[code] OTScanIt logfile created on: 4/5/2008 8:52:34 PM OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.48 Mb Total Physical Memory | 516.81 Mb Available Physical Memory | 53.92% Memory free 2.26 Gb Paging File | 1.90 Gb Available in Paging File | 84.06% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 177.84 Gb Total Space | 105.34 Gb Free Space | 59.23% Space Free | Partition Type: NTFS Drive D: | 8.44 Gb Total Space | 0.45 Gb Free Space | 5.37% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MELIN Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 3/30/2008 9:25:27 AM | Attr = ] pcsuite.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\pcsuite.exe -> [Ver = 6, 85, 11, 8 | Size = 695808 bytes | Modified Date = 3/31/2008 4:37:11 PM | Attr = ] imapp.exe -> %ProgramFiles%\IncrediMail\bin\IMApp.exe -> IncrediMail, Ltd. [Ver = 5, 2, 5, 2598 | Size = 139305 bytes | Modified Date = 10/31/2006 3:06:14 PM | Attr = ] arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 7:19:16 PM | Attr = ] mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 7:08:06 AM | Attr = ] mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 8:15:18 PM | Attr = ] mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/2/2006 8:49:14 PM | Attr = ] ptssvc.exe -> %ProgramFiles%\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> KODAK [Ver = 2.0.0300 | Size = 45056 bytes | Modified Date = 8/15/2001 6:43:40 AM | Attr = ] servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 12/10/2007 1:59:04 PM | Attr = ] nclusbsrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclUSBSrv.exe -> [Ver = 6, 85, 6, 7 | Size = 122880 bytes | Modified Date = 12/10/2007 1:59:40 PM | Attr = ] nclrssrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclRSSrv.exe -> [Ver = 6, 85, 4, 4 | Size = 117248 bytes | Modified Date = 10/23/2007 10:03:00 AM | Attr = ] mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 1:41:52 AM | Attr = ] mmdiag.exe -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\MMDiag.exe -> Musicmatch, Inc. [Ver = 10.00.4040 | Size = 102400 bytes | Modified Date = 11/7/2006 4:41:44 PM | Attr = ] mim.exe -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mim.exe -> Musicmatch, Inc. [Ver = 10.00.4040 | Size = 419840 bytes | Modified Date = 11/7/2006 4:41:44 PM | Attr = ] wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 8.04.0623.0 | Size = 15360 bytes | Modified Date = 6/23/2004 12:23:00 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 4/4/2008 12:24:38 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 7:19:16 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 376832 bytes | Modified Date = 8/13/2005 4:29:00 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 12/18/2005 9:26:54 PM | Attr = ] (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 7:08:06 AM | Attr = ] (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 8:15:18 PM | Attr = ] (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 3:16:16 AM | Attr = ] (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 1:41:52 AM | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> -> File not found (ptssvc) ptssvc [Win32_Own | Auto | Running] -> %ProgramFiles%\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> KODAK [Ver = 2.0.0300 | Size = 45056 bytes | Modified Date = 8/15/2001 6:43:40 AM | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 12/10/2007 1:59:04 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 3/30/2008 9:25:27 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 3/1/2007 10:37:52 AM | Attr = R ] IncrediMail -> %ProgramFiles%\IncrediMail\bin\incmail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe /c] -> IncrediMail, Ltd. [Ver = 5, 2, 5, 2598 | Size = 204843 bytes | Modified Date = 3/30/2008 9:25:22 AM | Attr = ] PC Suite Tray -> %ProgramFiles%\Nokia\Nokia PC Suite 6\pcsuite.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray] -> [Ver = 6, 85, 11, 8 | Size = 695808 bytes | Modified Date = 3/31/2008 4:37:11 PM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 3/30/2008 9:25:27 AM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 3:32:54 PM | Attr = ] Nokia.PCSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (608) | Size = 1294336 bytes | Modified Date = 11/7/2007 5:35:22 PM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 3/30/2008 9:25:27 AM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 3:32:54 PM | Attr = ] Nokia.PCSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (608) | Size = 1294336 bytes | Modified Date = 11/7/2007 5:35:22 PM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 3/30/2008 9:25:27 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\] > -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 3/1/2007 10:37:52 AM | Attr = R ] IncrediMail -> %ProgramFiles%\IncrediMail\bin\incmail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe /c] -> IncrediMail, Ltd. [Ver = 5, 2, 5, 2598 | Size = 204843 bytes | Modified Date = 3/30/2008 9:25:22 AM | Attr = ] PC Suite Tray -> %ProgramFiles%\Nokia\Nokia PC Suite 6\pcsuite.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray] -> [Ver = 6, 85, 11, 8 | Size = 695808 bytes | Modified Date = 3/31/2008 4:37:11 PM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 3/30/2008 9:25:27 AM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk -> %SystemDrive%\hp\bin\cloaker.exe -> Hewlett-Packard Co. [Ver = 3, 1, 0, 0 | Size = 27136 bytes | Modified Date = 11/6/1999 6:11:14 PM | Attr = ] < HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008] > -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 46080 bytes | Modified Date = 8/13/2005 4:30:00 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008] > -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://games.yahoo.com/card-games -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn5\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> localhost -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> HKEY_USERS\.DEFAULT\: ProxyOverride -> localhost -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-18\: ProxyOverride -> localhost -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\] > -> -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\: Main\\Start Page -> http://games.yahoo.com/card-games -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\: Search\\SearchAssistant -> http://www.google.com -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn5\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ] HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\: ProxyOverride -> localhost -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> online_musicmatch.com [https] -> Trusted sites -> trymedia.com .