[code] OTScanIt logfile created on: 08/05/2008 6:49:22 PM OTScanIt by OldTimer - Version 1.0.12.2 Folder = C:\Users\Yanniv Perez\Desktop\OTScanIt Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1021.76 Mb Total Physical Memory | 289.39 Mb Available Physical Memory | 28.32% Memory free 2.25 Gb Paging File | 1.13 Gb Available in Paging File | 50.20% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222.78 Gb Total Space | 183.57 Gb Free Space | 82.40% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.57 Gb Free Space | 55.73% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YANNIVPEREZ-PC Current User Name: Yanniv Perez Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 643072 bytes | Modified Date = 22/01/2008 9:38:20 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 643072 bytes | Modified Date = 22/01/2008 9:38:20 PM | Attr = ] aertsrv.exe -> %SystemRoot%\System32\AERTSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.1 | Size = 77824 bytes | Modified Date = 05/12/2007 7:17:24 AM | Attr = ] pcctlcom.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\PcCtlCom.exe -> Trend Micro Inc. [Ver = 14.70.0.1014 | Size = 1471840 bytes | Modified Date = 27/08/2007 4:21:36 AM | Attr = ] roxwatch9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 05/11/2006 11:13:00 AM | Attr = ] sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 15/11/2007 9:23:56 AM | Attr = ] tmntsrv.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\Tmntsrv.exe -> Trend Micro Inc. [Ver = 14.70.0.1014 | Size = 345432 bytes | Modified Date = 27/08/2007 4:22:18 AM | Attr = ] tmpfw.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\TmPfw.exe -> Trend Micro Inc. [Ver = 2.6.0.1050 | Size = 923216 bytes | Modified Date = 27/08/2007 4:22:22 AM | Attr = ] tmproxy.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\tmproxy.exe -> Trend Micro Inc. [Ver = 2.1.0.1050 | Size = 566872 bytes | Modified Date = 27/08/2007 4:22:30 AM | Attr = ] ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 13/03/2004 5:04:16 AM | Attr = ] xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 04/08/2006 7:39:20 PM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 03/10/2006 11:37:04 AM | Attr = ] pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\pccguide.exe -> Trend Micro Inc. [Ver = 14.70.0.1014 | Size = 1807696 bytes | Modified Date = 27/08/2007 4:21:28 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 13/02/2008 11:29:12 PM | Attr = ] rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 57 | Size = 4452352 bytes | Modified Date = 24/09/2007 4:41:02 AM | Attr = ] sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 15/11/2007 9:23:56 AM | Attr = ] btdna.exe -> %UserProfile%\Program Files\DNA\btdna.exe -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 07/05/2008 8:11:59 PM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 03/11/2006 6:02:14 PM | Attr = ] mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:56 AM | Attr = ] ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:34 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.12.2 | Size = 372224 bytes | Modified Date = 08/05/2008 1:41:12 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AERTFilters) Andrea RT Filters Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\AERTSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.1 | Size = 77824 bytes | Modified Date = 05/12/2007 7:17:24 AM | Attr = ] (Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 643072 bytes | Modified Date = 22/01/2008 9:38:20 PM | Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found (DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found (gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 2:06:04 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found (PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\PcCtlCom.exe -> Trend Micro Inc. [Ver = 14.70.0.1014 | Size = 1471840 bytes | Modified Date = 27/08/2007 4:21:36 AM | Attr = ] (RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 05/11/2006 11:15:12 AM | Attr = ] (RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 05/11/2006 11:13:00 AM | Attr = ] (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found (SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 15/11/2007 9:23:56 AM | Attr = ] (stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 14/09/2006 2:54:34 PM | Attr = ] (Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\Tmntsrv.exe -> Trend Micro Inc. [Ver = 14.70.0.1014 | Size = 345432 bytes | Modified Date = 27/08/2007 4:22:18 AM | Attr = ] (TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\TmPfw.exe -> Trend Micro Inc. [Ver = 2.6.0.1050 | Size = 923216 bytes | Modified Date = 27/08/2007 4:22:22 AM | Attr = ] (tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\tmproxy.exe -> Trend Micro Inc. [Ver = 2.1.0.1050 | Size = 566872 