PM | Attr = ]
lhuyqges.dll -> %SystemRoot%\System32\lhuyqges.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/5/2008 5:49:33 PM | Attr = ]
ljxjnccd.dll -> %SystemRoot%\System32\ljxjnccd.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/11/2008 6:11:02 PM | Attr = ]
llvjfrld.dll -> %SystemRoot%\System32\llvjfrld.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/11/2008 5:53:10 PM | Attr = ]
lscdwrio.dll -> %SystemRoot%\System32\lscdwrio.dll -> [Ver = | Size = 99328 bytes | Created Date = 6/13/2008 6:03:35 PM | Attr = ]
lsiisjay.dll -> %SystemRoot%\System32\lsiisjay.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/10/2008 5:57:22 PM | Attr = ]
lvgjjupd.dll -> %SystemRoot%\System32\lvgjjupd.dll -> [Ver = | Size = 99328 bytes | Created Date = 6/13/2008 10:06:29 PM | Attr = ]
mabjdshq.dll -> %SystemRoot%\System32\mabjdshq.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/9/2008 6:07:20 PM | Attr = ]
malhibfd.dll -> %SystemRoot%\System32\malhibfd.dll -> [Ver = | Size = 98304 bytes | Created Date = 6/14/2008 10:07:15 PM | Attr = ]
mbhkaagx.ini -> %SystemRoot%\System32\mbhkaagx.ini -> [Ver = | Size = 1667296 bytes | Created Date = 6/20/2008 4:23:33 AM | Attr = HS]
mcnuvyio.exe -> %SystemRoot%\System32\mcnuvyio.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/4/2008 6:01:45 PM | Attr = ]
mexytxfu.dll -> %SystemRoot%\System32\mexytxfu.dll -> [Ver = | Size = 147456 bytes | Created Date = 6/10/2008 6:00:22 PM | Attr = ]
mfbohqxx.dll -> %SystemRoot%\System32\mfbohqxx.dll -> [Ver = | Size = 114176 bytes | Created Date = 5/31/2008 10:46:29 PM | Attr = ]
mjgfufxj.ini -> %SystemRoot%\System32\mjgfufxj.ini -> [Ver = | Size = 1658923 bytes | Created Date = 6/14/2008 10:10:25 PM | Attr = HS]
muutwswe.dll -> %SystemRoot%\System32\muutwswe.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/20/2008 4:44:11 PM | Attr = ]
nbauwnfj.dll -> %SystemRoot%\System32\nbauwnfj.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/13/2008 10:03:29 PM | Attr = ]
nnyydbyy.dll -> %SystemRoot%\System32\nnyydbyy.dll -> [Ver = | Size = 98816 bytes | Created Date = 6/11/2008 6:05:03 PM | Attr = ]
npfvtdon.dll -> %SystemRoot%\System32\npfvtdon.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/6/2008 5:50:24 PM | Attr = ]
npikuevf.dll -> %SystemRoot%\System32\npikuevf.dll -> [Ver = | Size = 90112 bytes | Created Date = 6/17/2008 2:57:08 PM | Attr = ]
odjaashy.dll -> %SystemRoot%\System32\odjaashy.dll -> [Ver = | Size = 99328 bytes | Created Date = 6/17/2008 3:04:26 PM | Attr = ]
ofydusri.dll -> %SystemRoot%\System32\ofydusri.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/8/2008 6:06:43 PM | Attr = ]
ojowcooj.dll -> %SystemRoot%\System32\ojowcooj.dll -> [Ver = | Size = 184320 bytes | Created Date = 6/10/2008 6:12:22 PM | Attr = ]
ovmvnkqv.dll -> %SystemRoot%\System32\ovmvnkqv.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/18/2008 7:33:42 PM | Attr = ]
owmwvoff.dll -> %SystemRoot%\System32\owmwvoff.dll -> [Ver = | Size = 98816 bytes | Created Date = 6/18/2008 3:03:55 PM | Attr = ]
oyawkspc.dll -> %SystemRoot%\System32\oyawkspc.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/11/2008 5:56:02 PM | Attr = ]
oytsbobb.dll -> %SystemRoot%\System32\oytsbobb.dll -> [Ver = | Size = 109056 bytes | Created Date = 6/9/2008 6:04:17 PM | Attr = ]
pbbfattm.exe -> %SystemRoot%\System32\pbbfattm.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/5/2008 6:07:34 PM | Attr = ]
phhqerdt.dll -> %SystemRoot%\System32\phhqerdt.dll -> [Ver = | Size = 157184 bytes | Created Date = 6/10/2008 5:54:23 PM | Attr = ]
plktumgo.dll -> %SystemRoot%\System32\plktumgo.dll -> [Ver = | Size = 98816 bytes | Created Date = 6/20/2008 4:23:17 AM | Attr = ]
pwwnoqhd.dll -> %SystemRoot%\System32\pwwnoqhd.dll -> [Ver = | Size = 115200 bytes | Created Date = 6/3/2008 5:55:28 PM | Attr = ]
pxdfautc.ini -> %SystemRoot%\System32\pxdfautc.ini -> [Ver = | Size = 1696321 bytes | Created Date = 6/20/2008 4:52:12 PM | Attr = HS]
qhsdjbam.ini -> %SystemRoot%\System32\qhsdjbam.ini -> [Ver = | Size = 1583903 bytes | Created Date = 6/9/2008 6:07:30 PM | Attr = HS]
qlvfyaur.dll -> %SystemRoot%\System32\qlvfyaur.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/12/2008 5:57:48 PM | Attr = ]
qngkwsde.dll -> %SystemRoot%\System32\qngkwsde.dll -> [Ver = | Size = 3072 bytes | Created Date = 6/4/2008 5:55:39 PM | Attr = ]
qsstiusu.dll -> %SystemRoot%\System32\qsstiusu.dll -> [Ver = | Size = 108544 bytes | Created Date = 6/8/2008 5:57:43 PM | Attr = ]
rbkoufhx.dll -> %SystemRoot%\System32\rbkoufhx.dll -> [Ver = | Size = 81408 bytes | Created Date = 6/13/2008 10:18:29 PM | Attr = ]
rehglmdp.dll -> %SystemRoot%\System32\rehglmdp.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/19/2008 4:03:16 PM | Attr = ]
rqRHywvw.dll -> %SystemRoot%\System32\rqRHywvw.dll -> [Ver = | Size = 59392 bytes | Created Date = 5/31/2008 10:26:39 AM | Attr = ]
ryjtewrq.dll -> %SystemRoot%\System32\ryjtewrq.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/12/2008 6:09:49 PM | Attr = ]
scjavbag.exe -> %SystemRoot%\System32\scjavbag.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/6/2008 6:02:24 PM | Attr = ]
sgrqnfmd.dll -> %SystemRoot%\System32\sgrqnfmd.dll -> [Ver = | Size = 118272 bytes | Created Date = 6/6/2008 5:56:24 PM | Attr = ]
tmnlvwhe.ini -> %SystemRoot%\System32\tmnlvwhe.ini -> [Ver = | Size = 1630588 bytes | Created Date = 6/17/2008 2:59:19 PM | Attr = HS]
tpdykowb.dll -> %SystemRoot%\System32\tpdykowb.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/14/2008 10:01:48 PM | Attr = ]
tpefromg.ini -> %SystemRoot%\System32\tpefromg.ini -> [Ver = | Size = 1630588 bytes | Created Date = 6/11/2008 5:59:13 PM | Attr = HS]
tuokflce.dll -> %SystemRoot%\System32\tuokflce.dll -> [Ver = | Size = 114176 bytes | Created Date = 5/31/2008 10:33:03 AM | Attr = ]
ufxtyxem.ini -> %SystemRoot%\System32\ufxtyxem.ini -> [Ver = | Size = 1579534 bytes | Created Date = 6/10/2008 6:00:34 PM | Attr = HS]
ugtsllel.dll -> %SystemRoot%\System32\ugtsllel.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/13/2008 5:54:35 PM | Attr = ]
umhdckun.dll -> %SystemRoot%\System32\umhdckun.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/4/2008 5:49:40 PM | Attr = ]
urqNFuRi.dll -> %SystemRoot%\System32\urqNFuRi.dll -> [Ver = | Size = 59392 bytes | Created Date = 5/31/2008 10:27:24 AM | Attr = ]
usegnnfb.dll -> %SystemRoot%\System32\usegnnfb.dll -> [Ver = | Size = 49664 bytes | Created Date = 6/13/2008 10:09:29 PM | Attr = ]
vdpmmclp.dll -> %SystemRoot%\System32\vdpmmclp.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/13/2008 10:01:15 PM | Attr = ]
vnhcvqtu.dll -> %SystemRoot%\System32\vnhcvqtu.dll -> [Ver = | Size = 99840 bytes | Created Date = 6/16/2008 2:21:50 AM | Attr = ]
vnpshehi.exe -> %SystemRoot%\System32\vnpshehi.exe -> [Ver = | Size = 2560 bytes | Created Date = 6/7/2008 6:08:56 PM | Attr = ]
vnvhnbml.dll -> %SystemRoot%\System32\vnvhnbml.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/18/2008 7:31:47 PM | Attr = ]
vphcqlev.dll -> %SystemRoot%\System32\vphcqlev.dll -> [Ver = | Size = 101376 bytes | Created Date = 6/7/2008 5:53:56 PM | Attr = ]
vpvbnnre.dll -> %SystemRoot%\System32\vpvbnnre.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/14/2008 10:04:15 PM | Attr = ]
vqknvmvo.ini -> %SystemRoot%\System32\vqknvmvo.ini -> [Ver = | Size = 1650720 bytes | Created Date = 6/18/2008 7:33:53 PM | Attr = HS]
wjssxmje.dll -> %SystemRoot%\System32\wjssxmje.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/13/2008 5:57:28 PM | Attr = ]
wlhbfnkf.dll -> %SystemRoot%\System32\wlhbfnkf.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/7/2008 6:05:57 PM | Attr = ]
wnqvrwri.dll -> %SystemRoot%\System32\wnqvrwri.dll -> [Ver = | Size = 90112 bytes | Created Date = 6/20/2008 4:46:21 PM | Attr = ]
wpterqjo.dll -> %SystemRoot%\System32\wpterqjo.dll -> [Ver = | Size = 92160 bytes | Created Date = 5/31/2008 10:37:29 PM | Attr = ]
wqwqdwrn.dll -> %SystemRoot%\System32\wqwqdwrn.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/20/2008 4:48:56 PM | Attr = ]
wrcbpqny.ini -> %SystemRoot%\System32\wrcbpqny.ini -> [Ver = | Size = 1660559 bytes | Created Date = 6/12/2008 6:13:00 PM | Attr = HS]
wyltdviq.dll -> %SystemRoot%\System32\wyltdviq.dll -> [Ver = | Size = 89600 bytes | Created Date = 6/19/2008 4:03:08 PM | Attr = ]
xdkwywpf.exe -> %SystemRoot%\System32\xdkwywpf.exe -> [Ver = | Size = 2560 bytes | Created Date = 5/31/2008 10:43:30 PM | Attr = ]
xdvteorj.dll -> %SystemRoot%\System32\xdvteorj.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/16/2008 2:11:43 AM | Attr = ]
