AgentPaper
2009-01-14, 15:53
Should mention that Avast! warned me of a trojan twice during the scan, and both times I selected the "move to chest" option. Not sure if this was a false positive on the OTScanIt2 scan, but it seemed prudent at least. The scan didn't seem like it was affected, at any rate:
[code]
OTScanIt2 logfile created on: 1/14/2009 6:46:23 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.6.2 Folder = C:\Documents and Settings\Bryan Johnson\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.74% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 18.05 Gb Free Space | 9.69% Space Free | Partition Type: NTFS
Drive D: | 656.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 623.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
Computer Name: ALIENLAPTOP
Current User Name: Bryan Johnson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> [2006/06/29 13:32:00 | 00,089,541 | ---- | M] (Agere Systems)
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2008/11/26 10:18:51 | 00,081,000 | ---- | M] (ALWIL Software)
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/11/26 10:18:32 | 00,254,040 | ---- | M] (ALWIL Software)
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/11/26 10:18:46 | 00,155,160 | ---- | M] (ALWIL Software)
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/11/26 10:16:23 | 00,352,920 | ---- | M] (ALWIL Software)
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/11/26 10:12:08 | 00,018,752 | ---- | M] (ALWIL Software)
bisontrayicon.exe -> %SystemRoot%\BisonCam\BisonTrayIcon.exe -> [2005/10/06 18:49:50 | 00,040,960 | ---- | M] ()
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> [2006/12/11 16:25:24 | 00,266,295 | ---- | M] (Broadcom Corporation.)
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> [2007/02/21 08:13:26 | 00,487,424 | ---- | M] (Intel Corporation)
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2007/02/21 08:28:36 | 00,643,072 | ---- | M] (Intel Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/12/18 22:57:52 | 00,307,704 | ---- | M] (Mozilla Corporation)
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/12/06 19:55:24 | 00,168,432 | ---- | M] (Google)
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> [2007/02/21 08:17:42 | 00,970,752 | ---- | M] (Intel Corporation)
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> [2007/02/21 08:17:42 | 00,970,752 | ---- | M] (Intel Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/12 07:57:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/01/12 07:57:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008/07/02 21:33:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M] (OldTimer Tools)
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> [2008/12/07 04:43:58 | 01,168,264 | ---- | M] (PC Tools)
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/08/11 06:10:34 | 00,066,872 | ---- | M] ()
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2007/02/21 08:10:00 | 00,327,680 | ---- | M] (Intel Corporation)
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [2007/01/20 05:22:05 | 00,167,936 | ---- | M] ()
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> [2007/01/30 18:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 17:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 17:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2007/02/21 08:16:48 | 00,983,040 | ---- | M] (Intel Corporation )
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2006/08/11 18:56:38 | 00,794,714 | ---- | M] (Synaptics, Inc.)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited)
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> [2007/02/21 08:19:58 | 00,819,200 | ---- | M] (Intel Corporation)
[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/11/26 10:12:08 | 00,018,752 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/11/26 10:18:46 | 00,155,160 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/11/26 10:18:32 | 00,254,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/11/26 10:16:23 | 00,352,920 | ---- | M] (ALWIL Software)
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> [2006/12/11 16:25:24 | 00,266,295 | ---- | M] (Broadcom Corporation.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2007/02/21 08:28:36 | 00,643,072 | ---- | M] (Intel Corporation)
(FAH@C:+Documents and Settings+Bryan Johnson+Desktop+FAH504-Console.exe) FAH@C:+Documents and Settings+Bryan Johnson+Desktop+FAH504-Console.exe [Win32_Own | Auto | Stopped] -> -> File not found
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/05/24 13:34:28 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/12/06 19:55:24 | 00,168,432 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/12 07:57:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2006/11/10 16:18:02 | 00,774,144 | ---- | M] (Nero AG)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008/07/02 21:33:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/08/11 06:10:34 | 00,066,872 | ---- | M] ()
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2007/02/21 08:10:00 | 00,327,680 | ---- | M] (Intel Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [2007/01/20 05:22:05 | 00,167,936 | ---- | M] ()
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2007/02/21 08:16:48 | 00,983,040 | ---- | M] (Intel Corporation )
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> [2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools)
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> [2008/12/07 04:43:40 | 01,079,176 | ---- | M] (PC Tools)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aavmker4.sys -> [2008/11/26 10:15:35 | 00,026,944 | ---- | M] (ALWIL Software)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.6.0.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2008/03/10 07:57:55 | 00,021,425 | ---- | M] (Meetinghouse Data Communications)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> [2006/06/29 13:13:00 | 01,160,320 | ---- | M] (Agere Systems)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> [2008/11/26 10:17:25 | 00,020,560 | ---- | M] (ALWIL Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswmon2.sys -> [2008/11/26 10:18:18 | 00,094,032 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aswRdr.sys -> [2008/11/26 10:16:29 | 00,023,152 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswSP.sys -> [2008/11/26 10:17:36 | 00,111,184 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswTdi.sys -> [2008/11/26 10:16:38 | 00,050,864 | ---- | M] (ALWIL Software)
(btaudio) Bluetooth Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btaudio.sys -> [2006/10/15 11:02:18 | 00,329,901 | ---- | M] (Broadcom Corporation.)
(BTDriver) Bluetooth Virtual Communications Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btport.sys -> [2006/10/09 19:00:24 | 00,030,459 | ---- | M] (Broadcom Corporation.)
(BTKRNL) Bluetooth Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btkrnl.sys -> [2006/11/28 11:50:16 | 00,863,402 | ---- | M] (Broadcom Corporation.)
(BTWDNDIS) Bluetooth LAN Access Server [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btwdndis.sys -> [2006/10/15 11:01:54 | 00,149,123 | ---- | M] (Broadcom Corporation.)
(btwhid) btwhid [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btwhid.sys -> [2006/11/28 11:48:10 | 00,047,907 | ---- | M] (Broadcom Corporation.)
(BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btwusb.sys -> [2006/10/15 10:59:32 | 00,067,672 | ---- | M] (Broadcom Corporation.)
(Cam5603D) BisonCam, NB Pro [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BisonCam.sys -> [2006/07/11 20:25:10 | 00,750,720 | ---- | M] (Bison Electronics. Inc. )
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(IKFileSec) File Security Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> [2008/12/07 04:43:20 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.)
(IKSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksysflt.sys -> [2008/12/07 04:43:21 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.)
(IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksyssec.sys -> [2008/12/07 04:43:20 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007/01/30 18:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.)
(kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 11:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mcdbus.sys -> [2008/07/28 16:19:28 | 00,116,736 | ---- | M] (MagicISO, Inc.)
(NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NETw4x32.sys -> [2007/02/25 03:05:24 | 02,203,520 | ---- | M] (Intel Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2008/07/02 21:33:00 | 06,554,976 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2008/02/20 19:05:38 | 00,043,528 | ---- | M] (Sonic Solutions)
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> [2005/11/16 20:28:32 | 00,028,928 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> [2005/12/22 17:02:22 | 00,051,840 | ---- | M] (REDC)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> [2007/02/21 08:16:12 | 00,012,416 | ---- | M] (Intel Corporation)
(sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 11:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 01:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfdrv01.sys -> [2005/08/10 05:44:04 | 00,050,688 | ---- | M] (Protection Technology)
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfhlp02.sys -> [2005/05/16 06:20:39 | 00,006,656 | ---- | M] (Protection Technology)
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfsync02.sys -> [2005/08/10 07:06:28 | 00,019,968 | ---- | M] (Protection Technology)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [2008/08/03 21:28:22 | 00,717,296 | ---- | M] ()
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2006/08/11 18:35:42 | 00,197,152 | ---- | M] (Synaptics, Inc.)
(vncdrv) vncdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vncdrv.sys -> [2002/11/20 16:45:50 | 00,002,218 | ---- | M] (Microsoft Corporation)
(xnacc) Microsoft Common Controller For Windows Driver Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\xnacc.sys -> [2006/06/01 13:15:20 | 00,509,440 | ---- | M] (Microsoft Corporation)
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> [2006/06/20 08:55:00 | 00,244,864 | ---- | M] (Marvell)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> MSN ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Bryan Johnson\Application Data\Mozilla\FireFox\Profiles\2v4ur0if.default\prefs.js ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.5" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.0 ->
extensions.enabledItems -> {5872365e-67d1-4afd-9480-fd293bebd20d}:1.7.2 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87 ->
extensions.enabledItems -> {2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}:1.2.3 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 ->
< HOSTS File > (624583 bytes and 16606 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 z.abnad.net
127.0.0.1 banners.absolpublisher.com
127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtb5.acecounter.com
127.0.0.1 gtb19.acecounter.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{45BE43EE-108C-4E1F-86C2-D762948A2968} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2009/01/12 07:57:41 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2008/12/06 19:55:35 | 00,657,904 | ---- | M] (Google Inc.)
{B875AD41-E1B8-4DFD-9A40-3F708FE28DD2} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar Helper] -> [2007/02/12 12:56:04 | 00,546,672 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/01/12 07:57:40 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/01/12 07:57:42 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> [2007/02/12 12:56:04 | 00,546,672 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> [2007/02/12 12:56:04 | 00,546,672 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> [2007/02/12 12:56:04 | 00,546,672 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AGRSMMSG" -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> [2006/06/29 13:32:00 | 00,089,541 | ---- | M] (Agere Systems)
"avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2008/11/26 10:18:51 | 00,081,000 | ---- | M] (ALWIL Software)
"BisonTrayIcon" -> %SystemRoot%\BisonCam\BisonTrayIcon.exe [C:\WINDOWS\BisonCam\BisonTrayIcon.exe] -> [2005/10/06 18:49:50 | 00,040,960 | ---- | M] ()
"IntelWireless" -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> [2007/02/21 08:17:42 | 00,970,752 | ---- | M] (Intel Corporation)
"IntelZeroConfig" -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2007/02/21 08:19:58 | 00,819,200 | ---- | M] (Intel Corporation)
"ISTray" -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> [2008/12/07 04:43:58 | 01,168,264 | ---- | M] (PC Tools)
"NeroFilterCheck" -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2006/01/12 12:40:44 | 00,155,648 | ---- | M] (Nero AG)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/07/02 21:33:00 | 13,529,088 | ---- | M] (NVIDIA Corporation)
"NVHotkey" -> [rundll32.exe nvHotkey.dll,Start] -> File not found
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/07/02 20:33:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /installquiet] -> [2008/07/02 21:33:00 | 01,630,208 | ---- | M] ()
"RTHDCPL" -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/01/30 18:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> %SystemRoot%\SkyTel.exe [SkyTel.EXE] -> [2006/05/16 18:04:26 | 02,879,488 | R--- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/01/12 07:57:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/08/11 18:56:38 | 00,794,714 | ---- | M] (Synaptics, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"gadcom" -> %AppData%\gadcom\gadcom.exe ["C:\Documents and Settings\Bryan Johnson\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A] -> File not found
"Smax4" -> %AppData%\Google\kjzna1562565.exe ["C:\Documents and Settings\Bryan Johnson\Application Data\Google\kjzna1562565.exe"] -> File not found
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk.disabled -> [2007/05/08 16:00:56 | 00,000,637 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\EndWLAN.cmd -> [2007/08/31 07:03:40 | 00,000,209 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\OSCust.lnk -> %SystemRoot%\system32\oem\OSCust.exe -> [2007/08/17 12:53:44 | 00,067,072 | ---- | M] ()
< Bryan Johnson Startup Folder > -> C:\Documents and Settings\Bryan Johnson\Start Menu\Programs\Startup ->
-> %UserProfile%\Start Menu\Programs\Startup\MagicDisc.lnk.disabled -> [2008/09/20 15:59:33 | 00,000,652 | ---- | M] ()
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm] -> [2007/02/12 12:56:04 | 00,546,672 | ---- | M] (Microsoft Corporation)
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm] -> [2006/08/16 07:16:32 | 00,002,773 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: @btrez.dll,-4015] -> [2006/08/16 07:16:32 | 00,005,589 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: @btrez.dll,-12650] -> [2006/08/16 07:16:32 | 00,005,589 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
*Broken into two posts due to length*
AgentPaper
2009-01-14, 15:54
*continued from previous post*
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5215 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7372 domain(s) found. ->
56 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{618C7316-3845-4DAD-98C1-BA1807C48274} -> (Intel(R) Wireless WiFi Link 4965AGN) ->
{98B0E1F3-8239-42BD-97B1-6FBB4F96F590} -> () ->
{A7589E95-A939-4C50-A70B-CC9A124F69B2} -> (1394 Net Adapter) ->
{B2E34871-7C72-405E-B5B4-614DD57B9F42} -> () ->
{D2B0BCE5-DED0-40E7-BEB9-9301593807FA} -> (Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller) ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
efcCrqQJ -> -> File not found
hgGAQkli -> -> File not found
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
C:\WINDOWS\system32\opnmLeBU -> -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Aspyr\Guitar Hero III\GH3.exe" -> C:\Program Files\Aspyr\Guitar Hero III\GH3.exe [C:\Program Files\Aspyr\Guitar Hero III\GH3.exe:*:Enabled:Guitar Hero III] -> [2007/10/12 23:09:14 | 11,816,448 | ---- | M] (Aspyr Media, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe" -> C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe [C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2] -> [2008/05/21 12:33:10 | 08,419,956 | ---- | M] ()
"C:\Program Files\Electronic Arts\EADM\Core.exe" -> C:\Program Files\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager] -> [2008/06/13 17:27:34 | 02,752,512 | ---- | M] (Electronic Arts)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword] -> [2007/09/27 13:48:40 | 14,105,000 | R--- | M] (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_Pitboss.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss] -> [2007/09/27 13:48:42 | 11,650,360 | R--- | M] (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4] -> [2007/05/16 21:52:50 | 11,739,782 | ---- | M] (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords] -> [2007/05/16 18:25:20 | 11,134,130 | ---- | M] (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss] -> [2007/05/16 18:57:52 | 08,581,120 | ---- | M] (Firaxis Games)
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe" -> C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe [C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary] -> [2008/02/22 00:23:39 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation)
"C:\Program Files\SEGA\Medieval II Total War\medieval2.exe" -> C:\Program Files\SEGA\Medieval II Total War\medieval2.exe [C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War] -> [2007/08/04 18:58:38 | 21,165,576 | ---- | M] (The Creative Assembly Ltd)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 14:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Steam\SteamApps\agent_paper\team fortress 2\hl2.exe" -> C:\Program Files\Steam\SteamApps\agent_paper\team fortress 2\hl2.exe [C:\Program Files\Steam\SteamApps\agent_paper\team fortress 2\hl2.exe:*:Enabled:hl2] -> [2009/01/07 18:55:39 | 00,098,304 | ---- | M] ()
"C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe" -> C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe [C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm] -> [2008/01/23 22:30:56 | 09,793,536 | ---- | M] (THQ Canada Inc.)