bytes | Modified Date = 27/08/2007 4:22:30 AM | Attr = ] (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Running] -> -> File not found (TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 04/05/2008 11:16:42 AM | Attr = ] (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 13/03/2004 5:04:16 AM | Attr = ] (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found (XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 04/08/2006 7:39:20 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 11:16:38 PM | Attr = ] dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 15/11/2007 9:24:00 AM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 221184 bytes | Modified Date = 03/10/2006 11:35:42 AM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 03/10/2006 11:37:04 AM | Attr = ] pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\pccguide.exe ["C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"] -> Trend Micro Inc. [Ver = 14.70.0.1014 | Size = 1807696 bytes | Modified Date = 27/08/2007 4:21:28 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 01/02/2008 12:13:08 AM | Attr = ] RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 57 | Size = 4452352 bytes | Modified Date = 24/09/2007 4:41:02 AM | Attr = ] StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> [Ver = | Size = 90112 bytes | Modified Date = 10/11/2006 12:35:24 PM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 13/02/2008 11:29:12 PM | Attr = ] Windows Defender -> [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BitTorrent DNA -> %UserProfile%\Program Files\DNA\btdna.exe ["C:\Users\Yanniv Perez\Program Files\DNA\btdna.exe"] -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 07/05/2008 8:11:59 PM | Attr = ] DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 15/11/2007 9:23:56 AM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 29/02/2008 4:03:46 PM | Attr = ] < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < Run [HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\] > -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BitTorrent DNA -> %UserProfile%\Program Files\DNA\btdna.exe ["C:\Users\Yanniv Perez\Program Files\DNA\btdna.exe"] -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 07/05/2008 8:11:59 PM | Attr = ] DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 15/11/2007 9:23:56 AM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 29/02/2008 4:03:46 PM | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.708.19688 | Size = 145408 bytes | Modified Date = 18/01/2008 3:14:50 PM | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000] > -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 12:41:36 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000] > -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> TORiSAN CD-ROM CDR_C36 -> -> File not found NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\Windows\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 19/01/2008 12:49:51 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> SCSI\CdRom&Ven_HL-DT-ST&Prod_DVD+-RW_GSA-H73N\4&228bd848&0&010100 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_OH3056K&Prod_CBN639P&Rev_1.01\5&36e5972&0&000000 -> < Drives - Autoruns > -> -> autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 18/09/2006 4:43:36 PM | Attr = ] < HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> ::1 localhost -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.nba.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\] > -> -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\: Main\\Start Page -> http://www.nba.com/ -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 11 domain(s) found. -> 10 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> GD [:Range = 127.0.0.1] -> http = Local intranet | -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\] > -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 11 domain(s) found. -> 10 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\] > -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-566523564-3743306607-543884351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> GD [:Range = 127.0.0.1] -> http = Local intranet | -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 12:08:42 AM | Attr = ] {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.45 | Size = 370296 bytes | Modified Date = 13/02/2008 11:30:03 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 501384 bytes | Modified Date = 18/01/2008 3:00:01 PM | Attr = ] {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.3 | Size = 98304 bytes | Modified Date = 09/11/2006 9:56:48 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 132744 bytes | Modified Date = 18/01/2008 3:00:01 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3F90BEB1-B7E3-47A8-9380-87047C2080BE} -> (NVIDIA nForce Networking Controller) -> {84FF5B87-C294-4F3B-9954-AC61478CF596} -> (Belkin Wireless G Desktop Card) -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {2B36F775-8CF5-4489-B454-2D1B80984CF2}[HKEY_LOCAL_MACHINE] -> http://www.powerflasher.de/plugin/powerres.cab[FXPluginCtl Object] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab[Facebook Photo Uploader 4] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4_5.