[code] OTScanIt logfile created on: 9/2/2008 4:21:38 PM OTScanIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Casey\Desktop\OTScanIt Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.98 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.73% Memory free 3.83 Gb Paging File | 3.47 Gb Available in Paging File | 90.53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 228.84 Gb Free Space | 76.77% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 3.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive J: | 483.56 Mb Total Space | 216.45 Mb Free Space | 44.76% Space Free | Partition Type: FAT Computer Name: KAEL Current User Name: Casey Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On [Processes - Non-Microsoft Only] adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.70.000 | Size = 72704 bytes | Modified Date = 5/21/2008 7:51:08 PM | Attr = ] raysat_3dsmax9_32server.exe -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [Ver = | Size = 65536 bytes | Modified Date = 9/29/2006 12:48:06 PM | Attr = ] wacom_tablet.exe -> %SystemRoot%\system32\Wacom_Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 1373480 bytes | Modified Date = 9/7/2007 2:40:04 PM | Attr = ] wacom_tablet.exe -> %SystemRoot%\system32\Wacom_Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 1373480 bytes | Modified Date = 9/7/2007 2:40:04 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 2:54:04 PM | Attr = ] daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.10.0.0 | Size = 171464 bytes | Modified Date = 9/18/2007 10:16:16 AM | Attr = ] exec.exe -> %ProgramFiles%\NetZero\exec.exe -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 1701376 bytes | Modified Date = 5/6/2008 9:11:08 PM | Attr = ] usb_fw.exe -> %ProgramFiles%\Net Studio\USB_FW.exe -> Net-Studio.org [Ver = 1.1.2.1 | Size = 1299968 bytes | Modified Date = 5/21/2008 2:16:44 PM | Attr = ] exec.exe -> %ProgramFiles%\NetZero\exec.exe -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 1701376 bytes | Modified Date = 5/6/2008 9:11:08 PM | Attr = ] bdaremote.exe -> %ProgramFiles%\USB TV\EM28XX\BDARemote.exe -> [Ver = | Size = 81997 bytes | Modified Date = 6/26/2007 12:22:42 PM | Attr = ] x1exec.exe -> %ProgramFiles%\NetZero\qsacc\X1Exec.exe -> NetZero, Inc. [Ver = 4.4.00 | Size = 1291736 bytes | Modified Date = 2/28/2007 8:41:26 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (718B4105) 718B4105 [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\595C25B8.EXE -> File not found (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2/2/2008 8:34:49 AM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 3/28/2008 9:05:00 PM | Attr = ] (Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.70.000 | Size = 72704 bytes | Modified Date = 5/21/2008 7:51:08 PM | Attr = ] (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> File not found (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2/2/2008 12:20:51 PM | Attr = ] (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [Ver = | Size = 65536 bytes | Modified Date = 9/29/2006 12:48:06 PM | Attr = ] (TabletServiceWacom) TabletServiceWacom [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Wacom_Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 1373480 bytes | Modified Date = 9/7/2007 2:40:04 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ["C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 AM | Attr = ] Alcmtr -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 9/17/2007 3:08:36 AM | Attr = R ] AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/18/2008 11:43:33 AM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 6.14.10.4833 | Size = 162584 bytes | Modified Date = 9/17/2007 3:10:04 AM | Attr = R ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 6.14.10.4833 | Size = 142104 bytes | Modified Date = 9/17/2007 3:10:08 AM | Attr = R ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 11:05:48 PM | Attr = ] Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 6.14.10.4833 | Size = 138008 bytes | Modified Date = 9/17/2007 3:10:05 AM | Attr = R ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 2:54:04 PM | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.1.3.2 | Size = 16132608 bytes | Modified Date = 9/17/2007 3:08:42 AM | Attr = R ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> DT Soft Ltd. [Ver = 4.10.0.0 | Size = 171464 bytes | Modified Date = 9/18/2007 10:16:16 AM | Attr = ] NetZero_uoltray -> %ProgramFiles%\NetZero\exec.exe [C:\Program Files\NetZero\exec.exe regrun] -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 1701376 bytes | Modified Date = 5/6/2008 9:11:08 PM | Attr = ] USB_FW -> %ProgramFiles%\Net Studio\USB_FW.exe [C:\Program Files\Net Studio\USB_FW.exe] -> Net-Studio.org [Ver = 1.1.2.1 | Size = 1299968 bytes | Modified Date = 5/21/2008 2:16:44 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 2/23/2008 3:35:40 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 2/23/2008 3:35:40 PM | Attr = ] < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 2/23/2008 3:35:40 PM | Attr = ] < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 2/23/2008 3:35:40 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> DT Soft Ltd. [Ver = 4.10.0.0 | Size = 171464 bytes | Modified Date = 9/18/2007 10:16:16 AM | Attr = ] NetZero_uoltray -> %ProgramFiles%\NetZero\exec.exe [C:\Program Files\NetZero\exec.exe regrun] -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 1701376 bytes | Modified Date = 5/6/2008 9:11:08 PM | Attr = ] USB_FW -> %ProgramFiles%\Net Studio\USB_FW.exe [C:\Program Files\Net Studio\USB_FW.exe] -> Net-Studio.org [Ver = 1.1.2.1 | Size = 1299968 bytes | Modified Date = 5/21/2008 2:16:44 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\BDARemote.lnk -> %ProgramFiles%\USB TV\EM28XX\BDARemote.exe -> [Ver = | Size = 81997 bytes | Modified Date = 6/26/2007 12:22:42 PM | Attr = ] < Casey Startup Folder > -> C:\Documents and Settings\Casey\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 11:16:50 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Secondary Startup Folder > -> C:\Documents and Settings\Secondary\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004] > -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 126976 bytes | Modified Date = 3/28/2008 11:55:32 PM | Attr = ] igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4833 | Size = 204800 bytes | Modified Date = 9/17/2007 3:10:05 AM | Attr = R ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LegalNoticeText -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LegalNoticeCaption -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004] > -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF [binary data] -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 