[http] -> Trusted sites -> trymedia.com .[https] -> Trusted sites -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 56 domain(s) found. -> internet .[about] -> Trusted sites -> mcafee.com .[http] -> Trusted sites -> mcafee.com .[https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\] > -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 56 domain(s) found. -> internet .[about] -> Trusted sites -> mcafee.com .[http] -> Trusted sites -> mcafee.com .[https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\] > -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn5\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {942EFF30-F610-413E-854B-DDDEA0E78A1E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\] > -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {942EFF30-F610-413E-854B-DDDEA0E78A1E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\4144\SiteAdv.dll [McAfee SiteAdvisor] -> File not found {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn5\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn5\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\] > -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn5\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] {d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU [Run IMVU] -> File not found {E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Connection Help] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] CmdMapping\\{AFCA8905-936B-4aeb-A99C-6B35F596B7A3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to AMV Convert Tool... -> %ProgramFiles%\MP3 Player Utilities 4.00\AMVConverter\grab.htm -> File not found Add to Media Manager... -> %ProgramFiles%\MP3 Player Utilities 4.00\MediaManager\grab.htm -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\] > -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] CmdMapping\\{AFCA8905-936B-4aeb-A99C-6B35F596B7A3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\] > -> HKEY_USERS\S-1-5-21-3491572929-91449903-3684209667-1008\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to AMV Convert Tool... -> %ProgramFiles%\MP3 Player Utilities 4.00\AMVConverter\grab.htm -> File not found Add to Media Manager... -> %ProgramFiles%\MP3 Player Utilities 4.00\MediaManager\grab.htm -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {02B7AE55-E28E-44E7-A2B5-BDEF9648FFBE} -> (Motorola SURFboard SB5120 USB Cable Modem) -> {3813B7B4-A132-4DFF-9ACF-98125848B6C8} -> () -> {5DD01A06-8F95-4253-BDB5-9758981F5F49} -> () -> {71BF89B6-FEB9-4C40-B215-02B0701FA97F} -> (Motorola SURFboard SB5120 USB Cable Modem) -> {892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> {933BB1DD-77C1-41ED-983E-E302E1CEB00B} -> (Motorola SURFboard SB5120 USB Cable Modem) -> {DFB7237E-AB50-4032-8460-8C979FA6E714} -> (Motorola SURFboard SB5120 USB Cable Modem) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 7/11/2007 3:09:40 AM | Attr = ] g7ps:{9EACF0FB-4FC7-436E-989B-3197142AD979} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\G7PS\Shared Files\G7PSDLL\G7PS.dll[IE Pluggable Protocol for G7PS Applications] -> G7 Productivity Systems, Inc. [Ver = 1.0.0.0 | Size = 325632 bytes | Modified Date = 11/5/2001 12:32:54 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\4144\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> File not found < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> application/x-vcm8:{560A62D2-E52E-4BC6-A88C-5E4651A2C1D1}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\G7PS\VersaCheck\Messenger for PayCycle\VcmControl.ocx[VersaCheck Messenger MIME Filter] -> G7 Productivity Systems, Inc. [Ver = 1.0.4.1 | Size = 513536 bytes | Modified Date = 5/13/2004 3:52:06 PM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB}[HKEY_LOCAL_MACHINE] -> http://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/axhomepr.cab[HomePrintingCtrl Class] -> {49232000-16E4-426C-A231-62846947304B}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab[SysData Class] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}[HKEY_LOCAL_MACHINE] -> http://www.acclaim.com/cabs/acclaim_v4.cab[GameLauncher Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {AED98630-0251-4E83-917D-43A23D66D507}[HKEY_LOCAL_MACHINE] -> http://activex.microgaming.com/DLHelper/version7/DLHelper.cab[Download Helper Class] -> {BB383206-6DA1-4E80-B62A-3DF950FCC697}[HKEY_LOCAL_MACHINE] -> http://ak.imgag.com/imgag/cp/install/AxCtp2.cab[Create & Print ActiveX Plug-in] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}[HKEY_LOCAL_MACHINE] -> http://www.live365.com/players/play365.cab[Live365Player Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Java/jre1.5.0_06/bin/ssv.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Java/jre1.5.0_06/bin/ssv.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Java/jre1.5.0_06/bin/ssv.dll\\{8AD9C840-044E-11D1-B3E9-00805F499D93} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axhomepr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axhomepr.dll\\.Owner -> {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axhomepr.dll\\{42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dlhelper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dlhelper.dll\\.Owner -> {AED98630-0251-4E83-917D-43A23D66D507} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dlhelper.dll\\{AED98630-0251-4E83-917D-43A23D66D507} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GameLauncher.