"C:\WINDOWS\system32\java.exe" -> C:\WINDOWS\system32\java.exe [C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/01/12 07:57:39 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 11:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/05/08 14:19:13 | 00,000,000 | ---- | M] ()
D:\Autorun [] -> D:\Autorun.exe [ CDFS ] -> [2007/06/10 20:25:04 | 00,263,744 | R--- | M] (Firaxis Games)
D:\autorun.exe [MZ | ] -> D:\autorun.exe [ CDFS ] -> [2007/06/10 20:25:04 | 00,263,744 | R--- | M] (Firaxis Games)
D:\autorun.inf [[autorun] | OPEN=autorun.exe | ICON=Autorun\Civ4Installer.ico | LABEL=Sid Meier's Civilization 4 - Beyond the Sword | | [appdata] | Mutex=Civ4 21031 | InstallFile=setup.exe | PlayFile=Civ4BeyondSword.exe | RegKey=INSTALLDIR | | [0x09] | ;English | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=74,244,500 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software and its subsidiaries. Developed by Firaxis Games. Sid Meier's Civilization IV: Warlords, Civ, Civilization, 2K Games, the 2K logo, Firaxis Games, the Firaxis Games logo and Take-Two Interactive Software are all trademarks and/or registered trademarks of Take-Two Interactive Software, Inc. in the USA and/or foreign countries. Unauthorized copying, reverse engineering, transmission, public performance, rental, pay for play, or circumvention of copy protection is strictly prohibited. All rights reserved. | ExecPos=117,171 | InstallImage=Autorun\BTN01-Install.bmp | InstallHilite=Autorun\BTN01-Install_OVER.bmp | PlayImage=Autorun\BTN01-Play.bmp | PlayHilite=Autorun\BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\BTN02-ReadMe.bmp | ReadmeHilite=Autorun\BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\English\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\BTN03-Exit.bmp | ExitHilite=Autorun\BTN03-Exit_OVER.bmp | | [0x0c] | ;French | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software et ses filiales. Développé par Firaxis Games. Sid Meier's Civilization IV: Warlords, Civ, Civilization, 2K Games, le logo 2K, Firaxis Games, le logo Firaxis Games et Take-Two Interactive Software sont toutes des marques commerciales et/ou des marques déposées de Take-Two Interactive Software, Inc. aux États-Unis et/ou dans d'autres pays. Toute reproduction non autorisée, rétro-ingénierie, transmission, représentation publique, location, jeu contre de l'argent, ou détournement de la protection de copie est strictement interdite. Tous droits réservés. | ExecPos=117,171 | InstallImage=Autorun\FR_BTN01-Install.bmp | InstallHilite=Autorun\FR_BTN01-Install_OVER.bmp | PlayImage=Autorun\FR_BTN01-Play.bmp | PlayHilite=Autorun\FR_BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\FR_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\FR_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\French\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\FR_BTN03-Exit.bmp | ExitHilite=Autorun\FR_BTN03-Exit_OVER.bmp | | [0x10] | ;Italian | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software e sue sussidiarie. Sviluppato da Firaxis Games. Sid Meier's Civilization IV: Warlords, Civ, Civilization, 2K Games, il logo 2K, Firaxis Games, il logo Firaxis Games e Take-Two Interactive Software sono tutti marchi e/o marchi registrati di Take-Two Interactive Software, Inc. negli Stati Uniti e/o in altri paesi. La copia non autorizzata, l'esecuzione di ingegneria inversa, la trasmissione, la riproduzione in pubblico, l'affitto, la modalità pay for play o l'aggiramento della protezione contro la copia illegale sono assolutamente vietati. Tutti i diritti riservati. | ExecPos=117,171 | InstallImage=Autorun\IT_BTN01-Install.bmp | InstallHilite=Autorun\IT_BTN01-Install_OVER.bmp | PlayImage=Autorun\IT_BTN01-Play.bmp | PlayHilite=Autorun\IT_BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\IT_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\IT_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Italian\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\IT_BTN03-Exit.bmp | ExitHilite=Autorun\IT_BTN03-Exit_OVER.bmp | | [0x07] | ;German | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software und Tochtergesellschaften. Entwickelt von Firaxis Games. Sid Meier's Civilization IV: Warlords, Civ, Civilization, 2K Games, das 2K-Logo, Firaxis Games, das Firaxis Games-Logo und Take-Two Interactive Software sind Warenzeichen bzw. eingetragene Warenzeichen von Take-Two Interactive Software, Inc. in den USA und/oder anderen Ländern. Das unberechtigte Kopieren, die Zurückentwicklung (Reverse Engineering), Übertragung, öffentliche Aufführung, Vermietung, das Spielen gegen Zahlung eines Entgelts und die Umgehung von Urheberschutzmaßnahmen sind strengstens untersagt. Alle Rechte vorbehalten. | ExecPos=117,171 | InstallImage=Autorun\GE_BTN01-Install.bmp | InstallHilite=Autorun\GE_BTN01-Install_OVER.bmp | PlayImage=Autorun\GE_BTN01-Play.bmp | PlayHilite=Autorun\GE_BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\GE_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\GE_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\German\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\GE_BTN03-Exit.bmp | ExitHilite=Autorun\GE_BTN03-Exit_OVER.bmp | | [0x0a] | ;Spanish | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software y sus subsidiarias. Desarrollado por Firaxis Games. Sid Meier’s Civilization IV: Warlords, Civ, Civilization, 2K Games, el logotipo de 2K, Firaxis Games, el logotipo de Firaxis Games y Take-Two Interactive