[code] OTScanIt logfile created on: 4/20/2008 9:53:49 PM OTScanIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\Matt Gabak\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.36 Mb Total Physical Memory | 157.22 Mb Available Physical Memory | 30.75% Memory free 1.97 Gb Paging File | 1.65 Gb Available in Paging File | 83.69% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.98 Gb Total Space | 42.64 Gb Free Space | 60.07% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GABAKM Current User Name: Matt Gabak Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] lexbces.exe -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 11:30:48 AM | Attr = ] lexpps.exe -> %SystemRoot%\SYSTEM32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 11:26:20 AM | Attr = ] syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.10.8 22Apr04 | Size = 98304 bytes | Modified Date = 4/22/2004 5:23:44 PM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.10.8 22Apr04 | Size = 507904 bytes | Modified Date = 4/22/2004 5:23:18 PM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 5/21/2003 1:21:18 AM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 9:38:42 AM | Attr = ] lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 1:40:48 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 7/25/2007 5:02:54 PM | Attr = ] dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr = ] sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/21/2003 1:22:36 AM | Attr = ] lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 1:38:54 AM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/21/2003 1:27:46 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4586 | Size = 77824 bytes | Modified Date = 1/8/2004 4:26:00 PM | Attr = ] sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ] lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 1:38:54 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.10.1 | Size = 370176 bytes | Modified Date = 4/19/2008 10:27:54 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] (DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/21/2003 1:22:36 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ] (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 1:10:16 PM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 11:30:48 AM | Attr = ] (LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 1:38:54 AM | Attr = ] (LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 1:40:48 AM | Attr = ] (LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 141848 bytes | Modified Date = 7/20/2007 1:42:30 AM | Attr = ] (NNServ) NNServ [Win32_Own | Auto | Stopped] -> %ProgramFiles%\NewDotNet\nnrun.exe -> File not found (Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/21/2003 1:27:46 AM | Attr = ] (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4586 | Size = 77824 bytes | Modified Date = 1/8/2004 4:26:00 PM | Attr = ] (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ] (WLTRYSVC) WLTRYSVC [Win32_Own | Disabled | Stopped] -> %SystemRoot%\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 11/15/2007 10:24:00 AM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 9:38:42 AM | Attr = ] IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe [C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe] -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 12:59:46 PM | Attr = ] LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> [Ver = | Size = 563984 bytes | Modified Date = 7/25/2007 5:02:54 PM | Attr = ] NvCplDaemon -> %SystemRoot%\SYSTEM32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.4586 | Size = 4866048 bytes | Modified Date = 1/8/2004 4:26:00 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.10.8 22Apr04 | Size = 507904 bytes | Modified Date = 4/22/2004 5:23:18 PM | Attr = ] SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.10.8 22Apr04 | Size = 98304 bytes | Modified Date = 4/22/2004 5:23:44 PM | Attr = ] vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 5/21/2003 1:21:18 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> [] -> File not found DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr = ] DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\] > -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> [] -> File not found DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr = ] DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < Matt Gabak Startup Folder > -> C:\Documents and Settings\Matt Gabak\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Modified Date = 11/25/2004 7:38:02 PM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\khfCSmnm.dll [] -> [Ver = | Size = 38912 bytes | Modified Date = 4/18/2008 10:56:47 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007] > -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> ddccy -> %SystemRoot%\system32\ddccy.dll -> File not found khfCSmnm -> %SystemRoot%\SYSTEM32\khfCSmnm.dll -> [Ver = | Size = 38912 bytes | Modified Date = 4/18/2008 10:56:47 PM | Attr = ] NavLogon -> %SystemRoot%\SYSTEM32\NavLogon.dll -> [Ver = | Size = 45056 bytes | Modified Date = 5/21/2003 1:19:00 AM | Attr = ] WRNotifier -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007] > -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.localnet.com/adv_search.phtml -> HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell.com -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.dell.com -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell.com -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.dell.com -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\] > -> -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\: Main\\Search Bar -> http://www.localnet.com/adv_search.phtml -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\: Main\\Start Page -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\: SearchURL\\ -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\: ProxyOverride -> -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\] > -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\] > -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ] {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1372160 bytes | Modified Date = 12/12/2007 4:20:48 PM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.07b | Size = 118836 bytes | Modified Date = 3/15/2004 2:04:00 AM | Attr = ] {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\khfCSmnm.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 38912 bytes | Modified Date = 4/18/2008 10:56:47 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {A22BAA1F-DB87-4913-9BF1-BAC2B17ADE02} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\vtUKCtrQ.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 275456 bytes | Modified Date = 4/20/2008 1:18:02 AM | Attr = ] < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\] > -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1372160 bytes | Modified Date = 12/12/2007 4:20:48 PM | Attr = ] {d81ca86b-ef63-42af-bee3-4502d9a03c2d}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [MUSICMATCH MX Web Player] -> File not found {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\] > -> HKEY_USERS\S-1-5-21-4278166140-26559167-1261757709-1007\Software\Microsoft\Internet Explorer\Extensions\ -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> LocalNet3 -> IEAKLocalNet -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {15449CB4-EEEE-4885-A14A-8525CA40DB33} -> (1394 Net Adapter) -> {8536260F-41D8-4CE3-93E5-BC6C94BB2B8A} -> (Dell Wireless WLAN 1350 WLAN Mini-PCI Card) -> {884BA71E-E96A-44AE-98C2-1B66E37EA46E} -> (Broadcom 440x 10/100 Integrated Controller) -> {AF5C835B-D675-47F9-B08F-5F8B145ADA81} -> (1394 Net Adapter) -> {B7D78C49-4539-4A19-B9C9-CD19A602D600} -> () -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 12/20/2007 9:48:50 PM | Attr = ] cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 9:38:40 AM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 12/12/2007 4:20:48 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {31435657-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {BD8667B7-38D8-4C77-B580-18C3E146372C}[HKEY_LOCAL_MACHINE] -> http://ak.imgag.com/imgag/cp/install/Crusher.cab[Creative Toolbox Plug-in] -> {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/Crusher.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/Crusher.dll\\.Owner -> {BD8667B7-38D8-4C77-B580-18C3E146372C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/Crusher.dll\\{BD8667B7-38D8-4C77-B580-18C3E146372C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> C:\WINDOWS\SYSTEM32\msv1_0.dll [msv1_0] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 724 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\Auth132 -> C:\WINDOWS\SYSTEM32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 19381 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> -> Reg Error: Key does not exist or could not be opened. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{7C4D65E6-5118-42CF-AA18-7DA8E21365E4} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{9678AAC1-8DCF-4E05-BD27-DEA8824B53DE} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{DA471AAB-32AB-43AC-969F-2D8E147CBF7D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\SYSTEM32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536264704 bytes | Created Date = 4/19/2008 5:54:17 PM | Attr = HS] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 4/20/2008 9:48:08 PM | Attr = ] brwlsags.ini -> %SystemRoot%\System32\brwlsags.ini -> [Ver = | Size = 1540746 bytes | Created Date = 4/20/2008 1:19:21 AM | Attr = HS] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 6, 7, 0, 1 | Size = 156992 bytes | Created Date = 2/20/2008 10:03:42 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/18/2008 6:32:14 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/18/2008 6:32:14 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/18/2008 6:32:14 PM | Attr = ] khfCSmnm.dll -> %SystemRoot%\System32\khfCSmnm.dll -> [Ver = | Size = 38912 bytes | Created Date = 4/18/2008 10:56:46 PM | Attr = ] QrtCKUtv.ini -> %SystemRoot%\System32\QrtCKUtv.ini -> [Ver = | Size = 320609 bytes | Created Date = 4/20/2008 1:18:04 AM | Attr = HS] QrtCKUtv.ini2 -> %SystemRoot%\System32\QrtCKUtv.ini2 -> [Ver = | Size = 320609 bytes | Created Date = 4/20/2008 1:18:05 AM | Attr = HS] vtUKCtrQ.dll -> %SystemRoot%\System32\vtUKCtrQ.dll -> [Ver = | Size = 275456 bytes | Created Date = 4/20/2008 1:18:00 AM | Attr = ] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 361 bytes | Created Date = 4/19/2008 11:05:52 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 4/19/2008 5:37:47 PM | Attr = ] SupportSoft -> %AllUsersProfile%\Application Data\SupportSoft -> [Folder | Created Date = 2/16/2008 6:51:05 PM | Attr = ] DivX -> %AppData%\DivX -> [Folder | Created Date = 3/30/2008 12:25:05 PM | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Created Date = 3/30/2008 12:42:30 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 4/19/2008 5:58:33 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Created Date = 4/11/2008 10:25:00 PM | Attr = ] TmpRecentIcons -> %AppData%\TmpRecentIcons -> [Folder | Created Date = 4/19/2008 12:23:00 AM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Created Date = 3/30/2008 2:40:59 PM | Attr = ] SupportSoft -> %UserProfile%\Local Settings\Application Data\SupportSoft -> [Folder | Created Date = 2/16/2008 11:25:49 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Created Date = 4/14/2008 5:15:20 PM | Attr = ] My PSP8 Files -> %UserProfile%\My Documents\My PSP8 Files -> [Folder | Created Date = 4/18/2008 11:01:38 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Created Date = 4/20/2008 9:36:16 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/20/2008 9:52:43 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541296 bytes | Created Date = 4/20/2008 9:37:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Virus Protection -> %UserProfile%\Desktop\Virus Protection -> [Folder | Created Date = 4/19/2008 11:52:20 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 4/19/2008 5:37:12 PM | Attr = ] supportsoft -> %CommonProgramFiles%\supportsoft -> [Folder | Created Date = 2/16/2008 6:50:24 PM | Attr = ] [Files/Folders - Modified Within 90 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/20/2008 12:06:20 AM | Attr = RHS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536264704 bytes | Modified Date = 4/20/2008 9:10:16 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/19/2008 10:25:04 PM | Attr = R ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/20/2008 9:11:17 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 4/20/2008 9:48:08 PM | Attr = ] brwlsags.ini -> %SystemRoot%\System32\brwlsags.ini -> [Ver = | Size = 1540746 bytes | Modified Date = 4/20/2008 9:34:59 PM | Attr = HS] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/20/2008 9:13:45 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 6, 7, 0, 1 | Size = 156992 bytes | Modified Date = 2/20/2008 10:03:42 PM | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 4/8/2008 11:29:31 PM | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 3/31/2008 11:06:17 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 352176 bytes | Modified Date = 4/19/2008 11:46:31 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] khfCSmnm.dll -> %SystemRoot%\System32\khfCSmnm.dll -> [Ver = | Size = 38912 bytes | Modified Date = 4/18/2008 10:56:47 PM | Attr = ] nvModes.001 -> %SystemRoot%\System32\nvModes.001 -> [Ver = | Size = 17332 bytes | Modified Date = 4/20/2008 9:11:48 PM | Attr = ] nvModes.dat -> %SystemRoot%\System32\nvModes.dat -> [Ver = | Size = 17332 bytes | Modified Date = 4/18/2008 11:50:23 PM | Attr = ] PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT -> [Ver = | Size = 55522 bytes | Modified Date = 4/15/2008 10:57:11 PM | Attr = ] PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT -> [Ver = | Size = 386598 bytes | Modified Date = 4/15/2008 10:57:11 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 445760 bytes | Modified Date = 4/15/2008 10:57:11 PM | Attr = ] QrtCKUtv.ini -> %SystemRoot%\System32\QrtCKUtv.ini -> [Ver = | Size = 320609 bytes | Modified Date = 4/20/2008 9:53:57 PM | Attr = HS] QrtCKUtv.ini2 -> %SystemRoot%\System32\QrtCKUtv.ini2 -> [Ver = | Size = 320609 bytes | Modified Date = 4/20/2008 9:53:01 PM | Attr = HS] vtUKCtrQ.dll -> %SystemRoot%\System32\vtUKCtrQ.dll -> [Ver = | Size = 275456 bytes | Modified Date = 4/20/2008 1:18:02 AM | Attr = ] VXBLOCK.dll -> %SystemRoot%\System32\VXBLOCK.dll -> Sonic Solutions [Ver = 1.00.83a | Size = 88824 bytes | Modified Date = 2/20/2008 10:05:38 PM | Attr = ] WBEM -> %SystemRoot%\System32\WBEM -> [Folder | Modified Date = 4/15/2008 10:57:11 PM | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 1248 bytes | Modified Date = 4/20/2008 9:13:10 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/8/2008 11:29:35 PM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 4/20/2008 9:10:19 PM | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 361 bytes | Modified Date = 4/20/2008 9:35:19 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/15/2008 12:55:03 AM | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/19/2008 10:35:05 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/17/2008 1:54:17 