[code] OTScanIt logfile created on: 3/31/2008 5:16:16 PM OTScanIt by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\Raj\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.09 Mb Total Physical Memory | 546.29 Mb Available Physical Memory | 53.45% Memory free 2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.68% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24.42 Gb Total Space | 2.08 Gb Free Space | 8.51% Space Free | Partition Type: NTFS Drive D: | 541.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 203.71 Gb Total Space | 134.40 Gb Free Space | 65.98% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL_MAIN Current User Name: Raj Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/4/2005 6:02:58 AM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 2:07:32 PM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 4/25/2005 10:49:52 AM | Attr = ] hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ] mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ] mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ] mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ] mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ] mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 9:33:42 AM | Attr = ] redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 6/25/2007 10:56:42 AM | Attr = ] mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 4:01:58 PM | Attr = ] mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 8:55:24 AM | Attr = ] mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 2:08:06 PM | Attr = ] sas.exe -> %ProgramFiles%\SAS\SAS 9.1\sas.exe -> [Ver = | Size = 72064 bytes | Modified Date = 1/25/2006 4:42:42 PM | Attr = ] objspawn.exe -> %ProgramFiles%\SAS\SAS 9.1\objspawn.exe -> [Ver = | Size = 297152 bytes | Modified Date = 1/25/2006 6:02:15 PM | Attr = ] mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr = ] mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 304680 bytes | Modified Date = 4/18/2007 2:08:10 PM | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 4/25/2005 10:50:08 AM | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/23/2005 2:20:44 AM | Attr = ] dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 6:19:56 PM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 4:18:56 PM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 12:11:42 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 278528 bytes | Modified Date = 12/18/2004 12:20:14 AM | Attr = ] tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 5:33:00 AM | Attr = ] devdetect.exe -> %CommonProgramFiles%\ACD Systems\EN\DevDetect.exe -> ACD Systems, Ltd. [Ver = 2,0,2,9 | Size = 221184 bytes | Modified Date = 9/2/2004 5:51:50 PM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 327680 bytes | Modified Date = 12/18/2004 8:14:42 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 8/28/2006 10:57:12 PM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr = R ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 9/16/2003 6:19:24 AM | Attr = ] ubbmonitor.exe -> %ProgramFiles%\ArcSoft\Software Suite\TotalMedia Backup & Record\uBBMonitor.exe -> ArcSoft, Inc. [Ver = 1.0.0.2 | Size = 266240 bytes | Modified Date = 6/22/2006 3:24:18 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 2/26/2004 2:18:00 AM | Attr = R ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr = ] mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 250968 bytes | Modified Date = 1/5/2007 4:22:00 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 2:07:32 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/4/2005 6:02:58 AM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ] (bepldr) BCL easyPDF SDK 5 Loader [Win32_Shared | On_Demand | Stopped] -> %CommonProgramFiles%\BCL Technologies\easyPDF 5\bepldr.exe -> [Ver = 5, 0, 0, 1 | Size = 151552 bytes | Modified Date = 2/21/2007 5:26:40 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] (Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,214,0 | Size = 341328 bytes | Modified Date = 10/5/2007 5:33:26 PM | Attr = ] (IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 4/25/2005 10:49:52 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (iPodService) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 327680 bytes | Modified Date = 12/18/2004 8:14:42 PM | Attr = ] (McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ] (mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 4:22:18 PM | Attr = ] (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ] (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ] (McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ] (mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ] (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 9:33:42 AM | Attr = ] (McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ] (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found (McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 4:01:58 PM | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 8:55:24 AM | Attr = ] (MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 