xgaakhbm.dll -> %SystemRoot%\System32\xgaakhbm.dll -> [Ver = | Size = 79360 bytes | Created Date = 6/20/2008 4:23:22 AM | Attr = ]
xgqkjlmx.dll -> %SystemRoot%\System32\xgqkjlmx.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/10/2008 6:03:22 PM | Attr = ]
xhfuokbr.ini -> %SystemRoot%\System32\xhfuokbr.ini -> [Ver = | Size = 1658923 bytes | Created Date = 6/13/2008 10:18:40 PM | Attr = HS]
xxiiiagf.dll -> %SystemRoot%\System32\xxiiiagf.dll -> [Ver = | Size = 126976 bytes | Created Date = 6/4/2008 5:52:40 PM | Attr = ]
xxqhobfm.ini -> %SystemRoot%\System32\xxqhobfm.ini -> [Ver = | Size = 1485866 bytes | Created Date = 5/31/2008 10:46:42 PM | Attr = HS]
ycqtetcg.dll -> %SystemRoot%\System32\ycqtetcg.dll -> [Ver = | Size = 133120 bytes | Created Date = 6/3/2008 6:07:28 PM | Attr = ]
yjjbgaoj.dll -> %SystemRoot%\System32\yjjbgaoj.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/14/2008 10:16:15 PM | Attr = ]
yjpeyjca.dll -> %SystemRoot%\System32\yjpeyjca.dll -> [Ver = | Size = 3072 bytes | Created Date = 6/5/2008 6:13:29 PM | Attr = ]
yndosomn.dll -> %SystemRoot%\System32\yndosomn.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/15/2008 10:16:12 PM | Attr = ]
ynqpbcrw.dll -> %SystemRoot%\System32\ynqpbcrw.dll -> [Ver = | Size = 80896 bytes | Created Date = 6/12/2008 6:12:49 PM | Attr = ]
ywnqmwsq.dll -> %SystemRoot%\System32\ywnqmwsq.dll -> [Ver = | Size = 92160 bytes | Created Date = 6/7/2008 5:50:57 PM | Attr = ]
.jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Created Date = 5/29/2008 7:19:32 PM | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
BM0d554be5.xml -> %SystemRoot%\BM0d554be5.xml -> [Ver = | Size = 110330 bytes | Created Date = 5/31/2008 10:34:45 PM | Attr = ]
cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 2583 bytes | Created Date = 6/2/2008 4:39:09 PM | Attr = ]
pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 5/31/2008 10:34:48 PM | Attr = ]
AAB191E4918E0678.job -> %SystemRoot%\tasks\AAB191E4918E0678.job -> [Ver = | Size = 258 bytes | Created Date = 5/30/2008 3:23:59 PM | Attr = H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
OrbNetworks -> %AllUsersProfile%\Application Data\OrbNetworks -> [Folder | Created Date = 5/26/2008 7:36:21 PM | Attr = ]
Winamp Toolbar -> %AllUsersProfile%\Application Data\Winamp Toolbar -> [Folder | Created Date = 5/26/2008 7:36:28 PM | Attr = ]
Winamp Toolbar -> %UserProfile%\Local Settings\Application Data\Winamp Toolbar -> [Folder | Created Date = 5/26/2008 8:03:28 PM | Attr = ]
Grand Theft Anal 11 Porn DVDRiP.rar -> %UserProfile%\My Documents\Grand Theft Anal 11 Porn DVDRiP.rar -> [Ver = | Size = 808238043 bytes | Created Date = 6/14/2008 11:57:42 AM | Attr = ]
My Chat Logs -> %UserProfile%\My Documents\My Chat Logs -> [Folder | Created Date = 6/13/2008 11:26:50 AM | Attr = ]
My Stationery -> %UserProfile%\My Documents\My Stationery -> [Folder | Created Date = 5/26/2008 5:03:20 PM | Attr = R S]
Omen-r74823.2.zip -> %UserProfile%\My Documents\Omen-r74823.2.zip -> [Ver = | Size = 324486 bytes | Created Date = 5/25/2008 3:12:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Omen-r74823.2.zip:Zone.Identifier
Playstation 2 Emulator v2.09.01 [Latest] + New Ps2 Bios -> %UserProfile%\My Documents\Playstation 2 Emulator v2.09.01 [Latest] + New Ps2 Bios -> [Folder | Created Date = 5/31/2008 10:25:50 AM | Attr = ]
SOTK VOL2Disc 1 -> %UserProfile%\My Documents\SOTK VOL2Disc 1 -> [Folder | Created Date = 5/25/2008 3:29:32 PM | Attr = ]
SOTK VOL2Disc 1.zip -> %UserProfile%\My Documents\SOTK VOL2Disc 1.zip -> [Ver = | Size = 78385158 bytes | Created Date = 5/25/2008 12:08:03 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\SOTK VOL2Disc 1.zip:Zone.Identifier
SOTK VOL2Disc 2 -> %UserProfile%\My Documents\SOTK VOL2Disc 2 -> [Folder | Created Date = 5/25/2008 3:29:48 PM | Attr = ]
SOTK VOL2Disc 2.zip -> %UserProfile%\My Documents\SOTK VOL2Disc 2.zip -> [Ver = | Size = 68571582 bytes | Created Date = 5/25/2008 12:07:35 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\SOTK VOL2Disc 2.zip:Zone.Identifier
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 80896 bytes | Created Date = 5/24/2008 4:23:11 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
WSH VOL10Disc 1 -> %UserProfile%\My Documents\WSH VOL10Disc 1 -> [Folder | Created Date = 5/24/2008 11:46:32 PM | Attr = ]
WSH VOL10Disc 1.zip -> %UserProfile%\My Documents\WSH VOL10Disc 1.zip -> [Ver = | Size = 72588455 bytes | Created Date = 5/24/2008 11:46:15 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\WSH VOL10Disc 1.zip:Zone.Identifier
WSH VOL10Disc 2 -> %UserProfile%\My Documents\WSH VOL10Disc 2 -> [Folder | Created Date = 5/24/2008 11:48:01 PM | Attr = ]
WSH VOL10Disc 2.zip -> %UserProfile%\My Documents\WSH VOL10Disc 2.zip -> [Ver = | Size = 68655742 bytes | Created Date = 5/24/2008 11:47:33 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\WSH VOL10Disc 2.zip:Zone.Identifier
Winamp Remote.lnk -> %AllUsersProfile%\Desktop\Winamp Remote.lnk -> [Ver = | Size = 1668 bytes | Created Date = 5/26/2008 7:36:25 PM | Attr = ]
Counter-Strike.lnk -> %UserProfile%\Desktop\Counter-Strike.lnk -> [Ver = | Size = 1570 bytes | Created Date = 6/5/2008 9:56:51 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/21/2008 1:49:33 PM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Created Date = 6/21/2008 1:49:25 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Eroca -> %ProgramFiles%\Eroca -> [Folder | Created Date = 6/1/2008 10:37:20 AM | Attr = ]
Idol heck -> %ProgramFiles%\Idol heck -> [Folder | Created Date = 5/30/2008 3:20:09 PM | Attr = ]
ISM -> %ProgramFiles%\ISM -> [Folder | Created Date = 6/1/2008 10:42:12 AM | Attr = ]
Pcsx2 -> %ProgramFiles%\Pcsx2 -> [Folder | Created Date = 5/31/2008 10:28:04 AM | Attr = ]
Winamp Remote -> %ProgramFiles%\Winamp Remote -> [Folder | Created Date = 5/26/2008 7:36:18 PM | Attr = ]
Winamp Toolbar -> %ProgramFiles%\Winamp Toolbar -> [Folder | Created Date = 5/26/2008 7:36:28 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
HiJackThis.exe -> %SystemDrive%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 6/20/2008 9:30:47 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\HiJackThis.exe:Zone.Identifier
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/11/2008 3:50:05 PM | Attr = R ]
1 C:\*.tmp files -> C:\*.tmp ->
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/16/2008 7:03:02 PM | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/16/2008 7:03:02 PM | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/3/2008 8:05:52 AM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 6/21/2008 2:50:11 PM | Attr = ]
ajijmhwh.ini -> %SystemRoot%\System32\ajijmhwh.ini -> [Ver = | Size = 1568883 bytes | Modified Date = 6/5/2008 5:55:56 PM | Attr = HS]
akaqtcjn.dll -> %SystemRoot%\System32\akaqtcjn.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/2/2008 3:25:11 PM | Attr = ]
atdcrmqq.exe -> %SystemRoot%\System32\atdcrmqq.exe -> [Ver = | Size = 2560 bytes | Modified Date = 6/8/2008 6:09:43 PM | Attr = ]
axkbmqoh.dll -> %SystemRoot%\System32\axkbmqoh.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/17/2008 3:07:30 PM | Attr = ]
bctqpgle.ini -> %SystemRoot%\System32\bctqpgle.ini -> [Ver = | Size = 1542940 bytes | Modified Date = 6/4/2008 10:10:53 PM | Attr = HS]
bkfknakv.dll -> %SystemRoot%\System32\bkfknakv.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/13/2008 6:09:41 PM | Attr = ]
brggjemb.dll -> %SystemRoot%\System32\brggjemb.dll -> [Ver = | Size = 92160 bytes | Modified Date = 6/12/2008 5:54:50 PM | Attr = ]
bxvlxvfo.dll -> %SystemRoot%\System32\bxvlxvfo.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/13/2008 10:18:31 PM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/21/2008 2:45:27 PM | Attr = ]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
chueysoc.dll -> %SystemRoot%\System32\chueysoc.dll -> [Ver = | Size = 126464 bytes | Modified Date = 5/31/2008 10:34:31 PM | Attr = ]
cnujelni.dll -> %SystemRoot%\System32\cnujelni.dll -> [Ver = | Size = 81408 bytes | Modified Date = 6/13/2008 6:01:10 PM | Attr = ]
ctcppjyh.dll -> %SystemRoot%\System32\ctcppjyh.dll -> [Ver = | Size = 100352 bytes | Modified Date = 6/8/2008 5:51:45 PM | Attr = ]
ctuafdxp.dll -> %SystemRoot%\System32\ctuafdxp.dll -> [Ver = | Size = 79360 bytes | Modified Date = 6/20/2008 4:51:58 PM | Attr = ]
ddatcewo.dll -> %SystemRoot%\System32\ddatcewo.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/19/2008 4:05:26 PM | Attr = ]
dhqonwwp.ini
  • 0