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GameLauncher.ocx\\.Owner -> {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GameLauncher.ocx\\{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\\{49232000-16E4-426C-A231-62846947304B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/orca20.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/orca20.dll\\.Owner -> {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/orca20.dll\\{42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/orcacm20.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/orcacm20.dll\\.Owner -> {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/orcacm20.dll\\{42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Play365.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Play365.dll\\.Owner -> {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Play365.dll\\{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\\{49232000-16E4-426C-A231-62846947304B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/AxCtp2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/AxCtp2.dll\\.Owner -> {BB383206-6DA1-4E80-B62A-3DF950FCC697} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/AxCtp2.dll\\{BB383206-6DA1-4E80-B62A-3DF950FCC697} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\{49232000-16E4-426C-A231-62846947304B} -> -> [Files/Folders - Created Within 90 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Created Date = 4/3/2008 6:25:19 PM | Attr = HS] MicroGaming -> %SystemDrive%\MicroGaming -> [Folder | Created Date = 1/17/2008 9:44:19 AM | Attr = ] NEO_DVD -> %SystemDrive%\NEO_DVD -> [Folder | Created Date = 3/25/2008 4:11:43 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 4/4/2008 10:43:19 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 4/4/2008 5:15:11 PM | Attr = HS] SDAT -> %SystemDrive%\SDAT -> [Folder | Created Date = 4/2/2008 12:27:05 PM | Attr = ] sdat5265.exe -> %SystemDrive%\sdat5265.exe -> McAfee, Inc. [Ver = 2.2.151 | Size = 42825158 bytes | Created Date = 4/2/2008 12:07:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\sdat5265.exe:Zone.Identifier SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 4/3/2008 3:58:33 PM | Attr = ] WALKOFF -> %SystemDrive%\WALKOFF -> [Folder | Created Date = 3/7/2008 4:47:13 PM | Attr = ] adwarealert.sys -> %SystemRoot%\System32\drivers\adwarealert.sys -> [Ver = | Size = 22512 bytes | Created Date = 4/3/2008 9:41:47 AM | Attr = ] nmwcd.sys -> %SystemRoot%\System32\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Created Date = 3/30/2008 9:15:06 PM | Attr = ] nmwcdc.sys -> %SystemRoot%\System32\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Created Date = 3/30/2008 9:15:07 PM | Attr = ] nmwcdcj.sys -> %SystemRoot%\System32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Created Date = 3/30/2008 9:15:09 PM | Attr = ] nmwcdcm.sys -> %SystemRoot%\System32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Created Date = 3/30/2008 9:15:08 PM | Attr = ] AC3ACM.acm -> %SystemRoot%\System32\AC3ACM.acm -> fccHandler [Ver = 0, 7, 0, 0 | Size = 81920 bytes | Created Date = 3/27/2008 12:02:18 PM | Attr = ] alf2cd.acm -> %SystemRoot%\System32\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 3/27/2008 12:02:18 PM | Attr = ] divx.dll -> %SystemRoot%\System32\divx.dll -> DivXNetworks, Inc. [Ver = 5.0.5.830 | Size = 638976 bytes | Created Date = 3/27/2008 12:02:18 PM | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivXNetworks, Inc. [Ver = 5.0.5.830 | Size = 221215 bytes | Created Date = 3/27/2008 12:02:19 PM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 1/24/2008 7:51:27 PM | Attr = H ] 6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> mcdvd_32.dll -> %SystemRoot%\System32\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 3/27/2008 12:02:18 PM | Attr = ] nmwcdcocls.dll -> %SystemRoot%\System32\nmwcdcocls.dll -> Nokia [Ver = 6.83.6.0 | Size = 65536 bytes | Created Date = 3/30/2008 9:15:06 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Created Date = 1/31/2008 11:13:18 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Created Date = 1/31/2008 11:13:18 PM | Attr = ] Scg726.acm -> %SystemRoot%\System32\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 3/27/2008 12:02:18 PM | Attr = ] vct3216.acm -> %SystemRoot%\System32\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 3/27/2008 12:02:18 PM | Attr = ] xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [Ver = | Size = 524288 bytes | Created Date = 3/27/2008 12:02:18 PM | Attr = ] xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [Ver = | Size = 139264 bytes | Created Date = 3/27/2008 12:02:18 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 4/4/2008 10:44:02 AM | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 4/3/2008 5:15:44 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 4/4/2008 10:43:18 AM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 4/4/2008 10:43:18 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 1/12/2008 2:49:12 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 4/4/2008 10:43:18 AM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 4/4/2008 5:09:49 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 4/5/2008 10:22:00 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 4/5/2008 10:22:00 AM | Attr = H ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 4/4/2008 10:43:18 AM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 4/4/2008 10:43:18 AM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 4/4/2008 10:43:18 AM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 4/4/2008 10:43:18 AM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 4/4/2008 10:43:18 AM | Attr = ] WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx -> [Ver = | Size = 156910 bytes | Created Date = 3/27/2008 12:02:19 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 4/4/2008 10:43:18 AM | Attr = ] AdwareAlert Scheduled Scan.job -> %SystemRoot%\tasks\AdwareAlert