2:08:06 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 2/26/2004 2:18:00 AM | Attr = R ] (SAS Lev1 MS - EMiner) SAS Lev1 MS - EMiner [Win32_Own | Auto | Running] -> %ProgramFiles%\SAS\SAS 9.1\sas.exe -> [Ver = | Size = 72064 bytes | Modified Date = 1/25/2006 4:42:42 PM | Attr = ] (SAS Lev1 OB - EMiner) SAS Lev1 OB - EMiner [Win32_Own | Auto | Running] -> %ProgramFiles%\SAS\SAS 9.1\objspawn.exe -> [Ver = | Size = 297152 bytes | Modified Date = 1/25/2006 6:02:15 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 AM | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 8/5/2005 11:05:00 PM | Attr = ] BuildBU -> %SystemDrive%\dell\bldbubg.exe -> [Ver = | Size = 61440 bytes | Modified Date = 11/8/2005 7:20:10 PM | Attr = ] Device Detector -> %CommonProgramFiles%\ACD Systems\EN\DevDetect.exe -> ACD Systems, Ltd. [Ver = 2,0,2,9 | Size = 221184 bytes | Modified Date = 9/2/2004 5:51:50 PM | Attr = ] dla -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 5:33:00 AM | Attr = ] DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 6:19:56 PM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 4:18:56 PM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 12:11:42 AM | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 4/25/2005 10:50:08 AM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 6:50:42 PM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 278528 bytes | Modified Date = 12/18/2004 12:20:14 AM | Attr = ] MBkLogOnHook -> %ProgramFiles%\McAfee\MBK\LogonHook.exe -> McAfee [Ver = 1.0.2563.24415 | Size = 20480 bytes | Modified Date = 1/8/2007 11:22:46 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 4:57:48 PM | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/23/2005 2:20:44 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 8/28/2006 10:57:12 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\] > -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 8/28/2006 10:57:12 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 5:44:06 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk -> %ProgramFiles%\America Online 9.0\aoltray.exe -> America Online, Inc. [Ver = 9.00.001 | Size = 156784 bytes | Modified Date = 9/1/2004 1:56:34 PM | Attr = H ] %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr = R ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 9/16/2003 6:19:24 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\TotalMedia Backup & Record Monitor.lnk -> %ProgramFiles%\ArcSoft\Software Suite\TotalMedia Backup & Record\uBBMonitor.exe -> ArcSoft, Inc. [Ver = 1.0.0.2 | Size = 266240 bytes | Modified Date = 6/22/2006 3:24:18 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Raj Startup Folder > -> C:\Documents and Settings\Raj\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005] > -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005] > -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\] > -> -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\: Main\\Start Page -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> turbotax.com .[https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\] > -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> turbotax.com .[https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\] > -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 2:56:50 AM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 5/31/2005 5:33:00 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.126.x86 | Size = 58688 bytes | Modified Date = 1/9/2008 9:09:38 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\] > -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] Backward Links -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] Similar Pages -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\] > -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\] > -> HKEY_USERS\S-1-5-21-3677884304-817322267-2570118684-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] Backward Links -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] Similar Pages -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar3.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0622A851-6242-4794-BA98-3CDADAE9A3E3} -> (Intel(R) PRO/100 VE Network Connection) -> {7DAA7980-4229-4EC8-BE15-CF4B5AB14086} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 4:18:56 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {238F6F83-B8B4-11CF-8771-00A024541EE3}[HKEY_LOCAL_MACHINE] -> https://mysaxon.saxonmtg.com/Citrix/MetaFrame/ICAWEB/en/ica32/wficat.cab[Citrix ICA Client] -> {493ACF15-5CD9-4474-82A6-91670C3DD66E}[HKEY_LOCAL_MACHINE] -> http://www.linkedin.com/cab/LinkedInContactFinderControl.cab[LinkedIn ContactFinderControl] -> {5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab[Windows Live Safety Center Base Module] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {B1647320-9EC8-4B0F-BF53-93D4A43FA614}[HKEY_LOCAL_MACHINE] -> https://mydesk-pi02.morganstanley.com/prx/000/http/rc-na.ms.com:8180/mydesk/common/htdocs/SPX/2.0.3.17/TerminalSvcsTCS.cab[TerminalSvcsTCSX