#5
ajkaneo

ajkaneo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\Aj\Application Data -> [Folder | Modified Date = 6/11/2008 3:50:07 PM | Attr = RH ]
.wyzo -> C:\Documents and Settings\Aj\Application Data\.wyzo -> [Folder | Modified Date = 5/13/2008 3:01:10 PM | Attr = ]
Acreon -> C:\Documents and Settings\Aj\Application Data\Acreon -> [Folder | Modified Date = 3/30/2008 11:49:29 PM | Attr = ]
WowMatrix -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix -> [Folder | Modified Date = 4/2/2008 4:06:43 PM | Attr = ]
Archives -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives -> [Folder | Modified Date = 4/2/2008 4:06:40 PM | Attr = ]
!ImprovedErrorFrame -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\!ImprovedErrorFrame -> [Folder | Modified Date = 3/30/2008 11:50:17 PM | Attr = ]
Skin -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\!ImprovedErrorFrame\Skin -> [Folder | Modified Date = 3/1/2007 10:23:29 PM | Attr = ]
Sound -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\!ImprovedErrorFrame\Sound -> [Folder | Modified Date = 3/1/2007 10:23:29 PM | Attr = ]
Ace2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2 -> [Folder | Modified Date = 3/30/2008 11:50:21 PM | Attr = ]
AceAddon-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceAddon-2.0 -> [Folder | Modified Date = 9/28/2007 3:26:04 AM | Attr = ]
AceComm-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceComm-2.0 -> [Folder | Modified Date = 9/28/2007 3:24:42 AM | Attr = ]
AceConsole-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceConsole-2.0 -> [Folder | Modified Date = 9/28/2007 3:24:44 AM | Attr = ]
AceDB-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceDB-2.0 -> [Folder | Modified Date = 9/28/2007 3:24:44 AM | Attr = ]
AceDebug-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceDebug-2.0 -> [Folder | Modified Date = 9/28/2007 3:24:44 AM | Attr = ]
AceEvent-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceEvent-2.0 -> [Folder | Modified Date = 9/28/2007 3:24:44 AM | Attr = ]
AceHook-2.1 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceHook-2.1 -> [Folder | Modified Date = 9/28/2007 3:24:44 AM | Attr = ]
AceLibrary -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceLibrary -> [Folder | Modified Date = 9/28/2007 3:24:44 AM | Attr = ]
AceLocale-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceLocale-2.2 -> [Folder | Modified Date = 9/28/2007 3:24:44 AM | Attr = ]
AceModuleCore-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceModuleCore-2.0 -> [Folder | Modified Date = 9/28/2007 3:24:42 AM | Attr = ]
AceOO-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceOO-2.0 -> [Folder | Modified Date = 9/28/2007 3:24:42 AM | Attr = ]
AceTab-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Ace2\AceTab-2.0 -> [Folder | Modified Date = 9/28/2007 3:24:44 AM | Attr = ]
AlphaMap -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AlphaMap -> [Folder | Modified Date = 3/30/2008 11:50:24 PM | Attr = ]
Artwork -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AlphaMap\Artwork -> [Folder | Modified Date = 3/1/2007 10:23:30 PM | Attr = ]
Maps -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AlphaMap\Maps -> [Folder | Modified Date = 6/10/2007 5:29:48 PM | Attr = ]
AltInvite -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AltInvite -> [Folder | Modified Date = 3/30/2008 11:50:25 PM | Attr = ]
ArcaneBar -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\ArcaneBar -> [Folder | Modified Date = 3/30/2008 11:50:27 PM | Attr = ]
Skin -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\ArcaneBar\Skin -> [Folder | Modified Date = 3/1/2007 10:23:30 PM | Attr = ]
Archaeologist -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Archaeologist -> [Folder | Modified Date = 3/30/2008 11:50:31 PM | Attr = ]
Skin -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Archaeologist\Skin -> [Folder | Modified Date = 3/1/2007 10:23:25 PM | Attr = ]
ClassIcons -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Archaeologist\Skin\ClassIcons -> [Folder | Modified Date = 3/1/2007 10:23:25 PM | Attr = ]
PortraitIcons -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Archaeologist\Skin\PortraitIcons -> [Folder | Modified Date = 3/1/2007 10:23:25 PM | Attr = ]
AtlasLoot -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot -> [Folder | Modified Date = 4/2/2008 4:06:27 PM | Attr = ]
Add_Ons -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Add_Ons -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Bossnames -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Bossnames -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Constants -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Constants -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Core -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Core -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
DefaultFrame -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\DefaultFrame -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Documentation -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Documentation -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Images -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Images -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Instances -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Instances -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Libs -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
AceAddon-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\AceAddon-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
AceDB-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\AceDB-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
AceEvent-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\AceEvent-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
AceLibrary -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\AceLibrary -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
AceLocale-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\AceLocale-2.2 -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
AceOO-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\AceOO-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
Babble-Boss-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\Babble-Boss-2.2 -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Babble-Class-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\Babble-Class-2.2 -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
Babble-Faction-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\Babble-Faction-2.2 -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
Babble-Inventory-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\Babble-Inventory-2.2 -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
Babble-Tradeskill-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\Babble-Tradeskill-2.2 -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Babble-Zone-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\Babble-Zone-2.2 -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
Dewdrop-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\Dewdrop-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
FuBarPlugin-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\FuBarPlugin-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:36 PM | Attr = ]
Tablet-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\Libs\Tablet-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
PvP -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\PvP -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
TableRegister -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\TableRegister -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
WorldBosses -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\AtlasLoot\WorldBosses -> [Folder | Modified Date = 3/30/2008 11:50:35 PM | Attr = ]
BetterItemCount -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\BetterItemCount -> [Folder | Modified Date = 3/30/2008 11:50:37 PM | Attr = ]
BetterKeyBinding -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\BetterKeyBinding -> [Folder | Modified Date = 3/30/2008 11:50:39 PM | Attr = ]
ChatThrottleLib -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\ChatThrottleLib -> [Folder | Modified Date = 3/30/2008 11:50:40 PM | Attr = ]
Chronos -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Chronos -> [Folder | Modified Date = 3/30/2008 11:50:42 PM | Attr = ]
CooldownCount -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount -> [Folder | Modified Date = 4/2/2008 4:05:17 PM | Attr = ]
libs -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
AceAddon-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs\AceAddon-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
AceConsole-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs\AceConsole-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
AceDB-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs\AceDB-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
AceEvent-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs\AceEvent-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
AceHook-2.1 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs\AceHook-2.1 -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
AceLibrary -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs\AceLibrary -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
AceLocale-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs\AceLocale-2.2 -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
AceOO-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs\AceOO-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
SharedMedia-1.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\CooldownCount\libs\SharedMedia-1.0 -> [Folder | Modified Date = 3/30/2008 11:50:44 PM | Attr = ]
DamageMeters -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DamageMeters -> [Folder | Modified Date = 4/2/2008 4:05:08 PM | Attr = ]
Libs -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DamageMeters\Libs -> [Folder | Modified Date = 2/3/2008 2:51:18 AM | Attr = ]
ChatThrottleLib -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DamageMeters\Libs\ChatThrottleLib -> [Folder | Modified Date = 2/3/2008 2:51:18 AM | Attr = ]
TitanDamageMeters -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DamageMeters\TitanDamageMeters -> [Folder | Modified Date = 2/3/2008 2:51:18 AM | Attr = ]
Skin -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DamageMeters\TitanDamageMeters\Skin -> [Folder | Modified Date = 2/3/2008 2:51:18 AM | Attr = ]
DBM_API -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DBM_API -> [Folder | Modified Date = 3/30/2008 11:50:47 PM | Attr = ]
Textures -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DBM_API\Textures -> [Folder | Modified Date = 8/15/2007 8:14:44 AM | Attr = ]
DBM_Battlegrounds -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DBM_Battlegrounds -> [Folder | Modified Date = 3/30/2008 11:50:48 PM | Attr = ]
DBM_BlackTemple -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DBM_BlackTemple -> [Folder | Modified Date = 3/30/2008 11:50:48 PM | Attr = ]
DBM_GUI -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DBM_GUI -> [Folder | Modified Date = 3/30/2008 11:50:49 PM | Attr = ]
DBM_Hyjal -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DBM_Hyjal -> [Folder | Modified Date = 3/30/2008 11:50:49 PM | Attr = ]
DBM_Karazhan -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DBM_Karazhan -> [Folder | Modified Date = 3/30/2008 11:50:49 PM | Attr = ]
DBM_Serpentshrine -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DBM_Serpentshrine -> [Folder | Modified Date = 3/30/2008 11:50:50 PM | Attr = ]
DBM_TheEye -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DBM_TheEye -> [Folder | Modified Date = 3/30/2008 11:50:50 PM | Attr = ]
Decursive -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive -> [Folder | Modified Date = 4/2/2008 4:06:31 PM | Attr = ]
Libs -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
AceAddon-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\AceAddon-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:56 PM | Attr = ]
AceConsole-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\AceConsole-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
AceDB-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\AceDB-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
AceDebug-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\AceDebug-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
AceEvent-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\AceEvent-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
AceLibrary -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\AceLibrary -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
AceLocale-2.2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\AceLocale-2.2 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
AceOO-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\AceOO-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
Dewdrop-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\Dewdrop-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
FuBarPlugin-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\FuBarPlugin-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