Scheduled Scan.job -> [Ver = | Size = 518 bytes | Created Date = 4/3/2008 9:33:08 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] AVS4YOU -> %AllUsersProfile%\Application Data\AVS4YOU -> [Folder | Created Date = 3/27/2008 12:03:31 PM | Attr = ] Citrix -> %AllUsersProfile%\Application Data\Citrix -> [Folder | Created Date = 4/2/2008 10:47:16 AM | Attr = ] Installations -> %AllUsersProfile%\Application Data\Installations -> [Folder | Created Date = 3/30/2008 9:12:40 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 4/5/2008 7:05:59 AM | Attr = ] MGS -> %AllUsersProfile%\Application Data\MGS -> [Folder | Created Date = 1/17/2008 9:44:42 AM | Attr = ] MumboJumbo -> %AllUsersProfile%\Application Data\MumboJumbo -> [Folder | Created Date = 4/4/2008 8:00:16 PM | Attr = ] PC Suite -> %AllUsersProfile%\Application Data\PC Suite -> [Folder | Created Date = 3/30/2008 9:16:41 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 3/8/2008 5:31:33 PM | Attr = ] @Alternate Data Stream - 128 bytes -> %AllUsersProfile%\Application Data\TEMP:AC6124CA AVS4YOU -> %AppData%\AVS4YOU -> [Folder | Created Date = 3/27/2008 12:03:36 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 4/5/2008 7:06:12 AM | Attr = ] McAfee -> %AppData%\McAfee -> [Folder | Created Date = 4/2/2008 10:21:03 AM | Attr = ] NMM-MetaData.db -> %AppData%\NMM-MetaData.db -> [Ver = | Size = 699735 bytes | Created Date = 3/31/2008 2:52:07 PM | Attr = ] Nokia -> %AppData%\Nokia -> [Folder | Created Date = 3/30/2008 9:16:20 PM | Attr = ] Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player -> [Folder | Created Date = 3/30/2008 9:32:43 PM | Attr = ] PC Suite -> %AppData%\PC Suite -> [Folder | Created Date = 3/30/2008 9:15:24 PM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Created Date = 3/26/2008 9:41:47 PM | Attr = ] Citrix -> %UserProfile%\Local Settings\Application Data\Citrix -> [Folder | Created Date = 4/2/2008 10:36:41 AM | Attr = ] 100_1518.JPG -> %UserProfile%\My Documents\100_1518.JPG -> [Ver = | Size = 193600 bytes | Created Date = 1/12/2008 6:20:09 AM | Attr = ] 1099.wps -> %UserProfile%\My Documents\1099.wps -> [Ver = | Size = 10752 bytes | Created Date = 2/18/2008 10:16:21 AM | Attr = ] 36f8b49122ae93d51996aec820b8ff28.QFX -> %UserProfile%\My Documents\36f8b49122ae93d51996aec820b8ff28.QFX -> [Ver = | Size = 10670 bytes | Created Date = 3/4/2008 12:03:46 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\36f8b49122ae93d51996aec820b8ff28.QFX:Zone.Identifier AlbumArtSmall.jpg -> %UserProfile%\My Documents\AlbumArtSmall.jpg -> [Ver = | Size = 2254 bytes | Created Date = 2/16/2008 10:57:04 PM | Attr = HS] AlbumArtYMJ_35736b39_Small.jpg -> %UserProfile%\My Documents\AlbumArtYMJ_35736b39_Small.jpg -> [Ver = | Size = 8805 bytes | Created Date = 2/16/2008 10:56:13 PM | Attr = H ] AlbumArt_{4731B56C-1629-4910-AAD0-AE6DFCDC8ABF}_Large.jpg -> %UserProfile%\My Documents\AlbumArt_{4731B56C-1629-4910-AAD0-AE6DFCDC8ABF}_Large.jpg -> [Ver = | Size = 8668 bytes | Created Date = 2/16/2008 10:57:04 PM | Attr = HS] AlbumArt_{4731B56C-1629-4910-AAD0-AE6DFCDC8ABF}_Small.jpg -> %UserProfile%\My Documents\AlbumArt_{4731B56C-1629-4910-AAD0-AE6DFCDC8ABF}_Small.jpg -> [Ver = | Size = 2254 bytes | Created Date = 2/16/2008 10:57:04 PM | Attr = HS] BurnMyFiles-Setup.exe -> %UserProfile%\My Documents\BurnMyFiles-Setup.exe -> GetData Pty Ltd [Ver = 2.0.0.232 | Size = 5940400 bytes | Created Date = 3/8/2008 5:31:04 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\BurnMyFiles-Setup.exe:Zone.Identifier Downloadhelper.exe -> %UserProfile%\My Documents\Downloadhelper.exe -> [Ver = 1, 0, 0, 4 | Size = 164464 bytes | Created Date = 1/22/2008 9:52:12 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Downloadhelper.exe:Zone.Identifier Folder.jpg -> %UserProfile%\My Documents\Folder.jpg -> [Ver = | Size = 8668 bytes | Created Date = 2/16/2008 10:57:04 PM | Attr = HS] iTunesSetup.exe -> %UserProfile%\My Documents\iTunesSetup.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 59163944 bytes | Created Date = 3/26/2008 9:39:42 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\iTunesSetup.exe:Zone.Identifier jae2.pdf -> %UserProfile%\My Documents\jae2.pdf -> [Ver = | Size = 11252381 bytes | Created Date = 3/20/2008 10:06:57 PM | Attr = ] jaes pic -> %UserProfile%\My Documents\jaes pic -> [Folder | Created Date = 3/20/2008 10:08:49 PM | Attr = ] jaes.pdf -> %UserProfile%\My Documents\jaes.pdf -> [Ver = | Size = 11252381 bytes | Created Date = 3/20/2008 10:06:22 PM | Attr = ] jaes1.pdf -> %UserProfile%\My Documents\jaes1.pdf -> [Ver = | Size = 11252381 bytes | Created Date = 3/20/2008 10:06:39 PM | Attr = ] korn - coming undone.mpg -> %UserProfile%\My Documents\korn - coming undone.mpg -> [Ver = | Size = 35385348 bytes | Created Date = 3/24/2008 8:34:33 PM | Attr = ] ManualPatch.exe -> %UserProfile%\My Documents\ManualPatch.exe -> [Ver = 1, 0, 0, 1 | Size = 121810560 bytes | Created Date = 1/25/2008 5:57:26 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ManualPatch.exe:Zone.Identifier Marc Broussard - Gavin's Song.mp3 -> %UserProfile%\My Documents\Marc Broussard - Gavin's Song.mp3 -> [Ver = | Size = 3080278 bytes | Created Date = 2/16/2008 10:56:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Marc Broussard - Gavin's Song.mp3:Zone.Identifier mcwork.wps -> %UserProfile%\My Documents\mcwork.wps -> [Ver = | Size = 9216 bytes | Created Date = 1/7/2008 2:40:27 PM | Attr = ] New Folder (2) -> %UserProfile%\My Documents\New Folder (2) -> [Folder | Created Date = 2/1/2008 5:12:51 PM | Attr = ] pc.exe -> %UserProfile%\My Documents\pc.exe -> [Ver = 6, 85, 14, 0 | Size = 27505824 bytes | Created Date = 3/30/2008 9:12:11 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\pc.exe:Zone.Identifier rmaform.rtf -> %UserProfile%\My Documents\rmaform.rtf -> [Ver = | Size = 1510 bytes | Created Date = 3/10/2008 4:52:30 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\rmaform.rtf:Zone.Identifier sehw.zip -> %UserProfile%\My Documents\sehw.zip -> [Ver = | Size = 19886 