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 4/8/2008 11:29:33 PM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 4/8/2008 11:29:42 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/20/2008 12:23:35 PM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/20/2008 9:37:45 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 4/20/2008 12:06:14 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/19/2008 11:48:54 PM | Attr = H ] SECURITY -> %SystemRoot%\SECURITY -> [Folder | Modified Date = 4/19/2008 5:50:01 PM | Attr = ] SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 4/20/2008 12:06:20 AM | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 4/20/2008 9:48:08 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/20/2008 9:14:28 PM | Attr = ] TWAIN_32 -> %SystemRoot%\TWAIN_32 -> [Folder | Modified Date = 4/19/2008 10:35:05 PM | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 760 bytes | Modified Date = 4/20/2008 12:06:20 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/1/2008 7:46:44 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 4/18/2008 7:22:02 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/20/2008 9:10:39 PM | Attr = H ] about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\about.dat -> [Ver = | Size = 1528 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr = ] college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\college.dat -> [Ver = | Size = 327746 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr = ] moreinfo.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\moreinfo.dat -> [Ver = | Size = 102 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr = ] ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ylpgscat.dat -> [Ver = | Size = 12283223 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5821 bytes | Modified Date = 4/20/2008 9:15:22 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5436 bytes | Modified Date = 4/20/2008 9:15:22 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 8/30/2004 2:58:15 PM | Attr = ] Stp11_TMP.EXE -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\Stp11_TMP.EXE -> Malwarebytes [Ver = 1.0.0.0 | Size = 1546928 bytes | Modified Date = 4/19/2008 8:26:38 PM | Attr = ] Stp46_TMP.EXE -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\Stp46_TMP.EXE -> Malwarebytes [Ver = 1.0.0.0 | Size = 1546928 bytes | Modified Date = 4/19/2008 6:28:13 PM | Attr = ] StpD_TMP.EXE -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\StpD_TMP.EXE -> Malwarebytes [Ver = 1.0.0.0 | Size = 1546928 bytes | Modified Date = 4/19/2008 8:35:37 PM | Attr = ] vmgrremok.exe -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\vmgrremok.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 98380 bytes | Modified Date = 1/4/2007 5:38:06 PM | Attr = ] vmpremov.exe -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\vmpremov.exe -> Viewpoint Corporation [Ver = 3, 5, 0, 37 | Size = 114688 bytes | Modified Date = 8/10/2007 3:10:02 PM | Attr = ] 44 C:\Documents and Settings\Matt Gabak\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\*.tmp -> LDMClient.exe -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\ins1.tmp\LDMClient.exe -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 4249928 bytes | Modified Date = 2/1/2007 5:30:08 AM | Attr = R ] InstHelp.dll -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\InstHelp.dll -> [Ver = | Size = 57344 bytes | Modified Date = 10/12/2004 12:14:18 PM | Attr = ] instph.dll -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\instph.dll -> AOL LLC [Ver = 5.0.2.0 | Size = 94288 bytes | Modified Date = 9/26/2006 1:19:54 PM | Attr = ] uninst.dll -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\uninst.dll -> [Ver = | Size = 118784 bytes | Modified Date = 12/13/2005 6:16:20 PM | Attr = ] 44 C:\Documents and Settings\Matt Gabak\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\*.tmp -> _shfoldr.dll -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\is-LES9H.tmp\_isetup\_shfoldr.dll -> Microsoft Corporation [Ver = 5.50.4807.2300 | Size = 23312 bytes | Modified Date = 4/19/2008 8:35:46 PM | Attr = ] 1 C:\Documents and Settings\Matt Gabak\Local Settings\Temp\is-LES9H.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\is-LES9H.tmp\_isetup\*.tmp -> _shfoldr.dll -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\is-Q2D2Q.tmp\_isetup\_shfoldr.dll -> Microsoft Corporation [Ver = 5.50.4807.2300 | Size = 23312 bytes | Modified Date = 4/19/2008 8:27:16 PM | Attr = ] 1 C:\Documents and Settings\Matt Gabak\Local Settings\Temp\is-Q2D2Q.