[code]
OTScanIt logfile created on: 01/04/2008 09:28:02
OTScanIt by OldTimer - Version 1.0.8.0     Folder = C:\Documents and Settings\GWDH_WS5\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
502.48 Mb Total Physical Memory | 185.83 Mb Available Physical Memory | 36.98% Memory free
1.46 Gb Paging File | 1.15 Gb Available in Paging File | 78.52% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 68.34 Gb Free Space | 91.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 122.90 Gb Total Space | 107.67 Gb Free Space | 87.61% Space Free | Partition Type: NTFS
Drive Z: | 122.90 Gb Total Space | 107.67 Gb Free Space | 87.61% Space Free | Partition Type: NTFS

Computer Name: GWDH_WS5
Current User Name: DaveStorey
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 25/03/2008 11:54:06 | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 13:31:10 | Attr =    ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/10/2007 10:01:12 | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 27/06/2007 11:05:10 | Attr =    ]
ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.680 | Size = 116032 bytes | Modified Date = 22/11/2007 10:11:50 | Attr =    ]
logmein.exe -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 17/04/2007 14:03:52 | Attr =    ]
winvnc4.exe -> %SystemDrive%\vnc4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 11/03/2005 14:40:26 | Attr =    ]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 19/07/2005 10:06:12 | Attr =    ]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 19/07/2005 10:10:06 | Attr =    ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.0.1.7 | Size = 14854144 bytes | Modified Date = 22/09/2005 12:36:20 | Attr =    ]
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 17/04/2007 14:03:52 | Attr =    ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 20/12/2007 10:35:40 | Attr =    ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 10:25:42 | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 05:25:21 | Attr =    ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 06/09/2007 07:00:27 | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 29/03/2008 17:10:10 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 25/03/2008 11:54:06 | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 13:31:10 | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/10/2007 10:01:12 | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 27/06/2007 11:05:10 | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 13:00:00 | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 05/09/2007 07:57:52 | Attr =    ]
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.680 | Size = 116032 bytes | Modified Date = 22/11/2007 10:11:50 | Attr =    ]
(LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 17/04/2007 14:03:52 | Attr =    ]
(WinVNC) VNC [Win32_Own | Auto | Running] -> %SystemDrive%\vnc4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 11/03/2005 14:40:26 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 10:25:42 | Attr =    ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 23:16:38 | Attr =    ]
Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 03/05/2005 17:43:28 | Attr =    ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 20/12/2007 10:35:40 | Attr =    ]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 19/07/2005 10:06:12 | Attr =    ]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 19/07/2005 10:10:06 | Attr =    ]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 94208 bytes | Modified Date = 19/07/2005 10:09:26 | Attr =    ]
LogMeIn GUI -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 17/04/2007 14:03:52 | Attr =    ]
RTHDCPL -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.0.1.7 | Size = 14854144 bytes | Modified Date = 22/09/2005 12:36:20 | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 05:25:21 | Attr =    ]
WinVNC -> %SystemDrive%\vnc4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 11/03/2005 14:40:26 | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
MSMSGS -> %ProgramFiles%\Messenger\NOTmsmsgs.exe -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 06/09/2007 07:00:27 | Attr =    ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 25/10/2007 10:01:17 | Attr =    ]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 25/10/2007 10:01:17 | Attr =    ]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 25/10/2007 10:01:17 | Attr =    ]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 25/10/2007 10:01:17 | Attr =    ]
< Run [HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\] > -> HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
MSMSGS -> %ProgramFiles%\Messenger\NOTmsmsgs.exe -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 06/09/2007 07:00:27 | Attr =    ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< Administrator.GWD Startup Folder > -> C:\Documents and Settings\Administrator.GWD\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< GWDH_WS5 Startup Folder > -> C:\Documents and Settings\GWDH_WS5\Start Menu\Programs\Startup -> 