LibBabble-Class-3.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\LibBabble-Class-3.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
LibStub -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\LibBabble-Class-3.0\LibStub -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
LibBabble-Spell-3.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\LibBabble-Spell-3.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
LibStub -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\LibBabble-Spell-3.0\LibStub -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
LibStub -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\LibStub -> [Folder | Modified Date = 3/30/2008 11:50:56 PM | Attr = ]
tests -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\LibStub\tests -> [Folder | Modified Date = 3/30/2008 11:50:56 PM | Attr = ]
SpecialEvents-Aura-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\SpecialEvents-Aura-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
Tablet-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\Tablet-2.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
Waterfall-1.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Libs\Waterfall-1.0 -> [Folder | Modified Date = 3/30/2008 11:50:57 PM | Attr = ]
Textures -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Decursive\Textures -> [Folder | Modified Date = 3/30/2008 11:50:56 PM | Attr = ]
DurabilityStatus -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\DurabilityStatus -> [Folder | Modified Date = 3/30/2008 11:50:59 PM | Attr = ]
EquipCompare -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\EquipCompare -> [Folder | Modified Date = 3/30/2008 11:51:01 PM | Attr = ]
FuBarPlugin-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\FuBarPlugin-2.0 -> [Folder | Modified Date = 3/30/2008 11:51:03 PM | Attr = ]
FuBarPlugin-2.0 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\FuBarPlugin-2.0\FuBarPlugin-2.0 -> [Folder | Modified Date = 11/14/2007 12:17:34 AM | Attr = ]
HealBot -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\HealBot -> [Folder | Modified Date = 3/30/2008 11:51:08 PM | Attr = ]
Images -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\HealBot\Images -> [Folder | Modified Date = 12/1/2007 1:25:06 PM | Attr = ]
Khaos -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Khaos -> [Folder | Modified Date = 3/30/2008 11:51:10 PM | Attr = ]
DynamicPopup -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Khaos\DynamicPopup -> [Folder | Modified Date = 3/1/2007 10:23:24 PM | Attr = ]
Skin -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Khaos\Skin -> [Folder | Modified Date = 3/1/2007 10:23:24 PM | Attr = ]
Tabs -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Khaos\Skin\Tabs -> [Folder | Modified Date = 3/1/2007 10:23:24 PM | Attr = ]
tests -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Khaos\tests -> [Folder | Modified Date = 3/1/2007 10:23:24 PM | Attr = ]
MapNotes -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\MapNotes -> [Folder | Modified Date = 3/30/2008 11:51:14 PM | Attr = ]
MiscGFX -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\MapNotes\MiscGFX -> [Folder | Modified Date = 3/1/2007 10:23:23 PM | Attr = ]
POIIcons -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\MapNotes\POIIcons -> [Folder | Modified Date = 3/1/2007 10:23:23 PM | Attr = ]
MobInfo2 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\MobInfo2 -> [Folder | Modified Date = 3/30/2008 11:51:16 PM | Attr = ]
QuestHelper -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\QuestHelper -> [Folder | Modified Date = 4/2/2008 4:06:40 PM | Attr = ]
Art -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\QuestHelper\Art -> [Folder | Modified Date = 3/30/2008 11:51:23 PM | Attr = ]
Astrolabe -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\QuestHelper\Astrolabe -> [Folder | Modified Date = 3/30/2008 11:51:23 PM | Attr = ]
ChatThrottleLib -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\QuestHelper\ChatThrottleLib -> [Folder | Modified Date = 3/30/2008 11:51:23 PM | Attr = ]
Thottbot -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Thottbot -> [Folder | Modified Date = 3/30/2008 11:51:27 PM | Attr = ]
Chronos -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Archives\Thottbot\Chronos -> [Folder | Modified Date = 6/10/2007 5:29:52 PM | Attr = ]
Components -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Components -> [Folder | Modified Date = 3/30/2008 11:49:29 PM | Attr = ]
Downloads -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Downloads -> [Folder | Modified Date = 4/2/2008 4:05:08 PM | Attr = ]
Extracts -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Extracts -> [Folder | Modified Date = 4/2/2008 4:06:39 PM | Attr = ]
QuestHelper.extract.1207148799 -> C:\Documents and Settings\Aj\Application Data\Acreon\WowMatrix\Extracts\QuestHelper.extract.1207148799 -> [Folder | Modified Date = 4/2/2008 4:06:40 PM | Attr = ]
Adobe -> C:\Documents and Settings\Aj\Application Data\Adobe -> [Folder | Modified Date = 6/5/2008 9:54:36 PM | Attr = ]
Acrobat -> C:\Documents and Settings\Aj\Application Data\Adobe\Acrobat -> [Folder | Modified Date = 6/29/2007 3:53:01 PM | Attr = ]
Whapi -> C:\Documents and Settings\Aj\Application Data\Adobe\Acrobat\Whapi -> [Folder | Modified Date = 6/29/2007 3:53:07 PM | Attr = ]
Flash Player -> C:\Documents and Settings\Aj\Application Data\Adobe\Flash Player -> [Folder | Modified Date = 6/5/2008 9:54:36 PM | Attr = ]
AssetCache -> C:\Documents and Settings\Aj\Application Data\Adobe\Flash Player\AssetCache -> [Folder | Modified Date = 6/5/2008 9:54:36 PM | Attr = ]
UYUKAXGR -> C:\Documents and Settings\Aj\Application Data\Adobe\Flash Player\AssetCache\UYUKAXGR -> [Folder | Modified Date = 6/5/2008 9:54:36 PM | Attr = ]
Creative -> C:\Documents and Settings\Aj\Application Data\Creative -> [Folder | Modified Date = 4/8/2008 4:43:44 PM | Attr = ]
Audio Sync -> C:\Documents and Settings\Aj\Application Data\Creative\Audio Sync -> [Folder | Modified Date = 7/11/2007 8:34:18 PM | Attr = ]
Media Database -> C:\Documents and Settings\Aj\Application Data\Creative\Media Database -> [Folder | Modified Date = 6/3/2008 8:45:34 AM | Attr = ]
JetFileBackup -> C:\Documents and Settings\Aj\Application Data\Creative\Media Database\JetFileBackup -> [Folder | Modified Date = 5/6/2008 4:34:32 PM | Attr = ]
MediaSource -> C:\Documents and Settings\Aj\Application Data\Creative\MediaSource -> [Folder | Modified Date = 6/7/2008 6:51:29 PM | Attr = ]
Nomad Player -> C:\Documents and Settings\Aj\Application Data\Creative\Nomad Player -> [Folder | Modified Date = 6/3/2008 8:45:34 AM | Attr = ]
Temp -> C:\Documents and Settings\Aj\Application Data\Creative\Temp -> [Folder | Modified Date = 4/8/2008 5:13:01 PM | Attr = ]
WebCam Center -> C:\Documents and Settings\Aj\Application Data\Creative\WebCam Center -> [Folder | Modified Date = 9/6/2007 5:58:39 AM | Attr = ]
Google -> C:\Documents and Settings\Aj\Application Data\Google -> [Folder | Modified Date = 8/2/2007 8:22:55 PM | Attr = ]
Local Search History -> C:\Documents and Settings\Aj\Application Data\Google\Local Search History -> [Folder | Modified Date = 8/2/2007 8:22:55 PM | Attr = ]
Help -> C:\Documents and Settings\Aj\Application Data\Help -> [Folder | Modified Date = 6/29/2007 5:32:08 AM | Attr = ]
Identities -> C:\Documents and Settings\Aj\Application Data\Identities -> [Folder | Modified Date = 6/29/2007 5:15:00 AM | Attr = ]
{A8C36360-9449-430B-A5F1-0284A66A0544} -> C:\Documents and Settings\Aj\Application Data\Identities\{A8C36360-9449-430B-A5F1-0284A66A0544} -> [Folder | Modified Date = 6/29/2007 5:15:00 AM | Attr = ]
Idol heck -> C:\Documents and Settings\Aj\Application Data\Idol heck -> [Folder | Modified Date = 5/30/2008 3:23:59 PM | Attr = ]
InterTrust -> C:\Documents and Settings\Aj\Application Data\InterTrust -> [Folder | Modified Date = 6/29/2007 3:53:01 PM | Attr = ]
ReceiptRepository -> C:\Documents and Settings\Aj\Application Data\InterTrust\ReceiptRepository -> [Folder | Modified Date = 6/29/2007 3:53:01 PM | Attr = ]
LimeWire -> C:\Documents and Settings\Aj\Application Data\LimeWire -> [Folder | Modified Date = 5/4/2008 2:26:39 AM | Attr = ]
.NetworkShare -> C:\Documents and Settings\Aj\Application Data\LimeWire\.NetworkShare -> [Folder | Modified Date = 3/6/2008 8:48:51 PM | Attr = ]
Incomplete -> C:\Documents and Settings\Aj\Application Data\LimeWire\.NetworkShare\Incomplete -> [Folder | Modified Date = 3/6/2008 8:48:51 PM | Attr = ]
themes -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes -> [Folder | Modified Date = 7/6/2007 3:40:04 AM | Attr = ]
black_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\black_theme -> [Folder | Modified Date = 7/6/2007 3:40:04 AM | Attr = ]
classic_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\classic_theme -> [Folder | Modified Date = 7/6/2007 3:40:04 AM | Attr = ]
limewire_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\limewire_theme -> [Folder | Modified Date = 7/6/2007 3:40:04 AM | Attr = ]
limewirePro_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\limewirePro_theme -> [Folder | Modified Date = 7/6/2007 3:40:04 AM | Attr = ]
other_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\other_theme -> [Folder | Modified Date = 7/6/2007 3:40:04 AM | Attr = ]
windows_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\windows_theme -> [Folder | Modified Date = 7/6/2007 3:40:04 AM | Attr = ]
xml -> C:\Documents and Settings\Aj\Application Data\LimeWire\xml -> [Folder | Modified Date = 7/6/2007 3:40:05 AM | Attr = ]
data -> C:\Documents and Settings\Aj\Application Data\LimeWire\xml\data -> [Folder | Modified Date = 8/15/2007 12:38:24 AM | Attr = ]
misc -> C:\Documents and Settings\Aj\Application Data\LimeWire\xml\misc -> [Folder | Modified Date = 7/6/2007 3:40:05 AM | Attr = ]
schemas -> C:\Documents and Settings\Aj\Application Data\LimeWire\xml\schemas -> [Folder | Modified Date = 7/6/2007 3:40:05 AM | Attr = ]
Macromedia -> C:\Documents and Settings\Aj\Application Data\Macromedia -> [Folder | Modified Date = 6/29/2007 5:37:20 AM | Attr = ]
Flash Player -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player -> [Folder | Modified Date = 7/11/2007 3:38:19 AM | Attr = ]
#SharedObjects -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects -> [Folder | Modified Date = 6/29/2007 5:37:21 AM | Attr = ]
MYDAMZHA -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA -> [Folder | Modified Date = 6/20/2008 4:32:51 AM | Attr = ]
67.15.218.106 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\67.15.218.106 -> [Folder | Modified Date = 3/14/2008 2:33:21 AM | Attr = ]
syndicate -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\67.15.218.106\syndicate -> [Folder | Modified Date = 3/14/2008 2:14:50 AM | Attr = ]
beyondthedow -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\67.15.218.106\syndicate\beyondthedow -> [Folder | Modified Date = 3/14/2008 2:14:50 AM | Attr = ]
beyondthedow.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\67.15.218.106\syndicate\beyondthedow\beyondthedow.swf -> [Folder | Modified Date = 3/14/2008 2:14:50 AM | Attr = ]
bighealthtree -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\67.15.218.106\syndicate\bighealthtree -> [Folder | Modified Date = 3/26/2008 4:56:56 AM | Attr = ]
bighealthtree.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\67.15.218.106\syndicate\bighealthtree\bighealthtree.swf -> [Folder | Modified Date = 3/26/2008 4:56:56 AM | Attr = ]
adcontent.videoegg.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\adcontent.videoegg.com -> [Folder | Modified Date = 6/18/2008 8:23:25 PM | Attr = ]
assets.espn.go.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\assets.espn.go.com -> [Folder | Modified Date = 3/19/2008 9:04:59 AM | Attr = ]
ivp -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\assets.espn.go.com\ivp -> [Folder | Modified Date = 3/19/2008 9:04:59 AM | Attr = ]
player -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\assets.espn.go.com\ivp\player -> [Folder | Modified Date = 6/11/2008 1:00:23 PM | Attr = ]
player179.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\assets.espn.go.com\ivp\player\player179.swf -> [Folder | Modified Date = 3/19/2008 9:04:59 AM | Attr = ]
player192.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\assets.espn.go.com\ivp\player\player192.swf -> [Folder | Modified Date = 5/25/2008 12:31:02 AM | Attr = ]
player195.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\assets.espn.go.com\ivp\player\player195.swf -> [Folder | Modified Date = 6/11/2008 1:00:23 PM | Attr = ]
atdmt.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\atdmt.com -> [Folder | Modified Date = 6/6/2008 4:13:26 PM | Attr = ]
bin.clearspring.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\bin.clearspring.com -> [Folder | Modified Date = 6/6/2008 4:15:05 PM | Attr = ]
chatango.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\chatango.com -> [Folder | Modified Date = 6/6/2008 3:46:09 PM | Attr = ]
crackle.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\crackle.com -> [Folder | Modified Date = 6/20/2008 11:45:57 AM | Attr = ]
files.adbrite.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\files.adbrite.com -> [Folder | Modified Date = 5/25/2008 10:18:52 PM | Attr = ]
flash.quantserve.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\flash.quantserve.com -> [Folder | Modified Date = 3/28/2008 11:55:15 PM | Attr = ]