1/30/2008 8:39:52 AM | Attr = ] autorun.inf [[AutoRun] | open=LaunchU3.exe | icon=LaunchU3.exe,0 | | [Definitions] | Launchpad=LaunchPad.exe | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | ] -> I:\autorun.inf [ CDFS ] -> [Ver = | Size = 145 bytes | Modified Date = 6/27/2005 9:16:56 AM | Attr = R ] < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://my.netzero.net/s/search?r=minisearch -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://my.netzero.net/s/search?r=minisearch -> HKEY_CURRENT_USER\: Main\\Search Page -> http://my.netzero.net/s/search?r=minisearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://my.netzero.net/s/search?r=minisearch[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\SearchEnh1.dll [URLSearchHook Class] -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 262144 bytes | Modified Date = 5/6/2008 9:10:30 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 1 -> HKEY_CURRENT_USER\: ProxyOverride -> 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com; -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\] > -> -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\: Main\\Search Bar -> http://my.netzero.net/s/search?r=minisearch -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\: Main\\Search Page -> http://my.netzero.net/s/search?r=minisearch -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\: SearchURL\\ -> http://my.netzero.net/s/search?r=minisearch[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\: URLSearchHooks\\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\SearchEnh1.dll [URLSearchHook Class] -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 262144 bytes | Modified Date = 5/6/2008 9:10:30 PM | Attr = ] HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\: ProxyEnable -> 1 -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\: ProxyOverride -> 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com; -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> www_eset.com [http] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> www_eset.com [http] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {52706EF7-D7A2-49AD-A615-E903858CF284} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\qsacc\X1IEBHO.dll [Pop-up Blocker] -> NetZero, Inc. [Ver = 4.4.00 | Size = 211416 bytes | Modified Date = 2/28/2007 8:41:32 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 325120 bytes | Modified Date = 5/7/2008 12:30:52 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 325120 bytes | Modified Date = 5/7/2008 12:30:52 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 325120 bytes | Modified Date = 5/7/2008 12:30:52 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Display All Images with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll -> NetZero, Inc. [Ver = 4.4.00 | Size = 361472 bytes | Modified Date = 2/23/2007 7:33:22 PM | Attr = ] Display Image with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll -> NetZero, Inc. [Ver = 4.4.00 | Size = 361472 bytes | Modified Date = 2/23/2007 7:33:22 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1275210071-764733703-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> Display All Images with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll -> NetZero, Inc. [Ver = 4.4.00 | Size = 361472 bytes | Modified Date = 2/23/2007 7:33:22 PM | Attr = ] Display Image with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll -> NetZero, Inc. [Ver = 4.4.00 | Size = 361472 bytes | Modified Date = 2/23/2007 7:33:22 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {534029BF-AE25-48BA-9815-AB275942F1E6} -> (1394 Net Adapter) -> {64790558-8D56-4117-8FF5-ABC33B1A8343} -> (Intel(R) 82566DC-2 Gigabit Network Connection) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {6CCE3920-3183-4B3D-808A-B12EB769DE12}[HKEY_LOCAL_MACHINE] -> http://www.commandondemand.com/eval/cod/cabs/cssweb.cab[CSS Web Installer Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cssweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cssweb.dll\\.Owner -> {6CCE3920-3183-4B3D-808A-B12EB769DE12} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cssweb.dll\\{6CCE3920-3183-4B3D-808A-B12EB769DE12} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/csswlng.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/csswlng.dll\\.Owner -> {6CCE3920-3183-4B3D-808A-B12EB769DE12} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/csswlng.dll\\{6CCE3920-3183-4B3D-808A-B12EB769DE12} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 852 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 8:12:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 78 67 FE AC 46 84 65 54 04 DF 64 5B 71 F7 C7 BB 66 39 32 39 31 36 63 32 00 FD 07 00 30 29 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 5C 66 75 F4 7C BD 29 9B CD CE D4 F9 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> AE 97 D9 A3 20 4F 75 2C 04 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> CC F0 4D 99 2D C2 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 82 38 D4 E9 C4 D1 EE ED 99 39 77 94 AE DD C3 09 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 3A 8D 94 16 53 06 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 985 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.1.1.5 | Size = 14672448 bytes | Modified Date = 3/14/2007 11:05:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe -> %ProgramFiles%\Warcraft III\Warcraft III.exe [C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> Blizzard Entertainment [Ver = 1, 0, 0, 1 | Size = 274432 bytes | Modified Date = 2/2/2008 9:03:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> %ProgramFiles%\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 510976 bytes | Modified Date = 4/18/2008 11:43:33 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/23/2008 3:35:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/18/2008 11:43:33 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe -> %ProgramFiles%\Autodesk\3ds Max 9\3dsmax.exe [C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit] -> Autodesk, Inc. [Ver = 9.0.0.100 | Size = 5946368 bytes | Modified Date = 9/29/2006 2:30:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Autodesk\Backburner\monitor.exe -> %ProgramFiles%\Autodesk\Backburner\monitor.exe [C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor] -> Autodesk, Inc. [Ver = 2007.0.1.218 | Size = 425984 bytes | Modified Date = 9/6/2006 6:39:14 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Autodesk\Backburner\manager.exe -> %ProgramFiles%\Autodesk\Backburner\manager.exe [C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager] -> Autodesk, Inc. [Ver = 2007.0.1.218 | Size = 110592 bytes | Modified Date = 9/6/2006 6:39:10 