[code] OTScanIt logfile created on: 4/8/2008 6:19:16 PM OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Documents and Settings\Jimmy\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1021.98 Mb Total Physical Memory | 575.70 Mb Available Physical Memory | 56.33% Memory free 1.66 Gb Paging File | 1.27 Gb Available in Paging File | 76.42% Paging File free Paging file location(s): c:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.27 Gb Total Space | 39.70 Gb Free Space | 55.71% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 20.39 Gb Total Space | 17.77 Gb Free Space | 87.19% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JIM-PC Current User Name: Jimmy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] smss.exe -> %SystemRoot%\system32\smss -> File not found csrss.exe -> %SystemRoot%\system32\csrss -> File not found winlogon.exe -> %SystemRoot%\system32\winlogon -> File not found services.exe -> %SystemRoot%\system32\services -> File not found lsass.exe -> %SystemRoot%\system32\lsass -> File not found svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> File not found -> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] -> %SystemRoot%\system32\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ] -> %SystemRoot%\system32\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ] svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> File not found -> %SystemRoot%\system32\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> File not found -> %SystemRoot%\System32\appmgmts.dll [AppMgmt] -> File not found -> %SystemRoot%\system32\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ] -> %SystemRoot%\system32\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 5:59:41 AM | Attr = ] -> %SystemRoot%\system32\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 9:39:45 PM | Attr = ] -> %SystemRoot%\system32\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 9:39:45 PM | Attr = ] -> %SystemRoot%\system32\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ] -> %SystemRoot%\system32\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll [helpsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ] -> %SystemRoot%\system32\hidserv.dll [HidServ] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21504 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ] -> %SystemRoot%\system32\hidserv.dll [HidServ] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21504 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ] -> %SystemRoot%\system32\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 12:32:34 PM | Attr = ] -> %SystemRoot%\system32\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 5:28:27 AM | Attr = ] -> %SystemRoot%\system32\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 11:29:46 AM | Attr = ] -> %SystemRoot%\system32\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 3:47:18 AM | Attr = ] -> %SystemRoot%\system32\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ] -> %SystemRoot%\system32\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ] -> %SystemRoot%\system32\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ] -> %SystemRoot%\system32\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 9:27:56 AM | Attr = ] -> %SystemRoot%\system32\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ] -> %SystemRoot%\system32\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\w32time.dll [w32time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\wbem\wmisvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ] -> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ] -> %SystemRoot%\system32\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> File not found -> %SystemRoot%\system32\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> File not found -> %SystemRoot%\system32\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] -> %SystemRoot%\system32\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2/5/2007 1:17:02 PM | Attr = ] -> %SystemRoot%\system32\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 8:35:05 PM | Attr = ] spoolsv.exe -> %SystemRoot%\system32\spoolsv -> File not found guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard -> File not found avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr -> File not found avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc -> File not found ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint -> File not found alg.exe -> %SystemRoot%\system32\alg -> File not found explorer.exe -> %SystemRoot%\explorer -> File not found tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl -> File not found issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch -> File not found avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc -> File not found ssmmgr.exe -> %SystemRoot%\Samsung\PanelMgr\SSMMgr -> File not found avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas -> File not found jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched -> File not found msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr -> File not found googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier -> File not found usnsvc.exe -> %ProgramFiles%\Windows Live\Messenger\usnsvc -> File not found wuauclt.exe -> %SystemRoot%\system32\wuauclt -> File not found wuauclt.exe -> %SystemRoot%\system32\wuauclt -> File not found otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt -> File not found iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE -> File not found wlloginproxy.exe -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WLLoginProxy -> File not found notepad.exe -> %SystemRoot%\system32\notepad -> File not found [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc -> File not found (Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found (ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\alg -> File not found (AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state -> File not found (AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard -> File not found (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr -> File not found (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc -> File not found (BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (Browser) Computer Browser [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc -> File not found (ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv -> File not found (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw -> File not found (COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost -> File not found (CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin -> File not found (dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found (Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc -> File not found (ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services -> File not found (EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found (FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found (Fax) Fax [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\fxssvc -> File not found (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService -> File not found (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (HidServ) HID Input Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT -> File not found (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi -> File not found (lanmanserver) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint -> File not found (LogMeIn) LogMeIn [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\LogMeIn\x86\LogMeIn -> File not found (Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found (mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\mnmsrvc -> File not found (MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc -> [Folder | Modified Date = 8/10/2004 11:01:16 AM | Attr = ] (MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\msiexec -> File not found (NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde -> File not found (NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde -> File not found (Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass -> File not found (Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc -> File not found (Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found (NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass -> File not found (NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE -> File not found (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services -> File not found (PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass -> File not found (ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass -> File not found (RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found (RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found (RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\sessmgr -> File not found (RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found (RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator -> File not found (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp -> File not found (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass -> File not found (SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\scardsvr -> File not found (Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv -> File not found (srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found (stisvc) Windows Image Acquisition (WIA) [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found (SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost -> File not found (SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc -> File not found (TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found (TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found (Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (UMWdf) Windows User Mode Driver Framework [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wdfmgr -> File not found (upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found (UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ups -> File not found (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Windows Live\Messenger\usnsvc -> File not found (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\vssvc -> File not found (w32time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (WebClient) WebClient [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc -> File not found (WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found (WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv -> File not found (wscsvc) Security Center [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found (xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas ["C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized] -> File not found AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> File not found dla -> %SystemRoot%\system32\dla\tfswctrl [C:\WINDOWS\system32\dla\tfswctrl.exe] -> File not found igfxhkcmd -> %SystemRoot%\system32\hkcmd [C:\WINDOWS\system32\hkcmd.exe] -> File not found igfxpers -> %SystemRoot%\system32\igfxpers [C:\WINDOWS\system32\igfxpers.exe] -> File not found igfxtray -> %SystemRoot%\system32\igfxtray [C:\WINDOWS\system32\igfxtray.exe] -> File not found IMJPMIG8.1 -> %SystemRoot%\ime\imjp8_1\imjpmig ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> File not found ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> File not found ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> File not found QuickTime Task -> %ProgramFiles%\QuickTime\qttask ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> File not found Samsung PanelMgr -> %SystemRoot%\Samsung\PanelMgr\SSMMgr [C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun] -> File not found SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched [C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe] -> File not found < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> OTScanIt -> %UserProfile%\Desktop\OTScanIt\OTScanIt [C:\Documents and Settings\Jimmy\Desktop\OTScanIt\OTScanIt.exe] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MsnMsgr -> %ProgramFiles%\Windows Live\Messenger\msnmsgr ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> File not found < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> File not found < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> File not found < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> File not found < Run [HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\] > -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MsnMsgr -> %ProgramFiles%\Windows Live\Messenger\msnmsgr ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> File not found < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop -> File not found < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop -> File not found < Jimmy Startup Folder > -> C:\Documents and Settings\Jimmy\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\desktop -> File not found < Tina Startup Folder > -> C:\Documents and Settings\Tina\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Tina\Start Menu\Programs\Startup\desktop -> File not found < ICQ Agent [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> -> < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd [Debugger] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 5:29:58 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer -> File not found *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit -> File not found *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui -> File not found *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\rundll32 -> File not found Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006] > -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 9:31:28 AM | Attr = ] LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.680 | Size = 87352 bytes | Modified Date = 11/15/2007 7:46:22 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006] > -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (226500 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.mail.yahoo.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-19\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-20\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\] > -> -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\: Main\\Start Page -> http://www.mail.yahoo.com/ -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4224 domain(s) found. -> online_musicmatch.com [https] -> Trusted sites -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4221 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4222 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4222 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4222 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4222 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\] > -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4221 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\] > -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 5:46:14 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\] > -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 5:46:14 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 5:46:14 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\] > -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 5:46:14 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\] > -> HKEY_USERS\S-1-5-21-2387782153-4263827435-1929671467-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {EA587C0F-B352-4299-8EEC-B51D07E53D03} -> 192.168.2.1,4.2.2.2 (Intel(R) PRO/100 VE Network Connection) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 8/31/2007 5:40:02 PM | Attr = R ] vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Key does not exist or could not be opened.