Software son marcas comerciales o marcas comerciales registradas de Take-Two Interactive Software, Inc. Queda estrictamente prohibida cualquiera de las siguientes acciones sin autorización previa: copia, ingeniería inversa, transmisión, demostración pública, alquiler, pago por uso del programa o intento de saltarse la protección anticopia. Todos los derechos reservados. | ExecPos=117,171 | InstallImage=Autorun\SP_BTN01-Install.bmp | InstallHilite=Autorun\SP_BTN01-Install_OVER.bmp | PlayImage=Autorun\SP_BTN01-Play.bmp | PlayHilite=Autorun\SP_BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\SP_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\SP_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Spanish\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\SP_BTN03-Exit.bmp | ExitHilite=Autorun\SP_BTN03-Exit_OVER.bmp | ] -> D:\autorun.inf [ CDFS ] -> [2007/05/25 13:16:04 | 00,006,299 | R--- | M] ()
H:\Autorun [] -> H:\Autorun.exe [ CDFS ] -> [1999/06/13 13:56:36 | 00,061,440 | R--- | M] ()
H:\Autorun.exe [MZ | ] -> H:\Autorun.exe [ CDFS ] -> [1999/06/13 13:56:36 | 00,061,440 | R--- | M] ()
H:\Autorun.ico [] -> H:\Autorun.ico [ CDFS ] -> [1999/05/30 13:08:48 | 00,011,478 | R--- | M] ()
H:\AUTORUN.INF [[autorun] | open=autorun.exe | icon=autorun.ico | name=Dungeon Keeper II | | ] -> H:\AUTORUN.INF [ CDFS ] -> [1999/05/03 10:12:46 | 00,000,073 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{e4e189f0-fdac-11db-a39b-aee61cdc95c2}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4e189f0-fdac-11db-a39b-aee61cdc95c2}\Shell\AutoRun\command
\{e4e189f0-fdac-11db-a39b-aee61cdc95c2}\Shell\AutoRun\command\\"" -> E:\pstart.exe [E:\pstart.exe] -> File not found
[Files/Folders - Created Within 30 Days]
2 C:\*.tmp files -> C:\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/01/14 06:45:59 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/14 06:45:40 | 00,656,730 | ---- | C] ()
ResetTeaTimer.bat -> %UserProfile%\Desktop\ResetTeaTimer.bat -> [2009/01/14 06:16:23 | 00,009,123 | ---- | C] ()
SystemRequirementsLab -> %ProgramFiles%\SystemRequirementsLab -> [2009/01/13 18:16:31 | 00,000,000 | ---D | C]
SystemRequirementsLab -> %AppData%\SystemRequirementsLab -> [2009/01/13 18:16:29 | 00,000,000 | ---D | C]
wmpns.dll -> %SystemRoot%\System32\wmpns.dll -> [2009/01/13 17:53:06 | 00,221,184 | ---- | C] (Microsoft Corporation)
Prefetch -> %SystemRoot%\Prefetch -> [2009/01/13 17:52:16 | 00,000,000 | ---D | C]
scripting -> %SystemRoot%\System32\scripting -> [2009/01/13 17:43:25 | 00,000,000 | ---D | C]
l2schemas -> %SystemRoot%\l2schemas -> [2009/01/13 17:43:23 | 00,000,000 | ---D | C]
en -> %SystemRoot%\System32\en -> [2009/01/13 17:43:22 | 00,000,000 | ---D | C]
bits -> %SystemRoot%\System32\bits -> [2009/01/13 17:43:22 | 00,000,000 | ---D | C]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2009/01/13 17:40:35 | 00,000,000 | ---D | C]
network diagnostic -> %SystemRoot%\network diagnostic -> [2009/01/13 17:38:03 | 00,000,000 | ---D | C]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2009/01/13 17:32:32 | 00,000,000 | -H-D | C]
Readme.htm -> %SystemRoot%\Readme.htm -> [2009/01/13 04:12:24 | 00,224,111 | R--- | C] ()
Warlords -> %SystemDrive%\Warlords -> [2009/01/13 04:12:24 | 00,000,000 | ---D | C]
Resource -> %SystemRoot%\Resource -> [2009/01/13 04:12:24 | 00,000,000 | ---D | C]
Assets -> %SystemDrive%\Assets -> [2009/01/13 04:12:24 | 00,000,000 | ---D | C]
Shaders -> %SystemRoot%\Shaders -> [2009/01/13 04:11:46 | 00,000,000 | ---D | C]
PublicMaps -> %SystemRoot%\PublicMaps -> [2009/01/13 04:11:46 | 00,000,000 | ---D | C]
msxml3.dll -> %SystemRoot%\msxml3.dll -> [2009/01/13 04:11:42 | 01,104,896 | ---- | C] (Microsoft Corporation)
Mods -> %SystemRoot%\Mods -> [2009/01/13 04:11:42 | 00,000,000 | ---D | C]
CvGameCoreDLL -> %SystemRoot%\CvGameCoreDLL -> [2009/01/13 04:11:42 | 00,000,000 | ---D | C]
Assets -> %SystemRoot%\Assets -> [2009/01/13 04:11:42 | 00,000,000 | ---D | C]
boost_python-vc71-mt-gd-1_32.dll -> %SystemRoot%\boost_python-vc71-mt-gd-1_32.dll -> [2009/01/13 04:11:40 | 00,294,912 | ---- | C] ()
InstallShield Installation Information -> %ProgramFiles%\InstallShield Installation Information -> [2009/01/13 03:49:45 | 00,000,000 | -H-D | C]
Fall from Heaven 2.lnk -> %UserProfile%\Desktop\Fall from Heaven 2.lnk -> [2009/01/13 02:41:24 | 00,002,007 | ---- | C] ()
SiteHound -> %AppData%\SiteHound -> [2009/01/13 02:05:43 | 00,000,000 | ---D | C]
FireTrust -> %ProgramFiles%\FireTrust -> [2009/01/13 02:05:40 | 00,000,000 | ---D | C]
WinPatrol -> %AppData%\WinPatrol -> [2009/01/13 02:04:50 | 00,000,000 | ---D | C]
BillP Studios -> %ProgramFiles%\BillP Studios -> [2009/01/13 02:04:45 | 00,000,000 | ---D | C]
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2009/01/13 02:03:21 | 00,000,690 | ---- | C] ()
SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [2009/01/13 02:03:19 | 00,000,000 | ---D | C]
sitehound_ff_24072008.exe -> %UserProfile%\Desktop\sitehound_ff_24072008.exe -> [2009/01/13 02:02:21 | 01,190,552 | ---- | C] ()
ComboFix -> %SystemDrive%\ComboFix -> [2009/01/13 01:40:57 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/01/12 07:59:09 | 00,000,000 | -HSD | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/01/12 06:03:32 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/12 06:03:30 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/01/12 06:03:30 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/12 06:03:27 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/01/12 06:03:26 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/01/12 06:03:26 | 00,000,000 | ---D | C]
xmllite.dll -> %SystemRoot%\System32\xmllite.dll -> [2009/01/12 05:17:23 | 00,121,856 | ---- | C] (Microsoft Corporation)
wlanapi.dll -> %SystemRoot%\System32\wlanapi.dll -> [2009/01/12 05:17:21 | 00,069,120 | ---- | C] (Microsoft Corporation)
viaagp.sys -> %SystemRoot%\System32\drivers\viaagp.sys -> [2009/01/12 05:17:19 | 00,042,240 | ---- | C] (Microsoft Corporation)
wacompen.sys -> %SystemRoot%\System32\drivers\wacompen.sys -> [2009/01/12 05:17:19 | 00,014,208 | ---- | C] (Microsoft Corporation)
usbvideo.sys -> %SystemRoot%\System32\drivers\usbvideo.sys -> [2009/01/12 05:17:18 | 00,121,984 | ---- | C] (Microsoft Corporation)
usb8023x.sys -> %SystemRoot%\System32\drivers\usb8023x.sys -> [2009/01/12 05:17:18 | 00,012,800 | ---- | C] (Microsoft Corporation)
tsgqec.dll -> %SystemRoot%\System32\tsgqec.dll -> [2009/01/12 05:17:17 | 00,053,248 | ---- | C] (Microsoft Corporation)
tspkg.dll -> %SystemRoot%\System32\tspkg.dll -> [2009/01/12 05:17:17 | 00,050,688 | ---- | C] (Microsoft Corporation)
uagp35.sys -> %SystemRoot%\System32\drivers\uagp35.sys -> [2009/01/12 05:17:17 | 00,044,672 | ---- | C] (Microsoft Corporation)
spupdwxp.exe -> %SystemRoot%\System32\spupdwxp.exe -> [2009/01/12 05:17:13 | 00,020,992 | ---- | C] (Microsoft Corporation)
smbali.sys -> %SystemRoot%\System32\drivers\smbali.sys -> [2009/01/12 05:17:12 | 00,005,888 | ---- | C] (Microsoft Corporation)
setupn.exe -> %SystemRoot%\System32\setupn.exe -> [2009/01/12 05:17:10 | 00,032,768 | ---- | C] (Microsoft Corporation)
sffp_mmc.sys -> %SystemRoot%\System32\drivers\sffp_mmc.sys -> [2009/01/12 05:17:10 | 00,010,240 | ---- | C] (Microsoft Corporation)
rhttpaa.dll -> %SystemRoot%\System32\rhttpaa.dll -> [2009/01/12 05:17:09 | 00,290,304 | ---- | C] (Microsoft Corporation)
rfcomm.sys -> %SystemRoot%\System32\drivers\rfcomm.sys -> [2009/01/12 05:17:09 | 00,059,136 | ---- | C] (Microsoft Corporation)
rndismpx.sys -> %SystemRoot%\System32\drivers\rndismpx.sys -> [2009/01/12 05:17:09 | 00,030,592 | ---- | C] (Microsoft Corporation)
qagentrt.dll -> %SystemRoot%\System32\qagentrt.dll -> [2009/01/12 05:17:08 | 00,291,328 | ---- | C] (Microsoft Corporation)
qagent.dll -> %SystemRoot%\System32\qagent.dll -> [2009/01/12 05:17:08 | 00,150,528 | ---- | C] (Microsoft Corporation)
qutil.dll -> %SystemRoot%\System32\qutil.dll -> [2009/01/12 05:17:08 | 00,076,800 | ---- | C] (Microsoft Corporation)
qcliprov.dll -> %SystemRoot%\System32\qcliprov.dll -> [2009/01/12 05:17:08 | 00,062,464 | ---- | C] (Microsoft Corporation)
rasqec.dll -> %SystemRoot%\System32\rasqec.dll -> [2009/01/12 05:17:08 | 00,061,952 | ---- | C] (Microsoft Corporation)
onex.dll -> %SystemRoot%\System32\onex.dll -> [2009/01/12 05:17:06 | 00,144,384 | ---- | C] (Microsoft Corporation)
napmontr.dll -> %SystemRoot%\System32\napmontr.dll -> [2009/01/12 05:17:03 | 00,193,024 | ---- | C] (Microsoft Corporation)
napstat.exe -> %SystemRoot%\System32\napstat.exe -> [2009/01/12 05:17:03 | 00,176,640 | ---- | C] (Microsoft Corporation)
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [2009/01/12 05:17:03 | 00,067,866 | ---- | C] ()
napipsec.dll -> %SystemRoot%\System32\napipsec.dll -> [2009/01/12 05:17:03 | 00,030,208 | ---- | C] (Microsoft Corporation)
mutohpen.sys -> %SystemRoot%\System32\drivers\mutohpen.sys -> [2009/01/12 05:17:03 | 00,012,672 | ---- | C] (Microsoft Corporation)
msxml6.dll -> %SystemRoot%\System32\dllcache\msxml6.dll -> [2009/01/12 05:17:02 | 01,307,648 | ---- | C] (Microsoft Corporation)
mssha.dll -> %SystemRoot%\System32\mssha.dll -> [2009/01/12 05:17:02 | 00,155,136 | ---- | C] (Microsoft Corporation)
msxml6r.dll -> %SystemRoot%\System32\dllcache\msxml6r.dll -> [2009/01/12 05:17:02 | 00,079,872 | ---- | C] (Microsoft Corporation)
msshavmsg.dll -> %SystemRoot%\System32\msshavmsg.dll -> [2009/01/12 05:17:02 | 00,076,800 | ---- | C] (Microsoft Corporation)
mmcex.dll -> %SystemRoot%\System32\mmcex.dll -> [2009/01/12 05:16:55 | 00,397,312 | ---- | C] (Microsoft Corporation)
microsoft.managementconsole.dll -> %SystemRoot%\System32\microsoft.managementconsole.dll -> [2009/01/12 05:16:55 | 00,184,320 | ---- | C] (Microsoft Corporation)
mmcfxcommon.dll -> %SystemRoot%\System32\mmcfxcommon.dll -> [2009/01/12 05:16:55 | 00,106,496 | ---- | C] (Microsoft Corporation)
mmcperf.exe -> %SystemRoot%\System32\mmcperf.exe -> [2009/01/12 05:16:55 | 00,033,792 | ---- | C] (Microsoft Corporation)
kmsvc.dll -> %SystemRoot%\System32\kmsvc.dll -> [2009/01/12 05:16:49 | 00,061,440 | ---- | C] (Microsoft Corporation)
l2gpstore.dll -> %SystemRoot%\System32\l2gpstore.dll -> [2009/01/12 05:16:49 | 00,037,376 | ---- | C] (Microsoft Corporation)
kbdpash.dll -> %SystemRoot%\System32\kbdpash.dll -> [2009/01/12 05:16:49 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdnepr.dll -> %SystemRoot%\System32\kbdnepr.dll -> [2009/01/12 05:16:49 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdiultn.dll -> %SystemRoot%\System32\kbdiultn.dll -> [2009/01/12 05:16:49 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdbhc.dll -> %SystemRoot%\System32\kbdbhc.dll -> [2009/01/12 05:16:49 | 00,006,144 | ---- | C] (Microsoft Corporation)
smtpapi.dll -> %SystemRoot%\System32\smtpapi.dll -> [2009/01/12 05:16:45 | 00,010,752 | ---- | C] (Microsoft Corporation)
rwnh.dll -> %SystemRoot%\System32\rwnh.dll -> [2009/01/12 05:16:44 | 00,009,728 | ---- | C] (Microsoft Corporation)
pid.inf -> %SystemRoot%\System32\pid.inf -> [2009/01/12 05:16:44 | 00,000,974 | ---- | C] ()
irbus.sys -> %SystemRoot%\System32\drivers\irbus.sys -> [2009/01/12 05:16:43 | 00,046,592 | ---- | C] (Microsoft Corporation)
comsdupd.exe -> %SystemRoot%\System32\comsdupd.exe -> [2009/01/12 05:16:43 | 00,009,728 | ---- | C] (Microsoft Corporation)
hidbth.sys -> %SystemRoot%\System32\drivers\hidbth.sys -> [2009/01/12 05:16:41 | 00,025,600 | ---- | C] (Microsoft Corporation)
hidir.sys -> %SystemRoot%\System32\drivers\hidir.sys -> [2009/01/12 05:16:41 | 00,019,200 | ---- | C] (Microsoft Corporation)
gagp30kx.sys -> %SystemRoot%\System32\drivers\gagp30kx.sys -> [2009/01/12 05:16:40 | 00,046,464 | ---- | C] (Microsoft Corporation)
faxpatch.exe -> %SystemRoot%\System32\faxpatch.exe -> [2009/01/12 05:16:39 | 00,020,992 | ---- | C] (Microsoft Corporation)
eapp3hst.dll -> %SystemRoot%\System32\eapp3hst.dll -> [2009/01/12 05:16:38 | 00,184,832 | ---- | C] (Microsoft Corporation)
eapphost.dll -> %SystemRoot%\System32\eapphost.dll -> [2009/01/12 05:16:38 | 00,180,224 | ---- | C] (Microsoft Corporation)
eappcfg.dll -> %SystemRoot%\System32\eappcfg.dll -> [2009/01/12 05:16:38 | 00,126,976 | ---- | C] (Microsoft Corporation)
eappgnui.dll -> %SystemRoot%\System32\eappgnui.dll -> [2009/01/12 05:16:38 | 00,094,208 | ---- | C] (Microsoft Corporation)
eapqec.dll -> %SystemRoot%\System32\eapqec.dll -> [2009/01/12 05:16:38 | 00,059,392 | ---- | C] (Microsoft Corporation)
eappprxy.dll -> %SystemRoot%\System32\eappprxy.dll -> [2009/01/12 05:16:38 | 00,040,960 | ---- | C] (Microsoft Corporation)
eapsvc.dll -> %SystemRoot%\System32\eapsvc.dll -> [2009/01/12 05:16:38 | 00,033,792 | ---- | C] (Microsoft Corporation)
eapolqec.dll -> %SystemRoot%\System32\eapolqec.dll -> [2009/01/12 05:16:38 | 00,030,720 | ---- | C] (Microsoft Corporation)
dot3ui.dll -> %SystemRoot%\System32\dot3ui.dll -> [2009/01/12 05:16:37 | 00,650,752 | ---- | C] (Microsoft Corporation)
dot3svc.dll -> %SystemRoot%\System32\dot3svc.dll -> [2009/01/12 05:16:37 | 00,132,096 | ---- | C] (Microsoft Corporation)
dot3cfg.dll -> %SystemRoot%\System32\dot3cfg.dll -> [2009/01/12 05:16:37 | 00,057,856 | ---- | C] (Microsoft Corporation)
dot3msm.dll -> %SystemRoot%\System32\dot3msm.dll -> [2009/01/12 05:16:37 | 00,056,320 | ---- | C] (Microsoft Corporation)
dhcpqec.dll -> %SystemRoot%\System32\dhcpqec.dll -> [2009/01/12 05:16:37 | 00,048,640 | ---- | C] (Microsoft Corporation)
dot3gpclnt.dll -> %SystemRoot%\System32\dot3gpclnt.dll -> [2009/01/12 05:16:37 | 00,039,936 | ---- | C] (Microsoft Corporation)
dimsroam.dll -> %SystemRoot%\System32\dimsroam.dll -> [2009/01/12 05:16:37 | 00,039,936 | ---- | C] (Microsoft Corporation)
dot3api.dll -> %SystemRoot%\System32\dot3api.dll -> [2009/01/12 05:16:37 | 00,026,112 | ---- | C] (Microsoft Corporation)
dimsntfy.dll -> %SystemRoot%\System32\dimsntfy.dll -> [2009/01/12 05:16:37 | 00,019,456 | ---- | C] (Microsoft Corporation)
dot3dlg.dll -> %SystemRoot%\System32\dot3dlg.dll -> [2009/01/12 05:16:37 | 00,009,216 | ---- | C] (Microsoft Corporation)
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [2009/01/12 05:16:36 | 00,129,045 | ---- | C] ()
credssp.dll -> %SystemRoot%\System32\credssp.dll -> [2009/01/12 05:16:35 | 00,012,800 | ---- | C] (Microsoft Corporation)
azroles.dll -> %SystemRoot%\System32\azroles.dll -> [2009/01/12 05:16:32 | 00,233,472 | ---- | C] (Microsoft Corporation)
bthpan.sys -> %SystemRoot%\System32\drivers\bthpan.sys -> [2009/01/12 05:16:32 | 00,101,120 | ---- | C] (Microsoft Corporation)
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [2009/01/12 05:16:32 | 00,064,352 | ---- | C] ()
bthmodem.sys -> %SystemRoot%\System32\drivers\bthmodem.sys -> [2009/01/12 05:16:32 | 00,037,888 | ---- | C] (Microsoft Corporation)
bthprint.sys -> %SystemRoot%\System32\drivers\bthprint.sys -> [2009/01/12 05:16:32 | 00,036,480 | ---- | C] (Microsoft Corporation)
bthusb.sys -> %SystemRoot%\System32\drivers\bthusb.sys -> [2009/01/12 05:16:32 | 00,018,944 | ---- | C] (Microsoft Corporation)
bthenum.sys -> %SystemRoot%\System32\drivers\bthenum.sys -> [2009/01/12 05:16:32 | 00,017,024 | ---- | C] (Microsoft Corporation)
bitsprx4.dll -> %SystemRoot%\System32\bitsprx4.dll -> [2009/01/12 05:16:32 | 00,007,168 | ---- | C] (Microsoft Corporation)
aaclient.dll -> %SystemRoot%\System32\aaclient.dll -> [2009/01/12 05:16:30 | 00,136,192 | ---- | C] (Microsoft Corporation)
agpcpq.sys -> %SystemRoot%\System32\drivers\agpcpq.sys -> [2009/01/12 05:16:30 | 00,044,928 | ---- | C] (Microsoft Corporation)
alim1541.sys -> %SystemRoot%\System32\drivers\alim1541.sys -> [2009/01/12 05:16:30 | 00,042,752 | ---- | C] (Microsoft Corporation)
agp440.sys -> %SystemRoot%\System32\drivers\agp440.sys -> [2009/01/12 05:16:30 | 00,042,368 | ---- | C] (Microsoft Corporation)
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/01/12 04:54:33 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2009/01/12 04:54:26 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2009/01/12 04:54:22 | 00,000,000 | RHSD | C]
ERDNT -> %SystemRoot%\ERDNT -> [2009/01/12 04:51:30 | 00,000,000 | ---D | C]
BalanceModv116TechChart.pdf -> %UserProfile%\Desktop\BalanceModv116TechChart.pdf -> [2009/01/10 06:10:05 | 00,198,631 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/01/08 17:36:28 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/01/08 17:36:28 | 00,000,000 | ---D | C]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [2009/01/08 14:26:23 | 00,000,296 | ---- | C] ()
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [2009/01/08 13:50:26 | 00,000,000 | -H-D | C]
Internet.lnk -> %UserProfile%\Desktop\Internet.lnk -> [2009/01/05 13:35:25 | 00,000,104 | ---- | C] ()
Dwarf Fortress -> %UserProfile%\Desktop\Dwarf Fortress -> [2009/01/04 17:31:26 | 00,000,000 | ---D | C]
Google -> %AllUsersProfile%\Application Data\Google -> [2009/01/01 14:19:06 | 00,000,000 | ---D | C]
Space Empires IV Deluxe.lnk -> %UserProfile%\Desktop\Space Empires IV Deluxe.lnk -> [2008/12/30 23:58:55 | 00,001,584 | ---- | C] ()
Space Empires V.lnk -> %UserProfile%\Desktop\Space Empires V.lnk -> [2008/12/30 23:56:14 | 00,001,568 | ---- | C] ()
FallfromHeaven2.exe -> %UserProfile%\Desktop\FallfromHeaven2.exe -> [2008/12/30 17:40:32 | 40,563,1672 | ---- | C] ()
Google -> %UserProfile%\Local Settings\Application Data\Google -> [2008/12/30 12:33:29 | 00,000,000 | ---D | C]
Mount and Blade.lnk -> %UserProfile%\Desktop\Mount and Blade.lnk -> [2008/12/29 06:10:58 | 00,001,570 | ---- | C] ()
Mount&Blade Savegames -> %UserProfile%\My Documents\Mount&Blade Savegames -> [2008/12/28 13:09:19 | 00,000,000 | ---D | C]
Mount&Blade -> %AppData%\Mount&Blade -> [2008/12/28 13:07:56 | 00,000,000 | ---D | C]
World of Warcraft.lnk -> %AllUsersProfile%\Desktop\World of Warcraft.lnk -> [2008/12/22 01:26:38 | 00,000,823 | ---- | C] ()
World of Warcraft -> %ProgramFiles%\World of Warcraft -> [2008/12/22 01:26:38 | 00,000,000 | ---D | C]
Blizzard -> %AllUsersProfile%\Application Data\Blizzard -> [2008/12/21 20:48:38 | 00,000,000 | ---D | C]
CohTest -> %ProgramFiles%\CohTest -> [2008/12/17 07:32:15 | 00,000,000 | ---D | C]
[Files/Folders - Modified Within 30 Days]
2 C:\*.tmp files -> C:\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
5 C:\Documents and Settings\Bryan Johnson\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Bryan Johnson\Local Settings\temp\*.tmp ->
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/14 06:45:46 | 00,656,730 | ---- | M] ()
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [2009/01/14 06:35:42 | 00,002,626 | ---- | M] ()
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [2009/01/14 06:33:00 | 00,000,270 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009/01/14 06:19:09 | 00,181,371 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/14 06:19:00 | 00,001,158 | ---- | M] ()
Perflib_Perfdata_704.dat -> %SystemRoot%\Temp\Perflib_Perfdata_704.dat -> [2009/01/14 06:18:27 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_208.dat -> %SystemRoot%\Temp\Perflib_Perfdata_208.dat -> [2009/01/14 06:18:26 | 00,000,000 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/14 06:18:25 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/14 06:18:21 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/01/14 06:18:17 | 21,468,16000 | -HS- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/01/14 06:17:01 | 11,796,480 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/14 06:17:01 | 00,000,178 | -HS- | M] ()
ResetTeaTimer.bat -> %UserProfile%\Desktop\ResetTeaTimer.bat -> [2009/01/14 06:16:23 | 00,009,123 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/01/14 03:02:37 | 00,001,374 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/13 23:03:08 | 00,004,646 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/13 23:03:08 | 00,004,232 | ---- | M] ()
Perflib_Perfdata_7d8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_7d8.dat -> [2009/01/13 20:55:20 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6f4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_6f4.dat -> [2009/01/13 19:06:18 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_190.dat -> %SystemRoot%\Temp\Perflib_Perfdata_190.dat -> [2009/01/13 19:06:18 | 00,016,384 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/01/13 17:54:58 | 00,441,252 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/01/13 17:54:57 | 00,071,404 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/01/13 17:54:56 | 00,521,268 | ---- | M] ()
desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [2009/01/13 17:53:05 | 00,000,084 | -HS- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/01/13 17:51:41 | 00,157,952 | ---- | M] ()
ntldr -> %SystemDrive%\ntldr -> [2009/01/13 17:37:32 | 00,250,048 | RHS- | M] ()
Perflib_Perfdata_760.dat -> %SystemRoot%\Temp\Perflib_Perfdata_760.dat -> [2009/01/13 17:24:08 | 00,016,384 | ---- | M] ()
Fall from Heaven 2.lnk -> %UserProfile%\Desktop\Fall from Heaven 2.lnk -> [2009/01/13 02:41:24 | 00,002,007 | ---- | M] ()
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2009/01/13 02:03:21 | 00,000,690 | ---- | M] ()
sitehound_ff_24072008.exe -> %UserProfile%\Desktop\sitehound_ff_24072008.exe -> [2009/01/13 02:02:27 | 01,190,552 | ---- | M] ()
CF25815.exe -> %UserProfile%\Local Settings\temp\CF25815.exe -> [2009/01/13 01:40:52 | 00,388,608 | ---- | M] (Microsoft Corporation)
kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\temp\jkos-Bryan Johnson\binaries\kosglue-7.0.25.0.dll -> [2009/01/12 08:02:02 | 00,729,152 | ---- | M] (Kaspersky Lab)
kave.dll -> %UserProfile%\Local Settings\temp\jkos-Bryan Johnson\binaries\kave.dll -> [2009/01/12 08:02:02 | 00,282,624 | ---- | M] (Kaspersky Lab.)
prLoader.dll -> %UserProfile%\Local Settings\temp\jkos-Bryan Johnson\binaries\prLoader.dll -> [2009/01/12 08:02:02 | 00,184,320 | ---- | M] (Kaspersky Lab)
ScanningProcess.exe -> %UserProfile%\Local Settings\temp\jkos-Bryan Johnson\binaries\ScanningProcess.exe -> [2009/01/12 08:02:01 | 00,139,264 | ---- | M] (Kaspersky Lab.)