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Autodesk\Backburner\server.exe -> %ProgramFiles%\Autodesk\Backburner\server.exe [C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server] -> Autodesk, Inc. [Ver = 2007.0.1.218 | Size = 110592 bytes | Modified Date = 9/6/2006 6:39:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe -> %ProgramFiles%\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe [C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer] -> SQUARE ENIX CO., LTD. [Ver = 1.18.07 | Size = 1691648 bytes | Modified Date = 3/10/2008 6:19:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 8:12:11 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 1 -> [Files/Folders - Created Within 90 days] AMD -> %SystemDrive%\AMD -> [Folder | Created Date = 8/22/2008 3:29:06 PM | Attr = ] csscod -> %SystemDrive%\csscod -> [Folder | Created Date = 8/25/2008 9:09:00 PM | Attr = ] Logs -> %SystemDrive%\Logs -> [Folder | Created Date = 8/22/2008 8:13:24 PM | Attr = ] NetZeroInstaller -> %SystemDrive%\NetZeroInstaller -> [Folder | Created Date = 8/23/2008 9:38:41 AM | Attr = ] bktrh.gif -> %SystemRoot%\System32\dllcache\bktrh.gif -> [Ver = | Size = 999 bytes | Created Date = 8/24/2008 8:43:27 PM | Attr = ] cloapp.gif -> %SystemRoot%\System32\dllcache\cloapp.gif -> [Ver = | Size = 717 bytes | Created Date = 8/24/2008 8:43:28 PM | Attr = ] cloapph.gif -> %SystemRoot%\System32\dllcache\cloapph.gif -> [Ver = | Size = 760 bytes | Created Date = 8/24/2008 8:43:28 PM | Attr = ] cnt.gif -> %SystemRoot%\System32\dllcache\cnt.gif -> [Ver = | Size = 773 bytes | Created Date = 8/24/2008 8:43:28 PM | Attr = ] cntd.gif -> %SystemRoot%\System32\dllcache\cntd.gif -> [Ver = | Size = 772 bytes | Created Date = 8/24/2008 8:43:28 PM | Attr = ] cnth.gif -> %SystemRoot%\System32\dllcache\cnth.gif -> [Ver = | Size = 773 bytes | Created Date = 8/24/2008 8:43:28 PM | Attr = ] compact.wmz -> %SystemRoot%\System32\dllcache\compact.wmz -> [Ver = | Size = 184959 bytes | Created Date = 8/24/2008 8:43:28 PM | Attr = ] contents.htm -> %SystemRoot%\System32\dllcache\contents.htm -> [Ver = | Size = 8298 bytes | Created Date = 8/24/2008 8:43:29 PM | Attr = ] controls.css -> %SystemRoot%\System32\dllcache\controls.css -> [Ver = | Size = 9585 bytes | Created Date = 8/24/2008 8:43:29 PM | Attr = ] controls.js -> %SystemRoot%\System32\dllcache\controls.js -> [Ver = | Size = 6878 bytes | Created Date = 8/24/2008 8:43:29 PM | Attr = ] copycd.wmv -> %SystemRoot%\System32\dllcache\copycd.wmv -> [Ver = | Size = 381425 bytes | Created Date = 8/24/2008 8:43:29 PM | Attr = ] events.js -> %SystemRoot%\System32\dllcache\events.js -> [Ver = | Size = 5971 bytes | Created Date = 8/24/2008 8:43:31 PM | Attr = ] l3codeca.acm -> %SystemRoot%\System32\dllcache\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 8/24/2008 8:43:34 PM | Attr = ] mdlib.wmv -> %SystemRoot%\System32\dllcache\mdlib.wmv -> [Ver = | Size = 457607 bytes | Created Date = 8/24/2008 8:43:37 PM | Attr = ] mplayer2.cnt -> %SystemRoot%\System32\dllcache\mplayer2.cnt -> [Ver = | Size = 1885 bytes | Created Date = 8/24/2008 8:43:38 PM | Attr = ] mplayer2.hlp -> %SystemRoot%\System32\dllcache\mplayer2.hlp -> [Ver = | Size = 97117 bytes | Created Date = 8/24/2008 8:43:38 PM | Attr = ] mplayer2.inf -> %SystemRoot%\System32\dllcache\mplayer2.inf -> [Ver = | Size = 18286 bytes | Created Date = 8/24/2008 8:43:38 PM | Attr = ] mplogo.gif -> %SystemRoot%\System32\dllcache\mplogo.gif -> [Ver = | Size = 2545 bytes | Created Date = 8/24/2008 8:43:38 PM | Attr = ] mplogoh.gif -> %SystemRoot%\System32\dllcache\mplogoh.gif -> [Ver = | Size = 2778 bytes | Created Date = 8/24/2008 8:43:38 PM | Attr = ] npdrmv2.zip -> %SystemRoot%\System32\dllcache\npdrmv2.zip -> [Ver = | Size = 403 bytes | Created Date = 8/24/2008 8:43:42 PM | Attr = ] npds.zip -> %SystemRoot%\System32\dllcache\npds.zip -> [Ver = | Size = 22060 bytes | Created Date = 8/24/2008 8:43:42 PM | Attr = ] nuskin.wmv -> %SystemRoot%\System32\dllcache\nuskin.wmv -> [Ver = | Size = 375519 bytes | Created Date = 8/24/2008 8:43:43 PM | Attr = ] plylst1.wpl -> %SystemRoot%\System32\dllcache\plylst1.wpl -> [Ver = | Size = 1250 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst10.wpl -> %SystemRoot%\System32\dllcache\plylst10.wpl -> [Ver = | Size = 787 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst11.wpl -> %SystemRoot%\System32\dllcache\plylst11.wpl -> [Ver = | Size = 789 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst12.wpl -> %SystemRoot%\System32\dllcache\plylst12.wpl -> [Ver = | Size = 1451 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst13.wpl -> %SystemRoot%\System32\dllcache\plylst13.wpl -> [Ver = | Size = 783 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst14.wpl -> %SystemRoot%\System32\dllcache\plylst14.wpl -> [Ver = | Size = 775 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst15.wpl -> %SystemRoot%\System32\dllcache\plylst15.wpl -> [Ver = | Size = 733 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst2.wpl -> %SystemRoot%\System32\dllcache\plylst2.wpl -> [Ver = | Size = 1049 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst3.wpl -> %SystemRoot%\System32\dllcache\plylst3.wpl -> [Ver = | Size = 1474 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst4.wpl -> %SystemRoot%\System32\dllcache\plylst4.wpl -> [Ver = | Size = 1448 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst5.wpl -> %SystemRoot%\System32\dllcache\plylst5.wpl -> [Ver = | Size = 1477 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst6.wpl -> %SystemRoot%\System32\dllcache\plylst6.wpl -> [Ver = | Size = 1477 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst7.wpl -> %SystemRoot%\System32\dllcache\plylst7.wpl -> [Ver = | Size = 1046 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst8.wpl -> %SystemRoot%\System32\dllcache\plylst8.wpl -> [Ver = | Size = 1036 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plylst9.wpl -> %SystemRoot%\System32\dllcache\plylst9.wpl -> [Ver = | Size = 784 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] plyr_err.chm -> %SystemRoot%\System32\dllcache\plyr_err.chm -> [Ver = | Size = 77307 bytes | Created Date = 8/24/2008 8:43:44 PM | Attr = ] revert.wmz -> %SystemRoot%\System32\dllcache\revert.wmz -> [Ver = | Size = 66725 bytes | Created Date = 8/24/2008 8:43:45 PM | Attr = ] rtuner.wmv -> %SystemRoot%\System32\dllcache\rtuner.wmv -> [Ver = | Size = 572557 bytes | Created Date = 8/24/2008 8:43:45 PM | Attr = ] skins.inf -> %SystemRoot%\System32\dllcache\skins.inf -> [Ver = | Size = 908 bytes | Created Date = 8/24/2008 8:43:46 PM | Attr = ] sl_anet.acm -> %SystemRoot%\System32\dllcache\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Created Date = 8/24/2008 8:43:47 PM | Attr = ] snd.htm -> %SystemRoot%\System32\dllcache\snd.htm -> [Ver = | Size = 1148 bytes | Created Date = 8/24/2008 8:43:47 PM | Attr = ] taoff.gif -> %SystemRoot%\System32\dllcache\taoff.gif -> [Ver = | Size = 1380 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] taoffh.gif -> %SystemRoot%\System32\dllcache\taoffh.gif -> [Ver = | Size = 1367 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] taon.gif -> %SystemRoot%\System32\dllcache\taon.gif -> [Ver = | Size = 1398 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] taonh.gif -> %SystemRoot%\System32\dllcache\taonh.gif -> [Ver = | Size = 1380 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] tour.js -> %SystemRoot%\System32\dllcache\tour.js -> [Ver = | Size = 3187 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] tourbg.gif -> %SystemRoot%\System32\dllcache\tourbg.gif -> [Ver = | Size = 23829 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] tpause.gif -> %SystemRoot%\System32\dllcache\tpause.gif -> [Ver = | Size = 2450 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] tpauseh.gif -> %SystemRoot%\System32\dllcache\tpauseh.gif -> [Ver = | Size = 2371 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] tplay.gif -> %SystemRoot%\System32\dllcache\tplay.gif -> [Ver = | Size = 2469 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] tplayh.gif -> %SystemRoot%\System32\dllcache\tplayh.gif -> [Ver = | Size = 2375 bytes | Created Date = 8/24/2008 8:43:48 PM | Attr = ] videobg.gif -> %SystemRoot%\System32\dllcache\videobg.gif -> [Ver = | Size = 17489 bytes | Created Date = 8/24/2008 8:43:49 PM | Attr = ] vidsamp.gif -> %SystemRoot%\System32\dllcache\vidsamp.gif -> [Ver = | Size = 5290 bytes | Created Date = 8/24/2008 8:43:49 PM | Attr = ] viz.wmv -> %SystemRoot%\System32\dllcache\viz.wmv -> [Ver = | Size = 300969 bytes | Created Date = 8/24/2008 8:43:49 PM | Attr = ] wm1.gif -> %SystemRoot%\System32\dllcache\wm1.gif -> [Ver = | Size = 5789 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wm2.gif -> %SystemRoot%\System32\dllcache\wm2.gif -> [Ver = | Size = 7636 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wm3.gif -> %SystemRoot%\System32\dllcache\wm3.gif -> [Ver = | Size = 6241 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wm4.gif -> %SystemRoot%\System32\dllcache\wm4.gif -> [Ver = | Size = 7369 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wm5.gif -> %SystemRoot%\System32\dllcache\wm5.gif -> [Ver = | Size = 2477 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wm6.gif -> %SystemRoot%\System32\dllcache\wm6.gif -> [Ver = | Size = 6060 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wm7.gif -> %SystemRoot%\System32\dllcache\wm7.gif -> [Ver = | Size = 8677 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wm8.gif -> %SystemRoot%\System32\dllcache\wm8.gif -> [Ver = | Size = 4193 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wm9.gif -> %SystemRoot%\System32\dllcache\wm9.gif -> [Ver = | Size = 7892 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wmdm.inf -> %SystemRoot%\System32\dllcache\wmdm.inf -> [Ver = | Size = 17272 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wmfsdk.inf -> %SystemRoot%\System32\dllcache\wmfsdk.inf -> [Ver = | Size = 6769 bytes | Created Date = 8/24/2008 8:43:51 PM | Attr = ] wmp.inf -> %SystemRoot%\System32\dllcache\wmp.inf -> [Ver = | Size = 29070 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpaud1.wav -> %SystemRoot%\System32\dllcache\wmpaud1.wav -> [Ver = | Size = 354468 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpaud2.wav -> %SystemRoot%\System32\dllcache\wmpaud2.wav -> [Ver = | Size = 86180 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpaud3.wav -> %SystemRoot%\System32\dllcache\wmpaud3.wav -> [Ver = | Size = 172196 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpaud4.wav -> %SystemRoot%\System32\dllcache\wmpaud4.wav -> [Ver = | Size = 86180 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpaud5.wav -> %SystemRoot%\System32\dllcache\wmpaud5.wav -> [Ver = | Size = 86196 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpaud6.wav -> %SystemRoot%\System32\dllcache\wmpaud6.wav -> [Ver = | Size = 343204 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpaud7.wav -> %SystemRoot%\System32\dllcache\wmpaud7.wav -> [Ver = | Size = 343204 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpaud8.wav -> %SystemRoot%\System32\dllcache\wmpaud8.wav -> [Ver = | Size = 172196 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpaud9.wav -> %SystemRoot%\System32\dllcache\wmpaud9.wav -> [Ver = | Size = 172196 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmplay.chm -> %SystemRoot%\System32\dllcache\wmplay.chm -> [Ver = | Size = 23195 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmplayer.adm -> %SystemRoot%\System32\dllcache\wmplayer.adm -> [Ver = | Size = 67374 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmplayer.chm -> %SystemRoot%\System32\dllcache\wmplayer.chm -> [Ver = | Size = 613334 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmploc.js -> %SystemRoot%\System32\dllcache\wmploc.js -> [Ver = | Size = 420 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmpocm.inf -> %SystemRoot%\System32\dllcache\wmpocm.inf -> [Ver = | Size = 855 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmptour.css -> %SystemRoot%\System32\dllcache\wmptour.css -> [Ver = | Size = 1771 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] wmptour.hta -> %SystemRoot%\System32\dllcache\wmptour.hta -> [Ver = | Size = 10457 bytes | Created Date = 8/24/2008 8:43:52 PM | Attr = ] ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 8/24/2008 8:43:26 PM | Attr = ] cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 8/24/2008 8:43:29 PM | Attr = ] netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 8/24/2008 8:43:42 PM | Attr = ] pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0 | Size = 28544 bytes | Created Date = 8/25/2008 9:57:48 AM | Attr = ] wacommousefilter.sys -> %SystemRoot%\System32\drivers\wacommousefilter.sys -> Wacom Technology [Ver = 1.2.0002.0 | Size = 11312 bytes | Created Date = 8/23/2008 9:43:20 AM | Attr = ] wacomvhid.sys -> %SystemRoot%\System32\drivers\wacomvhid.sys -> Wacom Technology [Ver = 2.8.0000.0 | Size = 12848 bytes | Created Date = 8/23/2008 9:43:20 AM | Attr = ] WacomVKHid.sys -> %SystemRoot%\System32\drivers\WacomVKHid.sys -> Wacom Technology [Ver = 1.1.0000.0 | Size = 11440 bytes | Created Date = 8/23/2008 9:43:53 AM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 8/24/2008 8:52:07 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> en -> %SystemRoot%\System32\en -> [Folder | Created Date = 8/24/2008 8:52:07 PM | Attr = ] en-us -> %SystemRoot%\System32\en-us -> [Folder | Created Date = 8/24/2008 