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01111F00-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab[Support.com Installer] -> {33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> {4D054067-DE3A-48F9-B19B-BCD229B9AE8D}[HKEY_LOCAL_MACHINE] -> http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab[PrinterHelpEtcActiveX Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}[HKEY_LOCAL_MACHINE] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100[Performance Viewer Activex Control] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LMIProxyHelper.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LMIProxyHelper.exe\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LMIProxyHelper.exe\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrinterHelpEtcActiveX.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrinterHelpEtcActiveX.ocx\\.Owner -> {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrinterHelpEtcActiveX.ocx\\{4D054067-DE3A-48F9-B19B-BCD229B9AE8D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RACtrl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RACtrl.dll\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RACtrl.dll\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlins.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlins.dll\\.Owner -> {01111F00-3E00-11D2-8470-0060089874ED} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlins.dll\\{01111F00-3E00-11D2-8470-0060089874ED} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/unicows.dll\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/unicows.dll\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{4D054067-DE3A-48F9-B19B-BCD229B9AE8D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{4D054067-DE3A-48F9-B19B-BCD229B9AE8D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{4D054067-DE3A-48F9-B19B-BCD229B9AE8D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ractrlkeyhook.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ractrlkeyhook.dll\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ractrlkeyhook.dll\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> -> [Files/Folders - Created Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 1/15/2008 11:07:59 PM | Attr = RH ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071697920 bytes | Created Date = 4/2/2008 12:32:42 AM | Attr = HS] media -> %SystemDrive%\media -> [Folder | Created Date = 3/4/2008 9:00:19 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 4/3/2008 9:29:20 PM | Attr = HS] avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 1/15/2008 9:17:56 PM | Attr = ] avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 1/15/2008 9:18:04 PM | Attr = ] avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 1/15/2008 9:18:04 PM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 4/1/2008 7:47:32 PM | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 1/15/2008 9:18:05 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 1/15/2008 9:18:05 PM | Attr = ] LMIRfsDriver.sys -> %SystemRoot%\System32\drivers\LMIRfsDriver.sys -> LogMeIn, Inc. [Ver = 2.4.2.0 | Size = 46112 bytes | Created Date = 2/15/2008 11:34:33 PM | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 4/2/2008 10:41:35 PM | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 4/2/2008 10:41:35 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/13/2008 7:25:42 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 2/12/2008 7:21:49 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/13/2008 7:25:42 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/13/2008 7:25:42 PM | Attr = ] LMIinit.dll -> %SystemRoot%\System32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.680 | Size = 87352 bytes | Created Date = 2/15/2008 11:34:26 PM | Attr = ] LMIport.dll -> %SystemRoot%\System32\LMIport.dll -> LogMeIn, Inc. [Ver = 0.2.0.0 | Size = 21496 bytes | Created Date = 2/15/2008 11:34:34 PM | Attr = ] LMIRfsClientNP.dll -> %SystemRoot%\System32\LMIRfsClientNP.dll -> LogMeIn, Inc. [Ver = 2.1.3.0 | Size = 83288 bytes | Created Date = 2/15/2008 11:34:33 PM | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 4/2/2008 10:41:35 PM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 4/2/2008 10:41:35 PM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 4/2/2008 10:41:35 PM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 4/2/2008 10:41:35 PM | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 4/2/2008 10:41:35 PM | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 4/2/2008 10:41:35 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 4/2/2008 10:42:03 PM | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 4/2/2008 10:41:35 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 4/2/2008 10:45:47 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/30/2008 7:31:56 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/30/2008 7:31:56 AM | Attr = H ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 4/2/2008 10:45:52 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Created Date = 1/15/2008 9:17:41 PM | Attr = ] Dell -> %AllUsersProfile%\Application Data\Dell -> [Folder | Created Date = 1/26/2008 9:20:32 AM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 1/15/2008 9:17:41 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 4/6/2008 3:09:17 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 4/1/2008 8:09:21 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 3/30/2008 5:47:27 PM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 4/3/2008 8:49:12 PM | Attr = ] AVG7 -> %AppData%\AVG7 -> [Folder | Created Date = 1/15/2008 9:18:12 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 4/1/2008 7:47:43 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 4/6/2008 3:09:23 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 4/1/2008 8:09:14 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 3584 bytes | Created Date = 1/31/2008 8:18:26 PM | Attr = ] AVG-7.5-Anti-virus -> %AllUsersProfile%\Documents\AVG-7.5-Anti-virus -> [Folder | Created Date = 2/12/2008 7:17:45 PM | Attr = ] back-up-2007 -> %AllUsersProfile%\Documents\back-up-2007 -> [Folder | Created Date = 1/15/2008 8:52:47 PM | Attr = ] Google-Toolbar -> %AllUsersProfile%\Documents\Google-Toolbar -> [Folder | Created Date = 2/16/2008 7:16:28 PM | Attr = ] MSN-messenger -> %AllUsersProfile%\Documents\MSN-messenger -> [Folder | Created Date = 2/16/2008 7:23:35 PM | Attr = ] PCG-K15-sony-updates -> %AllUsersProfile%\Documents\PCG-K15-sony-updates -> [Folder | Created Date = 2/12/2008 7:20:32 PM | Attr = ] Spybot -> %AllUsersProfile%\Documents\Spybot -> [Folder | Created Date = 2/12/2008 7:18:16 PM | Attr = ] Troubleshooting-Internet-Connectivity.doc -> %AllUsersProfile%\Documents\Troubleshooting-Internet-Connectivity.doc -> [Ver = | Size = 146944 bytes | Created Date = 2/16/2008 6:51:23 PM | Attr = ] TurboTax -> %AllUsersProfile%\Documents\TurboTax -> [Folder | Created Date = 2/11/2008 9:06:36 PM | Attr = ] TurboTax-new -> %AllUsersProfile%\Documents\TurboTax-new -> [Folder | Created Date = 2/16/2008 3:45:41 PM | Attr = ] XP-key -> %AllUsersProfile%\Documents\XP-key -> [Folder | Created Date = 2/16/2008 2:59:42 PM | Attr = ] State job application.pdf -> %UserProfile%\My Documents\State job application.pdf -> [Ver = | Size = 20191 bytes | Created Date = 2/11/2008 8:41:27 PM | Attr = ] AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk -> [Ver = | Size = 1542 bytes | Created Date = 1/15/2008 9:18:05 PM | Attr = ] Arabicinterpreting.com -> %UserProfile%\Desktop\Arabicinterpreting.com -> [Folder | Created Date = 2/28/2008 11:48:32 PM | Attr = ] AVG-7.5-Anti-virus -> %UserProfile%\Desktop\AVG-7.5-Anti-virus -> [Folder | Created Date = 1/15/2008 8:44:22 PM | Attr = ] Glee Cube.lnk -> %UserProfile%\Desktop\Glee Cube.lnk -> [Ver = | Size = 2313 bytes | Created Date = 3/4/2008 8:59:53 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1744 bytes | Created Date = 4/8/2008 6:09:47 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 4/8/2008 6:09:33 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier jenny[1].pdf -> %UserProfile%\Desktop\jenny[1].pdf -> [Ver = | Size = 707502 bytes | Created Date = 1/24/2008 11:47:43 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/7/2008 7:24:55 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Created Date = 4/7/2008 7:24:29 PM | Attr = ] Shortcut to CD Drive.lnk -> %UserProfile%\Desktop\Shortcut to CD Drive.lnk -> [Ver = | Size = 203 bytes | Created Date = 2/9/2008 7:47:00 PM | Attr = ] Spybot -> %UserProfile%\Desktop\Spybot -> [Folder | Created Date = 1/15/2008 11:34:27 PM | Attr = ] TW cable -> %UserProfile%\Desktop\TW cable -> [Folder | Created Date = 3/4/2008 8:56:59 PM | Attr = ] XP-key -> %UserProfile%\Desktop\XP-key -> [Folder | Created Date = 2/12/2008 10:45:42 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 4/3/2008 8:49:46 PM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 3/4/2008 8:59:26 PM | Attr = ] [Files/Folders - Modified Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 4/6/2008 10:42:01 PM | Attr = RH ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/6/2008 8:22:55 PM | Attr = HS] dell -> %SystemDrive%\dell -> [Folder | Modified Date = 1/19/2008 11:55:03 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4/1/2008 7:53:01 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071697920 bytes | Modified Date = 4/8/2008 6:14:01 PM | Attr = HS] media -> %SystemDrive%\media -> [Folder | Modified Date = 3/4/2008 9:00:19 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/8/2008 6:09:47 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/3/2008 9:29:20 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/8/2008 6:14:22 PM | Attr = ] avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/15/2008 9:17:56 PM | Attr = ] avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 1/15/2008 9:18:04 PM | Attr = ] avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 1/15/2008 9:18:04 PM | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/15/2008 9:18:05 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 1/15/2008 9:18:05 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 3/30/2008 6:11:22 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 226500 bytes | Modified Date = 3/30/2008 6:11:22 PM | Attr = R ] hosts.20080330-181122.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080330-181122.backup -> [Ver = | Size = 226500 bytes | Modified Date = 3/30/2008 6:10:42 PM | Attr = R ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/8/2008 6:03:10 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/13/2008 1:07:02 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 4/2/2008 10:44:25 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 4/3/2008 8:50:45 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 216064 bytes | Modified Date = 4/5/2008 7:43:41 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 65884 bytes | Modified Date = 4/2/2008 7:01:49 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 412008 bytes | Modified Date = 4/2/2008 7:01:49 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 465336 bytes | Modified Date = 4/2/2008 7:01:49 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 4/7/2008 5:51:28 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/8/2008 6:04:55 PM | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/5/2008 10:02:44 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/8/2008 6:14:02 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/6/2008 3:29:13 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 4/2/2008 10:42:03 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/5/2008 10:01:50 AM | Attr = R S] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/13/2008 1:06:56 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/8/2008 6:05:44 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/6/2008 6:39:36 PM | Attr = HS] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 805306368 bytes | Modified Date = 3/10/2008 6:29:07 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/2/2008 7:14:06 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 3/10/2008 6:29:12 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/8/2008 6:09:58 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 4/2/2008 10:45:47 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/30/2008 7:31:56 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 3/30/2008 7:31:56 AM | Attr = H ] system -> %SystemRoot%\system -> [Folder | Modified Date = 1/15/2008 9:17:21 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/6/2008 8:22:55 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/6/2008 3:21:03 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/15/2008 9:08:04 PM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 4/8/2008 6:16:23 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 594 bytes | Modified Date = 4/6/2008 8:22:55 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/30/2008 6:34:45 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/2/2008 7:01:30 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/8/2008 6:14:05 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0 -> [Ver = | Size = 8802 bytes | Modified Date = 4/8/2008 6:14:59 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1 -> [Ver = | Size = 8802 bytes | Modified Date = 4/8/2008 6:14:59 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11 -> [Ver = | Size = 8206 bytes | Modified Date = 9/15/2005 11:23:42 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 3/23/2008 7:07:26 PM | Attr = ] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Modified Date = 4/6/2008 9:05:30 PM | Attr = ] Dell -> %AllUsersProfile%\Application Data\Dell -> [Folder | Modified Date = 1/26/2008 9:20:32 AM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 1/15/2008 9:17:41 PM | Attr = ] Intuit -> %AllUsersProfile%\Application Data\Intuit -> [Folder | Modified Date = 2/11/2008 9:04:31 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 4/6/2008 3:09:17 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 1/16/2008 12:05:16 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 4/1/2008 8:09:21 PM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 1/15/2008 9:13:58 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 4/2/2008 6:12:37 PM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 4/3/2008 8:49:12 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 3/23/2008 6:49:18 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 2/26/2008 12:06:31 AM | Attr = ] AVG7 -> %AppData%\AVG7 -> [Folder | Modified Date = 4/8/2008 6:02:46 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 4/1/2008 7:47:43 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 4/6/2008 3:09:23 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 3/4/2008 8:59:54 PM | Attr = S] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 4/6/2008 3:30:04 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 3584 bytes | Modified Date = 1/31/2008 8:18:26 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 55880 bytes | Modified Date = 4/5/2008 10:43:15 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4319112 bytes | Modified Date = 4/2/2008 9:20:37 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 4/3/2008 8:51:22 PM | Attr = ] AVG-7.5-Anti-virus -> %AllUsersProfile%\Documents\AVG-7.5-Anti-virus -> [Folder | Modified Date = 2/12/2008 7:17:45 PM | Attr = ] back-up-2007 -> %AllUsersProfile%\Documents\back-up-2007 -> [Folder | Modified Date = 1/15/2008 8:57:03 PM | Attr = ] Compare It -> %AllUsersProfile%\Documents\Compare It -> [Folder | Modified Date = 2/12/2008 7:38:11 PM | Attr = ] Google-Toolbar -> %AllUsersProfile%\Documents\Google-Toolbar -> [Folder | Modified Date = 2/16/2008 7:16:49 PM | Attr = ] MSN-messenger -> %AllUsersProfile%\Documents\MSN-messenger -> [Folder | Modified Date = 2/16/2008 8:16:04 PM | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 3/1/2008 10:00:26 PM | Attr = R ] PCG-K15-sony-updates -> %AllUsersProfile%\Documents\PCG-K15-sony-updates -> [Folder | Modified Date = 2/17/2008 7:44:29 PM | Attr = ] Spybot -> %AllUsersProfile%\Documents\Spybot -> [Folder | Modified Date = 2/12/2008 7:30:18 PM | Attr = ] Troubleshooting-Internet-Connectivity.doc -> %AllUsersProfile%\Documents\Troubleshooting-Internet-Connectivity.doc -> [Ver = | Size = 146944 bytes | Modified Date = 2/16/2008 7:00:43 PM | Attr = ] TurboTax -> %AllUsersProfile%\Documents\TurboTax -> [Folder | Modified Date = 2/11/2008 10:28:17 PM | Attr = ] TurboTax-new -> %AllUsersProfile%\Documents\TurboTax-new -> [Folder | Modified Date = 3/28/2008 9:05:24 PM | Attr = ] XP-key -> %AllUsersProfile%\Documents\XP-key -> [Folder | Modified Date = 2/16/2008 3:05:15 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 575 bytes | Modified Date = 4/8/2008 6:14:49 PM | Attr = ] State job application.pdf -> %UserProfile%\My Documents\State job application.pdf -> [Ver = | Size = 20191 bytes | Modified Date = 2/11/2008 8:41:27 PM | Attr = ] AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk -> [Ver = | Size = 1542 bytes | Modified Date = 1/15/2008 9:18:05 PM | Attr = ] AOS -> %UserProfile%\Desktop\AOS -> [Folder | Modified Date = 3/16/2008 11:22:42 PM | Attr = ] Arabicinterpreting.com -> %UserProfile%\Desktop\Arabicinterpreting.com -> [Folder | Modified Date = 4/5/2008 10:39:41 PM | Attr = ] AVG-7.5-Anti-virus -> %UserProfile%\Desktop\AVG-7.5-Anti-virus -> [Folder | Modified Date = 1/15/2008 8:48:09 PM | Attr = ] Brujim.com -> %UserProfile%\Desktop\Brujim.com -> [Folder | Modified Date = 2/17/2008 7:43:12 PM | Attr = ] Craigslist -> %UserProfile%\Desktop\Craigslist -> [Folder | Modified Date = 1/20/2008 7:59:35 PM | Attr = ] eBay -> %UserProfile%\Desktop\eBay -> [Folder | Modified Date = 3/23/2008 7:08:22 PM | Attr = ] Glee Cube.lnk -> %UserProfile%\Desktop\Glee Cube.lnk -> [Ver = | Size = 2313 bytes | Modified Date = 3/4/2008 9:04:46 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1744 bytes | Modified Date = 4/8/2008 6:09:47 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 4/8/2008 6:09:44 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier House -> %UserProfile%\Desktop\House -> [Folder | Modified Date = 1/22/2008 8:56:42 PM | Attr = ] jenny[1].pdf -> %UserProfile%\Desktop\jenny[1].pdf -> [Ver = | Size = 707502 bytes | Modified Date = 1/24/2008 11:47:43 PM | Attr = ] lawpage -> %UserProfile%\Desktop\lawpage -> [Folder | Modified Date = 3/11/2008 9:48:24 PM | Attr = S] Linux Fedora 6 -> %UserProfile%\Desktop\Linux Fedora 6 -> [Folder | Modified Date = 3/13/2008 10:55:14 PM | Attr = S] Linux SUSE 10.2 -> %UserProfile%\Desktop\Linux SUSE 10.2 -> [Folder | Modified Date = 2/16/2008 2:54:02 PM | Attr = ] Microsoft Office FrontPage 2003 (2).lnk -> %UserProfile%\Desktop\Microsoft Office FrontPage 2003 (2).lnk -> [Ver = | Size = 2473 bytes | Modified Date = 3/11/2008 11:44:05 PM | Attr = ] Microsoft Office Word 2003 (2).lnk -> %UserProfile%\Desktop\Microsoft Office Word 2003 (2).lnk -> [Ver = | Size = 2497 bytes | Modified Date = 4/6/2008 11:15:11 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/8/2008 6:10:29 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Modified Date = 4/7/2008 7:24:34 PM | Attr = ] Pictures -> %UserProfile%\Desktop\Pictures -> [Folder | Modified Date = 1/13/2008 7:53:52 PM | Attr = ] resume -> %UserProfile%\Desktop\resume -> [Folder | Modified Date = 3/28/2008 11:05:06 PM | Attr = ] Ryulkim -> %UserProfile%\Desktop\Ryulkim -> [Folder | Modified Date = 3/11/2008 8:44:14 PM | Attr = ] Self-Study -> %UserProfile%\Desktop\Self-Study -> [Folder | Modified Date = 2/26/2008 12:03:56 AM | Attr = ] Shortcut to CD Drive.lnk -> %UserProfile%\Desktop\Shortcut to CD Drive.lnk -> [Ver = | Size = 203 bytes | Modified Date = 2/9/2008 7:47:01 PM | Attr = ] Spybot -> %UserProfile%\Desktop\Spybot -> [Folder | Modified Date = 1/15/2008 11:35:13 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 943 bytes | Modified Date = 1/15/2008 11:36:10 PM | Attr = ] stocks -> %UserProfile%\Desktop\stocks -> [Folder | Modified Date = 4/7/2008 11:25:45 PM | Attr = ] Tax -> %UserProfile%\Desktop\Tax -> [Folder | Modified Date = 2/3/2008 10:28:32 PM | Attr = ] Top-Echelon -> %UserProfile%\Desktop\Top-Echelon -> [Folder | Modified Date = 1/13/2008 10:31:46 PM | Attr = ] TW cable -> %UserProfile%\Desktop\TW cable -> [Folder | Modified Date = 3/4/2008 8:58:17 PM | Attr = ] XP-key -> %UserProfile%\Desktop\XP-key -> [Folder | Modified Date = 2/12/2008 10:46:19 PM | Attr = ] AnswerWorks 4.0 -> %CommonProgramFiles%\AnswerWorks 4.0 -> [Folder | Modified Date = 2/11/2008 9:06:13 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 4/5/2008 9:59:45 AM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 1/15/2008 9:16:26 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 4/3/2008 8:50:01 PM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 4/6/2008 3:29:55 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]