bytes | Created Date = 1/23/2008 8:50:46 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\sehw.zip:Zone.Identifier sems.zip -> %UserProfile%\My Documents\sems.zip -> [Ver = | Size = 23010 bytes | Created Date = 1/23/2008 8:36:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\sems.zip:Zone.Identifier Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 7680 bytes | Created Date = 4/3/2008 9:17:46 AM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable Untitled Document.wps -> %UserProfile%\My Documents\Untitled Document.wps -> [Ver = | Size = 13312 bytes | Created Date = 3/15/2008 8:47:33 PM | Attr = ] voice_4_442356_13214843_-11276135204579.mp3 -> %UserProfile%\My Documents\voice_4_442356_13214843_-11276135204579.mp3 -> [Ver = | Size = 90336 bytes | Created Date = 2/15/2008 7:49:58 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\voice_4_442356_13214843_-11276135204579.mp3:Zone.Identifier voice_4_442588_13214850_-112483233624819.mp3 -> %UserProfile%\My Documents\voice_4_442588_13214850_-112483233624819.mp3 -> [Ver = | Size = 139968 bytes | Created Date = 2/15/2008 7:51:20 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\voice_4_442588_13214850_-112483233624819.mp3:Zone.Identifier Check Printing Software 2000.lnk -> %AllUsersProfile%\Desktop\Check Printing Software 2000.lnk -> [Ver = | Size = 863 bytes | Created Date = 3/31/2008 4:39:35 PM | Attr = ] Elf Bowling 7 - The Last Insult.lnk -> %AllUsersProfile%\Desktop\Elf Bowling 7 - The Last Insult.lnk -> [Ver = | Size = 1943 bytes | Created Date = 4/4/2008 7:59:58 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 707 bytes | Created Date = 4/5/2008 7:06:00 AM | Attr = ] More Yahoo! Games.lnk -> %AllUsersProfile%\Desktop\More Yahoo! Games.lnk -> [Ver = | Size = 1762 bytes | Created Date = 4/4/2008 7:59:53 PM | Attr = ] Nokia PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia PC Suite.lnk -> [Ver = | Size = 2341 bytes | Created Date = 3/30/2008 9:15:58 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1615 bytes | Created Date = 3/26/2008 9:44:05 PM | Attr = ] AVS Video Converter.lnk -> %UserProfile%\Desktop\AVS Video Converter.lnk -> [Ver = | Size = 901 bytes | Created Date = 3/27/2008 12:02:45 PM | Attr = ] AVS4YOU Software Navigator.lnk -> %UserProfile%\Desktop\AVS4YOU Software Navigator.lnk -> [Ver = | Size = 957 bytes | Created Date = 3/27/2008 12:03:09 PM | Attr = ] Burn My Files.lnk -> %UserProfile%\Desktop\Burn My Files.lnk -> [Ver = | Size = 843 bytes | Created Date = 3/8/2008 5:31:52 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1612758 bytes | Created Date = 4/4/2008 10:39:02 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 4/4/2008 6:32:56 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 4/4/2008 6:32:35 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier Incomplete -> %UserProfile%\Desktop\Incomplete -> [Folder | Created Date = 3/25/2008 8:08:22 PM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1549088 bytes | Created Date = 4/5/2008 7:04:43 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/5/2008 8:49:35 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Created Date = 4/5/2008 8:47:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier programs to delete and replace.wps -> %UserProfile%\Desktop\programs to delete and replace.wps -> [Ver = | Size = 11264 bytes | Created Date = 4/4/2008 5:36:30 PM | Attr = ] SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [Ver = | Size = 1415486 bytes | Created Date = 4/3/2008 3:57:43 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier AVSMedia -> %CommonProgramFiles%\AVSMedia -> [Folder | Created Date = 3/27/2008 12:02:33 PM | Attr = ] Nokia -> %CommonProgramFiles%\Nokia -> [Folder | Created Date = 3/30/2008 9:15:49 PM | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Created Date = 3/30/2008 9:15:49 PM | Attr = ] [Files/Folders - Modified Within 90 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 279 bytes | Modified Date = 3/25/2008 11:19:31 AM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/3/2008 9:33:05 AM | Attr = H ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Modified Date = 4/5/2008 7:55:48 AM | Attr = HS] Kodak Pictures -> %SystemDrive%\Kodak Pictures -> [Folder | Modified Date = 1/12/2008 4:49:28 AM | Attr = ] MicroGaming -> %SystemDrive%\MicroGaming -> [Folder | Modified Date = 1/17/2008 9:44:19 AM | Attr = ] NEO_DVD -> %SystemDrive%\NEO_DVD -> [Folder | Modified Date = 3/25/2008 4:12:30 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/5/2008 7:39:47 AM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 4/4/2008 5:09:49 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/4/2008 5:15:11 PM | Attr = HS] SDAT -> %SystemDrive%\SDAT -> [Folder | Modified Date = 4/2/2008 4:21:35 PM | Attr = ] sdat5265.exe -> %SystemDrive%\sdat5265.exe -> McAfee, Inc. [Ver = 2.2.151 | Size = 42825158 bytes | Modified Date = 4/2/2008 4:12:17 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\sdat5265.exe:Zone.Identifier SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 4/3/2008 6:39:04 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/4/2008 10:43:20 AM | Attr = HS] WALKOFF -> %SystemDrive%\WALKOFF -> [Folder | Modified Date = 3/7/2008 4:53:19 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/5/2008 10:22:07 AM | Attr = ] adwarealert.sys -> %SystemRoot%\System32\drivers\adwarealert.sys -> [Ver = | Size = 22512 bytes | Modified Date = 3/31/2008 2:42:55 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 4/3/2008 6:04:10 PM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 4/3/2008 6:04:10 PM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 3/30/2008 10:43:41 PM | Attr = ] MsftWdf_user_01_05_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 3/30/2008 9:20:10 PM | Attr = H ] Msft_User_PCCSWpdDriver_01_05_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 3/30/2008 9:20:18 PM | Attr = H ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 4/2/2008 11:42:57 AM | Attr = ] 