8:52:08 PM | Attr = ] pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 1261 bytes | Created Date = 8/24/2008 8:43:33 PM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 8/24/2008 8:52:08 PM | Attr = ] WacomTablet.cpl -> %SystemRoot%\System32\WacomTablet.cpl -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 3499304 bytes | Created Date = 8/23/2008 9:44:11 AM | Attr = ] WacomTablet.znc -> %SystemRoot%\System32\WacomTablet.znc -> [Ver = | Size = 1910035 bytes | Created Date = 8/23/2008 9:44:14 AM | Attr = ] Wacom_Tablet.dll -> %SystemRoot%\System32\Wacom_Tablet.dll -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 128296 bytes | Created Date = 8/23/2008 9:43:17 AM | Attr = ] Wacom_Tablet.exe -> %SystemRoot%\System32\Wacom_Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 1373480 bytes | Created Date = 8/23/2008 9:43:17 AM | Attr = ] Wintab32.dll -> %SystemRoot%\System32\Wintab32.dll -> Wacom Technology, Corp. [Ver = 1.0.3-1 | Size = 181544 bytes | Created Date = 8/23/2008 9:43:18 AM | Attr = ] WTablet -> %SystemRoot%\System32\WTablet -> [Folder | Created Date = 8/23/2008 9:43:20 AM | Attr = ] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 8/24/2008 8:46:52 PM | Attr = H ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 8/24/2008 11:59:23 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 8/24/2008 11:59:10 PM | Attr = H ] ativpsrm.bin -> %SystemRoot%\ativpsrm.bin -> [Ver = | Size = 0 bytes | Created Date = 8/22/2008 3:37:21 PM | Attr = ] EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 8/24/2008 8:46:51 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 8/24/2008 6:36:29 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 8/24/2008 11:59:32 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 8/25/2008 12:01:34 AM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 8/24/2008 8:52:08 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1160 bytes | Created Date = 8/25/2008 7:27:44 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 8/24/2008 8:49:18 PM | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 8/24/2008 4:08:50 PM | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 8/24/2008 9:37:20 PM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 8/24/2008 8:51:00 PM | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 8/25/2008 8:59:49 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 8/25/2008 12:01:03 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 8/24/2008 7:00:26 PM | Attr = ] NetZero -> %AllUsersProfile%\Application Data\NetZero -> [Folder | Created Date = 8/23/2008 9:38:43 AM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Created Date = 8/22/2008 3:32:32 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 8/24/2008 7:00:28 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 8/25/2008 1:59:17 AM | Attr = ] WTablet -> %AppData%\WTablet -> [Folder | Created Date = 8/23/2008 9:44:23 AM | Attr = ] jre-6u7-windows-i586-p-s.exe -> %UserProfile%\My Documents\jre-6u7-windows-i586-p-s.exe -> [Ver = | Size = 15984024 bytes | Created Date = 8/25/2008 1:54:57 AM | Attr = ] USB FireWall.lnk -> %AllUsersProfile%\Desktop\ USB FireWall.lnk -> [Ver = | Size = 511 bytes | Created Date = 8/24/2008 1:51:41 PM | Attr = ] BDARemote.lnk -> %AllUsersProfile%\Desktop\BDARemote.lnk -> [Ver = | Size = 519 bytes | Created Date = 8/22/2008 3:32:35 PM | Attr = ] World of Warcraft.lnk -> %AllUsersProfile%\Desktop\World of Warcraft.lnk -> [Ver = | Size = 793 bytes | Created Date = 8/22/2008 7:55:53 PM | Attr = ] activescan2_en.exe -> %UserProfile%\Desktop\activescan2_en.exe -> [Ver = | Size = 175648 bytes | Created Date = 8/25/2008 9:36:36 AM | Attr = ] Command On Demand.url -> %UserProfile%\Desktop\Command On Demand.url -> [Ver = | Size = 137 bytes | Created Date = 8/25/2008 9:09:00 PM | Attr = ] data1.hdr -> %UserProfile%\Desktop\data1.hdr -> [Ver = | Size = 11001 bytes | Created Date = 8/24/2008 1:51:29 PM | Attr = ] Flash -> %UserProfile%\Desktop\Flash -> [Folder | Created Date = 6/9/2008 12:49:05 AM | Attr = ] Flash_Disinfector.exe -> %UserProfile%\Desktop\Flash_Disinfector.exe -> [Ver = | Size = 132597 bytes | Created Date = 9/2/2008 4:03:21 PM | Attr = ] GameWork.fla -> %UserProfile%\Desktop\GameWork.fla -> [Ver = | Size = 65536 bytes | Created Date = 8/31/2008 3:47:52 PM | Attr = ] GameWork.swf -> %UserProfile%\Desktop\GameWork.swf -> [Ver = | Size = 2487 bytes | Created Date = 9/1/2008 9:10:20 PM | Attr = ] GameWork2.fla -> %UserProfile%\Desktop\GameWork2.fla -> [Ver = | Size = 41472 bytes | Created Date = 9/2/2008 11:19:05 AM | Attr = ] Halp -> %UserProfile%\Desktop\Halp -> [Folder | Created Date = 8/25/2008 6:43:53 PM | Attr = ] HarpyScratch -> %UserProfile%\Desktop\HarpyScratch -> [Folder | Created Date = 8/26/2008 2:15:40 PM | Attr = ] HiJackThis -> %UserProfile%\Desktop\HiJackThis -> [Folder | Created Date = 8/24/2008 6:28:54 PM | Attr = ] Logs -> %UserProfile%\Desktop\Logs -> [Folder | Created Date = 8/22/2008 8:16:18 PM | Attr = ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Created Date = 8/24/2008 6:35:35 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 9/2/2008 4:06:37 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 576411 bytes | Created Date = 9/2/2008 4:00:09 PM | Attr = ] Portfolio -> %UserProfile%\Desktop\Portfolio -> [Folder | Created Date = 8/24/2008 1:58:47 PM | Attr = ] Warcraft -> %UserProfile%\Desktop\Warcraft -> [Folder | Created Date = 8/22/2008 7:38:13 PM | Attr = ] WC3Maps -> %UserProfile%\Desktop\WC3Maps -> [Folder | Created Date = 8/25/2008 8:01:07 AM | Attr = ] week 6 -> %UserProfile%\Desktop\week 6 -> [Folder | Created Date = 8/29/2008 12:57:46 PM | Attr = ] wowmodelview-0.5.09 -> %UserProfile%\Desktop\wowmodelview-0.5.09 -> [Folder | Created Date = 8/25/2008 10:08:49 AM | Attr = ] wowmodelview-0.5.09.zip -> %UserProfile%\Desktop\wowmodelview-0.5.09.zip -> [Ver = | Size = 1698045 bytes | Created Date = 8/25/2008 10:08:12 AM | Attr = ] BDARemote.