< __sbs_netsetup__ Startup Folder > -> C:\Documents and Settings\__sbs_netsetup__\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 13:29:58 | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141] > -> HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4363 | Size = 135168 bytes | Modified Date = 19/07/2005 10:05:16 | Attr =    ]
LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.680 | Size = 87352 bytes | Modified Date = 22/11/2007 10:11:43 | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoWelcomeScreen -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceClassicControlPanel -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141] > -> HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceClassicControlPanel -> 1 -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\] > -> -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\: Main\\Search Page -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\: Main\\Start Page -> http://www.google.co.uk/ -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\] > -> HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\] > -> HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 05:25:19 | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 05/09/2007 07:57:50 | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 06/09/2007 07:00:27 | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 05/09/2007 07:57:50 | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 05/09/2007 07:57:50 | Attr = R  ]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\] > -> HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 05/09/2007 07:57:50 | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 05:25:19 | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 05:25:19 | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 05:25:19 | Attr =    ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\] > -> HKEY_USERS\S-1-5-21-1150661963-1725556437-1545755562-1141\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 05:25:19 | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{BC5994F3-3153-4C8E-8F1E-6BB43A13FB46} -> 10.0.0.254,10.0.0.2   (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{485D813E-EE26-4DF8-9FAF-DEDF2885306E}[HKEY_LOCAL_MACHINE] -> http://servera/connectcomputer/nshelp.dll[NSHelp Class] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187861240375[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nshelp.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nshelp.dll\\.Owner -> {485D813E-EE26-4DF8-9FAF-DEDF2885306E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nshelp.dll\\{485D813E-EE26-4DF8-9FAF-DEDF2885306E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
0 -> [Key] -> 
0 -> FriendlyName =  -> 
0 -> Source = http://www.angelnexus.com/images/elh/100005709/646176696473746f72657940677764756b2e636f6d/eac.gif -> 
0 -> SubscribedURL = http://www.angelnexus.com/images/elh/100005709/646176696473746f72657940677764756b2e636f6d/eac.gif -> 
1 -> [Key] -> 
1 -> FriendlyName = My Current Home Page -> 
1 -> Source = About:Home -> 
1 -> SubscribedURL = About:Home -> 


[Files/Folders - Created Within 90 days]
AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 25/03/2008 16:19:05 | Attr =    ]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Created Date = 27/03/2008 14:20:21 | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 07/03/2008 11:24:54 | Attr =    ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 07/03/2008 11:24:54 | Attr =    ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 07/03/2008 11:24:54 | Attr =    ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 26/03/2008 12:26:08 | Attr =    ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 25/03/2008 11:52:00 | Attr =    ]
Grisoft -> %AppData%\Grisoft ->  [Folder | Created Date = 25/03/2008 16:19:13 | Attr =    ]
Xerox -> %AllUsersProfile%\Documents\Xerox ->  [Folder | Created Date = 05/02/2008 10:05:14 | Attr =    ]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1796 bytes | Created Date = 25/03/2008 11:52:05 | Attr =    ]
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1735 bytes | Created Date = 08/02/2008 12:32:23 | Attr =    ]
AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 855 bytes | Created Date = 25/03/2008 16:19:08 | Attr =    ]
Brochure 2008 Planner.xls -> %UserProfile%\Desktop\Brochure 2008 Planner.xls ->  [Ver =  | Size = 153088 bytes | Created Date = 26/02/2008 10:56:10 | Attr =    ]
Clearance List 250308.xls -> %UserProfile%\Desktop\Clearance List 250308.xls ->  [Ver =  | Size = 22016 bytes | Created Date = 26/03/2008 19:30:47 | Attr =    ]
DELAPIDATION REPAYMETS.xls -> %UserProfile%\Desktop\DELAPIDATION REPAYMETS.xls ->  [Ver =  | Size = 64000 bytes | Created Date = 15/02/2008 14:59:58 | Attr =    ]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 26/03/2008 12:25:43 | Attr =    ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
GWD NEW PRODUCT LINE FORM.xls -> %UserProfile%\Desktop\GWD NEW PRODUCT LINE FORM.xls ->  [Ver =  | Size = 117760 bytes | Created Date = 27/02/2008 19:04:26 | Attr =    ]
HijackThis.exe -> %UserProfile%\Desktop\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Created Date = 31/03/2008 09:01:35 | Attr =    ]
letterhead.doc -> %UserProfile%\Desktop\letterhead.doc ->  [Ver =  | Size = 765440 bytes | Created Date = 15/02/2008 11:41:28 | Attr =    ]
OOD APR08.doc -> %UserProfile%\Desktop\OOD APR08.doc ->  [Ver =  | Size = 26624 bytes | Created Date = 22/01/2008 18:55:26 | Attr =    ]
OOD AUGUST08.doc -> %UserProfile%\Desktop\OOD AUGUST08.doc ->  [Ver =  | Size = 27136 bytes | Created Date = 14/03/2008 13:04:36 | Attr =    ]
OOD JULY08.doc -> %UserProfile%\Desktop\OOD JULY08.doc ->  [Ver =  | Size = 27648 bytes | Created Date = 14/03/2008 13:04:39 | Attr =    ]
OOD JUNE08.doc -> %UserProfile%\Desktop\OOD JUNE08.doc ->  [Ver =  | Size = 26624 bytes | Created Date = 14/03/2008 13:04:44 | Attr =    ]
OOD MAR08.doc -> %UserProfile%\Desktop\OOD MAR08.doc ->  [Ver =  | Size = 24064 bytes | Created Date = 14/03/2008 13:04:50 | Attr =    ]
OOD MAY08.doc -> %UserProfile%\Desktop\OOD MAY08.doc ->  [Ver =  | Size = 24064 bytes | Created Date = 14/03/2008 13:04:55 | Attr =    ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 01/04/2008 09:25:23 | Attr =    ]
Park_Garage_Group_Prod_Inf_List_170308.xls -> %UserProfile%\Desktop\Park_Garage_Group_Prod_Inf_List_170308.xls ->  [Ver =  | Size = 146432 bytes | Created Date = 17/03/2008 14:21:21 | Attr =    ]
Spring-Summer 2008 Promotion For Durex & OTC's..xls -> %UserProfile%\Desktop\Spring-Summer 2008 Promotion For Durex & OTC's..xls ->  [Ver =  | Size = 69632 bytes | Created Date = 23/01/2008 19:02:16 | Attr =    ]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Created Date = 08/02/2008 12:32:09 | Attr =    ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 25/03/2008 11:51:00 | Attr =    ]

[Files/Folders - Modified Within 90 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 17/03/2008 18:16:27 | Attr = RH ]
Autopart -> %SystemDrive%\Autopart ->  [Folder | Modified Date = 07/01/2008 10:57:04 | Attr =    ]
CDGH -> %SystemDrive%\CDGH ->  [Folder | Modified Date = 22/01/2008 15:31:20 | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 25/03/2008 11:52:01 | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 28/03/2008 09:35:06 | Attr =    ]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Modified Date = 27/03/2008 14:20:21 | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 31/03/2008 08:59:20 | Attr =    ]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 25/03/2008 16:19:05 | Attr =    ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 22/02/2008 02:23:35 | Attr =    ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 22/02/2008 03:33:31 | Attr =    ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 22/02/2008 02:23:39 | Attr =    ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 22/02/2008 03:33:32 | Attr =    ]
Lang -> %SystemRoot%\System32\Lang ->  [Folder | Modified Date = 01/04/2008 09:20:19 | Attr =    ]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 28/03/2008 09:34:23 | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 53724 bytes | Modified Date = 31/03/2008 08:54:01 | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 383562 bytes | Modified Date = 31/03/2008 08:54:02 | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 443380 bytes | Modified Date = 31/03/2008 08:54:01 | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 01/04/2008 09:20:11 | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 01/04/2008 09:19:30 | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 12/02/2008 09:13:21 | Attr =  HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 27/03/2008 14:18:57 | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 26/03/2008 12:26:08 | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 27/03/2008 14:18:56 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 27/03/2008 14:20:50 | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 01/04/2008 09:26:17 | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 01/04/2008 09:19:55 | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 31/03/2008 08:54:01 | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 01/04/2008 09:20:17 | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 08/02/2008 12:32:19 | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 01/04/2008 09:19:35 | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5362 bytes | Modified Date = 07/03/2008 11:19:24 | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 07/03/2008 11:19:24 | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 26/06/2007 12:14:16 | Attr =    ]
applnch.exe -> C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\applnch.exe -> Microsoft Corporation [Ver = 5.2.2893.2 (bobcatsp1_qfe(bobld).060623-1106) | Size = 376792 bytes | Modified Date = 02/02/2007 13:30:30 | Attr =    ]
4 C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\*.tmp -> 
md5deep.exe -> C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\~yidfqky.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
sed.exe -> C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\~yidfqky.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
swreg.exe -> C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\~yidfqky.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 30/07/2007 03:23:07 | Attr =    ]
dss.dll -> C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\~yidfqky.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 14/10/2007 07:42:28 | Attr =    ]