6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/5/2008 9:31:48 AM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 3/24/2008 8:15:46 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 93400 bytes | Modified Date = 4/5/2008 7:56:26 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 3/27/2008 1:54:13 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 4/4/2008 10:47:43 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 4/3/2008 9:41:47 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 369688 bytes | Modified Date = 3/31/2008 6:58:06 PM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 4/5/2008 8:48:00 PM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 1/24/2008 7:51:27 PM | Attr = H ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 81906 bytes | Modified Date = 3/9/2008 9:30:48 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 452986 bytes | Modified Date = 3/9/2008 9:30:48 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 544074 bytes | Modified Date = 3/9/2008 9:30:48 AM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 4/4/2008 10:43:20 AM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 3/24/2008 8:15:18 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 4/5/2008 7:56:31 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/12/2008 11:10:32 PM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2/13/2008 4:00:43 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/5/2008 7:55:50 AM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/2/2008 9:08:06 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 4/4/2008 10:44:02 AM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 4/3/2008 5:16:32 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/27/2008 12:03:14 PM | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/23/2008 8:51:37 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/13/2008 4:02:21 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/3/2008 9:41:58 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/3/2008 9:33:05 AM | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/12/2008 2:49:12 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 4/5/2008 10:25:08 AM | Attr = ] orun32.ini -> %SystemRoot%\orun32.ini -> [Ver = | Size = 839 bytes | Modified Date = 2/16/2008 7:50:22 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/5/2008 8:50:02 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 4/4/2008 5:09:49 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/9/2008 9:24:23 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 4/5/2008 10:22:07 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/5/2008 10:22:07 AM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/5/2008 7:56:21 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/4/2008 5:07:45 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/5/2008 8:47:52 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/3/2008 9:33:08 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/5/2008 8:49:32 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 730 bytes | Modified Date = 3/25/2008 9:51:44 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/27/2008 12:02:32 PM | Attr = ] AdwareAlert Scheduled Scan.job -> %SystemRoot%\tasks\AdwareAlert Scheduled Scan.job -> [Ver = | Size = 518 bytes | Modified Date = 4/5/2008 3:00:01 AM | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 276 bytes | Modified Date = 4/5/2008 8:45:00 PM | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 286 bytes | Modified Date = 3/15/2008 1:26:15 AM | Attr = H ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 374 bytes | Modified Date = 3/1/2008 2:00:13 AM | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/5/2008 7:55:52 AM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 13842 bytes | Modified Date = 4/5/2008 7:57:00 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 13842 bytes | Modified Date = 4/5/2008 7:57:00 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8282 bytes | Modified Date = 11/30/2005 4:31:32 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8474 bytes | Modified Date = 3/31/2008 4:35:35 PM | Attr = ] GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\GridLayout.dat -> [Ver = | Size = 396332 bytes | Modified Date = 9/28/2006 7:15:06 PM | Attr = ] pa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\2.0\pa.dat -> [Ver = | Size = 0 bytes | Modified Date = 9/5/2006 1:10:44 PM | Attr = ] CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/24/2007 6:40:37 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/17/2006 9:15:30 AM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 166221 bytes | Modified Date = 5/17/2006 9:15:54 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] AOL -> %AllUsersProfile%\Application Data\AOL -> [Folder | Modified Date = 3/29/2008 8:43:02 AM | Attr = ] Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer -> [Folder | Modified Date = 3/26/2008 9:45:05 PM | Attr = ] AVS4YOU -> %AllUsersProfile%\Application Data\AVS4YOU -> [Folder | Modified Date = 3/27/2008 12:03:31 PM | Attr = ] Citrix -> %AllUsersProfile%\Application Data\Citrix -> [Folder | Modified Date = 4/2/2008 10:47:16 AM | Attr = ] DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [Folder | Modified Date = 3/25/2008 4:11:07 PM | Attr = ] Installations -> %AllUsersProfile%\Application Data\Installations -> [Folder | Modified Date = 3/30/2008 9:12:40 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 4/5/2008 7:05:59 AM | Attr = ] McAfee -> %AllUsersProfile%\Application Data\McAfee -> [Folder | Modified Date = 4/2/2008 10:23:48 AM | Attr = ] MGS -> %AllUsersProfile%\Application Data\MGS -> [Folder | Modified Date = 1/17/2008 9:44:45 AM | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 3/12/2008 3:03:15 AM | Attr = ] MumboJumbo -> %AllUsersProfile%\Application Data\MumboJumbo -> [Folder | Modified Date = 4/4/2008 8:00:16 PM | Attr = ] PC Suite -> %AllUsersProfile%\Application Data\PC Suite -> [Folder | Modified Date = 3/30/2008 9:18:26 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 