flashtalking.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\flashtalking.com -> [Folder | Modified Date = 6/6/2008 4:04:05 PM | Attr = ]
gamefilez.mofunzone.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\gamefilez.mofunzone.com -> [Folder | Modified Date = 7/1/2007 4:14:26 AM | Attr = ]
gamefilez -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\gamefilez.mofunzone.com\gamefilez -> [Folder | Modified Date = 7/1/2007 4:08:16 AM | Attr = ]
virtual_villagers_2 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\gamefilez.mofunzone.com\gamefilez\virtual_villagers_2 -> [Folder | Modified Date = 7/1/2007 4:08:16 AM | Attr = ]
vv2.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\gamefilez.mofunzone.com\gamefilez\virtual_villagers_2\vv2.swf -> [Folder | Modified Date = 7/1/2007 4:09:04 AM | Attr = ]
games.armorgames.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\games.armorgames.com -> [Folder | Modified Date = 7/1/2007 5:08:18 AM | Attr = ]
games0015 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\games.armorgames.com\games0015 -> [Folder | Modified Date = 7/1/2007 5:08:18 AM | Attr = ]
christmasattack.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\games.armorgames.com\games0015\christmasattack.swf -> [Folder | Modified Date = 7/1/2007 5:08:22 AM | Attr = ]
iforex.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\iforex.com -> [Folder | Modified Date = 5/22/2008 4:54:21 PM | Attr = ]
Emerp -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\iforex.com\Emerp -> [Folder | Modified Date = 5/22/2008 4:54:21 PM | Attr = ]
Events -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\iforex.com\Emerp\Events -> [Folder | Modified Date = 5/22/2008 4:54:21 PM | Attr = ]
flash_object.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\iforex.com\Emerp\Events\flash_object.swf -> [Folder | Modified Date = 6/2/2008 4:03:25 PM | Attr = ]
interclick.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\interclick.com -> [Folder | Modified Date = 5/31/2008 10:05:32 AM | Attr = ]
jdsports.scene7.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\jdsports.scene7.com -> [Folder | Modified Date = 4/16/2008 10:39:22 PM | Attr = ]
is-viewers -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\jdsports.scene7.com\is-viewers -> [Folder | Modified Date = 4/16/2008 10:39:21 PM | Attr = ]
flash -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\jdsports.scene7.com\is-viewers\flash -> [Folder | Modified Date = 4/16/2008 10:39:21 PM | Attr = ]
genericzoomviewer.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\jdsports.scene7.com\is-viewers\flash\genericzoomviewer.swf -> [Folder | Modified Date = 4/16/2008 10:39:22 PM | Attr = ]
#JDSports -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\jdsports.scene7.com\is-viewers\flash\genericzoomviewer.swf\#JDSports -> [Folder | Modified Date = 4/16/2008 10:39:22 PM | Attr = ]
l.yimg.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com -> [Folder | Modified Date = 5/26/2008 12:14:05 AM | Attr = ]
cosmos.bcst.yahoo.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com -> [Folder | Modified Date = 10/13/2007 12:56:25 AM | Attr = ]
ver -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver -> [Folder | Modified Date = 5/25/2008 11:56:29 PM | Attr = ]
242 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\242 -> [Folder | Modified Date = 10/13/2007 12:56:25 AM | Attr = ]
embed-2007-08-28-1213 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\242\embed-2007-08-28-1213 -> [Folder | Modified Date = 10/13/2007 12:56:25 AM | Attr = ]
swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\242\embed-2007-08-28-1213\swf -> [Folder | Modified Date = 10/13/2007 12:56:25 AM | Attr = ]
yup_embed_module.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\242\embed-2007-08-28-1213\swf\yup_embed_module.swf -> [Folder | Modified Date = 10/13/2007 12:56:25 AM | Attr = ]
250.1 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\250.1 -> [Folder | Modified Date = 11/28/2007 8:42:42 AM | Attr = ]
embed-2007-11-14-1422 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\250.1\embed-2007-11-14-1422 -> [Folder | Modified Date = 11/28/2007 8:42:42 AM | Attr = ]
swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\250.1\embed-2007-11-14-1422\swf -> [Folder | Modified Date = 11/28/2007 8:42:42 AM | Attr = ]
yup_embed_module.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\250.1\embed-2007-11-14-1422\swf\yup_embed_module.swf -> [Folder | Modified Date = 11/28/2007 8:42:42 AM | Attr = ]
260.0 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\260.0 -> [Folder | Modified Date = 5/25/2008 11:56:29 PM | Attr = ]
popup-2008-03-20-0932 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\260.0\popup-2008-03-20-0932 -> [Folder | Modified Date = 5/25/2008 11:56:29 PM | Attr = ]
swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\260.0\popup-2008-03-20-0932\swf -> [Folder | Modified Date = 5/25/2008 11:56:29 PM | Attr = ]
POP_meta.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\l.yimg.com\cosmos.bcst.yahoo.com\ver\260.0\popup-2008-03-20-0932\swf\POP_meta.swf -> [Folder | Modified Date = 5/25/2008 11:56:29 PM | Attr = ]
localhost -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\localhost -> [Folder | Modified Date = 7/11/2007 3:40:00 AM | Attr = ]
m.uk.2mdn.net -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\m.uk.2mdn.net -> [Folder | Modified Date = 6/14/2008 5:58:56 PM | Attr = ]
m1.2mdn.net -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\m1.2mdn.net -> [Folder | Modified Date = 5/18/2008 5:09:05 PM | Attr = ]
mansion.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mansion.com -> [Folder | Modified Date = 4/10/2008 12:19:08 AM | Attr = ]
EMERPEC -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mansion.com\EMERPEC -> [Folder | Modified Date = 4/10/2008 12:19:08 AM | Attr = ]
flash_object_81.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mansion.com\EMERPEC\flash_object_81.swf -> [Folder | Modified Date = 6/16/2008 12:53:28 PM | Attr = ]
mansioncasino.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mansioncasino.com -> [Folder | Modified Date = 4/27/2008 7:41:07 PM | Attr = ]
EMERPEC -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mansioncasino.com\EMERPEC -> [Folder | Modified Date = 4/27/2008 7:41:07 PM | Attr = ]
flash_object_81.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mansioncasino.com\EMERPEC\flash_object_81.swf -> [Folder | Modified Date = 6/16/2008 12:53:29 PM | Attr = ]
mansionpoker.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mansionpoker.com -> [Folder | Modified Date = 4/27/2008 7:41:06 PM | Attr = ]
EMERPEC -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mansionpoker.com\EMERPEC -> [Folder | Modified Date = 4/27/2008 7:41:06 PM | Attr = ]
flash_object_81.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mansionpoker.com\EMERPEC\flash_object_81.swf -> [Folder | Modified Date = 6/16/2008 12:53:29 PM | Attr = ]
media.tattomedia.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\media.tattomedia.com -> [Folder | Modified Date = 6/9/2008 1:13:28 AM | Attr = ]
mediaplex.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mediaplex.com -> [Folder | Modified Date = 3/15/2008 4:55:03 PM | Attr = ]
mochibot.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\mochibot.com -> [Folder | Modified Date = 7/1/2007 5:02:31 AM | Attr = ]
msnbcmedia.msn.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\msnbcmedia.msn.com -> [Folder | Modified Date = 5/26/2008 9:41:37 PM | Attr = ]
myfreepaysite.batteredbuttholes.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myfreepaysite.batteredbuttholes.com -> [Folder | Modified Date = 3/30/2008 2:17:25 AM | Attr = ]
images -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myfreepaysite.batteredbuttholes.com\images -> [Folder | Modified Date = 3/30/2008 2:17:25 AM | Attr = ]
videoplayer.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myfreepaysite.batteredbuttholes.com\images\videoplayer.swf -> [Folder | Modified Date = 3/30/2008 2:17:25 AM | Attr = ]
myvideo-002.vo.llnwd.net -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myvideo-002.vo.llnwd.net -> [Folder | Modified Date = 6/20/2008 4:32:51 AM | Attr = ]
d4 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myvideo-002.vo.llnwd.net\d4 -> [Folder | Modified Date = 6/20/2008 4:32:51 AM | Attr = ]
player -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myvideo-002.vo.llnwd.net\d4\player -> [Folder | Modified Date = 6/20/2008 4:32:51 AM | Attr = ]
player_V20p.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myvideo-002.vo.llnwd.net\d4\player\player_V20p.swf -> [Folder | Modified Date = 6/20/2008 4:32:51 AM | Attr = ]
myvideo-028.vo.llnwd.net -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myvideo-028.vo.llnwd.net -> [Folder | Modified Date = 6/20/2008 4:24:29 AM | Attr = ]
d4 -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myvideo-028.vo.llnwd.net\d4 -> [Folder | Modified Date = 6/20/2008 4:24:29 AM | Attr = ]
player -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myvideo-028.vo.llnwd.net\d4\player -> [Folder | Modified Date = 6/20/2008 4:24:29 AM | Attr = ]
player_V20p.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\myvideo-028.vo.llnwd.net\d4\player\player_V20p.swf -> [Folder | Modified Date = 6/20/2008 4:24:29 AM | Attr = ]
net-games.biz -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\net-games.biz -> [Folder | Modified Date = 5/24/2008 5:56:48 PM | Attr = ]
collection -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\net-games.biz\collection -> [Folder | Modified Date = 5/24/2008 5:56:48 PM | Attr = ]
flash -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\net-games.biz\collection\flash -> [Folder | Modified Date = 5/24/2008 5:56:48 PM | Attr = ]
Bullets.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\net-games.biz\collection\flash\Bullets.swf -> [Folder | Modified Date = 5/24/2008 5:56:48 PM | Attr = ]
newbieadguide.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\newbieadguide.com -> [Folder | Modified Date = 10/1/2007 1:49:41 AM | Attr = ]
pagead2.googlesyndication.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\pagead2.googlesyndication.com -> [Folder | Modified Date = 8/12/2007 1:51:55 AM | Attr = ]
pagead -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\pagead2.googlesyndication.com\pagead -> [Folder | Modified Date = 8/12/2007 1:51:55 AM | Attr = ]
googleadplayer.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\pagead2.googlesyndication.com\pagead\googleadplayer.swf -> [Folder | Modified Date = 8/12/2007 1:51:55 AM | Attr = ]
pics.loadup.ru -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\pics.loadup.ru -> [Folder | Modified Date = 5/11/2008 11:16:33 PM | Attr = ]
pics.smotri.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\pics.smotri.com -> [Folder | Modified Date = 5/11/2008 11:21:56 PM | Attr = ]
resources.imeem.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\resources.imeem.com -> [Folder | Modified Date = 3/29/2008 12:00:15 AM | Attr = ]
rtm.ebaystatic.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\rtm.ebaystatic.com -> [Folder | Modified Date = 6/18/2008 8:14:34 PM | Attr = ]
rutube.ru -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\rutube.ru -> [Folder | Modified Date = 5/27/2008 10:26:02 PM | Attr = ]
player.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\rutube.ru\player.swf -> [Folder | Modified Date = 5/27/2008 10:26:02 PM | Attr = ]
s.mcstatic.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\s.mcstatic.com -> [Folder | Modified Date = 3/19/2008 5:35:43 AM | Attr = ]
s.ytimg.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\s.ytimg.com -> [Folder | Modified Date = 6/14/2008 5:19:49 PM | Attr = ]
s3.amazonaws.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\s3.amazonaws.com -> [Folder | Modified Date = 5/16/2008 2:31:58 PM | Attr = ]
secure.thinkhost.net -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\secure.thinkhost.net -> [Folder | Modified Date = 6/16/2008 12:43:21 PM | Attr = ]
skype.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\skype.com -> [Folder | Modified Date = 3/29/2008 1:28:54 AM | Attr = ]
#ui -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\skype.com\#ui -> [Folder | Modified Date = 5/1/2008 2:34:24 PM | Attr = ]
spe.atdmt.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\spe.atdmt.com -> [Folder | Modified Date = 6/20/2008 10:43:24 PM | Attr = ]
static.scanscout.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\static.scanscout.com -> [Folder | Modified Date = 5/7/2008 12:02:32 AM | Attr = ]
twitter.com -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\twitter.com -> [Folder | Modified Date = 10/4/2007 11:32:46 AM | Attr = ]
flash -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\twitter.com\flash -> [Folder | Modified Date = 10/4/2007 11:32:46 AM | Attr = ]
twitter_badge.swf -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\twitter.com\flash\twitter_badge.swf -> [Folder | Modified Date = 10/4/2007 11:32:46 AM | Attr = ]
uk.2mdn.net -> C:\Documents and Settings\Aj\Application Data\Macromedia\Flash Player\#SharedObjects\MYDAMZHA\uk.2mdn.net -> [Folder | Modified Date = 11/9/2007 12:37:25 PM | Attr = ]
uk.youtube.com -> C:\Documen
  • 0