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\BDARemote.lnk -> [Ver = | Size = 531 bytes | Created Date = 8/22/2008 3:32:35 PM | Attr = ] Blizzard Entertainment -> %CommonProgramFiles%\Blizzard Entertainment -> [Folder | Created Date = 8/22/2008 7:55:53 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 8/24/2008 6:44:37 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 8/25/2008 8:57:48 AM | Attr = ] DIFX -> %ProgramFiles%\DIFX -> [Folder | Created Date = 8/22/2008 3:32:37 PM | Attr = ] ERUNT -> %ProgramFiles%\ERUNT -> [Folder | Created Date = 8/24/2008 6:35:34 PM | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 8/25/2008 8:57:49 AM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 8/24/2008 7:00:26 PM | Attr = ] Net Studio -> %ProgramFiles%\Net Studio -> [Folder | Created Date = 8/24/2008 1:51:41 PM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 8/25/2008 9:40:31 AM | Attr = ] Tablet -> %ProgramFiles%\Tablet -> [Folder | Created Date = 8/23/2008 9:43:11 AM | Attr = ] USB TV -> %ProgramFiles%\USB TV -> [Folder | Created Date = 8/22/2008 3:32:35 PM | Attr = ] World of Warcraft -> %ProgramFiles%\World of Warcraft -> [Folder | Created Date = 8/22/2008 7:55:53 PM | Attr = ] [Files/Folders - Modified Within 90 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 8/25/2008 6:42:28 PM | Attr = HS] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 8/24/2008 8:49:04 PM | Attr = RHS] pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0 | Size = 28544 bytes | Modified Date = 6/19/2008 5:24:30 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 92680 bytes | Modified Date = 8/24/2008 9:37:01 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 58800 bytes | Modified Date = 8/24/2008 11:26:05 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 392626 bytes | Modified Date = 8/24/2008 11:26:05 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 441056 bytes | Modified Date = 8/24/2008 11:26:05 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 9/1/2008 10:06:08 AM | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ativpsrm.bin -> %SystemRoot%\ativpsrm.bin -> [Ver = | Size = 0 bytes | Modified Date = 8/22/2008 3:37:21 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 9/2/2008 4:17:33 PM | Attr = S] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/25/2008 12:01:53 AM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1160 bytes | Modified Date = 8/25/2008 7:27:46 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/25/2008 6:42:28 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 550 bytes | Modified Date = 8/25/2008 6:42:28 PM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 8/24/2008 10:01:22 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/26/2008 10:00:42 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 9/2/2008 4:17:34 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 4/18/2008 9:41:44 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/26/2008 4:12:52 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4646 bytes | Modified Date = 8/26/2008 4:12:52 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\ -> C:\Documents and Settings\Casey\Local Settings\Temp -> [Folder | Modified Date = 9/2/2008 4:19:50 PM | Attr = ] A~NSISu_.exe -> C:\Documents and Settings\Casey\Local Settings\Temp\A~NSISu_.exe -> DT Soft Ltd. [Ver = 4.10.0.0 | Size = 115691 bytes | Modified Date = 2/2/2008 8:18:43 AM | Attr = ] exec.exe -> C:\Documents and Settings\Casey\Local Settings\Temp\exec.exe -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 1701376 bytes | Modified Date = 5/6/2008 9:11:08 PM | Attr = ] KUIU.EXE -> C:\Documents and Settings\Casey\Local Settings\Temp\KUIU.EXE -> Conexant Systems, Inc. [Ver = 4.0.26.1 | Size = 796040 bytes | Modified Date = 6/26/2007 4:22:56 AM | Attr = ] PleaseWait.exe -> C:\Documents and Settings\Casey\Local Settings\Temp\PleaseWait.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/27/2005 2:59:26 PM | Attr = ] splash.exe -> C:\Documents and Settings\Casey\Local Settings\Temp\splash.exe -> [Ver = | Size = 73728 bytes | Modified Date = 4/28/2008 1:41:32 PM | Attr = ] war3_Install.exe -> C:\Documents and Settings\Casey\Local Settings\Temp\war3_Install.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 294912 bytes | Modified Date = 6/7/2002 3:08:56 PM | Attr = ] _is6.exe -> C:\Documents and Settings\Casey\Local Settings\Temp\_is6.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 456192 bytes | Modified Date = 2/1/2007 6:28:24 AM | Attr = R ] 48 C:\Documents and Settings\Casey\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Casey\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Casey\Local Settings\Temp\AUG2005DXREDIST\ -> C:\Documents and Settings\Casey\Local Settings\Temp\AUG2005DXREDIST -> [Folder | Modified Date = 4/24/2008 2:21:47 PM | Attr = ] DXSETUP.exe -> C:\Documents and Settings\Casey\Local Settings\Temp\AUG2005DXREDIST\DXSETUP.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 482000 bytes | Modified Date = 7/26/2005 6:23:16 PM | Attr = R ] C:\Documents and Settings\Casey\Local Settings\Temp\DRDld\ -> C:\Documents and Settings\Casey\Local Settings\Temp\DRDld -> [Folder | Modified Date = 8/24/2008 6:37:23 PM | Attr = ] mbam-setup.exe -> C:\Documents and Settings\Casey\Local Settings\Temp\DRDld\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.25 | Size = 2134446 bytes | Modified Date = 8/24/2008 6:44:37 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\ -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries -> [Folder | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] ScanningProcess.exe -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] 3 C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\*.tmp files -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\*.tmp -> C:\Documents and Settings\Casey\Local Settings\Temp\ -> C:\Documents and Settings\Casey\Local Settings\Temp -> [Folder | Modified Date = 9/2/2008 4:19:50 PM | Attr = ] CmdLineExt02.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\CmdLineExt02.dll -> [Ver = | Size = 36864 bytes | Modified Date = 5/31/2008 1:31:18 PM | Attr = ] NullsoftHelper.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\NullsoftHelper.dll -> [Ver = | Size = 59392 bytes | Modified Date = 5/6/2008 9:01:44 PM | Attr = ] SIntf16.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\SIntf16.dll -> [Ver = | Size = 12067 bytes | Modified Date = 5/31/2008 1:31:19 PM | Attr = ] SIntf32.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\SIntf32.dll -> [Ver = | Size = 19924 bytes | Modified Date = 5/31/2008 1:31:19 PM | Attr = ] SIntfNT.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\SIntfNT.dll -> [Ver = | Size = 24516 bytes | Modified Date = 5/31/2008 1:31:19 PM | Attr = ] uires.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\uires.dll -> NetZero, Inc. [Ver = 8.7.4.0 | Size = 1588736 bytes | Modified Date = 5/6/2008 9:08:16 PM | Attr = ] 48 C:\Documents and Settings\Casey\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Casey\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\ -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\{35CB6715-41F8-4F99-8881-6FC75BF054B0} -> [Folder | Modified Date = 3/2/2008 4:11:56 PM | Attr = ] isrt.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\isrt.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 425984 bytes | Modified Date = 4/4/2005 2:03:32 AM | Attr = ] _IsRes.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\_IsRes.