ExchangePerflog_8484fa31e0914a47ce627a95.dat -> C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\ExchangePerflog_8484fa31e0914a47ce627a95.dat ->  [Ver =  | Size = 2064 bytes | Modified Date = 01/04/2008 09:25:07 | Attr =    ]
4 C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\GWDH_WS5\Local Settings\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Modified Date = 08/02/2008 12:32:16 | Attr =    ]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 25/03/2008 16:19:02 | Attr =    ]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 25/03/2008 11:52:31 | Attr =    ]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 27/02/2008 11:08:41 | Attr =    ]
AVG7 -> %AppData%\AVG7 ->  [Folder | Modified Date = 01/04/2008 09:20:40 | Attr =    ]
Grisoft -> %AppData%\Grisoft ->  [Folder | Modified Date = 25/03/2008 16:19:13 | Attr =    ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 23/01/2008 19:12:09 | Attr =    ]
Xerox -> %AllUsersProfile%\Documents\Xerox ->  [Folder | Modified Date = 05/02/2008 10:05:14 | Attr =    ]
MARK UPS.xls -> %UserProfile%\My Documents\MARK UPS.xls ->  [Ver =  | Size = 30720 bytes | Modified Date = 10/03/2008 14:17:31 | Attr =    ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 20/03/2008 16:20:47 | Attr = R  ]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1796 bytes | Modified Date = 25/03/2008 11:52:05 | Attr =    ]
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1735 bytes | Modified Date = 08/02/2008 12:32:23 | Attr =    ]
AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 855 bytes | Modified Date = 25/03/2008 16:19:08 | Attr =    ]
Book1.xls -> %UserProfile%\Desktop\Book1.xls ->  [Ver =  | Size = 69120 bytes | Modified Date = 17/03/2008 14:24:08 | Attr =    ]
Brochure 2008 Planner.xls -> %UserProfile%\Desktop\Brochure 2008 Planner.xls ->  [Ver =  | Size = 153088 bytes | Modified Date = 26/02/2008 15:05:35 | Attr =    ]
Clearance List 250308.xls -> %UserProfile%\Desktop\Clearance List 250308.xls ->  [Ver =  | Size = 22016 bytes | Modified Date = 28/03/2008 18:39:04 | Attr =    ]
COLLECTION NOTES 2007.xls -> %UserProfile%\Desktop\COLLECTION NOTES 2007.xls ->  [Ver =  | Size = 42496 bytes | Modified Date = 25/02/2008 17:59:51 | Attr =    ]
DELAPIDATION REPAYMETS.xls -> %UserProfile%\Desktop\DELAPIDATION REPAYMETS.xls ->  [Ver =  | Size = 64000 bytes | Modified Date = 14/03/2008 11:52:23 | Attr =    ]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 31/03/2008 08:56:10 | Attr =    ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
GWD DELIVERY NOTE 2007.xls -> %UserProfile%\Desktop\GWD DELIVERY NOTE 2007.xls ->  [Ver =  | Size = 148480 bytes | Modified Date = 28/01/2008 16:46:06 | Attr =    ]
GWD LETTERHEAD TEMPLATE.doc -> %UserProfile%\Desktop\GWD LETTERHEAD TEMPLATE.doc ->  [Ver =  | Size = 791552 bytes | Modified Date = 13/02/2008 15:04:08 | Attr =    ]
GWD NEW PRODUCT LINE FORM.xls -> %UserProfile%\Desktop\GWD NEW PRODUCT LINE FORM.xls ->  [Ver =  | Size = 117760 bytes | Modified Date = 27/03/2008 19:35:55 | Attr =    ]
HijackThis.exe -> %UserProfile%\Desktop\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 04/03/2008 15:05:07 | Attr =    ]
letterhead.doc -> %UserProfile%\Desktop\letterhead.doc ->  [Ver =  | Size = 765440 bytes | Modified Date = 15/02/2008 11:41:29 | Attr =    ]
OOD APR08.doc -> %UserProfile%\Desktop\OOD APR08.doc ->  [Ver =  | Size = 26624 bytes | Modified Date = 14/03/2008 13:04:30 | Attr =    ]
OOD AUGUST08.doc -> %UserProfile%\Desktop\OOD AUGUST08.doc ->  [Ver =  | Size = 27136 bytes | Modified Date = 14/03/2008 13:04:36 | Attr =    ]
OOD JULY08.doc -> %UserProfile%\Desktop\OOD JULY08.doc ->  [Ver =  | Size = 27648 bytes | Modified Date = 14/03/2008 13:04:39 | Attr =    ]
OOD JUNE08.doc -> %UserProfile%\Desktop\OOD JUNE08.doc ->  [Ver =  | Size = 26624 bytes | Modified Date = 14/03/2008 13:04:44 | Attr =    ]
OOD MAR08.doc -> %UserProfile%\Desktop\OOD MAR08.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 14/03/2008 13:04:50 | Attr =    ]
OOD MAY08.doc -> %UserProfile%\Desktop\OOD MAY08.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 14/03/2008 13:04:55 | Attr =    ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 01/04/2008 09:25:23 | Attr =    ]
Park_Garage_Group_Prod_Inf_List_170308.xls -> %UserProfile%\Desktop\Park_Garage_Group_Prod_Inf_List_170308.xls ->  [Ver =  | Size = 146432 bytes | Modified Date = 17/03/2008 14:21:21 | Attr =    ]
Spring-Summer 2008 Promotion For Durex & OTC's..xls -> %UserProfile%\Desktop\Spring-Summer 2008 Promotion For Durex & OTC's..xls ->  [Ver =  | Size = 69632 bytes | Modified Date = 23/01/2008 19:02:16 | Attr =    ]
Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk ->  [Ver =  | Size = 792 bytes | Modified Date = 10/01/2008 09:16:29 | Attr =    ]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 08/02/2008 12:32:21 | Attr =    ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 30/01/2008 17:03:29 | Attr =    ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 25/03/2008 11:51:00 | Attr =    ]

[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

< End of report >
[/code]