#6
ajkaneo

ajkaneo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
sorry for all the small parts cudnt fit it l in 1 explorer crashed before i cud so had to be done like that hop you can help thanks.. Aj
  • 0

#7
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello ajkaneo,

The log isn't complete, could you attach it please?
  • 0

#8
ajkaneo

ajkaneo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
log is to large 650k
  • 0

#9
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Ajkaneo,

Can you please zip it. (tutorial if needed)

If the log is still to big, please upload it here and post the link of it.

Thunderbird1988
  • 0

#10
ajkaneo

ajkaneo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
better idea ill cut it down into 2 notepads only way it fits =)

Attached Files

  • Attached File  log1.txt   361.63KB   49 downloads

  • 0

Advertisements


#11
ajkaneo

ajkaneo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
the second half

Attached Files

  • Attached File  log2.txt   135.87KB   60 downloads

  • 0

#12
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello ajkaneo,

I see you have installed Lime and utorrent, these softwares are considered P2p-programs, the problems with the programs is that use of it can cause many infections on your computer, also the use of it is illegal in many countries.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%allusersprofile%\application data\software rule flag owns\bib bash.exe
%appdata%\idol heck\uptonshtm.exe
%programfiles%\eroca\eroca.exe
%systemroot%\bm0d554be5.xml
%systemroot%\cookies.ini
%systemroot%\pskt.ini
%systemroot%\system32\ajijmhwh.ini
%systemroot%\system32\akaqtcjn.dll
%systemroot%\system32\atdcrmqq.exe
%systemroot%\system32\axkbmqoh.dll
%systemroot%\system32\bctqpgle.ini
%systemroot%\system32\bkfknakv.dll
%systemroot%\system32\brggjemb.dll
%systemroot%\system32\bxvlxvfo.dll
%systemroot%\system32\chueysoc.dll
%systemroot%\system32\cnujelni.dll
%systemroot%\system32\ctcppjyh.dll
%systemroot%\system32\ctuafdxp.dll
%systemroot%\system32\ddatcewo.dll
%systemroot%\system32\dhqonwwp.ini
%systemroot%\system32\djviusqc.dll
%systemroot%\system32\dmfnqrgs.ini
%systemroot%\system32\dnusooui.dll
%systemroot%\system32\eclfkout.ini
%systemroot%\system32\efcapjba.dll
%systemroot%\system32\efcbuumf.dll
%systemroot%\system32\ehqbpvhn.dll
%systemroot%\system32\ehwvlnmt.dll
%systemroot%\system32\ekjcmraa.dll
%systemroot%\system32\elgpqtcb.dll
%systemroot%\system32\ffbafwwk.dll
%systemroot%\system32\fknfbhlw.ini
%systemroot%\system32\fmuubcfe.ini
%systemroot%\system32\fmuubcfe.ini2
%systemroot%\system32\fsvwrsmh.dll
%systemroot%\system32\gcwktlvs.exe
%systemroot%\system32\ghneohrb.dll
%systemroot%\system32\gixaipjg.ini
%systemroot%\system32\gjpiaxig.dll
%systemroot%\system32\gmorfept.dll
%systemroot%\system32\gpdspnay.dll
%systemroot%\system32\hfwwpheu.dll
%systemroot%\system32\hggwvnfg.dll
%systemroot%\system32\hktsfhyb.dll
%systemroot%\system32\hqfonlrp.dll
%systemroot%\system32\hukswnjr.ini
%systemroot%\system32\hwhmjija.dll
%systemroot%\system32\ianbsitq.dll
%systemroot%\system32\iegsmrkb.dll
%systemroot%\system32\ihyymdqs.dll
%systemroot%\system32\inlejunc.ini
%systemroot%\system32\irsudyfo.ini
%systemroot%\system32\isvwpdtm.dll
%systemroot%\system32\iwwylfrd.dll
%systemroot%\system32\jfqenhgr.dll
%systemroot%\system32\jmppyeyq.dll
%systemroot%\system32\jntohflb.dll
%systemroot%\system32\jxfufgjm.dll
%systemroot%\system32\khpnaoee.dll
%systemroot%\system32\kwwfabff.ini
%systemroot%\system32\laftbupj.dll
%systemroot%\system32\lbqgycpm.dll
%systemroot%\system32\lhuyqges.dll
%systemroot%\system32\ljxjnccd.dll
%systemroot%\system32\llvjfrld.dll
%systemroot%\system32\lscdwrio.dll
%systemroot%\system32\lsiisjay.dll
%systemroot%\system32\lvgjjupd.dll
%systemroot%\system32\mabjdshq.dll
%systemroot%\system32\malhibfd.dll
%systemroot%\system32\mbhkaagx.ini
%systemroot%\system32\mcnuvyio.exe
%systemroot%\system32\mexytxfu.dll
%systemroot%\system32\mfbohqxx.dll
%systemroot%\system32\mjgfufxj.ini
%systemroot%\system32\muutwswe.dll
%systemroot%\system32\nbauwnfj.dll
%systemroot%\system32\nnyydbyy.dll
%systemroot%\system32\npfvtdon.dll
%systemroot%\system32\npikuevf.dll
%systemroot%\system32\odjaashy.dll
%systemroot%\system32\ofydusri.dll
%systemroot%\system32\ojowcooj.dll
%systemroot%\system32\ovmvnkqv.dll
%systemroot%\system32\owmwvoff.dll
%systemroot%\system32\oyawkspc.dll
%systemroot%\system32\oytsbobb.dll
%systemroot%\system32\pbbfattm.exe
%systemroot%\system32\phhqerdt.dll
%systemroot%\system32\plktumgo.dll
%systemroot%\system32\pwwnoqhd.dll
%systemroot%\system32\pxdfautc.ini
%systemroot%\system32\qhsdjbam.ini
%systemroot%\system32\qlvfyaur.dll
%systemroot%\system32\qngkwsde.dll
%systemroot%\system32\qsstiusu.dll
%systemroot%\system32\rbkoufhx.dll
%systemroot%\system32\rehglmdp.dll
%systemroot%\system32\rjnwskuh.dll
%systemroot%\system32\rqrhywvw.dll
%systemroot%\system32\ryjtewrq.dll
%systemroot%\system32\scjavbag.exe
%systemroot%\system32\sgrqnfmd.dll
%systemroot%\system32\tmnlvwhe.ini
%systemroot%\system32\tpdykowb.dll
%systemroot%\system32\tpefromg.ini
%systemroot%\system32\tuokflce.dll
%systemroot%\system32\ufxtyxem.ini
%systemroot%\system32\ugtsllel.dll
%systemroot%\system32\umhdckun.dll
%systemroot%\system32\urqnfuri.dll
%systemroot%\system32\usegnnfb.dll
%systemroot%\system32\vdpmmclp.dll
%systemroot%\system32\vnhcvqtu.dll
%systemroot%\system32\vnpshehi.exe
%systemroot%\system32\vnvhnbml.dll
%systemroot%\system32\vphcqlev.dll
%systemroot%\system32\vpvbnnre.dll
%systemroot%\system32\vqknvmvo.ini
%systemroot%\system32\wbxvtmff.dll
%systemroot%\system32\wjssxmje.dll
%systemroot%\system32\wlhbfnkf.dll
%systemroot%\system32\wnqvrwri.dll
%systemroot%\system32\wpterqjo.dll
%systemroot%\system32\wqwqdwrn.dll
%systemroot%\system32\wrcbpqny.ini
%systemroot%\system32\wyltdviq.dll
%systemroot%\system32\xdkwywpf.exe
%systemroot%\system32\xdvteorj.dll
%systemroot%\system32\xfrabrbj.dll
%systemroot%\system32\xgaakhbm.dll
%systemroot%\system32\xgpnmcrc.dll
%systemroot%\system32\xgqkjlmx.dll
%systemroot%\system32\xhfuokbr.ini
%systemroot%\system32\xxiiiagf.dll
%systemroot%\system32\xxqhobfm.ini
%systemroot%\system32\ycqtetcg.dll
%systemroot%\system32\yjjbgaoj.dll
%systemroot%\system32\yjpeyjca.dll
%systemroot%\system32\yndosomn.dll
%systemroot%\system32\ynqpbcrw.dll
%systemroot%\system32\ywnqmwsq.dll
%systemroot%\tasks\aab191e4918e0678.job
%userprofile%\local settings\application data\dcbc2a71-70d8-4dan-ehr8-e0d61dea3fdf.ini
%userprofile%\local settings\temporary internet files\content.ie5\9zm5uyhy\3077ahntdksr
c:\documents and settings\aj\local settings\temp\sta16b.exe
c:\documents and settings\aj\local settings\temp\sta1c.exe
c:\documents and settings\aj\local settings\temp\sta3.exe
c:\documents and settings\aj\local settings\temp\sta4.exe
c:\documents and settings\aj\local settings\temp\sta6.exe
c:\documents and settings\aj\local settings\temp\sta9.exe
c:\documents and settings\aj\local settings\temp\stab.exe
c:\documents and settings\aj\local settings\temp\zfe1.exe
c:\documents and settings\aj\local settings\temp\zfe2.exe
c:\documents and settings\aj\local settings\temp\zfe3.exe
c:\documents and settings\aj\local settings\temp\zfe4.exe
c:\documents and settings\all users.windows\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users.windows\application data\microsoft\network\downloader\qmgr1.dat
c:\windows\tasks\aab191e4918e0678.job
Folders to delete:
%appdata%\idol heck
%programfiles%\eroca
%programfiles%\idol heck
%programfiles%\ism
%userprofile%\my documents\freq 16
%userprofile%\my documents\freq 18
c:\documents and settings\aj\application data\identities
c:\documents and settings\aj\application data\idol heck
c:\documents and settings\aj\application data\limewire
c:\documents and settings\all users.windows\application data\zangosa
%allusersprofile%\application data\software rule flag owns