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 385024 bytes | Modified Date = 4/4/2005 3:54:20 AM | Attr = ] _ISUser.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\_ISUser.dll -> [Ver = | Size = 12288 bytes | Modified Date = 2/28/2006 1:30:52 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\ -> C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\{35CB6715-41F8-4F99-8881-6FC75BF054B0} -> [Folder | Modified Date = 4/24/2008 2:21:23 PM | Attr = ] isrt.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\isrt.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 425984 bytes | Modified Date = 4/4/2005 1:03:32 AM | Attr = ] _IsRes.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\_IsRes.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 385024 bytes | Modified Date = 4/4/2005 2:54:20 AM | Attr = ] _ISUser.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\_ISUser.dll -> [Ver = | Size = 12288 bytes | Modified Date = 2/28/2006 12:30:52 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\{8AD2FEBC-262A-4B2D-A7AA-FB984DA77576}\ -> C:\Documents and Settings\Casey\Local Settings\Temp\{8AD2FEBC-262A-4B2D-A7AA-FB984DA77576} -> [Folder | Modified Date = 2/11/2008 7:55:19 AM | Attr = ] ISSetup.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\{8AD2FEBC-262A-4B2D-A7AA-FB984DA77576}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58851 | Size = 492032 bytes | Modified Date = 4/5/2007 5:21:12 AM | Attr = R ] _Setup.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\{8AD2FEBC-262A-4B2D-A7AA-FB984DA77576}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/17/2006 2:06:04 AM | Attr = R ] C:\Documents and Settings\Casey\Local Settings\Temp\AUG2005DXREDIST\ -> C:\Documents and Settings\Casey\Local Settings\Temp\AUG2005DXREDIST -> [Folder | Modified Date = 4/24/2008 2:21:47 PM | Attr = ] DSETUP.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\AUG2005DXREDIST\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 75472 bytes | Modified Date = 7/26/2005 6:23:14 PM | Attr = R ] dsetup32.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\AUG2005DXREDIST\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2245840 bytes | Modified Date = 7/26/2005 6:23:14 PM | Attr = R ] C:\Documents and Settings\Casey\Local Settings\Temp\IPMx3\Lang\PackMan\ENU\ -> C:\Documents and Settings\Casey\Local Settings\Temp\IPMx3\Lang\PackMan\ENU -> [Folder | Modified Date = 1/30/2008 9:01:01 AM | Attr = ] packmanenu.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\IPMx3\Lang\PackMan\ENU\packmanenu.dll -> [Ver = | Size = 28672 bytes | Modified Date = 12/6/2006 6:59:16 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\isp10.tmp\ -> C:\Documents and Settings\Casey\Local Settings\Temp\isp10.tmp\ -> [Folder | Modified Date = 3/2/2008 4:57:35 PM | Attr = ] _Setup.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\isp10.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 147456 bytes | Modified Date = 3/2/2008 4:57:35 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\isp5.tmp\ -> C:\Documents and Settings\Casey\Local Settings\Temp\isp5.tmp\ -> [Folder | Modified Date = 1/30/2008 10:05:28 AM | Attr = ] _Setup.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\isp5.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 368640 bytes | Modified Date = 1/30/2008 10:05:28 AM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\isp7.tmp\ -> C:\Documents and Settings\Casey\Local Settings\Temp\isp7.tmp\ -> [Folder | Modified Date = 3/2/2008 4:11:51 PM | Attr = ] _Setup.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\isp7.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 147456 bytes | Modified Date = 3/2/2008 4:11:51 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\isp8.tmp\ -> C:\Documents and Settings\Casey\Local Settings\Temp\isp8.tmp\ -> [Folder | Modified Date = 3/3/2008 11:11:14 AM | Attr = ] _Setup.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\isp8.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 147456 bytes | Modified Date = 3/3/2008 11:11:14 AM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\ispA.tmp\ -> C:\Documents and Settings\Casey\Local Settings\Temp\ispA.tmp\ -> [Folder | Modified Date = 3/3/2008 4:33:38 AM | Attr = ] _Setup.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\ispA.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 147456 bytes | Modified Date = 3/3/2008 4:33:38 AM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\ispB.tmp\ -> C:\Documents and Settings\Casey\Local Settings\Temp\ispB.tmp\ -> [Folder | Modified Date = 4/24/2008 2:21:19 PM | Attr = ] _Setup.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\ispB.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 147456 bytes | Modified Date = 4/24/2008 2:21:19 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\ispB0.tmp\ -> C:\Documents and Settings\Casey\Local Settings\Temp\ispB0.tmp\ -> [Folder | Modified Date = 3/3/2008 11:16:41 AM | Attr = ] _Setup.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\ispB0.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 147456 bytes | Modified Date = 3/3/2008 11:16:41 AM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\ -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries -> [Folder | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] FSSync.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 8/25/2008 8:39:30 PM | Attr = ] ikave.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\ikave.dll -> [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] kave.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 8/25/2008 8:39:30 PM | Attr = ] kosglue-7.0.25.0.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 8/25/2008 8:39:30 PM | Attr = ] msvcm80.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] msvcp80.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] msvcr80.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] prLoader.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] prremote.dll -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] 3 C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\*.tmp files -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\*.tmp -> C:\Documents and Settings\Casey\Local Settings\Temp\ -> C:\Documents and Settings\Casey\Local Settings\Temp -> [Folder | Modified Date = 9/2/2008 4:19:50 PM | Attr = ] Perflib_Perfdata_59c.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_59c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/3/2008 5:10:19 PM | Attr = ] Perflib_Perfdata_714.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_714.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/3/2008 11:13:47 AM | Attr = ] Perflib_Perfdata_7ec.