[code] OTScanIt logfile created on: 3/27/2008 7:23:08 AM OTScanIt by OldTimer - Version 1.0.6.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 446.48 Mb Total Physical Memory | 143.64 Mb Available Physical Memory | 32.17% Memory free 1.03 Gb Paging File | 0.79 Gb Available in Paging File | 77.25% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 84.69 Gb Total Space | 74.24 Gb Free Space | 87.66% Space Free | Partition Type: NTFS Drive D: | 8.45 Gb Total Space | 0.42 Gb Free Space | 4.95% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOLPHNORMA Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 376832 bytes | Modified Date = 8/14/2005 12:29:00 AM | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 10:36:33 AM | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 AM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 376832 bytes | Modified Date = 8/14/2005 12:29:00 AM | Attr = ] arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 3:19:16 AM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 12/19/2005 5:26:54 AM | Attr = ] ezprint.exe -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 8:05:04 AM | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:23 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/12/2005 10:12:54 AM | Attr = ] dmascheduler.exe -> %ProgramFiles%\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe -> Sonic Solutions [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 11/1/2005 1:01:00 PM | Attr = ] arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/3/2005 3:19:16 AM | Attr = ] updates from hp.exe -> %ProgramFiles%\Updates from HP\9972322\Program\Updates from HP.exe -> Hewlett-Packard [Ver = Version 6.3.2 (Build 116R) | Size = 36903 bytes | Modified Date = 3/23/2006 8:08:02 PM | Attr = ] lxcgcoms.exe -> %SystemRoot%\system32\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 7/25/2005 3:25:18 PM | Attr = ] kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 6:44:24 PM | Attr = ] alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 4:47:52 PM | Attr = ] hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 12:04:38 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.5.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.50.5 | Size = 36975 bytes | Modified Date = 8/27/2005 5:14:44 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.6.1 | Size = 310784 bytes | Modified Date = 3/24/2008 2:11:08 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 3:19:16 AM | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 10:36:33 AM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 376832 bytes | Modified Date = 8/14/2005 12:29:00 AM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 AM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 8:59:53 AM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 8:59:01 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 PM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 12/19/2005 5:26:54 AM | Attr = ] (lxcg_device) lxcg_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 7/25/2005 3:25:18 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Boot | Stopped] -> %SystemRoot%\C:\WINDOWS\system32\HPZipm12.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AlwaysReady Power Message APP -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/3/2005 3:19:16 AM | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:23 AM | Attr = ] DMAScheduler -> %ProgramFiles%\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe -> Sonic Solutions [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 11/1/2005 1:01:00 PM | Attr = ] EzPrint -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 8:05:04 AM | Attr = ] FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 7/12/2005 9:36:32 AM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/12/2005 10:12:54 AM | Attr = ] HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe -> Hewlett-Packard Company [Ver = 2, 0, 5, 1 | Size = 249856 bytes | Modified Date = 11/9/2005 8:29:16 PM | Attr = ] HPHUPD08 -> %ProgramFiles%\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe -> Hewlett-Packard [Ver = 8,1,0,12 | Size = 49152 bytes | Modified Date = 6/2/2005 2:35:56 AM | Attr = ] KernelFaultCheck -> -> File not found LXCGCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\lxcgtime.dll -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 7/20/2005 1:48:38 PM | Attr = ] lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 7/21/2005 2:07:22 AM | Attr = ] PCDrProfiler -> -> File not found Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/23/2005 2:14:00 AM | Attr = ] Reminder -> %SystemRoot%\CREATOR\Remind_XP.exe -> SoftThinks [Ver = 6, 0, 52, 2 | Size = 663552 bytes | Modified Date = 12/14/2004 6:23:44 AM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 3:06:28 PM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 5:45:08 PM | Attr = R ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DWQueuedReporting -> %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -> File not found < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DWQueuedReporting -> %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -> File not found < Run [HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\] > -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 3:06:28 PM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 5:45:08 PM | Attr = R ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/12/2005 10:23:26 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Updates From HP.lnk -> %ProgramFiles%\Updates from HP\9972322\Program\Updates from HP.exe -> Hewlett-Packard [Ver = Version 6.3.2 (Build 116R) | Size = 36903 bytes | Modified Date = 3/23/2006 8:08:02 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk -> %SystemDrive%\hp\bin\cloaker.exe -> Hewlett-Packard Co. [Ver = 3, 1, 0, 0 | Size = 27136 bytes | Modified Date = 11/7/1999 2:11:14 AM | Attr = ] < HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 2:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008] > -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 2:41:36 PM | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 46080 bytes | Modified Date = 8/14/2005 12:30:00 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008] > -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-20\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-20\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-20\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\] > -> -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 69 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\] > -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 69 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\] > -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:52 PM | Attr = ] {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> TODO: [Ver = 1.0.0.1 | Size = 217088 bytes | Modified Date = 3/23/2006 8:10:55 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{81705D67-3F73-4983-859B-97D0922E5ABE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\] > -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{81705D67-3F73-4983-859B-97D0922E5ABE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.50.5 | Size = 69746 bytes | Modified Date = 8/27/2005 5:33:54 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:52 PM | Attr = ] {E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Connection Help] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.50.5 | Size = 69746 bytes | Modified Date = 8/27/2005 5:33:54 AM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:52 PM | Attr = ] CmdMapping\\{9034A523-D068-4BE8-A284-9DF278BE776E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.50.5 | Size = 69746 bytes | Modified Date = 8/27/2005 5:33:54 AM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.50.5 | Size = 69746 bytes | Modified Date = 8/27/2005 5:33:54 AM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\] > -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.50.5 | Size = 69746 bytes | Modified Date = 8/27/2005 5:33:54 AM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:52 PM | Attr = ] CmdMapping\\{9034A523-D068-4BE8-A284-9DF278BE776E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\] > -> HKEY_USERS\S-1-5-21-1482828776-1346522889-2043740617-1008\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3E49C8CA-305E-4E6D-8206-7C65AE9BB128} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> {DE9C041C-8AA2-4D17-947A-D792FE10ED77} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] -> {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] -> [Files/Folders - Created Within 90 days] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 1/18/2008 2:22:30 PM | Attr = RHS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 468242432 bytes | Created Date = 3/27/2008 7:10:29 AM | Attr = HS] jgdw400.dll -> %SystemRoot%\System32\dllcache\jgdw400.dll -> America Online [Ver = 106 | Size = 163840 bytes | Created Date = 1/20/2008 7:18:26 AM | Attr = ] jgpl400.dll -> %SystemRoot%\System32\dllcache\jgpl400.dll -> Johnson-Grace Company [Ver = 054 | Size = 27648 bytes | Created Date = 1/20/2008 7:18:26 AM | Attr = ] 103C_HP_CPC_ER886AA-ABA a1253w_YC_0Pavi_QMXF615_E62NAemMPA1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXP2_L409_M447_J100_7AMD_8Athlon 64_92.19_#060526_N10EC8139_Z11C10620_G10025954.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_ER886AA-ABA a1253w_YC_0Pavi_QMXF615_E62NAemMPA1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXP2_L409_M447_J100_7AMD_8Athlon 64_92.19_#060526_N10EC8139_Z11C10620_G10025954.MRK -> [Ver = | Size = 1846 bytes | Created Date = 1/18/2008 2:18:31 PM | Attr = RHS] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 2/26/2008 1:32:28 PM | Attr = ] aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 2/26/2008 1:32:19 PM | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 2/26/2008 1:32:19 PM | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 2/26/2008 1:32:33 PM | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 2/26/2008 1:32:31 PM | Attr = ] tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 3/26/2008 5:23:00 PM | Attr = ] actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 2/26/2008 1:32:11 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 2/25/2008 1:03:40 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 2/26/2008 1:32:11 PM | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 2/26/2008 1:32:23 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Created Date = 1/18/2008 11:50:37 AM | Attr = RHS] IM31IMG.DIL -> %SystemRoot%\System32\IM31IMG.DIL -> Data Techniques, Inc. [Ver = 7.20 | Size = 49152 bytes | Created Date = 1/20/2008 6:03:08 PM | Attr = ] IM31XPNG.DEL -> %SystemRoot%\System32\IM31XPNG.DEL -> Data Techniques, Inc. [Ver = 7.20 | Size = 98304 bytes | Created Date = 1/20/2008 6:03:08 PM | Attr = ] IM31XTIF.DEL -> %SystemRoot%\System32\IM31XTIF.DEL -> Data Techniques, Inc. [Ver = 7.20 | Size = 69632 bytes | Created Date = 1/20/2008 6:03:08 PM | Attr = ] IMGMAN32.DLL -> %SystemRoot%\System32\IMGMAN32.DLL -> Data Techniques, Inc. [Ver = 7.20 | Size = 339968 bytes | Created Date = 1/20/2008 6:03:08 PM | Attr = ] IMHOST32.DLL -> %SystemRoot%\System32\IMHOST32.DLL -> Data Techniques, Inc. [Ver = 7.20 | Size = 98345 bytes | Created Date = 1/20/2008 6:03:08 PM | Attr = ] LexFiles.ulf -> %SystemRoot%\System32\LexFiles.ulf -> [Ver = | Size = 22912 bytes | Created Date = 1/20/2008 6:01:05 PM | Attr = ] lxcg.loc -> %SystemRoot%\System32\lxcg.loc -> [Ver = | Size = 1214 bytes | Created Date = 1/20/2008 6:00:09 PM | Attr = R ] lxcgcfg.dll -> %SystemRoot%\System32\lxcgcfg.dll -> Lexmark International [Ver = 1, 0, 0, 1 | Size = 65536 bytes | Created Date = 1/20/2008 6:00:09 PM | Attr = R ] LXPMONRC.DLL -> %SystemRoot%\System32\LXPMONRC.DLL -> Lexmark International, Inc. [Ver = 1.0.4.0 | Size = 12288 bytes | Created Date = 1/20/2008 6:03:08 PM | Attr = ] LXPMONUI.DLL -> %SystemRoot%\System32\LXPMONUI.DLL -> [Ver = | Size = 20480 bytes | Created Date = 1/20/2008 6:03:28 PM | Attr = ] LXPRMON.DLL -> %SystemRoot%\System32\LXPRMON.DLL -> [Ver = | Size = 32768 bytes | Created Date = 1/20/2008 6:03:28 PM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 2/26/2008 5:41:29 PM | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Created Date = 1/19/2008 4:28:09 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Created Date = 1/18/2008 9:48:49 PM | Attr = ] ttri.dat -> %SystemRoot%\System32\ttri.dat -> [Ver = | Size = 266 bytes | Created Date = 2/26/2008 5:47:47 PM | Attr = RH ] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 0 bytes | Created Date = 1/18/2008 1:46:15 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1167 bytes | Created Date = 3/8/2008 10:24:55 PM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 2/25/2008 1:58:49 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Created Date = 2/4/2008 7:23:47 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2/26/2008 2:36:28 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 2/24/2008 11:40:38 AM | Attr = ] @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D Adobe -> %AppData%\Adobe -> [Folder | Created Date = 2/1/2008 10:14:56 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Created Date = 2/2/2008 5:40:25 PM | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 1/18/2008 2:12:46 PM | Attr = HS] FaxCtr -> %AppData%\FaxCtr -> [Folder | Created Date = 1/21/2008 8:07:43 AM | Attr = ] Google -> %AppData%\Google -> [Folder | Created Date = 1/22/2008 12:35:48 PM | Attr = ] HP -> %AppData%\HP -> [Folder | Created Date = 1/18/2008 9:13:06 PM | Attr = ] HPQ -> %AppData%\HPQ -> [Folder | Created Date = 1/20/2008 7:03:54 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 1/18/2008 2:12:28 PM | Attr = ] Intuit -> %AppData%\Intuit -> [Folder | Created Date = 1/18/2008 2:12:28 PM | Attr = ] LANGMaster -> %AppData%\LANGMaster -> [Folder | Created Date = 2/26/2008 5:46:59 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 1/18/2008 3:16:38 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 1/18/2008 2:12:26 PM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 2/25/2008 1:58:47 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Created Date = 1/18/2008 2:12:26 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 2/10/2008 4:25:59 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2/26/2008 2:35:03 PM | Attr = ] Watchtower -> %AppData%\Watchtower -> [Folder | Created Date = 1/20/2008 5:55:14 PM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 2/7/2008 4:41:02 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 2/2/2008 5:39:29 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Created Date = 1/18/2008 2:12:26 PM | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 139 bytes | Created Date = 1/18/2008 2:12:41 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 51976 bytes | Created Date = 1/18/2008 2:12:40 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Created Date = 1/18/2008 2:12:26 PM | Attr = ] HP -> %UserProfile%\Local Settings\Application Data\HP -> [Folder | Created Date = 1/18/2008 9:12:40 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4316996 bytes | Created Date = 1/18/2008 2:12:40 PM | Attr = H ] IsolatedStorage -> %UserProfile%\Local Settings\Application Data\IsolatedStorage -> [Folder | Created Date = 1/18/2008 9:13:03 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 1/18/2008 2:12:26 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 2/25/2008 1:58:47 PM | Attr = ] {3248F0A6-6813-11D6-A77B-00B0D0150050} -> %UserProfile%\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050} -> [Folder | Created Date = 1/18/2008 2:12:26 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 87 bytes | Created Date = 1/18/2008 2:12:32 PM | Attr = HS] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Created Date = 1/18/2008 9:13:05 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Created Date = 1/18/2008 2:12:25 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 1/18/2008 2:12:25 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Created Date = 1/18/2008 2:12:25 PM | Attr = R ] Servive meeting part.rtf -> %UserProfile%\My Documents\Servive meeting part.rtf -> [Ver = | Size = 20692 bytes | Created Date = 3/6/2008 5:10:09 PM | Attr = ] spider.sav -> %UserProfile%\My Documents\spider.sav -> [Ver = | Size = 572 bytes | Created Date = 3/19/2008 1:00:40 PM | Attr = ] Lexmark Imaging Studio - 2300 Series.lnk -> %AllUsersProfile%\Desktop\Lexmark Imaging Studio - 2300 Series.lnk -> [Ver = | Size = 767 bytes | Created Date = 1/7/2008 3:37:24 PM | Attr = ] Media Center.lnk -> %AllUsersProfile%\Desktop\Media Center.lnk -> [Ver = | Size = 1478 bytes | Created Date = 1/7/2008 2:57:17 PM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1613 bytes | Created Date = 2/25/2008 1:58:39 PM | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk -> [Ver = | Size = 908 bytes | Created Date = 1/7/2008 2:57:17 PM | Attr = ] Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 823 bytes | Created Date = 2/7/2008 4:29:59 PM | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 3/26/2008 2:29:54 PM | Attr = ] avgas-setup-7.5.1.43-3339.exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe -> [Ver = | Size = 10696576 bytes | Created Date = 3/26/2008 3:54:40 PM | Attr = ] gulfinternet.lnk -> %UserProfile%\Desktop\gulfinternet.lnk -> [Ver = | Size = 584 bytes | Created Date = 3/20/2008 12:00:06 AM | Attr = ] HJTInstall(2).exe -> %UserProfile%\Desktop\HJTInstall(2).exe -> [Ver = | Size = 0 bytes | Created Date = 3/26/2008 5:51:14 PM | Attr = ] HJTInstall(2).exe.part -> %UserProfile%\Desktop\HJTInstall(2).exe.part -> [Ver = | Size = 498073 bytes | Created Date = 3/26/2008 5:51:06 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [Ver = | Size = 0 bytes | Created Date = 3/26/2008 5:15:34 PM | Attr = ] HJTInstall.exe.part -> %UserProfile%\Desktop\HJTInstall.exe.part -> [Ver = | Size = 336774 bytes | Created Date = 3/26/2008 5:15:24 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 3/27/2008 7:17:00 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 481713 bytes | Created Date = 3/27/2008 7:16:13 AM | Attr = ] programs -> %UserProfile%\Desktop\programs -> [Folder | Created Date = 2/26/2008 4:03:45 PM | Attr = ] Shortcut to gulfinternet.zip -> %UserProfile%\Desktop\Shortcut to gulfinternet.zip -> [Ver = | Size = 507 bytes | Created Date = 1/23/2008 12:54:55 PM | Attr = ] Watchtower Library 2007 - English.lnk -> %UserProfile%\Desktop\Watchtower Library 2007 - English.lnk -> [Ver = | Size = 948 bytes | Created Date = 1/20/2008 5:24:17 PM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1768 bytes | Created Date = 2/4/2008 7:23:53 AM | Attr = ] Updates From HP.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Updates From HP.lnk -> [Ver = | Size = 1879 bytes | Created Date = 1/18/2008 2:22:12 PM | Attr = ] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 1/18/2008 2:12:28 PM | Attr = HS] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 2/4/2008 7:23:52 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 2/26/2008 2:34:07 PM | Attr = ] [Files/Folders - Modified Within 90 days] BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 211 bytes | Modified Date = 1/18/2008 2:08:04 PM | Attr = RHS] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 279 bytes | Modified Date = 3/27/2008 7:09:21 AM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 1/18/2008 2:22:45 PM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/26/2008 4:29:05 PM | Attr = H ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/26/2008 4:55:32 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 468242432 bytes | Modified Date = 3/27/2008 7:10:29 AM | Attr = HS] hp -> %SystemDrive%\hp -> [Folder | Modified Date = 1/18/2008 9:42:51 PM | Attr = H ] lxcgfire.csv -> %SystemDrive%\lxcgfire.csv -> [Ver = | Size = 0 bytes | Modified Date = 1/7/2008 3:21:51 PM | Attr = ] LXCGINST.csv -> %SystemDrive%\LXCGINST.csv -> [Ver = | Size = 867 bytes | Modified Date = 1/7/2008 3:22:53 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/26/2008 3:42:35 PM | Attr = ] Python22 -> %SystemDrive%\Python22 -> [Folder | Modified Date = 2/25/2008 1:14:38 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 1/18/2008 9:07:03 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/27/2008 7:11:03 AM | Attr = ] 103C_HP_CPC_ER886AA-ABA a1253w_YC_0Pavi_QMXF615_E62NAemMPA1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXP2_L409_M447_J100_7AMD_8Athlon 64_92.19_#060526_N10EC8139_Z11C10620_G10025954.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_ER886AA-ABA a1253w_YC_0Pavi_QMXF615_E62NAemMPA1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXP2_L409_M447_J100_7AMD_8Athlon 64_92.19_#060526_N10EC8139_Z11C10620_G10025954.MRK -> [Ver = | Size = 1846 bytes | Modified Date = 1/18/2008 2:18:35 PM | Attr = RHS] tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 3/26/2008 5:20:02 PM | Attr = ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 1111 bytes | Modified Date = 1/18/2008 2:10:38 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 2/25/2008 1:03:40 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 1/20/2008 5:36:49 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/26/2008 2:45:36 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2/26/2008 3:42:34 PM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 2/26/2008 1:32:28 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/26/2008 4:29:26 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/26/2008 5:23:00 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 193776 bytes | Modified Date = 2/25/2008 1:27:10 PM | Attr = ] LexFiles.ulf -> %SystemRoot%\System32\LexFiles.ulf -> [Ver = | Size = 22912 bytes | Modified Date = 1/20/2008 6:05:16 PM | Attr = ] mapisvc.inf -> %SystemRoot%\System32\mapisvc.inf -> [Ver = | Size = 57 bytes | Modified Date = 2/26/2008 3:52:04 PM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Modified Date = 2/26/2008 5:41:29 PM | Attr = ] pcintro -> %SystemRoot%\System32\pcintro -> [Folder | Modified Date = 1/18/2008 2:18:26 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 53640 bytes | Modified Date = 3/12/2008 5:05:54 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 382022 bytes | Modified Date = 3/12/2008 5:05:54 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 441454 bytes | Modified Date = 3/12/2008 5:05:53 PM | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Modified Date = 1/19/2008 4:28:09 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 3/25/2008 4:04:26 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Modified Date = 1/18/2008 9:48:49 PM | Attr = ] ttri.dat -> %SystemRoot%\System32\ttri.dat -> [Ver = | Size = 266 bytes | Modified Date = 2/26/2008 5:47:47 PM | Attr = RH ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 3/6/2008 4:31:26 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/13/2008 4:05:56 PM | Attr = H ] 9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> addins -> %SystemRoot%\addins -> [Folder | Modified Date = 2/26/2008 3:52:30 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 1/18/2008 12:39:47 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/27/2008 7:10:30 AM | Attr = S] CREATOR -> %SystemRoot%\CREATOR -> [Folder | Modified Date = 3/24/2008 10:39:23 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2/25/2008 1:06:10 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/18/2008 9:48:54 PM | Attr = ] I386 -> %SystemRoot%\I386 -> [Folder | Modified Date = 1/18/2008 12:44:32 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/19/2008 9:44:54 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/25/2008 1:05:10 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/26/2008 4:29:05 PM | Attr = HS] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 0 bytes | Modified Date = 3/27/2008 6:59:15 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 3/26/2008 3:44:31 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1167 bytes | Modified Date = 3/8/2008 10:24:56 PM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 1/24/2008 6:41:45 AM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 2/25/2008 1:58:49 PM | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 1/18/2008 12:39:48 PM | Attr = R ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/27/2008 7:12:47 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/26/2008 4:50:41 PM | Attr = ] Quicken.ini -> %SystemRoot%\Quicken.ini -> [Ver = | Size = 31 bytes | Modified Date = 2/25/2008 1:15:37 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/27/2008 7:12:32 AM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 1/18/2008 4:29:59 PM | Attr = ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 1/18/2008 2:22:27 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/18/2008 9:48:57 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 1/18/2008 12:44:54 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/27/2008 7:09:21 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/12/2008 5:05:54 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/20/2008 5:44:45 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/27/2008 7:12:21 AM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2/25/2008 12:59:50 PM | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 1/18/2008 12:39:47 PM | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 481 bytes | Modified Date = 3/27/2008 7:09:21 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2/8/2008 3:07:48 AM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 2/11/2008 9:14:11 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/27/2008 7:10:41 AM | Attr = H ] eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat -> [Ver = | Size = 268 bytes | Modified Date = 8/31/2005 12:06:38 AM | Attr = H ] eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat -> [Ver = | Size = 268 bytes | Modified Date = 8/31/2005 12:07:02 AM | Attr = H ] eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat -> [Ver = | Size = 268 bytes | Modified Date = 8/31/2005 12:15:10 AM | Attr = H ] eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat -> [Ver = | Size = 268 bytes | Modified Date = 8/31/2005 12:17:14 AM | Attr = H ] eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/23/2006 6:51:31 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 29436 bytes | Modified Date = 3/12/2008 11:42:16 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 30706 bytes | Modified Date = 3/12/2008 11:42:15 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8274 bytes | Modified Date = 2/7/2008 4:50:41 PM | Attr = ] CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 1804 bytes | Modified Date = 6/23/2007 3:46:01 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/26/2006 8:19:53 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 166221 bytes | Modified Date = 6/26/2006 8:39:46 PM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 3:07:10 PM | Attr = ] 3 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> IadHide5.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 116R) | Size = 24613 bytes | Modified Date = 3/23/2006 8:07:59 PM | Attr = ] 3 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> Perflib_Perfdata_ad4.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_ad4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/27/2008 6:55:29 AM | Attr = ] 3 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> Perflib_Perfdata_5e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/27/2008 7:10:38 AM | Attr = ] Perflib_Perfdata_628.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_628.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/26/2008 3:45:16 PM | Attr = ] Perflib_Perfdata_648.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_648.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/26/2008 5:05:33 PM | Attr = ] Perflib_Perfdata_714.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_714.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/27/2008 6:53:49 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2/4/2008 7:23:47 AM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 2/25/2008 1:44:30 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/26/2008 2:36:28 PM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 1/20/2008 5:53:37 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 2/25/2008 1:19:40 PM | Attr = ] @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2/2/2008 5:43:22 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 2/4/2008 7:29:00 AM | Attr = ] FaxCtr -> %AppData%\FaxCtr -> [Folder | Modified Date = 1/21/2008 8:07:47 AM | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 2/10/2008 3:42:14 PM | Attr = ] HP -> %AppData%\HP -> [Folder | Modified Date = 1/18/2008 9:13:06 PM | Attr = ] HPQ -> %AppData%\HPQ -> [Folder | Modified Date = 1/20/2008 7:03:54 PM | Attr = ] LANGMaster -> %AppData%\LANGMaster -> [Folder | Modified Date = 2/26/2008 5:46:59 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 1/18/2008 3:16:38 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2/6/2008 1:24:34 PM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 2/25/2008 1:58:47 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Modified Date = 2/10/2008 4:25:59 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/26/2008 2:35:03 PM | Attr = ] Watchtower -> %AppData%\Watchtower -> [Folder | Modified Date = 1/20/2008 5:55:14 PM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 2/9/2008 7:24:51 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 2/2/2008 5:40:06 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 3/24/2008 3:21:41 PM | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 139 bytes | Modified Date = 1/18/2008 9:12:38 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 1/22/2008 12:35:48 PM | Attr = ] HP -> %UserProfile%\Local Settings\Application Data\HP -> [Folder | Modified Date = 1/18/2008 9:12:40 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4316996 bytes | Modified Date = 2/25/2008 4:06:54 PM | Attr = H ] IsolatedStorage -> %UserProfile%\Local Settings\Application Data\IsolatedStorage -> [Folder | Modified Date = 1/18/2008 9:13:03 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 3/27/2008 7:22:45 AM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Modified Date = 2/25/2008 1:58:47 PM | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 1/18/2008 12:40:49 PM | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 1/18/2008 12:40:49 PM | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 1/18/2008 12:40:49 PM | Attr = R ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 87 bytes | Modified Date = 1/18/2008 2:18:54 PM | Attr = HS] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Modified Date = 1/18/2008 9:13:05 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2/7/2008 4:38:51 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2/7/2008 4:38:51 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 1/18/2008 12:40:50 PM | Attr = R ] Servive meeting part.rtf -> %UserProfile%\My Documents\Servive meeting part.rtf -> [Ver = | Size = 20692 bytes | Modified Date = 3/6/2008 5:16:54 PM | Attr = ] spider.sav -> %UserProfile%\My Documents\spider.sav -> [Ver = | Size = 572 bytes | Modified Date = 3/19/2008 1:00:40 PM | Attr = ] Lexmark Imaging Studio - 2300 Series.lnk -> %AllUsersProfile%\Desktop\Lexmark Imaging Studio - 2300 Series.lnk -> [Ver = | Size = 767 bytes | Modified Date = 1/20/2008 6:05:37 PM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1613 bytes | Modified Date = 2/25/2008 1:58:39 PM | Attr = ] Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 823 bytes | Modified Date = 2/7/2008 4:29:59 PM | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/26/2008 2:29:51 PM | Attr = ] avgas-setup-7.5.1.43-3339.exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe -> [Ver = | Size = 10696576 bytes | Modified Date = 3/26/2008 4:00:09 PM | Attr = ] gulfinternet.lnk -> %UserProfile%\Desktop\gulfinternet.lnk -> [Ver = | Size = 584 bytes | Modified Date = 3/20/2008 12:00:06 AM | Attr = ] HJTInstall(2).exe -> %UserProfile%\Desktop\HJTInstall(2).exe -> [Ver = | Size = 0 bytes | Modified Date = 3/26/2008 5:51:14 PM | Attr = ] HJTInstall(2).exe.part -> %UserProfile%\Desktop\HJTInstall(2).exe.part -> [Ver = | Size = 498073 bytes | Modified Date = 3/26/2008 5:51:14 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [Ver = | Size = 0 bytes | Modified Date = 3/26/2008 5:15:34 PM | Attr = ] HJTInstall.exe.part -> %UserProfile%\Desktop\HJTInstall.exe.part -> [Ver = | Size = 336774 bytes | Modified Date = 3/26/2008 5:15:34 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 3/27/2008 7:17:00 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 481713 bytes | Modified Date = 3/27/2008 7:16:17 AM | Attr = ] programs -> %UserProfile%\Desktop\programs -> [Folder | Modified Date = 2/26/2008 4:04:38 PM | Attr = ] Shortcut to gulfinternet.zip -> %UserProfile%\Desktop\Shortcut to gulfinternet.zip -> [Ver = | Size = 507 bytes | Modified Date = 1/23/2008 12:54:55 PM | Attr = ] Watchtower Library 2007 - English.lnk -> %UserProfile%\Desktop\Watchtower Library 2007 - English.lnk -> [Ver = | Size = 948 bytes | Modified Date = 1/20/2008 5:24:17 PM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1768 bytes | Modified Date = 2/4/2008 7:23:53 AM | Attr = ] Updates From HP.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Updates From HP.lnk -> [Ver = | Size = 1879 bytes | Modified Date = 1/18/2008 2:22:12 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2/4/2008 7:23:52 AM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 2/25/2008 1:11:01 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2/25/2008 1:06:25 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 1/20/2008 5:53:38 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2/25/2008 1:06:12 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2/26/2008 2:34:07 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]