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> eroca.exe -> %ProgramFiles%\Eroca\Eroca.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 4 dog bin grim -> %AllUsersProfile%\Application Data\second regs grim software\tick army knob.exe [C:\Documents and Settings\All Users.WINDOWS\Application Data\second regs grim software\tick army knob.exe]
YY -> Flag Owns Live Grim -> %AllUsersProfile%\Application Data\Software rule flag owns\bib bash.exe [C:\Documents and Settings\All Users.WINDOWS\Application Data\Software rule flag owns\bib bash.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Build Love -> %AppData%\Idol heck\UpTonsHtm.exe [C:\DOCUME~1\Aj\APPLIC~1\IDOLHE~1\UpTonsHtm.exe]
YY -> Eroca -> %ProgramFiles%\Eroca\Eroca.exe [C:\Program Files\Eroca\Eroca.exe]
YN -> QdrPack16 -> %ProgramFiles%\QdrPack\QdrPack16.exe ["C:\Program Files\QdrPack\QdrPack16.exe"]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {129FA2A1-408C-4824-83A4-5001581FD01E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRHywvw.dll []
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rtmipr.dll [delayingly]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> rqRHywvw -> %SystemRoot%\system32\rqRHywvw.dll
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\start -> %ProgramFiles%\NetProject\sbmntr.exe [C:\Program Files\NetProject\sbmntr.exe]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://internetsearchservice.com
YN -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://internetsearchservice.com/ie6.html
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://internetsearchservice.com
YN -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://internetsearchservice.com
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://internetsearchservice.com
YN -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm
YN -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://internetsearchservice.com/ie6.html
YN -> HKEY_CURRENT_USER\: Main\\Search Page -> http://internetsearchservice.com
YN -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://internetsearchservice.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {129FA2A1-408C-4824-83A4-5001581FD01E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRHywvw.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {3808D4FE-6EE6-4AFD-9EF0-0CC23880FD4C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\efcBuUMF.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {4e34508e-580d-4d1c-8d80-274aad65a236} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\xgpnmcrc.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {514A5C49-0C7D-42c3-A71B-38864A269B7A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wbxvtmff.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {77C988F4-5D0F-4BA2-A252-997D62F434C1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\usegnnfb.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {9AF38391-25EA-4F1C-99B9-467435768B4B} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\9ZM5UYHY\3077ahntdksr[1].dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {51D81DD5-55B7-497F-95DB-D356429BB54E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{51D81DD5-55B7-497F-95DB-D356429BB54E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {9034A523-D068-4BE8-A284-9DF278BE776E}:Exec -> [IE Anti-Spyware]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\efcBuUMF -> %SystemRoot%\system32\efcBuUMF.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent]
[Files/Folders - Created Within 30 days]
NY -> ajijmhwh.ini -> %SystemRoot%\System32\ajijmhwh.ini
NY -> akaqtcjn.dll -> %SystemRoot%\System32\akaqtcjn.dll
NY -> atdcrmqq.exe -> %SystemRoot%\System32\atdcrmqq.exe
NY -> axkbmqoh.dll -> %SystemRoot%\System32\axkbmqoh.dll
NY -> bctqpgle.ini -> %SystemRoot%\System32\bctqpgle.ini
NY -> bkfknakv.dll -> %SystemRoot%\System32\bkfknakv.dll
NY -> brggjemb.dll -> %SystemRoot%\System32\brggjemb.dll
NY -> bxvlxvfo.dll -> %SystemRoot%\System32\bxvlxvfo.dll
NY -> chueysoc.dll -> %SystemRoot%\System32\chueysoc.dll
NY -> cnujelni.dll -> %SystemRoot%\System32\cnujelni.dll
NY -> ctcppjyh.dll -> %SystemRoot%\System32\ctcppjyh.dll
NY -> ctuafdxp.dll -> %SystemRoot%\System32\ctuafdxp.dll
NY -> ddatcewo.dll -> %SystemRoot%\System32\ddatcewo.dll
NY -> dhqonwwp.ini -> %SystemRoot%\System32\dhqonwwp.ini
NY -> djviusqc.dll -> %SystemRoot%\System32\djviusqc.dll
NY -> dmfnqrgs.ini -> %SystemRoot%\System32\dmfnqrgs.ini
NY -> dnusooui.dll -> %SystemRoot%\System32\dnusooui.dll
NY -> eclfkout.ini -> %SystemRoot%\System32\eclfkout.ini
NY -> efcAPJbA.dll -> %SystemRoot%\System32\efcAPJbA.dll
NY -> efcBuUMF.dll -> %SystemRoot%\System32\efcBuUMF.dll
NY -> ehqbpvhn.dll -> %SystemRoot%\System32\ehqbpvhn.dll
NY -> ehwvlnmt.dll -> %SystemRoot%\System32\ehwvlnmt.dll
NY -> ekjcmraa.dll -> %SystemRoot%\System32\ekjcmraa.dll
NY -> elgpqtcb.dll -> %SystemRoot%\System32\elgpqtcb.dll
NY -> ffbafwwk.dll -> %SystemRoot%\System32\ffbafwwk.dll
NY -> fknfbhlw.ini -> %SystemRoot%\System32\fknfbhlw.ini
NY -> FMUuBcfe.ini -> %SystemRoot%\System32\FMUuBcfe.ini
NY -> FMUuBcfe.ini2 -> %SystemRoot%\System32\FMUuBcfe.ini2
NY -> fsvwrsmh.dll -> %SystemRoot%\System32\fsvwrsmh.dll
NY -> gcwktlvs.exe -> %SystemRoot%\System32\gcwktlvs.exe
NY -> ghneohrb.dll -> %SystemRoot%\System32\ghneohrb.dll
NY -> gixaipjg.ini -> %SystemRoot%\System32\gixaipjg.ini
NY -> gjpiaxig.dll -> %SystemRoot%\System32\gjpiaxig.dll
NY -> gmorfept.dll -> %SystemRoot%\System32\gmorfept.dll
NY -> gpdspnay.dll -> %SystemRoot%\System32\gpdspnay.dll
NY -> hfwwpheu.dll -> %SystemRoot%\System32\hfwwpheu.dll
NY -> hgGwVNfg.dll -> %SystemRoot%\System32\hgGwVNfg.dll
NY -> hktsfhyb.dll -> %SystemRoot%\System32\hktsfhyb.dll
NY -> hqfonlrp.dll -> %SystemRoot%\System32\hqfonlrp.dll
NY -> hukswnjr.ini -> %SystemRoot%\System32\hukswnjr.ini
NY -> hwhmjija.dll -> %SystemRoot%\System32\hwhmjija.dll
NY -> ianbsitq.dll -> %SystemRoot%\System32\ianbsitq.dll
NY -> iegsmrkb.dll -> %SystemRoot%\System32\iegsmrkb.dll
NY -> ihyymdqs.dll -> %SystemRoot%\System32\ihyymdqs.dll
NY -> inlejunc.ini -> %SystemRoot%\System32\inlejunc.ini
NY -> irsudyfo.ini -> %SystemRoot%\System32\irsudyfo.ini
NY -> isvwpdtm.dll -> %SystemRoot%\System32\isvwpdtm.dll
NY -> iwwylfrd.dll -> %SystemRoot%\System32\iwwylfrd.dll
NY -> jfqenhgr.dll -> %SystemRoot%\System32\jfqenhgr.dll
NY -> jmppyeyq.dll -> %SystemRoot%\System32\jmppyeyq.dll
NY -> jntohflb.dll -> %SystemRoot%\System32\jntohflb.dll
NY -> jxfufgjm.dll -> %SystemRoot%\System32\jxfufgjm.dll
NY -> khpnaoee.dll -> %SystemRoot%\System32\khpnaoee.dll
NY -> kwwfabff.ini -> %SystemRoot%\System32\kwwfabff.ini
NY -> laftbupj.dll -> %SystemRoot%\System32\laftbupj.dll
NY -> lbqgycpm.dll -> %SystemRoot%\System32\lbqgycpm.dll
NY -> lhuyqges.dll -> %SystemRoot%\System32\lhuyqges.dll
NY -> ljxjnccd.dll -> %SystemRoot%\System32\ljxjnccd.dll
NY -> llvjfrld.dll -> %SystemRoot%\System32\llvjfrld.dll
NY -> lscdwrio.dll -> %SystemRoot%\System32\lscdwrio.dll
NY -> lsiisjay.dll -> %SystemRoot%\System32\lsiisjay.dll
NY -> lvgjjupd.dll -> %SystemRoot%\System32\lvgjjupd.dll
NY -> mabjdshq.dll -> %SystemRoot%\System32\mabjdshq.dll
NY -> malhibfd.dll -> %SystemRoot%\System32\malhibfd.dll
NY -> mbhkaagx.ini -> %SystemRoot%\System32\mbhkaagx.ini
NY -> mcnuvyio.exe -> %SystemRoot%\System32\mcnuvyio.exe
NY -> mexytxfu.dll -> %SystemRoot%\System32\mexytxfu.dll
NY -> mfbohqxx.dll -> %SystemRoot%\System32\mfbohqxx.dll
NY -> mjgfufxj.ini -> %SystemRoot%\System32\mjgfufxj.ini
NY -> muutwswe.dll -> %SystemRoot%\System32\muutwswe.dll
NY -> nbauwnfj.dll -> %SystemRoot%\System32\nbauwnfj.dll
NY -> nnyydbyy.dll -> %SystemRoot%\System32\nnyydbyy.dll
NY -> npfvtdon.dll -> %SystemRoot%\System32\npfvtdon.dll
NY -> npikuevf.dll -> %SystemRoot%\System32\npikuevf.dll
NY -> odjaashy.dll -> %SystemRoot%\System32\odjaashy.dll
NY -> ofydusri.dll -> %SystemRoot%\System32\ofydusri.dll
NY -> ojowcooj.dll -> %SystemRoot%\System32\ojowcooj.dll
NY -> ovmvnkqv.dll -> %SystemRoot%\System32\ovmvnkqv.dll
NY -> owmwvoff.dll -> %SystemRoot%\System32\owmwvoff.dll
NY -> oyawkspc.dll -> %SystemRoot%\System32\oyawkspc.dll
NY -> oytsbobb.dll -> %SystemRoot%\System32\oytsbobb.dll
NY -> pbbfattm.exe -> %SystemRoot%\System32\pbbfattm.exe
NY -> phhqerdt.dll -> %SystemRoot%\System32\phhqerdt.dll
NY -> plktumgo.dll -> %SystemRoot%\System32\plktumgo.dll
NY -> pwwnoqhd.dll -> %SystemRoot%\System32\pwwnoqhd.dll
NY -> pxdfautc.ini -> %SystemRoot%\System32\pxdfautc.ini
NY -> qhsdjbam.ini -> %SystemRoot%\System32\qhsdjbam.ini
NY -> qlvfyaur.dll -> %SystemRoot%\System32\qlvfyaur.dll
NY -> qngkwsde.dll -> %SystemRoot%\System32\qngkwsde.dll
NY -> qsstiusu.dll -> %SystemRoot%\System32\qsstiusu.dll
NY -> rbkoufhx.dll -> %SystemRoot%\System32\rbkoufhx.dll
NY -> rehglmdp.dll -> %SystemRoot%\System32\rehglmdp.dll
NY -> rjnwskuh.dll -> %SystemRoot%\System32\rjnwskuh.dll
NY -> rqRHywvw.dll -> %SystemRoot%\System32\rqRHywvw.dll
NY -> ryjtewrq.dll -> %SystemRoot%\System32\ryjtewrq.dll
NY -> scjavbag.exe -> %SystemRoot%\System32\scjavbag.exe
NY -> sgrqnfmd.dll -> %SystemRoot%\System32\sgrqnfmd.dll
NY -> tmnlvwhe.ini -> %SystemRoot%\System32\tmnlvwhe.ini
NY -> tpdykowb.dll -> %SystemRoot%\System32\tpdykowb.dll
NY -> tpefromg.ini -> %SystemRoot%\System32\tpefromg.ini
NY -> tuokflce.dll -> %SystemRoot%\System32\tuokflce.dll
NY -> ufxtyxem.ini -> %SystemRoot%\System32\ufxtyxem.ini
NY -> ugtsllel.dll -> %SystemRoot%\System32\ugtsllel.dll
NY -> umhdckun.dll -> %SystemRoot%\System32\umhdckun.dll
NY -> urqNFuRi.dll -> %SystemRoot%\System32\urqNFuRi.dll
NY -> usegnnfb.dll -> %SystemRoot%\System32\usegnnfb.dll
NY -> vdpmmclp.dll -> %SystemRoot%\System32\vdpmmclp.dll
NY -> vnhcvqtu.dll -> %SystemRoot%\System32\vnhcvqtu.dll
NY -> vnpshehi.exe -> %SystemRoot%\System32\vnpshehi.exe
NY -> vnvhnbml.dll -> %SystemRoot%\System32\vnvhnbml.dll
NY -> vphcqlev.dll -> %SystemRoot%\System32\vphcqlev.dll
NY -> vpvbnnre.dll -> %SystemRoot%\System32\vpvbnnre.dll
NY -> vqknvmvo.ini -> %SystemRoot%\System32\vqknvmvo.ini
NY -> wbxvtmff.dll -> %SystemRoot%\System32\wbxvtmff.dll
NY -> wjssxmje.dll -> %SystemRoot%\System32\wjssxmje.dll
NY -> wlhbfnkf.dll -> %SystemRoot%\System32\wlhbfnkf.dll
NY -> wnqvrwri.dll -> %SystemRoot%\System32\wnqvrwri.dll
NY -> wpterqjo.dll -> %SystemRoot%\System32\wpterqjo.dll
NY -> wqwqdwrn.dll -> %SystemRoot%\System32\wqwqdwrn.dll
NY -> wrcbpqny.ini -> %SystemRoot%\System32\wrcbpqny.ini
NY -> wyltdviq.dll -> %SystemRoot%\System32\wyltdviq.dll
NY -> xdkwywpf.exe -> %SystemRoot%\System32\xdkwywpf.exe
NY -> xdvteorj.dll -> %SystemRoot%\System32\xdvteorj.dll
NY -> xfrabrbj.dll -> %SystemRoot%\System32\xfrabrbj.dll
NY -> xgaakhbm.dll -> %SystemRoot%\System32\xgaakhbm.dll
NY -> xgpnmcrc.dll -> %SystemRoot%\System32\xgpnmcrc.dll
NY -> xgqkjlmx.dll -> %SystemRoot%\System32\xgqkjlmx.dll
NY -> xhfuokbr.ini -> %SystemRoot%\System32\xhfuokbr.ini
NY -> xxiiiagf.dll -> %SystemRoot%\System32\xxiiiagf.dll
NY -> xxqhobfm.ini -> %SystemRoot%\System32\xxqhobfm.ini
NY -> ycqtetcg.dll -> %SystemRoot%\System32\ycqtetcg.dll
NY -> yjjbgaoj.dll -> %SystemRoot%\System32\yjjbgaoj.dll
NY -> yjpeyjca.dll -> %SystemRoot%\System32\yjpeyjca.dll
NY -> yndosomn.dll -> %SystemRoot%\System32\yndosomn.dll
NY -> ynqpbcrw.dll -> %SystemRoot%\System32\ynqpbcrw.dll
NY -> ywnqmwsq.dll -> %SystemRoot%\System32\ywnqmwsq.dll
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> BM0d554be5.xml -> %SystemRoot%\BM0d554be5.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> pskt.ini -> %SystemRoot%\pskt.ini
NY -> AAB191E4918E0678.job -> %SystemRoot%\tasks\AAB191E4918E0678.job
