[code] OTScanIt logfile created on: 13/04/2008 21:00:04 OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Users\Indoctrin\Desktop\OTScanIt Windows Vista (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16643) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 893.56 Mb Total Physical Memory | 434.50 Mb Available Physical Memory | 48.63% Memory free 2.00 Gb Paging File | 1.03 Gb Available in Paging File | 51.50% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 66.52 Gb Total Space | 11.76 Gb Free Space | 17.68% Space Free | Partition Type: NTFS Drive D: | 526.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: INDOCTRINATION Current User Name: Indoctrin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4151 | Size = 557056 bytes | Modified Date = 24/11/2006 14:36:02 | Attr = ] ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4151 | Size = 557056 bytes | Modified Date = 24/11/2006 14:36:02 | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 17272 bytes | Modified Date = 29/03/2008 18:11:18 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 144760 bytes | Modified Date = 29/03/2008 18:37:02 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 13:28:18 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 13:31:10 | Attr = ] dlbccoms.exe -> %SystemRoot%\System32\dlbccoms.exe -> [Ver = 6.4.24.0 | Size = 538096 bytes | Modified Date = 01/03/2007 16:52:04 | Attr = ] kservice.exe -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.12.707.160 | Size = 3072184 bytes | Modified Date = 27/02/2008 17:56:54 | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 247160 bytes | Modified Date = 29/03/2008 18:36:22 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 345464 bytes | Modified Date = 29/03/2008 18:30:47 | Attr = ] rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1.0.0.6 | Size = 3772416 bytes | Modified Date = 01/11/2006 09:37:50 | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 9.1.0 27Oct06 | Size = 815104 bytes | Modified Date = 16/11/2006 07:45:30 | Attr = ] aolsoftware.exe -> %CommonProgramFiles%\aol\1162935776\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 14/11/2006 15:01:21 | Attr = ] roxwatchtray9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> Sonic Solutions [Ver = 9.0.2.21 | Size = 228088 bytes | Modified Date = 20/11/2006 22:08:50 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 26/09/2007 20:22:14 | Attr = ] application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> [Ver = 2.2.12.63 | Size = 528384 bytes | Modified Date = 13/06/2007 08:16:02 | Attr = R ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 19/02/2008 14:10:32 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 79224 bytes | Modified Date = 29/03/2008 18:37:13 | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 10:25:42 | Attr = ] smpsys.exe -> %ProgramFiles%\Packard Bell\SetUpMyPC\SmpSys.exe -> Packard Bell BV [Ver = 2.0.0.0 | Size = 1092152 bytes | Modified Date = 23/10/2006 15:49:32 | Attr = ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 45056 bytes | Modified Date = 28/04/2006 10:14:44 | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ] wlan111t.exe -> %ProgramFiles%\NETGEAR\WG111T\wlan111t.exe -> NETGEAR [Ver = 1, 3, 0, 1 | Size = 884840 bytes | Modified Date = 25/01/2006 16:49:02 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 19/02/2008 14:10:24 | Attr = ] cpshelprunner.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe -> Sonic Solutions [Ver = 9.0.2.21 | Size = 17656 bytes | Modified Date = 20/11/2006 22:08:46 | Attr = ] generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca AB [Ver = 1.5.0.395 | Size = 983040 bytes | Modified Date = 16/03/2007 03:23:20 | Attr = R ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 45056 bytes | Modified Date = 28/04/2006 10:14:44 | Attr = ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 45056 bytes | Modified Date = 28/04/2006 10:14:44 | Attr = ] aolacsd.exe -> %CommonProgramFiles%\aol\acs\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 23/10/2006 13:50:35 | Attr = R ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 04/04/2008 12:24:38 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 07/04/2008 23:32:51 | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\aol\acs\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 23/10/2006 13:50:35 | Attr = R ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 13:28:18 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 17272 bytes | Modified Date = 29/03/2008 18:11:18 | Attr = ] (Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4151 | Size = 557056 bytes | Modified Date = 24/11/2006 14:36:02 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 144760 bytes | Modified Date = 29/03/2008 18:37:02 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 247160 bytes | Modified Date = 29/03/2008 18:36:22 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 345464 bytes | Modified Date = 29/03/2008 18:30:47 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 13:31:10 | Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found (dlbc_device) dlbc_device [Win32_Own | Auto | Running] -> %SystemRoot%\System32\dlbccoms.exe -> [Ver = 6.4.24.0 | Size = 538096 bytes | Modified Date = 01/03/2007 16:52:04 | Attr = ] (DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found (gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 19/09/2007 20:12:03 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 04:24:18 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 19/02/2008 14:10:24 | Attr = ] (KService) KService [Win32_Own | Auto | Running] -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.12.707.160 | Size = 3072184 bytes | Modified Date = 27/02/2008 17:56:54 | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found (RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.2.21 | Size = 887544 bytes | Modified Date = 20/11/2006 22:08:48 | Attr = ] (RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.2.21 | Size = 166648 bytes | Modified Date = 20/11/2006 22:08:48 | Attr = ] (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found (SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found (stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 14/09/2006 15:54:34 | Attr = ] (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ["C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 10:25:42 | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 23:16:38 | Attr = ] ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"] -> [Ver = | Size = 90112 bytes | Modified Date = 11/07/2006 18:12:58 | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 79224 bytes | Modified Date = 29/03/2008 18:37:13 | Attr = ] HostManager -> %CommonProgramFiles%\aol\1162935776\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe] -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 14/11/2006 15:01:21 | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 221184 bytes | Modified Date = 25/08/2006 12:11:48 | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 10/06/2005 10:44:02 | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 19/02/2008 14:10:32 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 01/02/2008 00:13:08 | Attr = ] RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> Sonic Solutions [Ver = 9.0.2.21 | Size = 228088 bytes | Modified Date = 20/11/2006 22:08:50 | Attr = ] RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1.0.0.6 | Size = 3772416 bytes | Modified Date = 01/11/2006 09:37:50 | Attr = ] Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ["C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions] -> [Ver = 2.2.12.63 | Size = 528384 bytes | Modified Date = 13/06/2007 08:16:02 | Attr = R ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 9.1.0 27Oct06 | Size = 815104 bytes | Modified Date = 16/11/2006 07:45:30 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 26/09/2007 20:22:14 | Attr = ] Windows Defender -> [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> kdx -> %ProgramFiles%\Kontiki\KHost.exe [C:\Program Files\Kontiki\KHost.exe -all] -> Kontiki Inc. [Ver = 5.12.707.160 | Size = 1032376 bytes | Modified Date = 27/02/2008 17:56:54 | Attr = ] SmpcSys -> %ProgramFiles%\Packard Bell\SetUpMyPC\SmpSys.exe [C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe] -> Packard Bell BV [Ver = 2.0.0.0 | Size = 1092152 bytes | Modified Date = 23/10/2006 15:49:32 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ] < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < Run [HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\] > -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> kdx -> %ProgramFiles%\Kontiki\KHost.exe [C:\Program Files\Kontiki\KHost.exe -all] -> Kontiki Inc. [Ver = 5.12.707.160 | Size = 1032376 bytes | Modified Date = 27/02/2008 17:56:54 | Attr = ] SmpcSys -> %ProgramFiles%\Packard Bell\SetUpMyPC\SmpSys.exe [C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe] -> Packard Bell BV [Ver = 2.0.0.0 | Size = 1092152 bytes | Modified Date = 23/10/2006 15:49:32 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 13:29:58 | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002] > -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002] > -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> ::1 localhost -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\] > -> -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\] > -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\] > -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/09/2007 20:11:55 | Attr = R ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/09/2007 20:11:55 | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/09/2007 20:11:55 | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\] > -> HKEY_USERS\S-1-5-21-2230527900-3846254474-4097666944-1002\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/09/2007 20:11:55 | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {55A1ED8B-35DF-4BA4-A979-BCC9D821E933} -> (Sony Ericsson Device 116 USB Ethernet Emulation (NDIS 5)) -> {77E3DA54-A331-4107-84F3-FBA45206939D} -> (NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter) -> {C340A0B7-E2A3-49F5-957B-48B34C54E5C9} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {CF69ED20-BB2D-43C9-812E-189D5FAA13A0} -> (Ralink Wireless LAN Card V2) -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {459E93B6-150E-45D5-8D4B-45C66FC035FE}[HKEY_LOCAL_MACHINE] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx[get_atlcom Class] -> {48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab[Facebook Photo Uploader 4] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/IEGetPlugin.