Control] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab[McFreeScan Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll\\.Owner -> {493ACF15-5CD9-4474-82A6-91670C3DD66E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll\\{493ACF15-5CD9-4474-82A6-91670C3DD66E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/TerminalSvcsTCS.OCX\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/TerminalSvcsTCS.OCX\\.Owner -> {B1647320-9EC8-4B0F-BF53-93D4A43FA614} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/TerminalSvcsTCS.OCX\\{B1647320-9EC8-4B0F-BF53-93D4A43FA614} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat\\.Owner -> {493ACF15-5CD9-4474-82A6-91670C3DD66E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat\\{493ACF15-5CD9-4474-82A6-91670C3DD66E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll\\.Owner -> {493ACF15-5CD9-4474-82A6-91670C3DD66E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll\\{493ACF15-5CD9-4474-82A6-91670C3DD66E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> -> [Files/Folders - Created Within 90 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071812608 bytes | Created Date = 3/23/2008 8:41:49 PM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 3/30/2008 1:49:44 AM | Attr = ] 4 C:\*.tmp files -> C:\*.tmp -> _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 3/29/2008 11:06:36 PM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 3/23/2008 7:20:51 PM | Attr = ] mfeavfk.sys -> %SystemRoot%\System32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Created Date = 3/22/2008 4:37:48 PM | Attr = ] mfebopk.sys -> %SystemRoot%\System32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 34184 bytes | Created Date = 3/22/2008 4:37:49 PM | Attr = ] mfehidk.sys -> %SystemRoot%\System32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.142.x86 | Size = 171400 bytes | Created Date = 3/22/2008 4:37:48 PM | Attr = ] mferkdk.sys -> %SystemRoot%\System32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 32008 bytes | Created Date = 3/22/2008 4:37:49 PM | Attr = ] mfesmfk.sys -> %SystemRoot%\System32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 37480 bytes | Created Date = 3/22/2008 4:37:49 PM | Attr = ] Mpfp.sys -> %SystemRoot%\System32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Created Date = 3/22/2008 4:37:46 PM | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 3/23/2008 8:52:14 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 3/23/2008 8:52:55 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 5208 bytes | Created Date = 3/22/2008 4:39:35 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 3/31/2008 12:40:34 PM | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 3/30/2008 1:49:44 AM | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 3/30/2008 1:49:44 AM | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 3/23/2008 8:52:18 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/29/2008 10:41:18 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 3/29/2008 10:41:19 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/29/2008 10:41:18 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/29/2008 10:41:19 PM | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 3/23/2008 8:52:17 PM | Attr = ] sasperf.dll -> %SystemRoot%\System32\sasperf.dll -> [Ver = | Size = 13600 bytes | Created Date = 2/15/2008 2:34:06 AM | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 3/30/2008 1:49:44 AM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/30/2008 1:49:44 AM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 3/30/2008 1:49:44 AM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 3/30/2008 1:49:44 AM | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 3/23/2008 8:52:19 PM | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 3/30/2008 1:49:44 AM | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 3/30/2008 1:49:44 AM | Attr = ] ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 3/23/2008 8:52:55 PM | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 3/31/2008 12:40:04 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 3/31/2008 12:39:44 PM | Attr = H ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 3/30/2008 1:50:15 AM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 3/31/2008 12:40:18 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 3/31/2008 12:41:12 PM | Attr = ] McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Created Date = 3/22/2008 4:26:18 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 3/31/2008 12:38:09 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/30/2008 1:49:44 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/16/2008 6:31:57 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/16/2008 6:31:57 PM | Attr = H ] vpd.properties -> %SystemRoot%\vpd.properties -> [Ver = | Size = 9580 bytes | Created Date = 2/15/2008 3:00:09 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 3/31/2008 12:40:35 PM | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 336 bytes | Created Date = 3/22/2008 4:37:38 PM | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 328 bytes | Created Date = 3/22/2008 4:37:37 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Dell -> %AllUsersProfile%\Application Data\Dell -> [Folder | Created Date = 1/28/2008 12:57:53 AM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 3/23/2008 7:20:49 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 3/30/2008 5:56:24 PM | Attr = ] McAfee -> %AllUsersProfile%\Application Data\McAfee -> [Folder | Created Date = 3/22/2008 4:19:19 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 3/23/2008 7:21:01 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 3/30/2008 5:56:37 PM | Attr = ] Nitro PDF -> %AppData%\Nitro PDF -> [Folder | Created Date = 2/2/2008 10:48:54 PM | Attr = ] 2006-04-10 23-30-32_0045.jpg -> %UserProfile%\My Documents\2006-04-10 23-30-32_0045.jpg -> [Ver = | Size = 1099743 bytes | Created Date = 3/16/2008 12:21:07 AM | Attr = ] 2006-04-10 23-31-02_0046.jpg -> %UserProfile%\My Documents\2006-04-10 23-31-02_0046.jpg -> [Ver = | Size = 1420577 bytes | Created Date = 3/16/2008 12:21:59 AM | Attr = ] Book1.xls -> %UserProfile%\My Documents\Book1.xls -> [Ver = | Size = 13824 bytes | Created Date = 3/3/2008 10:40:33 PM | Attr = ] Book2.xls -> %UserProfile%\My Documents\Book2.xls -> [Ver = | Size = 13824 bytes | Created Date = 2/9/2008 9:38:04 PM | Attr = ] Enterprise Guide Sample.lnk -> %UserProfile%\My Documents\Enterprise Guide Sample.lnk -> [Ver = | Size = 1556 bytes | Created Date = 2/15/2008 3:09:06 AM | Attr = ] New Folder (2) -> %UserProfile%\My Documents\New Folder (2) -> [Folder | Created Date = 3/16/2008 12:16:54 AM | Attr = ] SAS Installation Data -> %UserProfile%\My Documents\SAS Installation Data -> [Folder | Created Date = 2/6/2008 5:42:07 PM | Attr = ] Scrapbook Projects -> %UserProfile%\My Documents\Scrapbook Projects -> [Folder | Created Date = 2/14/2008 6:40:55 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 3/23/2008 7:20:54 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 3/30/2008 5:56:24 PM | Attr = ] McAfee Security Center.lnk -> %AllUsersProfile%\Desktop\McAfee Security Center.lnk -> [Ver = | Size = 671 bytes | Created Date = 3/22/2008 4:39:26 PM | Attr = ] Aathichudi[1].pdf -> %UserProfile%\Desktop\Aathichudi[1].pdf -> [Ver = | Size = 128759 bytes | Created Date = 3/29/2008 10:16:21 PM | Attr = ] Active shortcuts -> %UserProfile%\Desktop\Active shortcuts -> [Folder | Created Date = 3/13/2008 6:15:32 PM | Attr = ] CDO -> %UserProfile%\Desktop\CDO -> [Folder | Created Date = 3/13/2008 6:50:02 PM | Attr = ] cds -> %UserProfile%\Desktop\cds -> [Folder | Created Date = 3/13/2008 6:50:18 PM | Attr = ] CFA -> %UserProfile%\Desktop\CFA -> [Folder | Created Date = 2/16/2008 12:58:01 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1603068 bytes | Created Date = 3/29/2008 11:11:45 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier Comparative anal. of current credit models.pdf -> %UserProfile%\Desktop\Comparative anal. of current credit models.pdf -> [Ver = | Size = 1584962 bytes | Created Date = 2/11/2008 2:11:05 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Comparative anal. of current credit models.pdf:Zone.Identifier distressed debt -> %UserProfile%\Desktop\distressed debt -> [Folder | Created Date = 2/28/2008 9:00:57 PM | Attr = ] efx -> %UserProfile%\Desktop\efx -> [Folder | Created Date = 3/23/2008 7:24:41 PM | Attr = ] EFX notes.doc -> %UserProfile%\Desktop\EFX notes.doc -> [Ver = | Size = 22016 bytes | Created Date = 3/23/2008 4:15:13 PM | Attr = ] Freddie forecast (Mar-27-08).pdf -> %UserProfile%\Desktop\Freddie forecast (Mar-27-08).pdf -> [Ver = | Size = 251205 bytes | Created Date = 3/29/2008 1:10:37 AM | Attr = ] geeks to go trojan notes.doc -> %UserProfile%\Desktop\geeks to go trojan notes.doc -> [Ver = | Size = 28672 bytes | Created Date = 3/23/2008 7:28:07 PM | Attr = ] hedge-fund-book.pdf -> %UserProfile%\Desktop\hedge-fund-book.pdf -> [Ver = | Size = 3777216 bytes | Created Date = 2/29/2008 2:24:02 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\hedge-fund-book.pdf:Zone.Identifier hpi -> %UserProfile%\Desktop\hpi -> [Folder | Created Date = 3/13/2008 7:02:04 PM | Attr = ] LInkedin others.doc -> %UserProfile%\Desktop\LInkedin others.doc -> [Ver = | Size = 23552 bytes | Created Date = 2/29/2008 1:49:43 AM | Attr = ] MBA - contact list.xls -> %UserProfile%\Desktop\MBA - contact list.xls -> [Ver = | Size = 16896 bytes | Created Date = 2/10/2008 12:46:53 AM | Attr = ] MCPR.exe -> %UserProfile%\Desktop\MCPR.exe -> [Ver = | Size = 582000 bytes | Created Date = 2/15/2008 11:57:02 AM | Attr = ] Mortgage entrepreneural.doc -> %UserProfile%\Desktop\Mortgage entrepreneural.doc -> [Ver = | Size = 40960 bytes | Created Date = 2/28/2008 5:35:58 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.21.0 | Size = 290304 bytes | Created Date = 3/29/2008 11:01:28 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 3/31/2008 4:29:28 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541278 bytes | Created Date = 3/31/2008 4:29:00 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier panam.zip -> %UserProfile%\Desktop\panam.zip -> [Ver = | Size = 2529 bytes | Created Date = 3/24/2008 11:52:30 PM | Attr = ] trojan clenaing sw -> %UserProfile%\Desktop\trojan clenaing sw -> [Folder | Created Date = 3/23/2008 7:09:15 PM | Attr = ] AnswerWorks 4.0 -> %CommonProgramFiles%\AnswerWorks 4.0 -> [Folder | Created Date = 3/13/2008 3:52:42 AM | Attr = ] BCL Technologies -> %CommonProgramFiles%\BCL Technologies -> [Folder | Created Date = 2/2/2008 10:48:55 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 3/29/2008 10:40:52 PM | Attr = ] McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Created Date = 3/22/2008 4:37:27 PM | Attr = ] [Files/Folders - Modified Within 90 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/29/2008 10:41:21 PM | Attr = ] 4 C:\*.tmp files -> C:\*.tmp -> hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071812608 bytes | Modified Date = 3/31/2008 4:53:20 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/30/2008 6:11:56 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 3/30/2008 12:21:43 PM | Attr = ] SAS -> %SystemDrive%\SAS -> [Folder | Modified Date = 2/15/2008 3:05:02 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/31/2008 5:10:58 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 3/29/2008 11:06:36 PM | Attr = ] mfehidk.sys -> %SystemRoot%\System32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.142.x86 | Size = 171400 bytes | Modified Date = 2/6/2008 9:51:44 AM | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 3/23/2008 10:11:38 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2/2/2008 10:53:39 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/31/2008 12:41:27 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 3/31/2008 12:40:48 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 5208 bytes | Modified Date = 3/31/2008 4:54:14 PM | Attr = ] dla -> %SystemRoot%\System32\dla -> [Folder | Modified Date = 3/23/2008 10:12:16 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 3/31/2008 4:53:18 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/30/2008 12:20:18 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 3/31/2008 12:41:19 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 251088 bytes | Modified Date = 2/28/2008 6:21:05 PM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 3/19/2008 11:45:29 PM | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 3/23/2008 8:52:19 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Modified Date = 3/22/2008 2:42:13 PM | Attr = S] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 3/23/2008 8:52:18 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 64776 bytes | Modified Date = 3/22/2008 2:25:42 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 409584 bytes | Modified Date = 3/22/2008 2:25:42 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 482618 bytes | Modified Date = 3/22/2008 2:25:42 PM | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 3/23/2008 8:52:19 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 3/23/2008 10:14:26 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 3/31/2008 5:10:11 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/31/2008 12:41:34 PM | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 3/31/2008 12:40:04 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 3/31/2008 12:39:44 PM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 3/23/2008 10:05:21 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/14/2008 3:06:18 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/31/2008 4:53:25 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/23/2008 10:06:35 PM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 3/23/2008 10:07:08 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 3/30/2008 1:50:15 AM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/30/2008 6:11:56 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/31/2008 4:53:18 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 3/31/2008 12:40:26 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 3/31/2008 12:41:12 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 3/31/2008 12:41:27 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/31/2008 4:53:18 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/30/2008 6:11:56 PM | Attr = HS] McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Modified Date = 3/22/2008 4:26:18 PM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 3/31/2008 12:40:32 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/14/2008 3:05:35 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 3/31/2008 12:38:09 PM | Attr = ] pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 3/13/2008 3:48:12 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/31/2008 5:13:09 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/16/2008 6:31:57 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 3/30/2008 11:59:02 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/31/2008 4:54:08 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 3/23/2008 10:11:32 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/30/2008 12:20:59 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/31/2008 4:54:02 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/22/2008 4:37:38 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/31/2008 5:11:01 PM | Attr = ] vpd.properties -> %SystemRoot%\vpd.properties -> [Ver = | Size = 9580 bytes | Modified Date = 2/15/2008 3:00:29 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 3/31/2008 12:40:35 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 684 bytes | Modified Date = 3/23/2008 9:04:03 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/14/2008 3:02:26 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 3/28/2008 5:01:04 PM | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 336 bytes | Modified Date = 3/22/2008 4:37:38 PM | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 328 bytes | Modified Date = 3/22/2008 4:37:38 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/31/2008 4:53:28 PM | Attr = H ] eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/31/2008 4:54:15 PM | Attr = H ] eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/31/2008 5:11:18 PM | Attr = H ] eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 1:42:59 AM | Attr = H ] eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 1:43:32 AM | Attr = H ] eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/26/2008 4:29:46 PM | Attr = H ] eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/26/2008 4:30:19 PM | Attr = H ] eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/2/2008 10:52:09 PM | Attr = H ] eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/3/2008 3:01:44 PM | Attr = H ] eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/3/2008 3:02:44 PM | Attr = H ] eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/14/2008 4:18:40 AM | Attr = H ] eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/14/2008 11:16:01 AM | Attr = H ] eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/14/2008 11:16:36 AM | Attr = H ] eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat -> [Ver = | Size = 268 bytes | Modified Date = 12/28/2007 9:45:10 PM | Attr = H ] eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/15/2008 1:51:05 AM | Attr = H ] eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/15/2008 1:52:32 AM | Attr = H ] eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/15/2008 2:11:41 AM | Attr = H ] eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/15/2008 2:23:13 AM | Attr = H ] eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat -> [Ver = | Size = 268 bytes | Modified Date = 2/28/2008 6:22:26 PM | Attr = H ] eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/3/2008 2:25:09 PM | Attr = H ] eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/3/2008 3:03:02 PM | Attr = H ] eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/3/2008 3:03:31 PM | Attr = H ] eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/14/2008 3:20:39 AM | Attr = H ] eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/14/2008 11:45:56 AM | Attr = H ] eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/6/2008 9:29:19 PM | Attr = H ] eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/17/2008 3:57:55 AM | Attr = H ] eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 4:01:52 AM | Attr = H ] eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 12:51:27 PM | Attr = H ] eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 1:00:20 PM | Attr = H ] eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 1:00:44 PM | Attr = H ] eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 2:21:52 PM | Attr = H ] eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 2:27:11 PM | Attr = H ] eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 2:38:40 PM | Attr = H ] eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 2:41:29 PM | Attr = H ] eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 2:41:52 PM | Attr = H ] eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/6/2008 9:32:09 PM | Attr = H ] eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 2:46:26 PM | Attr = H ] eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/22/2008 2:47:31 PM | Attr = H ] eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/23/2008 8:44:37 PM | Attr = H ] eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/23/2008 8:45:49 PM | Attr = H ] eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/29/2008 10:39:38 PM | Attr = H ] eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/29/2008 10:40:28 PM | Attr = H ] eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/30/2008 2:10:41 AM | Attr = H ] eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat -> [Ver = | Size = 268 bytes | Modified Date = 3/30/2008 12:31:59 PM | Attr = H ] eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/6/2008 9:33:11 PM | Attr = H ] eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/9/2008 4:09:49 AM | Attr = H ] eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/9/2008 4:10:53 AM | Attr = H ] eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 1:35:49 AM | Attr = H ] eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 1:36:52 AM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 3/31/2008 12:37:44 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 3/31/2008 12:37:44 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1648 bytes | Modified Date = 1/25/2006 10:17:30 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 192964 bytes | Modified Date = 3/31/2008 4:51:45 PM | Attr = ] 0131571206967032mcinst.exe -> C:\WINDOWS\Temp\0131571206967032mcinst.exe -> McAfee, Inc. [Ver = 3,0,121,0 | Size = 309096 bytes | Modified Date = 2/23/2008 2:50:32 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Dell -> %AllUsersProfile%\Application Data\Dell -> [Folder | Modified Date = 1/28/2008 12:57:53 AM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 3/23/2008 7:20:49 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 3/30/2008 5:56:24 PM | Attr = ] McAfee -> %AllUsersProfile%\Application Data\McAfee -> [Folder | Modified Date = 3/22/2008 4:39:27 PM | Attr = ] SAS -> %AllUsersProfile%\Application Data\SAS -> [Folder | Modified Date = 2/15/2008 2:45:06 AM | Attr = ] ArcSoft -> %AppData%\ArcSoft -> [Folder | Modified Date = 2/14/2008 6:40:55 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 3/23/2008 7:21:01 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 3/30/2008 5:56:37 PM | Attr = ] McAfee -> %AppData%\McAfee -> [Folder | Modified Date = 3/22/2008 2:43:56 PM | Attr = ] Nitro PDF -> %AppData%\Nitro PDF -> [Folder | Modified Date = 2/2/2008 10:48:54 PM | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 41986 bytes | Modified Date = 3/24/2008 5:20:24 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 3/30/2008 5:13:45 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 35328 bytes | Modified Date = 3/13/2008 6:34:04 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 71232 bytes | Modified Date = 2/15/2008 2:58:34 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 3/31/2008 5:10:32 PM | Attr = ] 2006-04-10 23-30-32_0045.jpg -> %UserProfile%\My Documents\2006-04-10 23-30-32_0045.jpg -> [Ver = | Size = 1099743 bytes | Modified Date = 3/16/2008 12:21:07 AM | Attr = ] 2006-04-10 23-31-02_0046.jpg -> %UserProfile%\My Documents\2006-04-10 23-31-02_0046.jpg -> [Ver = | Size = 1420577 bytes | Modified Date = 3/16/2008 12:21:59 AM | Attr = ] Book1.xls -> %UserProfile%\My Documents\Book1.xls -> [Ver = | Size = 13824 bytes | Modified Date = 3/3/2008 10:40:33 PM | Attr = ] Book2.xls -> %UserProfile%\My Documents\Book2.xls -> [Ver = | Size = 13824 bytes | Modified Date = 2/9/2008 9:40:08 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 74 bytes | Modified Date = 3/31/2008 5:10:20 PM | Attr = HS] Enterprise Guide Sample.lnk -> %UserProfile%\My Documents\Enterprise Guide Sample.lnk -> [Ver = | Size = 1556 bytes | Modified Date = 2/15/2008 3:09:06 AM | Attr = ] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Modified Date = 2/14/2008 6:40:56 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 3/31/2008 5:10:20 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 3/31/2008 5:10:20 PM | Attr = R ] My Scans -> %UserProfile%\My Documents\My Scans -> [Folder | Modified Date = 3/19/2008 11:44:39 PM | Attr = ] New Folder (2) -> %UserProfile%\My Documents\New Folder (2) -> [Folder | Modified Date = 3/16/2008 12:16:54 AM | Attr = ] SAS Installation Data -> %UserProfile%\My Documents\SAS Installation Data -> [Folder | Modified Date = 2/6/2008 5:42:30 PM | Attr = ] Scrapbook Projects -> %UserProfile%\My Documents\Scrapbook Projects -> [Folder | Modified Date = 2/14/2008 6:40:55 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 3/23/2008 7:20:54 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 3/30/2008 5:56:24 PM | Attr = ] McAfee Security Center.lnk -> %AllUsersProfile%\Desktop\McAfee Security Center.lnk -> [Ver = | Size = 671 bytes | Modified Date = 3/22/2008 4:39:26 PM | Attr = ] Aathichudi[1].pdf -> %UserProfile%\Desktop\Aathichudi[1].pdf -> [Ver = | Size = 128759 bytes | Modified Date = 3/29/2008 10:16:21 PM | Attr = ] Active shortcuts -> %UserProfile%\Desktop\Active shortcuts -> [Folder | Modified Date = 3/22/2008 2:19:40 PM | Attr = ] CDO -> %UserProfile%\Desktop\CDO -> [Folder | Modified Date = 3/13/2008 6:50:34 PM | Attr = ] cds -> %UserProfile%\Desktop\cds -> [Folder | Modified Date = 3/13/2008 6:50:24 PM | Attr = ] CFA -> %UserProfile%\Desktop\CFA -> [Folder | Modified Date = 3/13/2008 6:53:30 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1603068 bytes | Modified Date = 3/29/2008 11:11:45 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier Comparative anal. of current credit models.pdf -> %UserProfile%\Desktop\Comparative anal. of current credit models.pdf -> [Ver = | Size = 1584962 bytes | Modified Date = 2/11/2008 2:11:09 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Comparative anal. of current credit models.pdf:Zone.Identifier Dell shortcuts -> %UserProfile%\Desktop\Dell shortcuts -> [Folder | Modified Date = 3/13/2008 6:25:21 PM | Attr = ] distressed debt -> %UserProfile%\Desktop\distressed debt -> [Folder | Modified Date = 3/13/2008 6:57:20 PM | Attr = ] efx -> %UserProfile%\Desktop\efx -> [Folder | Modified Date = 3/23/2008 7:25:11 PM | Attr = ] EFX notes.doc -> %UserProfile%\Desktop\EFX notes.doc -> [Ver = | Size = 22016 bytes | Modified Date = 3/23/2008 4:15:13 PM | Attr = ] Freddie forecast (Mar-27-08).pdf -> %UserProfile%\Desktop\Freddie forecast (Mar-27-08).pdf -> [Ver = | Size = 251205 bytes | Modified Date = 3/29/2008 1:10:37 AM | Attr = ] geeks to go trojan notes.doc -> %UserProfile%\Desktop\geeks to go trojan notes.doc -> [Ver = | Size = 28672 bytes | Modified Date = 3/23/2008 7:28:08 PM | Attr = ] hedge-fund-book.pdf -> %UserProfile%\Desktop\hedge-fund-book.pdf -> [Ver = | Size = 3777216 bytes | Modified Date = 2/29/2008 2:24:17 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\hedge-fund-book.pdf:Zone.Identifier hpi -> %UserProfile%\Desktop\hpi -> [Folder | Modified Date = 3/25/2008 9:15:23 PM | Attr = ] junk -> %UserProfile%\Desktop\junk -> [Folder | Modified Date = 3/12/2008 1:32:16 AM | Attr = ] Key docs.doc -> %UserProfile%\Desktop\Key docs.doc -> [Ver = | Size = 29696 bytes | Modified Date = 3/4/2008 5:28:44 PM | Attr = ] LInkedin others.doc -> %UserProfile%\Desktop\LInkedin others.doc -> [Ver = | Size = 23552 bytes | Modified Date = 3/21/2008 9:45:45 PM | Attr = ] MBA - contact list.xls -> %UserProfile%\Desktop\MBA - contact list.xls -> [Ver = | Size = 16896 bytes | Modified Date = 2/10/2008 12:46:53 AM | Attr = ] MCPR.exe -> %UserProfile%\Desktop\MCPR.exe -> [Ver = | Size = 582000 bytes | Modified Date = 2/15/2008 11:56:41 AM | Attr = ] Mortgage entrepreneural.doc -> %UserProfile%\Desktop\Mortgage entrepreneural.doc -> [Ver = | Size = 40960 bytes | Modified Date = 2/28/2008 5:36:19 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.21.0 | Size = 290304 bytes | Modified Date = 3/29/2008 11:01:47 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 3/31/2008 4:29:28 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541278 bytes | Modified Date = 3/31/2008 4:29:12 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier panam.zip -> %UserProfile%\Desktop\panam.zip -> [Ver = | Size = 2529 bytes | Modified Date = 3/24/2008 11:53:16 PM | Attr = ] quotes.doc -> %UserProfile%\Desktop\quotes.doc -> [Ver = | Size = 20480 bytes | Modified Date = 1/12/2008 5:15:47 PM | Attr = ] trojan clenaing sw -> %UserProfile%\Desktop\trojan clenaing sw -> [Folder | Modified Date = 3/30/2008 5:54:17 PM | Attr = ] Uma -> %UserProfile%\Desktop\Uma -> [Folder | Modified Date = 3/16/2008 12:50:14 AM | Attr = ] AnswerWorks 4.0 -> %CommonProgramFiles%\AnswerWorks 4.0 -> [Folder | Modified Date = 3/13/2008 3:52:42 AM | Attr = ] BCL Technologies -> %CommonProgramFiles%\BCL Technologies -> [Folder | Modified Date = 2/2/2008 10:48:55 PM | Attr = ] Designer -> %CommonProgramFiles%\Designer -> [Folder | Modified Date = 3/23/2008 9:25:47 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 3/29/2008 10:40:52 PM | Attr = ] McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Modified Date = 3/22/2008 4:38:43 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 3/13/2008 3:48:20 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\ERROR: Array index out of range 67 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 6 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Impressionism - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Travel - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Vintage - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Videos\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\Desktop\junk\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\Desktop\Uma\New Folder\2008-01-17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\Desktop\Uma\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\Desktop\Uma\shoba copy\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\Desktop\Uma\BaltimoreTrip\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\Desktop\Uma\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\Downloads\Video\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Pictures\2007-12-28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Pictures\2007-12-31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Pictures\2008-01-13\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Pictures\2008-01-17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Scans\2006-12 (Dec)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Scans\2007-03 (Mar)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Scans\2007-05 (May)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Scans\2007-06 (Jun)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Scans\2007-07 (Jul)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Scans\2007-12 (Dec)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Raj\My Documents\My Scans\2008-03 (Mar)\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 65 < End of report > [/code]