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> Eroca -> %ProgramFiles%\Eroca
NY -> Idol heck -> %ProgramFiles%\Idol heck
NY -> ISM -> %ProgramFiles%\ISM
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> ajijmhwh.ini -> %SystemRoot%\System32\ajijmhwh.ini
NY -> akaqtcjn.dll -> %SystemRoot%\System32\akaqtcjn.dll
NY -> atdcrmqq.exe -> %SystemRoot%\System32\atdcrmqq.exe
NY -> axkbmqoh.dll -> %SystemRoot%\System32\axkbmqoh.dll
NY -> bctqpgle.ini -> %SystemRoot%\System32\bctqpgle.ini
NY -> bkfknakv.dll -> %SystemRoot%\System32\bkfknakv.dll
NY -> brggjemb.dll -> %SystemRoot%\System32\brggjemb.dll
NY -> bxvlxvfo.dll -> %SystemRoot%\System32\bxvlxvfo.dll
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> chueysoc.dll -> %SystemRoot%\System32\chueysoc.dll
NY -> cnujelni.dll -> %SystemRoot%\System32\cnujelni.dll
NY -> ctcppjyh.dll -> %SystemRoot%\System32\ctcppjyh.dll
NY -> ctuafdxp.dll -> %SystemRoot%\System32\ctuafdxp.dll
NY -> ddatcewo.dll -> %SystemRoot%\System32\ddatcewo.dll
NY -> dhqonwwp.ini -> %SystemRoot%\System32\dhqonwwp.ini
NY -> djviusqc.dll -> %SystemRoot%\System32\djviusqc.dll
NY -> dmfnqrgs.ini -> %SystemRoot%\System32\dmfnqrgs.ini
NY -> dnusooui.dll -> %SystemRoot%\System32\dnusooui.dll
NY -> eclfkout.ini -> %SystemRoot%\System32\eclfkout.ini
NY -> efcAPJbA.dll -> %SystemRoot%\System32\efcAPJbA.dll
NY -> efcBuUMF.dll -> %SystemRoot%\System32\efcBuUMF.dll
NY -> ehqbpvhn.dll -> %SystemRoot%\System32\ehqbpvhn.dll
NY -> ehwvlnmt.dll -> %SystemRoot%\System32\ehwvlnmt.dll
NY -> ekjcmraa.dll -> %SystemRoot%\System32\ekjcmraa.dll
NY -> elgpqtcb.dll -> %SystemRoot%\System32\elgpqtcb.dll
NY -> ffbafwwk.dll -> %SystemRoot%\System32\ffbafwwk.dll
NY -> fknfbhlw.ini -> %SystemRoot%\System32\fknfbhlw.ini
NY -> FMUuBcfe.ini -> %SystemRoot%\System32\FMUuBcfe.ini
NY -> FMUuBcfe.ini2 -> %SystemRoot%\System32\FMUuBcfe.ini2
NY -> fsvwrsmh.dll -> %SystemRoot%\System32\fsvwrsmh.dll
NY -> gcwktlvs.exe -> %SystemRoot%\System32\gcwktlvs.exe
NY -> ghneohrb.dll -> %SystemRoot%\System32\ghneohrb.dll
NY -> gixaipjg.ini -> %SystemRoot%\System32\gixaipjg.ini
NY -> gjpiaxig.dll -> %SystemRoot%\System32\gjpiaxig.dll
NY -> gmorfept.dll -> %SystemRoot%\System32\gmorfept.dll
NY -> gpdspnay.dll -> %SystemRoot%\System32\gpdspnay.dll
NY -> hfwwpheu.dll -> %SystemRoot%\System32\hfwwpheu.dll
NY -> hgGwVNfg.dll -> %SystemRoot%\System32\hgGwVNfg.dll
NY -> hktsfhyb.dll -> %SystemRoot%\System32\hktsfhyb.dll
NY -> hqfonlrp.dll -> %SystemRoot%\System32\hqfonlrp.dll
NY -> hukswnjr.ini -> %SystemRoot%\System32\hukswnjr.ini
NY -> hwhmjija.dll -> %SystemRoot%\System32\hwhmjija.dll
NY -> ianbsitq.dll -> %SystemRoot%\System32\ianbsitq.dll
NY -> iegsmrkb.dll -> %SystemRoot%\System32\iegsmrkb.dll
NY -> ihyymdqs.dll -> %SystemRoot%\System32\ihyymdqs.dll
NY -> inlejunc.ini -> %SystemRoot%\System32\inlejunc.ini
NY -> irsudyfo.ini -> %SystemRoot%\System32\irsudyfo.ini
NY -> isvwpdtm.dll -> %SystemRoot%\System32\isvwpdtm.dll
NY -> iwwylfrd.dll -> %SystemRoot%\System32\iwwylfrd.dll
NY -> jfqenhgr.dll -> %SystemRoot%\System32\jfqenhgr.dll
NY -> jmppyeyq.dll -> %SystemRoot%\System32\jmppyeyq.dll
NY -> jntohflb.dll -> %SystemRoot%\System32\jntohflb.dll
NY -> jxfufgjm.dll -> %SystemRoot%\System32\jxfufgjm.dll
NY -> khpnaoee.dll -> %SystemRoot%\System32\khpnaoee.dll
NY -> kwwfabff.ini -> %SystemRoot%\System32\kwwfabff.ini
NY -> laftbupj.dll -> %SystemRoot%\System32\laftbupj.dll
NY -> lbqgycpm.dll -> %SystemRoot%\System32\lbqgycpm.dll
NY -> lhuyqges.dll -> %SystemRoot%\System32\lhuyqges.dll
NY -> ljxjnccd.dll -> %SystemRoot%\System32\ljxjnccd.dll
NY -> llvjfrld.dll -> %SystemRoot%\System32\llvjfrld.dll
NY -> lscdwrio.dll -> %SystemRoot%\System32\lscdwrio.dll
NY -> lsiisjay.dll -> %SystemRoot%\System32\lsiisjay.dll
NY -> lvgjjupd.dll -> %SystemRoot%\System32\lvgjjupd.dll
NY -> mabjdshq.dll -> %SystemRoot%\System32\mabjdshq.dll
NY -> malhibfd.dll -> %SystemRoot%\System32\malhibfd.dll
NY -> mbhkaagx.ini -> %SystemRoot%\System32\mbhkaagx.ini
NY -> mcnuvyio.exe -> %SystemRoot%\System32\mcnuvyio.exe
NY -> mexytxfu.dll -> %SystemRoot%\System32\mexytxfu.dll
NY -> mfbohqxx.dll -> %SystemRoot%\System32\mfbohqxx.dll
NY -> mjgfufxj.ini -> %SystemRoot%\System32\mjgfufxj.ini
NY -> muutwswe.dll -> %SystemRoot%\System32\muutwswe.dll
NY -> nbauwnfj.dll -> %SystemRoot%\System32\nbauwnfj.dll
NY -> nnyydbyy.dll -> %SystemRoot%\System32\nnyydbyy.dll
NY -> npfvtdon.dll -> %SystemRoot%\System32\npfvtdon.dll
NY -> npikuevf.dll -> %SystemRoot%\System32\npikuevf.dll
NY -> odjaashy.dll -> %SystemRoot%\System32\odjaashy.dll
NY -> ofydusri.dll -> %SystemRoot%\System32\ofydusri.dll
NY -> ojowcooj.dll -> %SystemRoot%\System32\ojowcooj.dll
NY -> ovmvnkqv.dll -> %SystemRoot%\System32\ovmvnkqv.dll
NY -> owmwvoff.dll -> %SystemRoot%\System32\owmwvoff.dll
NY -> oyawkspc.dll -> %SystemRoot%\System32\oyawkspc.dll
NY -> oytsbobb.dll -> %SystemRoot%\System32\oytsbobb.dll
NY -> pbbfattm.exe -> %SystemRoot%\System32\pbbfattm.exe
NY -> phhqerdt.dll -> %SystemRoot%\System32\phhqerdt.dll
NY -> plktumgo.dll -> %SystemRoot%\System32\plktumgo.dll
NY -> pwwnoqhd.dll -> %SystemRoot%\System32\pwwnoqhd.dll
NY -> pxdfautc.ini -> %SystemRoot%\System32\pxdfautc.ini
NY -> qhsdjbam.ini -> %SystemRoot%\System32\qhsdjbam.ini
NY -> qlvfyaur.dll -> %SystemRoot%\System32\qlvfyaur.dll
NY -> qngkwsde.dll -> %SystemRoot%\System32\qngkwsde.dll
NY -> qsstiusu.dll -> %SystemRoot%\System32\qsstiusu.dll
NY -> rbkoufhx.dll -> %SystemRoot%\System32\rbkoufhx.dll
NY -> rehglmdp.dll -> %SystemRoot%\System32\rehglmdp.dll
NY -> rjnwskuh.dll -> %SystemRoot%\System32\rjnwskuh.dll
NY -> rqRHywvw.dll -> %SystemRoot%\System32\rqRHywvw.dll
NY -> ryjtewrq.dll -> %SystemRoot%\System32\ryjtewrq.dll
NY -> scjavbag.exe -> %SystemRoot%\System32\scjavbag.exe
NY -> sgrqnfmd.dll -> %SystemRoot%\System32\sgrqnfmd.dll
NY -> tmnlvwhe.ini -> %SystemRoot%\System32\tmnlvwhe.ini
NY -> tpdykowb.dll -> %SystemRoot%\System32\tpdykowb.dll
NY -> tpefromg.ini -> %SystemRoot%\System32\tpefromg.ini
NY -> tuokflce.dll -> %SystemRoot%\System32\tuokflce.dll
NY -> ufxtyxem.ini -> %SystemRoot%\System32\ufxtyxem.ini
NY -> ugtsllel.dll -> %SystemRoot%\System32\ugtsllel.dll
NY -> umhdckun.dll -> %SystemRoot%\System32\umhdckun.dll
NY -> urqNFuRi.dll -> %SystemRoot%\System32\urqNFuRi.dll
NY -> usegnnfb.dll -> %SystemRoot%\System32\usegnnfb.dll
NY -> vdpmmclp.dll -> %SystemRoot%\System32\vdpmmclp.dll
NY -> vnhcvqtu.dll -> %SystemRoot%\System32\vnhcvqtu.dll
NY -> vnpshehi.exe -> %SystemRoot%\System32\vnpshehi.exe
NY -> vnvhnbml.dll -> %SystemRoot%\System32\vnvhnbml.dll
NY -> vphcqlev.dll -> %SystemRoot%\System32\vphcqlev.dll
NY -> vpvbnnre.dll -> %SystemRoot%\System32\vpvbnnre.dll
NY -> vqknvmvo.ini -> %SystemRoot%\System32\vqknvmvo.ini
NY -> wbxvtmff.dll -> %SystemRoot%\System32\wbxvtmff.dll
NY -> wjssxmje.dll -> %SystemRoot%\System32\wjssxmje.dll
NY -> wlhbfnkf.dll -> %SystemRoot%\System32\wlhbfnkf.dll
NY -> wnqvrwri.dll -> %SystemRoot%\System32\wnqvrwri.dll
NY -> wpterqjo.dll -> %SystemRoot%\System32\wpterqjo.dll
NY -> wqwqdwrn.dll -> %SystemRoot%\System32\wqwqdwrn.dll
NY -> wrcbpqny.ini -> %SystemRoot%\System32\wrcbpqny.ini
NY -> wyltdviq.dll -> %SystemRoot%\System32\wyltdviq.dll
NY -> xdkwywpf.exe -> %SystemRoot%\System32\xdkwywpf.exe
NY -> xdvteorj.dll -> %SystemRoot%\System32\xdvteorj.dll
NY -> xfrabrbj.dll -> %SystemRoot%\System32\xfrabrbj.dll
NY -> xgaakhbm.dll -> %SystemRoot%\System32\xgaakhbm.dll
NY -> xgpnmcrc.dll -> %SystemRoot%\System32\xgpnmcrc.dll
NY -> xgqkjlmx.dll -> %SystemRoot%\System32\xgqkjlmx.dll
NY -> xhfuokbr.ini -> %SystemRoot%\System32\xhfuokbr.ini
NY -> xxiiiagf.dll -> %SystemRoot%\System32\xxiiiagf.dll
NY -> xxqhobfm.ini -> %SystemRoot%\System32\xxqhobfm.ini
NY -> ycqtetcg.dll -> %SystemRoot%\System32\ycqtetcg.dll
NY -> yjjbgaoj.dll -> %SystemRoot%\System32\yjjbgaoj.dll
NY -> yjpeyjca.dll -> %SystemRoot%\System32\yjpeyjca.dll
NY -> yndosomn.dll -> %SystemRoot%\System32\yndosomn.dll
NY -> ynqpbcrw.dll -> %SystemRoot%\System32\ynqpbcrw.dll
NY -> ywnqmwsq.dll -> %SystemRoot%\System32\ywnqmwsq.dll
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> BM0d554be5.xml -> %SystemRoot%\BM0d554be5.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> pskt.ini -> %SystemRoot%\pskt.ini
NY -> AAB191E4918E0678.job -> %SystemRoot%\tasks\AAB191E4918E0678.job
NY -> qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> sta16B.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta16B.exe
NY -> sta1C.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta1C.exe
NY -> sta3.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta3.exe
NY -> sta4.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta4.exe
NY -> sta6.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta6.exe
NY -> sta9.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\sta9.exe
NY -> staB.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\staB.exe
NY -> zfe1.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\zfe1.exe
NY -> zfe2.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\zfe2.exe
NY -> zfe3.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\zfe3.exe
NY -> zfe4.exe -> C:\Documents and Settings\Aj\Local Settings\Temp\zfe4.exe
NY -> 660 C:\Documents and Settings\Aj\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Aj\Local Settings\Temp\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> Idol heck -> %AppData%\Idol heck
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY -> freq 16 -> %UserProfile%\My Documents\freq 16
NY -> freq 18 -> %UserProfile%\My Documents\freq 18
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> Identities -> C:\Documents and Settings\Aj\Application Data\Identities
NY -> {A8C36360-9449-430B-A5F1-0284A66A0544} -> C:\Documents and Settings\Aj\Application Data\Identities\{A8C36360-9449-430B-A5F1-0284A66A0544}
NY -> Idol heck -> C:\Documents and Settings\Aj\Application Data\Idol heck
NY -> LimeWire -> C:\Documents and Settings\Aj\Application Data\LimeWire
NY -> .NetworkShare -> C:\Documents and Settings\Aj\Application Data\LimeWire\.NetworkShare
NY -> Incomplete -> C:\Documents and Settings\Aj\Application Data\LimeWire\.NetworkShare\Incomplete
NY -> themes -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes
NY -> black_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\black_theme
NY -> classic_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\classic_theme
NY -> limewire_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\limewire_theme
NY -> limewirePro_theme -> C:\Documents and Settings\Aj\Application Data\LimeWire\themes\limewirePro_theme
NY -> @Alternate Data Stream - 451 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
NY -> @Alternate Data Stream - 121 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D
NY -> ZangoSA -> C:\Documents and Settings\All Users.WINDOWS\Application Data\ZangoSA
NY -> AAB191E4918E0678.job -> C:\WINDOWS\Tasks\AAB191E4918E0678.job
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report, the log of Avenger and OTscanit and a new HijackThislog in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Thunderbird1988
  • 0

#13
ajkaneo

ajkaneo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
avenger log + HJT log - cant find the OTscan log, cheers

Attached Files


  • 0

#14
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello ajkaneo,

Can I get the logs of MBAM?

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#15
ajkaneo

ajkaneo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ahh ye.. sorry..

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP