[code] OTScanIt logfile created on: 12/04/2008 2:02:33 PM OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Users\hp\Desktop\OTScanIt Windows Vista (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16643) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 958.00 Mb Total Physical Memory | 401.82 Mb Available Physical Memory | 41.94% Memory free 2.12 Gb Paging File | 1.38 Gb Available in Paging File | 64.96% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140.98 Gb Total Space | 108.63 Gb Free Space | 77.05% Space Free | Partition Type: NTFS Drive D: | 8.07 Gb Total Space | 1.82 Gb Free Space | 22.60% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HP-PC Current User Name: hp Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 9.1.11 12Jan07 | Size = 827392 bytes | Modified Date = 12/01/2007 11:36:40 PM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 17/02/2005 2:11:42 AM | Attr = ] qpservice.exe -> %ProgramFiles%\Hp\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 176128 bytes | Modified Date = 28/03/2007 8:45:14 PM | Attr = ] qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> Hewlett-Packard Development Company, L.P. [Ver = 6, 1, 2, 9 | Size = 159744 bytes | Modified Date = 06/11/2006 1:58:18 PM | Attr = ] hpwamain.exe -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> Hewlett-Packard Development Company, L.P. [Ver = 3, 0, 5, 1 | Size = 472776 bytes | Modified Date = 01/03/2007 4:18:36 PM | Attr = ] wifimsg.exe -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -> Hewlett-Packard Development Company, L.P. [Ver = 3.0.4.1 | Size = 317128 bytes | Modified Date = 10/01/2007 7:12:08 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 12/11/2007 11:19:06 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 4:25:21 AM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 3:09:16 PM | Attr = ] astsrv.exe -> %SystemRoot%\System32\AstSrv.exe -> Advanced Software Technologies [Ver = 1, 0, 1, 0 | Size = 53248 bytes | Modified Date = 20/06/2007 10:11:58 AM | Attr = ] avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24/10/2007 9:43:06 AM | Attr = ] avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 01/09/2007 4:34:26 PM | Attr = ] avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 01/09/2007 4:34:20 PM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 4:17:08 PM | Attr = ] avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 01/09/2007 4:34:20 PM | Attr = ] clcapsvc.exe -> %ProgramFiles%\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe -> [Ver = 5.00.2510 | Size = 270431 bytes | Modified Date = 28/03/2007 8:45:34 PM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 14/12/2006 8:49:10 PM | Attr = ] xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 28/11/2006 12:44:58 PM | Attr = ] hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 02/05/2006 5:41:28 PM | Attr = ] clsched.exe -> %ProgramFiles%\Hp\QuickPlay\Kernel\TV\CLSched.exe -> [Ver = 5.00.2504 | Size = 118877 bytes | Modified Date = 28/03/2007 8:45:38 PM | Attr = ] hpqtoaster.exe -> %ProgramFiles%\Hewlett-Packard\Shared\HpqToaster.exe -> [Ver = 1, 10, 1, 1 | Size = 677576 bytes | Modified Date = 30/01/2007 6:58:52 PM | Attr = ] hphc_service.exe -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 19/09/2007 5:30:52 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 04/04/2008 12:24:38 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (AddFiltr) AddFiltr [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1.0.0.1 | Size = 126976 bytes | Modified Date = 26/06/2006 12:50:08 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 3:09:16 PM | Attr = ] (astcc) AST Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\AstSrv.exe -> Advanced Software Technologies [Ver = 1, 0, 1, 0 | Size = 53248 bytes | Modified Date = 20/06/2007 10:11:58 AM | Attr = ] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24/10/2007 9:43:06 AM | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 01/09/2007 4:34:26 PM | Attr = ] (AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 01/09/2007 4:34:20 PM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 4:17:08 PM | Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found (CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> %ProgramFiles%\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe -> [Ver = 5.00.2510 | Size = 270431 bytes | Modified Date = 28/03/2007 8:45:34 PM | Attr = ] (CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> %ProgramFiles%\Hp\QuickPlay\Kernel\TV\CLSched.exe -> [Ver = 5.00.2504 | Size = 118877 bytes | Modified Date = 28/03/2007 8:45:38 PM | Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found (DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found (gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found (HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 19/09/2007 5:30:52 PM | Attr = ] (hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 02/05/2006 5:41:28 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 6:24:18 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 30/03/2008 10:36:30 AM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 14/12/2006 8:49:10 PM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found (RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.98 | Size = 880640 bytes | Modified Date = 12/02/2007 12:36:58 PM | Attr = ] (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found (SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found (stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.560 | Size = 74656 bytes | Modified Date = 17/02/2007 10:31:12 AM | Attr = R ] (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Running] -> -> File not found (VundoFixSvc) VundoFix Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Modified Date = 06/04/2008 9:10:41 PM | Attr = ] (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found (XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 28/11/2006 12:44:58 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 11:16:38 PM | Attr = ] AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 20/12/2007 11:37:06 PM | Attr = ] HP Health Check Scheduler -> [[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> File not found HP Software Update -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 17/02/2005 2:11:42 AM | Attr = ] hpWirelessAssistant -> [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> File not found iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 30/03/2008 10:36:40 AM | Attr = ] NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.10.9759 | Size = 7766016 bytes | Modified Date = 14/01/2007 1:40:00 AM | Attr = ] NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.10.9759 | Size = 81920 bytes | Modified Date = 14/01/2007 1:40:00 AM | Attr = ] NvSvc -> %SystemRoot%\System32\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.10.9759 | Size = 90191 bytes | Modified Date = 14/01/2007 1:40:00 AM | Attr = ] QlbCtrl -> [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] -> File not found QPService -> %ProgramFiles%\Hp\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 176128 bytes | Modified Date = 28/03/2007 8:45:14 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 28/03/2008 11:37:20 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 4:25:21 AM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 9.1.11 12Jan07 | Size = 827392 bytes | Modified Date = 12/01/2007 11:36:40 PM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 12/11/2007 11:19:06 PM | Attr = ] WAWifiMessage -> [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe] -> File not found Windows Defender -> [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> File not found < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> Launcher -> %SystemRoot%\SMINST\Launcher.exe [%WINDIR%\SMINST\launcher.exe] -> soft thinks [Ver = 1, 0, 0, 10 | Size = 44128 bytes | Modified Date = 07/11/2006 8:39:18 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> msnmsgr -> %ProgramFiles%\MSN Messenger\msnmsgr.exe ["C:\Program Files\MSN Messenger\msnmsgr.exe" /background] -> File not found Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 5:43:18 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 24/10/2007 9:43:10 AM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 24/10/2007 9:43:10 AM | Attr = ] < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 24/10/2007 9:43:10 AM | Attr = ] Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 24/10/2007 9:43:10 AM | Attr = ] Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < Run [HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\] > -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> msnmsgr -> %ProgramFiles%\MSN Messenger\msnmsgr.exe ["C:\Program Files\MSN Messenger\msnmsgr.exe" /background] -> File not found Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 5:43:18 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000] > -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> avgwlntf -> %SystemRoot%\System32\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 01/09/2007 4:34:43 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000] > -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 18/12/2007 5:49:22 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\] > -> -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 18/12/2007 5:49:22 PM | Attr = ] HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\] > -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\] > -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2494215785-1015577014-2715653409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 18/12/2007 5:49:22 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 12:08:42 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 6:09:42 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 4:25:19 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 18/12/2007 5:49:22 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 4:25:19 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 6:09:42 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {163C5FA1-5BEB-479F-B3C8-8555490B257F} -> (NVIDIA nForce Networking Controller) -> {68ECB98D-FC8A-448E-B4A4-FBFF112E4D35} -> (Broadcom 802.11b/g WLAN) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24/07/2007 4:17:08 PM | Attr = ] < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> [Files/Folders - Created Within 90 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 10/04/2008 12:59:20 PM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 11/04/2008 5:10:51 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005174784 bytes | Created Date = 11/04/2008 7:23:44 PM | Attr = HS] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 06/04/2008 4:55:43 PM | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 06/04/2008 4:55:43 PM | Attr = RHS] MSNCleaner -> %SystemDrive%\MSNCleaner -> [Folder | Created Date = 11/04/2008 7:22:08 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 06/04/2008 6:35:18 PM | Attr = ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Created Date = 05/04/2008 6:31:06 PM | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 232 bytes | Created Date = 05/04/2008 7:34:25 PM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Created Date = 05/04/2008 7:39:58 PM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Created Date = 05/04/2008 8:07:42 PM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Created Date = 06/04/2008 9:29:18 AM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Created Date = 06/04/2008 9:36:15 AM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Created Date = 06/04/2008 9:53:20 AM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Created Date = 06/04/2008 3:23:37 PM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Created Date = 06/04/2008 4:57:01 PM | Attr = H ] sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Created Date = 06/04/2008 6:00:16 PM | Attr = H ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Created Date = 06/04/2008 7:02:36 PM | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Created Date = 06/04/2008 9:21:59 PM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 05/04/2008 6:31:06 PM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 05/04/2008 7:34:25 PM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 05/04/2008 7:39:58 PM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Created Date = 05/04/2008 8:07:42 PM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/04/2008 9:29:18 AM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/04/2008 9:36:15 AM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/04/2008 9:53:20 AM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/04/2008 3:23:37 PM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/04/2008 4:57:01 PM | Attr = H ] sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/04/2008 6:00:16 PM | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/04/2008 7:02:36 PM | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/04/2008 9:21:59 PM | Attr = H ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 06/04/2008 8:38:35 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 11/04/2008 7:15:21 PM | Attr = ] GEARAspiWDM.sys -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Created Date = 29/01/2008 12:01:28 PM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Created Date = 12/02/2008 10:49:29 PM | Attr = ] GEARAspi.dll -> %SystemRoot%\System32\GEARAspi.dll -> GEAR Software Inc. [Ver = 2.1.1.1 | Size = 107368 bytes | Created Date = 29/01/2008 12:02:30 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 06/04/2008 9:29:27 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 06/04/2008 9:29:27 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 06/04/2008 9:29:27 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Created Date = 28/03/2008 11:37:26 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Created Date = 28/03/2008 11:37:26 PM | Attr = ] VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Created Date = 06/04/2008 9:10:41 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 06/04/2008 6:36:17 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 06/04/2008 6:35:12 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 06/04/2008 6:35:12 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 06/04/2008 6:35:12 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 09/04/2008 12:54:46 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 10/04/2008 1:02:46 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 10/04/2008 1:02:46 PM | Attr = H ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 06/04/2008 6:35:12 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 06/04/2008 6:35:12 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 06/04/2008 6:35:12 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 06/04/2008 6:35:12 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 06/04/2008 6:35:12 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 531 bytes | Created Date = 06/04/2008 3:18:02 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 06/04/2008 6:35:12 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy -> [Folder | Created Date = 06/04/2008 10:46:38 AM | Attr = ] Yahoo! -> %AllUsersProfile%\Yahoo! -> [Folder | Created Date = 17/03/2008 10:06:44 PM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Yahoo! Companion -> [Folder | Created Date = 17/03/2008 10:14:03 PM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 17/03/2008 10:06:37 PM | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 1995657 bytes | Created Date = 11/04/2008 9:42:00 PM | Attr = H ] assignment#3.docx -> %UserProfile%\Desktop\Documents\assignment#3.docx -> [Ver = | Size = 273305 bytes | Created Date = 10/04/2008 3:35:56 PM | Attr = ] chart# 3.xlsx -> %UserProfile%\Desktop\Documents\chart# 3.xlsx -> [Ver = | Size = 17359 bytes | Created Date = 10/04/2008 7:48:49 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\Desktop\Documents\My Sharing Folders.lnk -> [Ver = | Size = 762 bytes | Created Date = 06/04/2008 9:23:07 PM | Attr = ] Simon -> %UserProfile%\Desktop\Documents\Simon -> [Folder | Created Date = 11/03/2008 10:58:52 PM | Attr = ] tuition fees receipt winter 2008.xps -> %UserProfile%\Desktop\Documents\tuition fees receipt winter 2008.xps -> [Ver = | Size = 121510 bytes | Created Date = 31/01/2008 10:25:31 PM | Attr = ] ~$chart. assingment # 3.xlsx -> %UserProfile%\Desktop\Documents\~$chart. assingment # 3.xlsx -> [Ver = | Size = 165 bytes | Created Date = 10/04/2008 4:33:08 PM | Attr = H ] ~$signment#3.docx -> %UserProfile%\Desktop\Documents\~$signment#3.docx -> [Ver = | Size = 162 bytes | Created Date = 10/04/2008 3:36:01 PM | Attr = H ] Yahoo! Messenger.lnk -> %SystemDrive%\Users\Public\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 952 bytes | Created Date = 17/03/2008 10:06:08 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 11/04/2008 5:09:36 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 936 bytes | Created Date = 11/04/2008 7:06:45 PM | Attr = ] informe_finalPoster.zip -> %UserProfile%\Desktop\informe_finalPoster.zip -> [Ver = | Size = 2550591 bytes | Created Date = 05/02/2008 10:18:17 PM | Attr = ] MSNCleaner.exe -> %UserProfile%\Desktop\MSNCleaner.exe -> InfoSpyware - ForoSpyware [Ver = 1.06.0002 | Size = 175104 bytes | Created Date = 24/03/2008 1:15:18 PM | Attr = ] museum research.docx -> %UserProfile%\Desktop\museum research.docx -> [Ver = | Size = 18811 bytes | Created Date = 07/04/2008 9:21:05 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Created Date = 11/04/2008 7:14:05 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 12/04/2008 2:00:06 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Created Date = 12/04/2008 1:57:44 PM | Attr = ] pics for poster -> %UserProfile%\Desktop\pics for poster -> [Folder | Created Date = 29/03/2008 3:06:35 PM | Attr = ] room.westinlongbeach.xps -> %UserProfile%\Desktop\room.westinlongbeach.xps -> [Ver = | Size = 197793 bytes | Created Date = 17/03/2008 9:34:24 PM | Attr = ] virus.docx -> %UserProfile%\Desktop\virus.docx -> [Ver = | Size = 15286 bytes | Created Date = 11/04/2008 7:14:25 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 11/02/2008 11:36:03 AM | Attr = ] BCL Technologies -> %CommonProgramFiles%\BCL Technologies -> [Folder | Created Date = 02/04/2008 6:14:20 PM | Attr = ] [Files/Folders - Modified Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 09/04/2008 11:19:55 AM | Attr = RH ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 10/04/2008 2:53:34 PM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 11/04/2008 5:10:51 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005174784 bytes | Modified Date = 12/04/2008 1:53:22 PM | Attr = HS] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 06/04/2008 4:55:43 PM | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 06/04/2008 4:55:43 PM | Attr = RHS] MSNCleaner -> %SystemDrive%\MSNCleaner -> [Folder | Modified Date = 11/04/2008 7:22:41 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/04/2008 7:06:45 PM | Attr = R ] ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 06/04/2008 10:46:38 AM | Attr = H ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 09/04/2008 12:54:07 AM | Attr = ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Modified Date = 05/04/2008 6:31:06 PM | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 232 bytes | Modified Date = 05/04/2008 7:34:25 PM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Modified Date = 05/04/2008 7:39:58 PM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Modified Date = 05/04/2008 8:07:42 PM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 06/04/2008 9:29:18 AM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 06/04/2008 9:36:15 AM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 06/04/2008 9:53:20 AM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 06/04/2008 3:23:37 PM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 06/04/2008 4:57:01 PM | Attr = H ] sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 06/04/2008 6:00:16 PM | Attr = H ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 06/04/2008 7:02:36 PM | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 06/04/2008 9:21:59 PM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 05/04/2008 6:31:06 PM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 05/04/2008 7:34:25 PM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 05/04/2008 7:39:58 PM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 05/04/2008 8:07:42 PM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/04/2008 9:29:18 AM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/04/2008 9:36:15 AM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/04/2008 9:53:20 AM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/04/2008 3:23:37 PM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/04/2008 4:57:01 PM | Attr = H ] sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/04/2008 6:00:16 PM | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/04/2008 7:02:36 PM | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/04/2008 9:21:59 PM | Attr = H ] SwSetup -> %SystemDrive%\SwSetup -> [Folder | Modified Date = 24/03/2008 10:01:47 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 11/04/2008 7:45:45 PM | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 07/04/2008 10:46:02 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/04/2008 7:21:23 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 11/04/2008 7:15:21 PM | Attr = ] en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 12/02/2008 11:00:26 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 09/04/2008 12:51:07 AM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 09/04/2008 12:51:07 AM | Attr = ] GEARAspiWDM.sys -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 29/01/2008 12:01:28 PM | Attr = ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3072 bytes | Modified Date = 12/04/2008 1:53:41 PM | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3072 bytes | Modified Date = 12/04/2008 1:53:41 PM | Attr = H ] catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 09/04/2008 3:09:12 AM | Attr = ] catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 09/04/2008 3:09:11 AM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 09/04/2008 12:43:11 AM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 10/04/2008 1:02:12 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 09/04/2008 3:06:03 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 436336 bytes | Modified Date = 09/04/2008 3:08:23 AM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 12/02/2008 10:49:29 PM | Attr = ] GEARAspi.dll -> %SystemRoot%\System32\GEARAspi.dll -> GEAR Software Inc. [Ver = 2.1.1.1 | Size = 107368 bytes | Modified Date = 29/01/2008 12:02:30 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 22/02/2008 1:23:35 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 22/02/2008 1:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 22/02/2008 2:33:32 AM | Attr = ] migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 09/04/2008 3:06:01 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 109370 bytes | Modified Date = 11/04/2008 2:27:08 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 626246 bytes | Modified Date = 11/04/2008 2:27:08 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 720952 bytes | Modified Date = 11/04/2008 2:27:08 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Modified Date = 28/03/2008 11:37:26 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Modified Date = 28/03/2008 11:37:26 PM | Attr = ] VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Modified Date = 06/04/2008 9:10:41 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 09/04/2008 3:05:58 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 02/04/2008 6:14:40 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 12/04/2008 1:53:27 PM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 18/02/2008 10:06:55 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 11/04/2008 5:11:26 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/04/2008 2:27:07 PM | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/04/2008 1:03:48 PM | Attr = HS] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1337 bytes | Modified Date = 23/01/2008 8:11:04 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 12/04/2008 2:00:28 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 09/04/2008 12:54:46 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 10/04/2008 1:02:46 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/04/2008 1:54:00 PM | Attr = H ] rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 12/02/2008 11:05:14 PM | Attr = ] servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 13/02/2008 12:00:07 AM | Attr = ] SMINST -> %SystemRoot%\SMINST -> [Folder | Modified Date = 12/04/2008 1:53:39 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 215 bytes | Modified Date = 09/04/2008 12:51:13 AM | Attr = ] System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 11/04/2008 2:27:08 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 12/04/2008 2:01:01 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 531 bytes | Modified Date = 07/04/2008 12:53:46 PM | Attr = ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 09/04/2008 3:09:30 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 12/04/2008 1:53:37 PM | Attr = H ] User_Feed_Synchronization-{485AFE10-E874-481C-92A9-BBFEA9CE5377}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{485AFE10-E874-481C-92A9-BBFEA9CE5377}.job -> [Ver = | Size = 412 bytes | Modified Date = 12/04/2008 2:00:22 PM | Attr = H ] capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> [Ver = | Size = 8 bytes | Modified Date = 27/06/2007 6:51:13 PM | Attr = ] qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6560 bytes | Modified Date = 11/04/2008 7:45:11 PM | Attr = ] qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 8907 bytes | Modified Date = 11/04/2008 7:45:11 PM | Attr = ] opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8328 bytes | Modified Date = 01/09/2007 3:54:31 PM | Attr = ] PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 1380 bytes | Modified Date = 11/04/2008 12:00:14 AM | Attr = ] PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 11/04/2008 12:00:14 AM | Attr = ] PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 11/04/2008 12:00:14 AM | Attr = ] PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 120 bytes | Modified Date = 11/04/2008 12:00:14 AM | Attr = ] PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 828 bytes | Modified Date = 11/04/2008 12:00:14 AM | Attr = ] PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 5396 bytes | Modified Date = 11/04/2008 12:00:14 AM | Attr = ] hp.dat -> C:\ProgramData\Microsoft\User Account Pictures\hp.dat -> [Ver = | Size = 0 bytes | Modified Date = 29/08/2007 2:24:18 AM | Attr = ] HijackThis.exe -> C:\Users\hp\AppData\Local\Temp\~qfmojqn.tmp\HijackThis.exe -> [Ver = | Size = 0 bytes | Modified Date = 11/04/2008 6:59:04 PM | Attr = ] md5deep.exe -> C:\Users\hp\AppData\Local\Temp\~qfmojqn.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 29/07/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Users\hp\AppData\Local\Temp\~qfmojqn.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 29/07/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Users\hp\AppData\Local\Temp\~qfmojqn.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 29/07/2007 10:23:07 PM | Attr = ] dss.dll -> C:\Users\hp\AppData\Local\Temp\~qfmojqn.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 14/10/2007 2:42:28 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Adobe -> [Folder | Modified Date = 11/02/2008 11:36:30 AM | Attr = ] Apple Computer -> %AllUsersProfile%\Apple Computer -> [Folder | Modified Date = 10/04/2008 1:01:51 PM | Attr = ] Microsoft -> %AllUsersProfile%\Microsoft -> [Folder | Modified Date = 02/04/2008 6:18:04 PM | Attr = S] Microsoft Help -> %AllUsersProfile%\Microsoft Help -> [Folder | Modified Date = 09/02/2008 7:21:31 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy -> [Folder | Modified Date = 09/04/2008 12:31:13 AM | Attr = ] Yahoo! -> %AllUsersProfile%\Yahoo! -> [Folder | Modified Date = 17/03/2008 10:07:32 PM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Yahoo! Companion -> [Folder | Modified Date = 17/03/2008 10:14:03 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 17/03/2008 10:07:33 PM | Attr = ] AVG7 -> %AppData%\AVG7 -> [Folder | Modified Date = 12/04/2008 1:55:10 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 11/04/2008 9:51:32 PM | Attr = S] nvModes.001 -> %AppData%\nvModes.001 -> [Ver = | Size = 12884 bytes | Modified Date = 12/04/2008 1:54:52 PM | Attr = ] nvModes.dat -> %AppData%\nvModes.dat -> [Ver = | Size = 12884 bytes | Modified Date = 12/04/2008 1:54:52 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 02/02/2008 11:06:36 AM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 27/03/2008 12:17:36 PM | Attr = ] Apple Computer -> %UserProfile%\AppData\Local\Apple Computer -> [Folder | Modified Date = 11/04/2008 9:57:24 AM | Attr = ] d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 7484 bytes | Modified Date = 25/03/2008 5:40:42 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 5120 bytes | Modified Date = 16/03/2008 9:55:41 PM | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 1995657 bytes | Modified Date = 11/04/2008 10:32:47 PM | Attr = H ] Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Modified Date = 18/03/2008 3:11:14 PM | Attr = ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Modified Date = 12/04/2008 2:01:00 PM | Attr = ] hpqp.ini -> %SystemDrive%\Users\Public\Documents\hpqp.ini -> [Ver = | Size = 146 bytes | Modified Date = 12/04/2008 1:54:28 PM | Attr = ] assignment#3.docx -> %UserProfile%\Desktop\Documents\assignment#3.docx -> [Ver = | Size = 273305 bytes | Modified Date = 11/04/2008 2:31:37 PM | Attr = ] beca-2008 -> %UserProfile%\Desktop\Documents\beca-2008 -> [Folder | Modified Date = 14/01/2008 4:57:19 PM | Attr = ] chart# 3.xlsx -> %UserProfile%\Desktop\Documents\chart# 3.xlsx -> [Ver = | Size = 17359 bytes | Modified Date = 11/04/2008 12:46:34 AM | Attr = ] Concordia Winter 2008! -> %UserProfile%\Desktop\Documents\Concordia Winter 2008! -> [Folder | Modified Date = 18/03/2008 3:35:48 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\Desktop\Documents\My Sharing Folders.lnk -> [Ver = | Size = 762 bytes | Modified Date = 06/04/2008 9:23:07 PM | Attr = ] Simon -> %UserProfile%\Desktop\Documents\Simon -> [Folder | Modified Date = 12/03/2008 5:08:20 PM | Attr = ] tuition fees receipt winter 2008.xps -> %UserProfile%\Desktop\Documents\tuition fees receipt winter 2008.xps -> [Ver = | Size = 121510 bytes | Modified Date = 31/01/2008 10:25:35 PM | Attr = ] ~$chart. assingment # 3.xlsx -> %UserProfile%\Desktop\Documents\~$chart. assingment # 3.xlsx -> [Ver = | Size = 165 bytes | Modified Date = 10/04/2008 4:33:08 PM | Attr = H ] ~$signment#3.docx -> %UserProfile%\Desktop\Documents\~$signment#3.docx -> [Ver = | Size = 162 bytes | Modified Date = 10/04/2008 3:36:01 PM | Attr = H ] Yahoo! Messenger.lnk -> %SystemDrive%\Users\Public\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 952 bytes | Modified Date = 17/03/2008 10:06:08 PM | Attr = ] Documents -> %UserProfile%\Desktop\Documents -> [Folder | Modified Date = 11/04/2008 3:35:28 PM | Attr = R ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 11/04/2008 5:09:15 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 936 bytes | Modified Date = 11/04/2008 7:06:45 PM | Attr = ] informe_finalPoster.zip -> %UserProfile%\Desktop\informe_finalPoster.zip -> [Ver = | Size = 2550591 bytes | Modified Date = 05/02/2008 10:18:13 PM | Attr = ] MSNCleaner.exe -> %UserProfile%\Desktop\MSNCleaner.exe -> InfoSpyware - ForoSpyware [Ver = 1.06.0002 | Size = 175104 bytes | Modified Date = 24/03/2008 1:15:18 PM | Attr = ] museum research.docx -> %UserProfile%\Desktop\museum research.docx -> [Ver = | Size = 18811 bytes | Modified Date = 07/04/2008 10:19:39 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Modified Date = 11/04/2008 7:12:38 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 12/04/2008 2:00:06 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Modified Date = 12/04/2008 1:57:37 PM | Attr = ] pics for poster -> %UserProfile%\Desktop\pics for poster -> [Folder | Modified Date = 02/04/2008 1:13:39 PM | Attr = ] room.westinlongbeach.xps -> %UserProfile%\Desktop\room.westinlongbeach.xps -> [Ver = | Size = 197793 bytes | Modified Date = 17/03/2008 9:34:31 PM | Attr = ] virus.docx -> %UserProfile%\Desktop\virus.docx -> [Ver = | Size = 15286 bytes | Modified Date = 11/04/2008 7:28:28 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 11/02/2008 11:36:37 AM | Attr = ] BCL Technologies -> %CommonProgramFiles%\BCL Technologies -> [Folder | Modified Date = 02/04/2008 6:14:20 PM | Attr = ] < End of report > [/code]