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\is-Q2D2Q.tmp\_isetup\*.tmp -> pp28.ini -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\pp28.ini -> [Ver = | Size = 4967 bytes | Modified Date = 10/26/2006 3:38:00 PM | Attr = ] setup.ini -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\setup.ini -> [Ver = | Size = 3438 bytes | Modified Date = 3/26/2008 4:11:31 PM | Attr = ] 44 C:\Documents and Settings\Matt Gabak\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Matt Gabak\Local Settings\Temp\*.tmp -> index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/20/2008 9:12:57 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/20/2008 9:12:57 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 4/20/2008 9:12:57 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 4/20/2008 1:11:09 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/20/2008 1:11:09 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D1HLLWG4\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/20/2008 1:11:09 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DQ0R4ZIQ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/20/2008 1:11:09 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K61WIE3R\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/20/2008 1:11:09 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\U9W6KS5Z\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/20/2008 1:11:09 AM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] AOL -> %AllUsersProfile%\Application Data\AOL -> [Folder | Modified Date = 3/26/2008 4:10:56 PM | Attr = ] AOL Downloads -> %AllUsersProfile%\Application Data\AOL Downloads -> [Folder | Modified Date = 3/26/2008 4:10:09 PM | Attr = ] Dell -> %AllUsersProfile%\Application Data\Dell -> [Folder | Modified Date = 2/25/2008 9:43:20 PM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 2/3/2008 2:29:25 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 2/3/2008 2:28:32 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 4/19/2008 5:37:47 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2/3/2008 3:32:51 PM | Attr = S] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1755 bytes | Modified Date = 3/31/2008 7:36:30 PM | Attr = ] SecTaskMan -> %AllUsersProfile%\Application Data\SecTaskMan -> [Folder | Modified Date = 4/20/2008 12:15:11 AM | Attr = ] SupportSoft -> %AllUsersProfile%\Application Data\SupportSoft -> [Folder | Modified Date = 2/16/2008 6:51:05 PM | Attr = ] Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint -> [Folder | Modified Date = 4/19/2008 11:56:38 PM | Attr = ] DivX -> %AppData%\DivX -> [Folder | Modified Date = 3/31/2008 7:34:57 PM | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Modified Date = 3/30/2008 10:07:05 PM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Modified Date = 2/17/2008 1:51:49 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 4/19/2008 5:58:33 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 4/11/2008 10:25:22 PM | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 4/7/2008 5:45:29 PM | Attr = ] skypePM -> %AppData%\skypePM -> [Folder | Modified Date = 4/7/2008 5:31:11 PM | Attr = ] TmpRecentIcons -> %AppData%\TmpRecentIcons -> [Folder | Modified Date = 4/19/2008 12:23:00 AM | Attr = ] Viewpoint -> %AppData%\Viewpoint -> [Folder | Modified Date = 4/19/2008 11:56:38 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 3/30/2008 2:40:59 PM | Attr = ] AOL -> %UserProfile%\Local Settings\Application Data\AOL -> [Folder | Modified Date = 3/27/2008 4:10:03 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 4/20/2008 9:11:38 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 126464 bytes | Modified Date = 4/13/2008 10:40:23 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 105064 bytes | Modified Date = 4/15/2008 11:18:59 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 3/28/2008 7:42:29 PM | Attr = ] SupportSoft -> %UserProfile%\Local Settings\Application Data\SupportSoft -> [Folder | Modified Date = 2/16/2008 11:25:49 PM | Attr = ] Danielle -> %UserProfile%\My Documents\Danielle -> [Folder | Modified Date = 2/15/2008 1:17:58 AM | Attr = ] Financial Summary.xls -> %UserProfile%\My Documents\Financial Summary.xls -> [Ver = | Size = 41984 bytes | Modified Date = 4/20/2008 12:15:49 PM | Attr = ] Lacoste -> %UserProfile%\My Documents\Lacoste -> [Folder | Modified Date = 4/15/2008 6:39:57 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Modified Date = 4/14/2008 5:15:39 PM | Attr = ] My Media -> %UserProfile%\My Documents\My Media -> [Folder | Modified Date = 2/9/2008 1:36:08 AM | Attr = ] My PSP8 Files -> %UserProfile%\My Documents\My PSP8 Files -> [Folder | Modified Date = 4/18/2008 11:01:38 PM | Attr = ] AIM 6.lnk -> %AllUsersProfile%\Desktop\AIM 6.lnk -> [Ver = | Size = 1672 bytes | Modified Date = 3/26/2008 4:11:26 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 4/14/2008 5:25:26 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Modified Date = 4/20/2008 9:36:26 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/20/2008 9:52:43 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541296 bytes | Modified Date = 4/20/2008 9:37:35 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Virus Protection -> %UserProfile%\Desktop\Virus Protection -> [Folder | Modified Date = 4/19/2008 11:52:34 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 4/19/2008 5:37:12 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 4/1/2008 7:46:31 PM | Attr = ] supportsoft -> %CommonProgramFiles%\supportsoft -> [Folder | Modified Date = 2/16/2008 6:50:25 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 4/19/2008 10:35:10 PM | Attr = ] < End of report > [/code]