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/IEGetPlugin.ocx\\.Owner -> {459E93B6-150E-45D5-8D4B-45C66FC035FE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/IEGetPlugin.ocx\\{459E93B6-150E-45D5-8D4B-45C66FC035FE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4_5.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4_5.ocx\\.Owner -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4_5.ocx\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MySpaceUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MySpaceUploader.ocx\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MySpaceUploader.ocx\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/unicows.dll\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/unicows.dll\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> [Registry - Additional Scans - Non-Microsoft Only] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> File not found chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> File not found cmdfile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> File not found exefile [open] -> "%1" %* -> File not found helpfile [open] -> Reg Error: Key does not exist or could not be opened. piffile [open] -> "%1" %* -> File not found regfile [merge] -> Reg Error: Key does not exist or could not be opened. scrfile [config] -> "%1" -> File not found scrfile [open] -> "%1" /S -> File not found txtfile [edit] -> Reg Error: Key does not exist or could not be opened. vbefile [edit] -> "%SystemRoot%\System32\Notepad.exe" %1 -> File not found vbefile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> File not found vbefile [print] -> "%SystemRoot%\System32\Notepad.exe" /p %1 -> File not found vbsfile [edit] -> "%SystemRoot%\System32\Notepad.exe" %1 -> File not found vbsfile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> File not found vbsfile [print] -> "%SystemRoot%\System32\Notepad.exe" /p %1 -> File not found wsffile [edit] -> "%SystemRoot%\System32\Notepad.exe" %1 -> File not found wsffile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> File not found wsffile [print] -> "%SystemRoot%\System32\Notepad.exe" /p %1 -> File not found wshfile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> File not found [Files/Folders - Created Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 12/04/2008 07:00:27 | Attr = ] dell -> %SystemDrive%\dell -> [Folder | Created Date = 24/03/2008 16:33:37 | Attr = ] logs3 -> %SystemDrive%\logs3 -> [Folder | Created Date = 11/04/2008 07:32:18 | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 12/04/2008 20:48:57 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 12/04/2008 06:43:02 | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 20560 bytes | Created Date = 03/04/2008 16:44:15 | Attr = ] aswMonFlt.sys -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 50768 bytes | Created Date = 29/02/2008 09:10:00 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 23152 bytes | Created Date = 29/02/2008 09:13:13 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 75856 bytes | Created Date = 03/04/2008 16:44:15 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 42912 bytes | Created Date = 29/02/2008 09:13:11 | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 08/04/2008 07:33:17 | Attr = ] actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 29/02/2008 09:10:00 | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Created Date = 02/04/2008 06:29:21 | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 1146232 bytes | Created Date = 29/02/2008 09:10:00 | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 95608 bytes | Created Date = 29/02/2008 09:10:26 | Attr = ] CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 22/01/2008 17:59:16 | Attr = ] Deco_32.dll -> %SystemRoot%\System32\Deco_32.dll -> Iterated Systems, Inc. [Ver = 6.1 | Size = 227840 bytes | Created Date = 08/04/2008 06:48:08 | Attr = ] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 03/04/2008 18:39:55 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 03/04/2008 18:39:58 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 03/04/2008 18:39:58 | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 206 bytes | Created Date = 10/04/2008 07:15:28 | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Created Date = 01/02/2008 00:13:18 | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Created Date = 01/02/2008 00:13:18 | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 5212 bytes | Created Date = 09/04/2008 07:47:52 | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 09/04/2008 07:47:26 | Attr = ] dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 95 bytes | Created Date = 24/03/2008 16:46:08 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 12/04/2008 07:01:13 | Attr = ] 5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> FVProtect.exe -> %SystemRoot%\FVProtect.exe -> [Ver = | Size = 4096 bytes | Created Date = 07/04/2008 22:30:49 | Attr = ] iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe -> [Ver = | Size = 4096 bytes | Created Date = 07/04/2008 22:30:47 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 27/02/2008 23:32:50 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 27/02/2008 23:32:50 | Attr = H ] system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX -> [Ver = | Size = 4096 bytes | Created Date = 07/04/2008 22:30:47 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe Systems -> %AllUsersProfile%\Adobe Systems -> [Folder | Created Date = 08/04/2008 06:27:00 | Attr = ] Grisoft -> %AllUsersProfile%\Grisoft -> [Folder | Created Date = 08/04/2008 07:33:11 | Attr = ] Kontiki -> %AllUsersProfile%\Kontiki -> [Folder | Created Date = 11/04/2008 07:32:47 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Created Date = 09/04/2008 19:30:16 | Attr = ] TEMP -> %AllUsersProfile%\TEMP -> [Folder | Created Date = 09/04/2008 08:38:00 | Attr = ] @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2 WLInstaller -> %AllUsersProfile%\WLInstaller -> [Folder | Created Date = 29/02/2008 14:39:27 | Attr = ] GetValue.vbs -> %AppData%\GetValue.vbs -> [Ver = | Size = 691 bytes | Created Date = 09/04/2008 07:47:52 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 08/04/2008 07:33:56 | Attr = ] onOne Software -> %AppData%\onOne Software -> [Folder | Created Date = 08/04/2008 06:57:39 | Attr = ] SafeIT Security -> %AppData%\SafeIT Security -> [Folder | Created Date = 19/03/2008 03:22:40 | Attr = ] SetValue.bat -> %AppData%\SetValue.bat -> [Ver = | Size = 35 bytes | Created Date = 09/04/2008 07:47:52 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 09/04/2008 19:27:39 | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 2157180 bytes | Created Date = 12/04/2008 23:34:17 | Attr = H ] Adobe PDF -> %SystemDrive%\Users\Public\Documents\Adobe PDF -> [Folder | Created Date = 07/04/2008 23:34:19 | Attr = ] backedup -> %UserProfile%\Documents\backedup -> [Folder | Created Date = 18/02/2008 11:24:04 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\backedup:Roxio EMC Stream FM2008_v8.0.2_Patch.exe -> %UserProfile%\Documents\FM2008_v8.0.2_Patch.exe -> Sports Interactive Ltd [Ver = (c)Sports Interactive Ltd2007 | Size = 151071181 bytes | Created Date = 02/03/2008 10:35:39 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\FM2008_v8.0.2_Patch.exe:Zone.Identifier FM_2.21.eng.rar -> %UserProfile%\Documents\FM_2.21.eng.rar -> [Ver = | Size = 374044 bytes | Created Date = 14/03/2008 20:20:19 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\FM_2.21.eng.rar:Zone.Identifier iexplore - Shortcut.lnk -> %UserProfile%\Documents\iexplore - Shortcut.lnk -> [Ver = | Size = 854 bytes | Created Date = 04/04/2008 08:35:12 | Attr = ] Its Inferno Festival 2008.doc -> %UserProfile%\Documents\Its Inferno Festival 2008.doc -> [Ver = | Size = 62464 bytes | Created Date = 26/03/2008 23:45:08 | Attr = ] My Received Files -> %UserProfile%\Documents\My Received Files -> [Folder | Created Date = 18/02/2008 15:15:37 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\My Received Files:Roxio EMC Stream My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk -> [Ver = | Size = 510 bytes | Created Date = 18/02/2008 21:39:06 | Attr = ] R149368.exe -> %UserProfile%\Documents\R149368.exe -> [Ver = 1.3.2.6557 | Size = 21671472 bytes | Created Date = 24/03/2008 16:28:33 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\R149368.exe:Zone.Identifier rabbit adoption form.doc -> %UserProfile%\Documents\rabbit adoption form.doc -> [Ver = | Size = 20480 bytes | Created Date = 09/04/2008 11:55:19 | Attr = ] SafeITDesktop.exe -> %UserProfile%\Documents\SafeITDesktop.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 9726032 bytes | Created Date = 18/03/2008 16:08:26 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\SafeITDesktop.exe:Zone.Identifier setupeng.exe -> %UserProfile%\Documents\setupeng.exe -> [Ver = 4.7.1098.0 | Size = 19890888 bytes | Created Date = 29/02/2008 09:07:06 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\setupeng.exe:Zone.Identifier Sports Interactive -> %UserProfile%\Documents\Sports Interactive -> [Folder | Created Date = 27/02/2008 18:47:41 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\Sports Interactive:Roxio EMC Stream Updater -> %UserProfile%\Documents\Updater -> [Folder | Created Date = 08/04/2008 06:28:14 | Attr = ] ~$ferno Festival Report.doc -> %UserProfile%\Documents\~$ferno Festival Report.doc -> [Ver = | Size = 162 bytes | Created Date = 21/03/2008 11:17:11 | Attr = H ] Adobe Reader 8.lnk -> %SystemDrive%\Users\Public\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1850 bytes | Created Date = 18/02/2008 10:31:37 | Attr = ] avast! Antivirus.lnk -> %SystemDrive%\Users\Public\Desktop\avast! Antivirus.lnk -> [Ver = | Size = 1812 bytes | Created Date = 29/02/2008 09:13:13 | Attr = ] AVG Anti-Spyware.lnk -> %SystemDrive%\Users\Public\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 952 bytes | Created Date = 08/04/2008 07:33:32 | Attr = ] BBC iPlayer Download Manager.lnk -> %SystemDrive%\Users\Public\Desktop\BBC iPlayer Download Manager.lnk -> [Ver = | Size = 1925 bytes | Created Date = 11/04/2008 07:32:58 | Attr = ] Digital Encryptor.lnk -> %SystemDrive%\Users\Public\Desktop\Digital Encryptor.lnk -> [Ver = | Size = 1087 bytes | Created Date = 18/03/2008 17:04:48 | Attr = ] Digital Shredder.lnk -> %SystemDrive%\Users\Public\Desktop\Digital Shredder.lnk -> [Ver = | Size = 2063 bytes | Created Date = 18/03/2008 17:04:48 | Attr = ] iTunes.lnk -> %SystemDrive%\Users\Public\Desktop\iTunes.lnk -> [Ver = | Size = 1804 bytes | Created Date = 27/02/2008 23:32:27 | Attr = ] Locomotion.lnk -> %SystemDrive%\Users\Public\Desktop\Locomotion.lnk -> [Ver = | Size = 1733 bytes | Created Date = 22/01/2008 17:59:05 | Attr = ] QuickTime Player.lnk -> %SystemDrive%\Users\Public\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1689 bytes | Created Date = 27/02/2008 23:30:10 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 865 bytes | Created Date = 09/04/2008 19:28:05 | Attr = ] aswar.exe -> %UserProfile%\Desktop\aswar.exe -> ALWIL Software [Ver = 1.0 | Size = 864120 bytes | Created Date = 12/04/2008 20:41:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\aswar.exe:Zone.Identifier ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 09/04/2008 18:55:19 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner.exe:Zone.Identifier backups -> %UserProfile%\Desktop\backups -> [Folder | Created Date = 12/04/2008 06:41:32 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 12/04/2008 06:59:52 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier GIMP 2.lnk -> %UserProfile%\Desktop\GIMP 2.lnk -> [Ver = | Size = 861 bytes | Created Date = 15/01/2008 00:41:40 | Attr = ] HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 09/04/2008 18:50:23 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HiJackThis.exe:Zone.Identifier Norton_Removal_Tool.exe -> %UserProfile%\Desktop\Norton_Removal_Tool.exe -> [Ver = | Size = 667648 bytes | Created Date = 12/04/2008 19:27:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Norton_Removal_Tool.exe:Zone.Identifier OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Created Date = 12/04/2008 06:42:23 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 13/04/2008 20:55:36 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Created Date = 13/04/2008 14:51:06 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier poppy.htm -> %UserProfile%\Desktop\poppy.htm -> [Ver = | Size = 2876 bytes | Created Date = 13/04/2008 16:22:00 | Attr = ] SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [Ver = | Size = 1419043 bytes | Created Date = 12/04/2008 19:52:34 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Created Date = 09/04/2008 19:06:15 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier Adobe Gamma.lnk -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk -> [Ver = | Size = 1133 bytes | Created Date = 07/04/2008 23:35:26 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 18/02/2008 10:31:20 | Attr = ] Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Created Date = 07/04/2008 23:32:51 | Attr = ] SafeIT Security -> %CommonProgramFiles%\SafeIT Security -> [Folder | Created Date = 18/03/2008 17:04:35 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 29/02/2008 14:43:07 | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 09/04/2008 19:08:13 | Attr = ] [Files/Folders - Modified Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 12/04/2008 07:00:27 | Attr = ] dell -> %SystemDrive%\dell -> [Folder | Modified Date = 24/03/2008 16:33:37 | Attr = ] logs3 -> %SystemDrive%\logs3 -> [Folder | Modified Date = 11/04/2008 07:32:18 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 12/04/2008 19:51:44 | Attr = ] ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 12/04/2008 19:51:46 | Attr = H ] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 12/04/2008 20:48:57 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 13/04/2008 19:40:41 | Attr = HS] Windows -> %SystemRoot% -> [Folder | Modified Date = 12/04/2008 19:51:45 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 12/04/2008 06:43:02 | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 20560 bytes | Modified Date = 29/03/2008 18:35:49 | Attr = ] aswMonFlt.sys -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 50768 bytes | Modified Date = 29/03/2008 18:32:42 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 23152 bytes | Modified Date = 29/03/2008 18:29:08 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 75856 bytes | Modified Date = 29/03/2008 18:31:34 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 42912 bytes | Modified Date = 29/03/2008 18:27:33 | Attr = ] en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 13/02/2008 14:15:13 | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 12/04/2008 17:18:50 | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 12/04/2008 17:18:50 | Attr = ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4576 bytes | Modified Date = 13/04/2008 20:13:51 | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4576 bytes | Modified Date = 13/04/2008 20:13:51 | Attr = H ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 02/04/2008 06:29:46 | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 1146232 bytes | Modified Date = 29/03/2008 18:45:49 | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 95608 bytes | Modified Date = 29/03/2008 18:23:22 | Attr = ] catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 10/04/2008 11:44:34 | Attr = ] catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 12/04/2008 20:26:32 | Attr = ] CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 22/01/2008 17:59:16 | Attr = ] config.nt -> %SystemRoot%\System32\config.nt -> [Ver = | Size = 2577 bytes | Modified Date = 03/04/2008 16:44:04 | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 12/04/2008 19:42:21 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 10/04/2008 11:39:26 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 298304 bytes | Modified Date = 10/04/2008 11:42:28 | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 26/03/2008 08:50:45 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 22/02/2008 01:23:35 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 22/02/2008 01:23:39 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 22/02/2008 02:33:32 | Attr = ] migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 10/04/2008 11:39:20 | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 206 bytes | Modified Date = 10/04/2008 07:15:28 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 112216 bytes | Modified Date = 12/04/2008 07:32:43 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 631670 bytes | Modified Date = 12/04/2008 07:32:43 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Modified Date = 12/04/2008 07:32:43 | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Modified Date = 01/02/2008 00:13:18 | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Modified Date = 01/02/2008 00:13:18 | Attr = ] Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 12/04/2008 20:48:12 | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 5212 bytes | Modified Date = 09/04/2008 07:56:54 | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Modified Date = 28/03/2008 23:19:34 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 10/04/2008 11:39:17 | Attr = ] 5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 13/04/2008 13:52:56 | Attr = S] dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 95 bytes | Modified Date = 24/03/2008 16:46:08 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 11/04/2008 07:30:36 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 12/04/2008 17:31:49 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 12/04/2008 07:01:13 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 03/04/2008 07:11:44 | Attr = R S] FVProtect.exe -> %SystemRoot%\FVProtect.exe -> [Ver = | Size = 4096 bytes | Modified Date = 07/04/2008 22:30:49 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/04/2008 07:32:43 | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 12/04/2008 19:41:38 | Attr = HS] iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe -> [Ver = | Size = 4096 bytes | Modified Date = 07/04/2008 22:30:47 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 13/04/2008 20:58:29 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 27/02/2008 23:32:50 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 27/02/2008 23:32:50 | Attr = H ] rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 13/02/2008 14:20:20 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 09/04/2008 07:47:50 | Attr = ] servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 13/02/2008 22:25:50 | Attr = ] System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 12/04/2008 07:32:43 | Attr = ] system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX -> [Ver = | Size = 4096 bytes | Modified Date = 07/04/2008 22:30:47 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 13/04/2008 20:58:21 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 07/04/2008 22:29:56 | Attr = ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 10/04/2008 11:45:53 | Attr = ] Recovery DVD Creator.job -> %SystemRoot%\tasks\Recovery DVD Creator.job -> [Ver = | Size = 348 bytes | Modified Date = 13/04/2008 21:00:00 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 13/04/2008 13:53:03 | Attr = H ] User_Feed_Synchronization-{B2764A3E-C2C1-4C70-B3B3-63C67D57106A}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{B2764A3E-C2C1-4C70-B3B3-63C67D57106A}.job -> [Ver = | Size = 426 bytes | Modified Date = 13/04/2008 21:00:00 | Attr = H ] qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 13/04/2008 08:33:08 | Attr = ] qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6577 bytes | Modified Date = 13/04/2008 08:33:08 | Attr = ] PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 154008 bytes | Modified Date = 13/04/2008 07:08:57 | Attr = ] PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 13/04/2008 07:08:58 | Attr = ] PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 13/04/2008 07:08:57 | Attr = ] PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 8760 bytes | Modified Date = 13/04/2008 07:08:57 | Attr = ] PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 9384 bytes | Modified Date = 13/04/2008 07:08:57 | Attr = ] PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 90596 bytes | Modified Date = 13/04/2008 07:08:57 | Attr = ] Indoctrin.dat -> C:\ProgramData\Microsoft\User Account Pictures\Indoctrin.dat -> [Ver = | Size = 0 bytes | Modified Date = 11/02/2007 16:32:53 | Attr = ] catchme.dll -> C:\Users\Indoctrin\AppData\Local\Temp\catchme.dll -> [Ver = | Size = 53248 bytes | Modified Date = 12/04/2008 20:33:50 | Attr = ] 4 C:\Users\Indoctrin\AppData\Local\Temp\*.tmp files -> C:\Users\Indoctrin\AppData\Local\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Adobe -> [Folder | Modified Date = 07/04/2008 23:24:14 | Attr = ] Adobe Systems -> %AllUsersProfile%\Adobe Systems -> [Folder | Modified Date = 08/04/2008 06:27:00 | Attr = ] Grisoft -> %AllUsersProfile%\Grisoft -> [Folder | Modified Date = 08/04/2008 07:33:11 | Attr = ] Kontiki -> %AllUsersProfile%\Kontiki -> [Folder | Modified Date = 13/04/2008 20:59:29 | Attr = ] Microsoft -> %AllUsersProfile%\Microsoft -> [Folder | Modified Date = 29/02/2008 14:32:48 | Attr = S] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Modified Date = 09/04/2008 19:30:16 | Attr = ] TEMP -> %AllUsersProfile%\TEMP -> [Folder | Modified Date = 11/04/2008 19:37:59 | Attr = ] @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2 WLInstaller -> %AllUsersProfile%\WLInstaller -> [Folder | Modified Date = 29/02/2008 14:39:27 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 08/04/2008 06:28:14 | Attr = ] GetValue.vbs -> %AppData%\GetValue.vbs -> [Ver = | Size = 691 bytes | Modified Date = 09/04/2008 07:56:54 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 08/04/2008 07:33:56 | Attr = ] gtk-2.0 -> %AppData%\gtk-2.0 -> [Folder | Modified Date = 06/04/2008 21:06:00 | Attr = ] onOne Software -> %AppData%\onOne Software -> [Folder | Modified Date = 08/04/2008 06:57:39 | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 19/02/2008 21:43:44 | Attr = ] SafeIT Security -> %AppData%\SafeIT Security -> [Folder | Modified Date = 19/03/2008 03:22:40 | Attr = ] SetValue.bat -> %AppData%\SetValue.bat -> [Ver = | Size = 35 bytes | Modified Date = 09/04/2008 07:56:54 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 09/04/2008 19:27:39 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 17408 bytes | Modified Date = 17/03/2008 21:43:44 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 73200 bytes | Modified Date = 08/04/2008 06:15:31 | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 2157180 bytes | Modified Date = 13/04/2008 10:09:51 | Attr = H ] Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Modified Date = 29/02/2008 14:54:04 | Attr = ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Modified Date = 13/04/2008 21:00:00 | Attr = ] Adobe PDF -> %SystemDrive%\Users\Public\Documents\Adobe PDF -> [Folder | Modified Date = 07/04/2008 23:34:49 | Attr = ] Sports Interactive -> %SystemDrive%\Users\Public\Documents\Sports Interactive -> [Folder | Modified Date = 02/03/2008 10:39:28 | Attr = ] backedup -> %UserProfile%\Documents\backedup -> [Folder | Modified Date = 27/02/2008 19:24:38 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\backedup:Roxio EMC Stream desktop.ini -> %UserProfile%\Documents\desktop.ini -> [Ver = | Size = 510 bytes | Modified Date = 12/03/2008 08:37:57 | Attr = HS] Emulator -> %UserProfile%\Documents\Emulator -> [Folder | Modified Date = 01/02/2008 23:21:25 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\Emulator:Roxio EMC Stream FM2008_v8.0.2_Patch.exe -> %UserProfile%\Documents\FM2008_v8.0.2_Patch.exe -> Sports Interactive Ltd [Ver = (c)Sports Interactive Ltd2007 | Size = 151071181 bytes | Modified Date = 02/03/2008 10:36:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\FM2008_v8.0.2_Patch.exe:Zone.Identifier fmm -> %UserProfile%\Documents\fmm -> [Folder | Modified Date = 20/02/2008 07:29:53 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\fmm:Roxio EMC Stream FM_2.21.eng.rar -> %UserProfile%\Documents\FM_2.21.eng.rar -> [Ver = | Size = 374044 bytes | Modified Date = 14/03/2008 20:20:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\FM_2.21.eng.rar:Zone.Identifier iexplore - Shortcut.lnk -> %UserProfile%\Documents\iexplore - Shortcut.lnk -> [Ver = | Size = 854 bytes | Modified Date = 04/04/2008 08:35:12 | Attr = ] indoctrinphotography -> %UserProfile%\Documents\indoctrinphotography -> [Folder | Modified Date = 25/03/2008 08:10:29 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\indoctrinphotography:Roxio EMC Stream Its Inferno Festival 2008.doc -> %UserProfile%\Documents\Its Inferno Festival 2008.doc -> [Ver = | Size = 62464 bytes | Modified Date = 26/03/2008 23:45:09 | Attr = ] lucysstuff -> %UserProfile%\Documents\lucysstuff -> [Folder | Modified Date = 13/04/2008 17:02:16 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\lucysstuff:Roxio EMC Stream My PSP Files -> %UserProfile%\Documents\My PSP Files -> [Folder | Modified Date = 07/04/2008 22:50:41 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\My PSP Files:Roxio EMC Stream My Received Files -> %UserProfile%\Documents\My Received Files -> [Folder | Modified Date = 18/02/2008 22:57:00 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\My Received Files:Roxio EMC Stream My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk -> [Ver = | Size = 510 bytes | Modified Date = 13/04/2008 13:59:02 | Attr = ] R149368.exe -> %UserProfile%\Documents\R149368.exe -> [Ver = 1.3.2.6557 | Size = 21671472 bytes | Modified Date = 24/03/2008 16:33:21 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\R149368.exe:Zone.Identifier rabbit adoption form.doc -> %UserProfile%\Documents\rabbit adoption form.doc -> [Ver = | Size = 20480 bytes | Modified Date = 09/04/2008 11:55:19 | Attr = ] SafeITDesktop.exe -> %UserProfile%\Documents\SafeITDesktop.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 9726032 bytes | Modified Date = 18/03/2008 16:08:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\SafeITDesktop.exe:Zone.Identifier setupeng.exe -> %UserProfile%\Documents\setupeng.exe -> [Ver = 4.7.1098.0 | Size = 19890888 bytes | Modified Date = 29/02/2008 09:07:45 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Documents\setupeng.exe:Zone.Identifier Sports Interactive -> %UserProfile%\Documents\Sports Interactive -> [Folder | Modified Date = 02/03/2008 10:28:01 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\Sports Interactive:Roxio EMC Stream Updater -> %UserProfile%\Documents\Updater -> [Folder | Modified Date = 08/04/2008 06:28:14 | Attr = ] Videos -> %UserProfile%\Documents\Videos -> [Folder | Modified Date = 20/03/2008 11:34:25 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Documents\Videos:Roxio EMC Stream ~$ferno Festival Report.doc -> %UserProfile%\Documents\~$ferno Festival Report.doc -> [Ver = | Size = 162 bytes | Modified Date = 21/03/2008 11:17:11 | Attr = H ] Adobe Reader 8.lnk -> %SystemDrive%\Users\Public\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1850 bytes | Modified Date = 18/02/2008 10:31:37 | Attr = ] avast! Antivirus.lnk -> %SystemDrive%\Users\Public\Desktop\avast! Antivirus.lnk -> [Ver = | Size = 1812 bytes | Modified Date = 29/02/2008 09:13:13 | Attr = ] AVG Anti-Spyware.lnk -> %SystemDrive%\Users\Public\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 952 bytes | Modified Date = 08/04/2008 07:33:32 | Attr = ] BBC iPlayer Download Manager.lnk -> %SystemDrive%\Users\Public\Desktop\BBC iPlayer Download Manager.lnk -> [Ver = | Size = 1925 bytes | Modified Date = 11/04/2008 07:32:58 | Attr = ] Digital Encryptor.lnk -> %SystemDrive%\Users\Public\Desktop\Digital Encryptor.lnk -> [Ver = | Size = 1087 bytes | Modified Date = 18/03/2008 17:04:48 | Attr = ] Digital Shredder.lnk -> %SystemDrive%\Users\Public\Desktop\Digital Shredder.lnk -> [Ver = | Size = 2063 bytes | Modified Date = 18/03/2008 17:04:48 | Attr = ] iTunes.lnk -> %SystemDrive%\Users\Public\Desktop\iTunes.lnk -> [Ver = | Size = 1804 bytes | Modified Date = 27/02/2008 23:32:27 | Attr = ] Locomotion.lnk -> %SystemDrive%\Users\Public\Desktop\Locomotion.lnk -> [Ver = | Size = 1733 bytes | Modified Date = 22/01/2008 17:59:05 | Attr = ] QuickTime Player.lnk -> %SystemDrive%\Users\Public\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1689 bytes | Modified Date = 27/02/2008 23:30:10 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 865 bytes | Modified Date = 09/04/2008 19:28:05 | Attr = ] aswar.exe -> %UserProfile%\Desktop\aswar.exe -> ALWIL Software [Ver = 1.0 | Size = 864120 bytes | Modified Date = 12/04/2008 20:42:00 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\aswar.exe:Zone.Identifier ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 09/04/2008 19:00:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner.exe:Zone.Identifier backups -> %UserProfile%\Desktop\backups -> [Folder | Modified Date = 12/04/2008 06:41:32 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 12/04/2008 07:00:22 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier GIMP 2.lnk -> %UserProfile%\Desktop\GIMP 2.lnk -> [Ver = | Size = 861 bytes | Modified Date = 15/01/2008 00:41:40 | Attr = ] HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 09/04/2008 18:51:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HiJackThis.exe:Zone.Identifier Norton_Removal_Tool.exe -> %UserProfile%\Desktop\Norton_Removal_Tool.exe -> [Ver = | Size = 667648 bytes | Modified Date = 12/04/2008 19:27:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Norton_Removal_Tool.exe:Zone.Identifier OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Modified Date = 12/04/2008 06:42:42 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 13/04/2008 20:58:19 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Modified Date = 13/04/2008 14:51:20 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier poppy.htm -> %UserProfile%\Desktop\poppy.htm -> [Ver = | Size = 2876 bytes | Modified Date = 13/04/2008 16:22:01 | Attr = ] SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [Ver = | Size = 1419043 bytes | Modified Date = 12/04/2008 19:52:55 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Modified Date = 09/04/2008 19:06:55 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier Adobe Gamma.lnk -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk -> [Ver = | Size = 1133 bytes | Modified Date = 07/04/2008 23:35:26 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 07/04/2008 23:35:09 | Attr = ] Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Modified Date = 07/04/2008 23:32:51 | Attr = ] aol -> %CommonProgramFiles%\aol -> [Folder | Modified Date = 22/01/2008 09:46:04 | Attr = ] microsoft shared -> %CommonProgramFiles%\microsoft shared -> [Folder | Modified Date = 29/02/2008 14:46:53 | Attr = ] SafeIT Security -> %CommonProgramFiles%\SafeIT Security -> [Folder | Modified Date = 18/03/2008 17:04:35 | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 12/04/2008 19:42:26 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 29/02/2008 14:46:14 | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 09/04/2008 19:08:13 | Attr = ] < End of report > [/code]