3/25/2008 4:21:38 PM | Attr = ] @Alternate Data Stream - 128 bytes -> %AllUsersProfile%\Application Data\TEMP:AC6124CA Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 3/26/2008 9:45:35 PM | Attr = ] AVS4YOU -> %AppData%\AVS4YOU -> [Folder | Modified Date = 3/27/2008 12:03:36 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 4/5/2008 7:06:12 AM | Attr = ] McAfee -> %AppData%\McAfee -> [Folder | Modified Date = 4/2/2008 10:21:03 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 3/26/2008 2:41:09 AM | Attr = S] NMM-MetaData.db -> %AppData%\NMM-MetaData.db -> [Ver = | Size = 699735 bytes | Modified Date = 3/31/2008 4:27:55 PM | Attr = ] Nokia -> %AppData%\Nokia -> [Folder | Modified Date = 3/30/2008 9:30:07 PM | Attr = ] Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player -> [Folder | Modified Date = 3/31/2008 3:46:47 PM | Attr = ] PC Suite -> %AppData%\PC Suite -> [Folder | Modified Date = 3/30/2008 10:43:25 PM | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 6682 bytes | Modified Date = 4/4/2008 6:47:28 PM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Modified Date = 3/26/2008 9:41:47 PM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 3/26/2008 9:45:35 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 3/25/2008 3:51:46 PM | Attr = ] Citrix -> %UserProfile%\Local Settings\Application Data\Citrix -> [Folder | Modified Date = 4/2/2008 10:36:41 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 71168 bytes | Modified Date = 4/3/2008 9:17:44 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4232496 bytes | Modified Date = 4/5/2008 7:54:01 AM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 4/4/2008 9:59:50 PM | Attr = ] ESBK.mb -> %AllUsersProfile%\Documents\ESBK.mb -> [Ver = | Size = 3380224 bytes | Modified Date = 3/20/2008 9:32:28 PM | Attr = R ] ESBK.mbb -> %AllUsersProfile%\Documents\ESBK.mbb -> [Ver = | Size = 4122624 bytes | Modified Date = 3/20/2008 9:32:28 PM | Attr = R ] Yahoo -> %AllUsersProfile%\Documents\Yahoo -> [Folder | Modified Date = 3/30/2008 10:44:47 PM | Attr = ] 100_1518.JPG -> %UserProfile%\My Documents\100_1518.JPG -> [Ver = | Size = 193600 bytes | Modified Date = 1/12/2008 4:49:40 AM | Attr = ] 1099.wps -> %UserProfile%\My Documents\1099.wps -> [Ver = | Size = 10752 bytes | Modified Date = 2/18/2008 10:16:21 AM | Attr = ] 36f8b49122ae93d51996aec820b8ff28.QFX -> %UserProfile%\My Documents\36f8b49122ae93d51996aec820b8ff28.QFX -> [Ver = | Size = 10670 bytes | Modified Date = 3/4/2008 12:03:46 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\36f8b49122ae93d51996aec820b8ff28.QFX:Zone.Identifier AlbumArtSmall.jpg -> %UserProfile%\My Documents\AlbumArtSmall.jpg -> [Ver = | Size = 2254 bytes | Modified Date = 2/16/2008 10:57:04 PM | Attr = HS] AlbumArtYMJ_35736b39_Small.jpg -> %UserProfile%\My Documents\AlbumArtYMJ_35736b39_Small.jpg -> [Ver = | Size = 8805 bytes | Modified Date = 2/16/2008 10:56:13 PM | Attr = H ] AlbumArt_{4731B56C-1629-4910-AAD0-AE6DFCDC8ABF}_Large.jpg -> %UserProfile%\My Documents\AlbumArt_{4731B56C-1629-4910-AAD0-AE6DFCDC8ABF}_Large.jpg -> [Ver = | Size = 8668 bytes | Modified Date = 2/16/2008 10:57:04 PM | Attr = HS] AlbumArt_{4731B56C-1629-4910-AAD0-AE6DFCDC8ABF}_Small.jpg -> %UserProfile%\My Documents\AlbumArt_{4731B56C-1629-4910-AAD0-AE6DFCDC8ABF}_Small.jpg -> [Ver = | Size = 2254 bytes | Modified Date = 2/16/2008 10:57:04 PM | Attr = HS] BurnMyFiles-Setup.exe -> %UserProfile%\My Documents\BurnMyFiles-Setup.exe -> GetData Pty Ltd [Ver = 2.0.0.232 | Size = 5940400 bytes | Modified Date = 3/8/2008 5:31:32 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\BurnMyFiles-Setup.exe:Zone.Identifier cps2000.exe -> %UserProfile%\My Documents\cps2000.exe -> [Ver = | Size = 3323192 bytes | Modified Date = 3/31/2008 4:38:37 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\cps2000.exe:Zone.Identifier Downloadhelper.exe -> %UserProfile%\My Documents\Downloadhelper.exe -> [Ver = 1, 0, 0, 4 | Size = 164464 bytes | Modified Date = 1/22/2008 9:52:17 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Downloadhelper.exe:Zone.Identifier Folder.jpg -> %UserProfile%\My Documents\Folder.jpg -> [Ver = | Size = 8668 bytes | Modified Date = 2/16/2008 10:57:04 PM | Attr = HS] iTunesSetup.exe -> %UserProfile%\My Documents\iTunesSetup.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 59163944 bytes | Modified Date = 3/26/2008 9:40:07 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\iTunesSetup.exe:Zone.Identifier jae2.pdf -> %UserProfile%\My Documents\jae2.pdf -> [Ver = | Size = 11252381 bytes | Modified Date = 3/20/2008 10:06:57 PM | Attr = ] jaes pic -> %UserProfile%\My Documents\jaes pic -> [Folder | Modified Date = 3/20/2008 10:12:15 PM | Attr = ] jaes.pdf -> %UserProfile%\My Documents\jaes.pdf -> [Ver = | Size = 11252381 bytes | Modified Date = 3/20/2008 10:06:22 PM | Attr = ] jaes1.pdf -> %UserProfile%\My Documents\jaes1.pdf -> [Ver = | Size = 11252381 bytes | Modified Date = 3/20/2008 10:06:39 PM | Attr = ] korn - coming undone.mpg -> %UserProfile%\My Documents\korn - coming undone.mpg -> [Ver = | Size = 35385348 bytes | Modified Date = 3/24/2008 8:38:50 PM | Attr = ] ManualPatch.exe -> %UserProfile%\My Documents\ManualPatch.exe -> [Ver = 1, 0, 0, 1 | Size = 121810560 bytes | Modified Date = 1/25/2008 5:57:56 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ManualPatch.exe:Zone.Identifier Marc Broussard - Gavin's Song.mp3 -> %UserProfile%\My Documents\Marc Broussard - Gavin's Song.mp3 -> [Ver = | Size = 3080278 bytes | Modified Date = 3/11/2008 10:42:40 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Marc Broussard - Gavin's Song.mp3:Zone.Identifier mcwork.wps -> %UserProfile%\My Documents\mcwork.wps -> [Ver = | Size = 9216 bytes | Modified Date = 1/7/2008 2:40:27 PM | Attr = ] melinchristian -> %UserProfile%\My Documents\melinchristian -> [Folder | Modified Date = 4/5/2008 2:17:34 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 3/31/2008 2:51:36 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 