FSSync.dll -> %UserProfile%\Local Settings\temp\jkos-Bryan Johnson\binaries\FSSync.dll -> [2009/01/12 08:02:01 | 00,038,400 | ---- | M] (Kaspersky Lab)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/01/12 06:03:30 | 00,000,696 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/01/12 05:04:07 | 00,000,227 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/01/12 04:54:33 | 00,000,281 | RHS- | M] ()
Microsoft Office Excel 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Excel 2007.lnk -> [2009/01/11 14:46:35 | 00,002,473 | ---- | M] ()
Steam.lnk -> %AllUsersProfile%\Desktop\Steam.lnk -> [2009/01/10 19:57:41 | 00,002,193 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/01/09 18:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation)
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/01/08 17:36:28 | 00,001,734 | ---- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/01/08 14:38:45 | 00,000,963 | ---- | M] ()
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [2009/01/08 14:26:29 | 00,000,296 | ---- | M] ()
HOSTS.MVP -> %SystemRoot%\System32\drivers\etc\HOSTS.MVP -> [2009/01/08 04:25:22 | 00,624,583 | ---- | M] ()
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2009/01/08 04:25:22 | 00,624,583 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/01/06 13:25:07 | 00,000,069 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/01/06 13:24:58 | 00,095,744 | ---- | M] ()
Internet.lnk -> %UserProfile%\Desktop\Internet.lnk -> [2009/01/05 13:35:25 | 00,000,104 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2009/01/05 09:41:47 | 00,054,156 | -H-- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
Space Empires IV Deluxe.lnk -> %UserProfile%\Desktop\Space Empires IV Deluxe.lnk -> [2008/12/30 23:58:55 | 00,001,584 | ---- | M] ()
Space Empires V.lnk -> %UserProfile%\Desktop\Space Empires V.lnk -> [2008/12/30 23:56:14 | 00,001,568 | ---- | M] ()
FallfromHeaven2.exe -> %UserProfile%\Desktop\FallfromHeaven2.exe -> [2008/12/30 18:26:52 | 40,563,1672 | ---- | M] ()
Mount and Blade.lnk -> %UserProfile%\Desktop\Mount and Blade.lnk -> [2008/12/29 06:10:58 | 00,001,570 | ---- | M] ()
World of Warcraft.lnk -> %AllUsersProfile%\Desktop\World of Warcraft.lnk -> [2008/12/22 05:26:59 | 00,000,823 | ---- | M] ()
City of Heroes.lnk -> %UserProfile%\Desktop\City of Heroes.lnk -> [2008/12/17 07:32:15 | 00,001,405 | ---- | M] ()
VCExpress000223.dat -> %AllUsersProfile%\Application Data\Microsoft\VCExpress\9.0\VCExpress000223.dat -> [2008/09/23 11:13:51 | 00,677,178 | -H-- | M] ()
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008/07/30 21:01:52 | 00,008,504 | ---- | M] ()
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\alienware logo_slvr.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %SystemRoot%\alienware_logo_slvr.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
@Alternate Data Stream - 108 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 3552 bytes -> %SystemRoot%\alienware logo_slvr.jpg:�Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3552 bytes -> %SystemRoot%\alienware_logo_slvr.jpg:�Q30lsldxJoudresxAaaqpcawXc
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"u0"=hex:b8,96,90,02,04,00,00,00,00,00,00,00,35,65,65,61,39,39,39,38,62,..
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:1b,00,a6,e9,ed,ad,c5,8b,f5,5a,6d,2c,6f,c3,2e,5a,a9,44,06,2e,34,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,cf,d5,4e,fb,ae,23,0c,ba,6b,fa,24,1a,31,93,fa,cd,11,..
"hdf12"=hex:ac,0a,3c,db,e3,49,59,28,a5,51,80,26,47,0f,45,db,e4,36,8f,d8,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:e9,22,ed,a9,5b,fa,ac,68,0e,f6,55,0d,7d,4c,fc,6e,79,3c,02,b4,a5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:90,b2,6f,2e,1d,d6,cf,8c,e2,56,93,a3,9f,18,5d,5c,dd,a5,04,81,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2b,30,da,d7,41,ba,7b,85,af,70,df,21,2d,8e,6d,6b,7d,..
"khjeh"=hex:0b,7e,da,77,a5,fa,2f,6d,99,83,82,a6,72,f8,0e,4f,6e,44,e2,4a,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:33,c8,8b,c7,63,f3,a8,b1,fd,56,aa,ab,eb,c1,82,0e,c3,8a,ef,31,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"u0"=hex:b8,96,90,02,04,00,00,00,00,00,00,00,35,65,65,61,39,39,39,38,62,..
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:1b,00,a6,e9,ed,ad,c5,8b,f5,5a,6d,2c,6f,c3,2e,5a,a9,44,06,2e,34,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,cf,d5,4e,fb,ae,23,0c,ba,6b,fa,24,1a,31,93,fa,cd,11,..
"hdf12"=hex:ac,0a,3c,db,e3,49,59,28,a5,51,80,26,47,0f,45,db,e4,36,8f,d8,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:e9,22,ed,a9,5b,fa,ac,68,0e,f6,55,0d,7d,4c,fc,6e,79,3c,02,b4,a5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:90,b2,6f,2e,1d,d6,cf,8c,e2,56,93,a3,9f,18,5d,5c,dd,a5,04,81,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2b,30,da,d7,41,ba,7b,85,af,70,df,21,2d,8e,6d,6b,7d,..
"khjeh"=hex:0b,7e,da,77,a5,fa,2f,6d,99,83,82,a6,72,f8,0e,4f,6e,44,e2,4a,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:33,c8,8b,c7,63,f3,a8,b1,fd,56,aa,ab,eb,c1,82,0e,c3,8a,ef,31,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"u0"=hex:b8,96,90,02,04,00,00,00,00,00,00,00,35,65,65,61,39,39,39,38,62,..
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:1b,00,a6,e9,ed,ad,c5,8b,f5,5a,6d,2c,6f,c3,2e,5a,a9,44,06,2e,34,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,cf,d5,4e,fb,ae,23,0c,ba,6b,fa,24,1a,31,93,fa,cd,11,..
"hdf12"=hex:ac,0a,3c,db,e3,49,59,28,a5,51,80,26,47,0f,45,db,e4,36,8f,d8,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:e9,22,ed,a9,5b,fa,ac,68,0e,f6,55,0d,7d,4c,fc,6e,79,3c,02,b4,a5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:90,b2,6f,2e,1d,d6,cf,8c,e2,56,93,a3,9f,18,5d,5c,dd,a5,04,81,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2b,30,da,d7,41,ba,7b,85,af,70,df,21,2d,8e,6d,6b,7d,..
"khjeh"=hex:0b,7e,da,77,a5,fa,2f,6d,99,83,82,a6,72,f8,0e,4f,6e,44,e2,4a,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:33,c8,8b,c7,63,f3,a8,b1,fd,56,aa,ab,eb,c1,82,0e,c3,8a,ef,31,6e,..
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\alienware_logo_slvr.jpg:�Q30lsldxJoudresxAaaqpcawXc 3552 bytes
C:\WINDOWS\alienware_logo_slvr.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\alienware logo_slvr.jpg:�Q30lsldxJoudresxAaaqpcawXc 3552 bytes
C:\WINDOWS\alienware logo_slvr.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 6
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 108 bytes
scan completed successfully
hidden files: 39
< End of report >
[/code]