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_7ec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/24/2008 2:52:18 AM | Attr = ] Perflib_Perfdata_840.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_840.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/26/2008 4:06:40 AM | Attr = ] Perflib_Perfdata_854.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_854.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/30/2008 12:50:46 PM | Attr = ] Perflib_Perfdata_88c.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_88c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/24/2008 2:52:19 AM | Attr = ] Perflib_Perfdata_8f8.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_8f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/26/2008 4:06:41 AM | Attr = ] Perflib_Perfdata_958.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_958.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/2/2008 4:17:46 PM | Attr = ] Perflib_Perfdata_a34.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_a34.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/2/2008 4:17:48 PM | Attr = ] Perflib_Perfdata_e34.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_e34.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/31/2008 11:44:49 AM | Attr = ] Perflib_Perfdata_e78.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_e78.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/31/2008 11:44:50 AM | Attr = ] Perflib_Perfdata_f3c.dat -> C:\Documents and Settings\Casey\Local Settings\Temp\Perflib_Perfdata_f3c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/30/2008 12:50:45 PM | Attr = ] 48 C:\Documents and Settings\Casey\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Casey\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\ -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3} -> [Folder | Modified Date = 3/2/2008 4:11:56 PM | Attr = ] corecomp.ini -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\corecomp.ini -> [Ver = | Size = 65503 bytes | Modified Date = 4/4/2005 1:35:38 AM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\ -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\{35CB6715-41F8-4F99-8881-6FC75BF054B0} -> [Folder | Modified Date = 3/2/2008 4:11:56 PM | Attr = ] FontData.ini -> C:\Documents and Settings\Casey\Local Settings\Temp\{15178129-13E7-4D8A-913C-449C9B7496C3}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\FontData.ini -> [Ver = | Size = 39 bytes | Modified Date = 2/28/2006 1:30:54 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\ -> C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E} -> [Folder | Modified Date = 4/24/2008 2:21:23 PM | Attr = ] corecomp.ini -> C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\corecomp.ini -> [Ver = | Size = 65503 bytes | Modified Date = 4/4/2005 12:35:38 AM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\ -> C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\{35CB6715-41F8-4F99-8881-6FC75BF054B0} -> [Folder | Modified Date = 4/24/2008 2:21:23 PM | Attr = ] FontData.ini -> C:\Documents and Settings\Casey\Local Settings\Temp\{6E6D3151-F4E9-4C35-BCDA-48BF93FE168E}\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\FontData.ini -> [Ver = | Size = 39 bytes | Modified Date = 2/28/2006 12:30:54 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\iss4.tmp\ -> C:\Documents and Settings\Casey\Local Settings\Temp\iss4.tmp\ -> [Folder | Modified Date = 3/2/2008 4:11:51 PM | Attr = ] setup.ini -> C:\Documents and Settings\Casey\Local Settings\Temp\iss4.tmp\setup.ini -> [Ver = | Size = 486 bytes | Modified Date = 3/2/2008 4:11:50 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\iss8.tmp\ -> C:\Documents and Settings\Casey\Local Settings\Temp\iss8.tmp\ -> [Folder | Modified Date = 4/24/2008 2:21:19 PM | Attr = ] setup.ini -> C:\Documents and Settings\Casey\Local Settings\Temp\iss8.tmp\setup.ini -> [Ver = | Size = 486 bytes | Modified Date = 4/24/2008 2:21:18 PM | Attr = ] C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\ -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries -> [Folder | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] _kave.ini -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\_kave.ini -> [Ver = | Size = 102 bytes | Modified Date = 8/25/2008 8:44:16 PM | Attr = ] 3 C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\*.tmp files -> C:\Documents and Settings\Casey\Local Settings\Temp\jkos-Casey\binaries\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 55296 bytes | Modified Date = 6/9/2008 12:54:52 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 13104 bytes | Modified Date = 8/24/2008 10:28:07 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 76 bytes | Modified Date = 8/25/2008 12:08:30 AM | Attr = HS] jre-6u7-windows-i586-p-s.exe -> %UserProfile%\My Documents\jre-6u7-windows-i586-p-s.exe -> [Ver = | Size = 15984024 bytes | Modified Date = 8/25/2008 1:59:17 AM | Attr = ] USB FireWall.lnk -> %AllUsersProfile%\Desktop\ USB FireWall.lnk -> [Ver = | Size = 511 bytes | Modified Date = 8/24/2008 1:51:41 PM | Attr = ] BDARemote.lnk -> %AllUsersProfile%\Desktop\BDARemote.lnk -> [Ver = | Size = 519 bytes | Modified Date = 8/22/2008 3:32:35 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 8/22/2008 7:49:39 PM | Attr = ] NetZero Internet.lnk -> %AllUsersProfile%\Desktop\NetZero Internet.lnk -> [Ver = | Size = 1509 bytes | Modified Date = 8/23/2008 9:38:53 AM | Attr = ] World of Warcraft.lnk -> %AllUsersProfile%\Desktop\World of Warcraft.lnk -> [Ver = | Size = 793 bytes | Modified Date = 8/30/2008 11:15:41 AM | Attr = ] activescan2_en.exe -> %UserProfile%\Desktop\activescan2_en.exe -> [Ver = | Size = 175648 bytes | Modified Date = 8/25/2008 9:37:04 AM | Attr = ] Command On Demand.url -> %UserProfile%\Desktop\Command On Demand.url -> [Ver = | Size = 137 bytes | Modified Date = 8/25/2008 9:09:00 PM | Attr = ] Flash_Disinfector.exe -> %UserProfile%\Desktop\Flash_Disinfector.exe -> [Ver = | Size = 132597 bytes | Modified Date = 9/2/2008 4:04:00 PM | Attr = ] GameWork.fla -> %UserProfile%\Desktop\GameWork.fla -> [Ver = | Size = 65536 bytes | Modified Date = 9/2/2008 11:19:05 AM | Attr = ] GameWork.swf -> %UserProfile%\Desktop\GameWork.swf -> [Ver = | Size = 2487 bytes | Modified Date = 9/1/2008 9:29:45 PM | Attr = ] GameWork2.fla -> %UserProfile%\Desktop\GameWork2.fla -> [Ver = | Size = 41472 bytes | Modified Date = 9/2/2008 11:19:05 AM | Attr = ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Modified Date = 8/24/2008 6:35:35 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 576411 bytes | Modified Date = 9/2/2008 4:02:57 PM | Attr = ] BDARemote.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\BDARemote.lnk -> [Ver = | Size = 531 bytes | Modified Date = 8/22/2008 3:32:35 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]