3/31/2008 8:33:11 AM | Attr = R ] MySpaceIM Pics -> %UserProfile%\My Documents\MySpaceIM Pics -> [Folder | Modified Date = 3/28/2008 1:37:45 PM | Attr = ] New Folder (2) -> %UserProfile%\My Documents\New Folder (2) -> [Folder | Modified Date = 2/1/2008 5:12:51 PM | Attr = ] PASSWORDS2.wps -> %UserProfile%\My Documents\PASSWORDS2.wps -> [Ver = | Size = 10752 bytes | Modified Date = 3/27/2008 10:55:11 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\PASSWORDS2.wps:Zone.Identifier pc.exe -> %UserProfile%\My Documents\pc.exe -> [Ver = 6, 85, 14, 0 | Size = 27505824 bytes | Modified Date = 3/30/2008 9:12:40 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\pc.exe:Zone.Identifier Quicken -> %UserProfile%\My Documents\Quicken -> [Folder | Modified Date = 3/31/2008 4:34:03 PM | Attr = ] rmaform.rtf -> %UserProfile%\My Documents\rmaform.rtf -> [Ver = | Size = 1510 bytes | Modified Date = 3/10/2008 4:52:31 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\rmaform.rtf:Zone.Identifier sehw.zip -> %UserProfile%\My Documents\sehw.zip -> [Ver = | Size = 19886 bytes | Modified Date = 1/23/2008 9:10:07 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\sehw.zip:Zone.Identifier sems.zip -> %UserProfile%\My Documents\sems.zip -> [Ver = | Size = 23010 bytes | Modified Date = 1/23/2008 8:36:20 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\sems.zip:Zone.Identifier Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 7680 bytes | Modified Date = 4/3/2008 9:17:46 AM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable Untitled Document.wps -> %UserProfile%\My Documents\Untitled Document.wps -> [Ver = | Size = 13312 bytes | Modified Date = 3/15/2008 8:47:34 PM | Attr = ] VCheck -> %UserProfile%\My Documents\VCheck -> [Folder | Modified Date = 4/4/2008 10:34:04 AM | Attr = ] voice_4_442356_13214843_-11276135204579.mp3 -> %UserProfile%\My Documents\voice_4_442356_13214843_-11276135204579.mp3 -> [Ver = | Size = 90336 bytes | Modified Date = 2/15/2008 7:51:17 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\voice_4_442356_13214843_-11276135204579.mp3:Zone.Identifier voice_4_442588_13214850_-112483233624819.mp3 -> %UserProfile%\My Documents\voice_4_442588_13214850_-112483233624819.mp3 -> [Ver = | Size = 139968 bytes | Modified Date = 2/15/2008 7:51:20 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\voice_4_442588_13214850_-112483233624819.mp3:Zone.Identifier Check Printing Software 2000.lnk -> %AllUsersProfile%\Desktop\Check Printing Software 2000.lnk -> [Ver = | Size = 863 bytes | Modified Date = 3/31/2008 4:39:35 PM | Attr = ] Elf Bowling 7 - The Last Insult.lnk -> %AllUsersProfile%\Desktop\Elf Bowling 7 - The Last Insult.lnk -> [Ver = | Size = 1943 bytes | Modified Date = 4/4/2008 7:59:58 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 707 bytes | Modified Date = 4/5/2008 7:06:00 AM | Attr = ] More Yahoo! Games.lnk -> %AllUsersProfile%\Desktop\More Yahoo! Games.lnk -> [Ver = | Size = 1762 bytes | Modified Date = 4/4/2008 7:59:53 PM | Attr = ] MySpaceIM.lnk -> %AllUsersProfile%\Desktop\MySpaceIM.lnk -> [Ver = | Size = 750 bytes | Modified Date = 2/12/2008 6:36:24 PM | Attr = ] Nokia PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia PC Suite.lnk -> [Ver = | Size = 2341 bytes | Modified Date = 3/31/2008 2:51:11 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1615 bytes | Modified Date = 3/26/2008 9:44:05 PM | Attr = ] Yahoo! Music Jukebox.lnk -> %AllUsersProfile%\Desktop\Yahoo! Music Jukebox.lnk -> [Ver = | Size = 2120 bytes | Modified Date = 2/17/2008 12:28:03 PM | Attr = ] AMV Convert Tool (2).lnk -> %UserProfile%\Desktop\AMV Convert Tool (2).lnk -> [Ver = | Size = 2573 bytes | Modified Date = 3/25/2008 11:53:19 PM | Attr = ] AVS Video Converter.lnk -> %UserProfile%\Desktop\AVS Video Converter.lnk -> [Ver = | Size = 901 bytes | Modified Date = 3/27/2008 12:02:45 PM | Attr = ] AVS4YOU Software Navigator.lnk -> %UserProfile%\Desktop\AVS4YOU Software Navigator.lnk -> [Ver = | Size = 957 bytes | Modified Date = 3/27/2008 12:03:09 PM | Attr = ] Burn My Files.lnk -> %UserProfile%\Desktop\Burn My Files.lnk -> [Ver = | Size = 843 bytes | Modified Date = 3/8/2008 5:31:52 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1612758 bytes | Modified Date = 4/4/2008 10:39:04 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Modified Date = 4/4/2008 6:32:56 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 4/4/2008 6:32:37 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier Incomplete -> %UserProfile%\Desktop\Incomplete -> [Folder | Modified Date = 4/5/2008 3:48:03 PM | Attr = ] kay -> %UserProfile%\Desktop\kay -> [Folder | Modified Date = 3/13/2008 5:57:28 PM | Attr = ] luba audit -> %UserProfile%\Desktop\luba audit -> [Folder | Modified Date = 1/17/2008 9:40:34 AM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1549088 bytes | Modified Date = 4/5/2008 7:04:45 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier mp4 -> %UserProfile%\Desktop\mp4 -> [Folder | Modified Date = 4/5/2008 11:57:57 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/5/2008 8:49:36 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Modified Date = 4/5/2008 8:47:09 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier programs to delete and replace.wps -> %UserProfile%\Desktop\programs to delete and replace.wps -> [Ver = | Size = 11264 bytes | Modified Date = 4/4/2008 6:47:28 PM | Attr = ] SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [Ver = | Size = 1415486 bytes | Modified Date = 4/3/2008 3:57:48 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 3/29/2008 8:43:05 AM | Attr = ] AVSMedia -> %CommonProgramFiles%\AVSMedia -> [Folder | Modified Date = 3/27/2008 12:03:14 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 3/27/2008 12:02:32 PM | Attr = ] Nokia -> %CommonProgramFiles%\Nokia -> [Folder | Modified Date = 3/30/2008 9:15:51 PM | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Modified Date = 3/30/2008 9:15:50 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]