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4_5.ocx\\.Owner -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4_5.ocx\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/FXPlugin.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/FXPlugin.dll\\.Owner -> {2B36F775-8CF5-4489-B454-2D1B80984CF2} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/FXPlugin.dll\\{2B36F775-8CF5-4489-B454-2D1B80984CF2} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/Macromed/Flash/Flash9d.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/Macromed/Flash/Flash9d.ocx\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/Macromed/Flash/Flash9d.ocx\\{2B36F775-8CF5-4489-B454-2D1B80984CF2} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/unicows.dll\\.Owner -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/unicows.dll\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> -> [Registry - Additional Scans - Non-Microsoft Only] < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> DAEMON Tools Lite hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.12.3.0 | Size = 486856 bytes | Modified Date = 01/04/2008 4:39:48 AM | Attr = ] Ulead AutoDetector v2 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Ulead Systems\Autodetector\Monitor.exe -> Ulead Systems, Inc. [Ver = 2.0.0.0 | Size = 90112 bytes | Modified Date = 26/11/2004 12:43:34 PM | Attr = ] [Files/Folders - Created Within 90 days] !Temp -> %SystemDrive%\!Temp -> [Folder | Created Date = 15/03/2008 10:46:37 PM | Attr = ] ActiveISO -> %SystemDrive%\ActiveISO -> [Folder | Created Date = 15/03/2008 11:30:36 PM | Attr = ] DOWNLOADS -> %SystemDrive%\DOWNLOADS -> [Folder | Created Date = 15/03/2008 10:46:37 PM | Attr = ] My Downloads -> %SystemDrive%\My Downloads -> [Folder | Created Date = 24/02/2008 2:03:33 PM | Attr = ] PerfLogs -> %SystemDrive%\PerfLogs -> [Folder | Created Date = 07/05/2008 7:58:43 PM | Attr = ] MsftWdf_Kernel_01007_Inbox_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf -> [Ver = | Size = 3 bytes | Created Date = 07/05/2008 7:19:17 PM | Attr = ] RTL85n86.sys -> %SystemRoot%\System32\drivers\RTL85n86.sys -> Realtek [Ver = 6.1099.0312.2007 built by: WinDDK | Size = 354816 bytes | Created Date = 12/02/2008 6:59:33 PM | Attr = R ] sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Created Date = 06/04/2008 1:40:52 PM | Attr = ] actskn45.ocx -> %SystemRoot%\System32\actskn45.ocx -> SoftShape Development [Ver = 4, 50, 0, 0 | Size = 483328 bytes | Created Date = 24/02/2008 2:03:11 PM | Attr = ] AGEIA -> %SystemRoot%\System32\AGEIA -> [Folder | Created Date = 06/04/2008 1:56:42 PM | Attr = ] atmfd.dll -> %SystemRoot%\System32\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 226 | Size = 289792 bytes | Created Date = 07/05/2008 7:19:57 PM | Attr = ] authuitu.dll -> %SystemRoot%\System32\authuitu.dll -> TuneUp Software GmbH [Ver = 1.0.0.5 | Size = 16640 bytes | Created Date = 04/05/2008 11:16:48 AM | Attr = ] Defrag.exe -> %SystemRoot%\System32\Defrag.exe -> Microsoft Corp. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 226816 bytes | Created Date = 07/05/2008 7:21:36 PM | Attr = ] dfrgfat.exe -> %SystemRoot%\System32\dfrgfat.exe -> Microsoft Corp. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 96768 bytes | Created Date = 07/05/2008 7:21:42 PM | Attr = ] DfrgNtfs.exe -> %SystemRoot%\System32\DfrgNtfs.exe -> Microsoft Corp. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 163840 bytes | Created Date = 07/05/2008 7:23:07 PM | Attr = ] dot3.tmf -> %SystemRoot%\System32\dot3.tmf -> [Ver = | Size = 289467 bytes | Created Date = 07/05/2008 7:21:43 PM | Attr = ] eaphost.tmf -> %SystemRoot%\System32\eaphost.tmf -> [Ver = | Size = 206830 bytes | Created Date = 07/05/2008 7:23:49 PM | Attr = ] esrb.rs -> %SystemRoot%\System32\esrb.rs -> Microsoft [Ver = 1.0.0.1 | Size = 51712 bytes | Created Date = 07/05/2008 7:20:23 PM | Attr = ] fsmgmt.msc -> %SystemRoot%\System32\fsmgmt.msc -> [Ver = | Size = 144909 bytes | Created Date = 07/05/2008 7:19:26 PM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4240384 bytes | Created Date = 07/05/2008 7:23:06 PM | Attr = ] gatherWiredInfo.vbs -> %SystemRoot%\System32\gatherWiredInfo.vbs -> [Ver = | Size = 12198 bytes | Created Date = 07/05/2008 7:19:28 PM | Attr = ] gatherWirelessInfo.vbs -> %SystemRoot%\System32\gatherWirelessInfo.vbs -> [Ver = | Size = 15181 bytes | Created Date = 07/05/2008 7:19:27 PM | Attr = ] grb.rs -> %SystemRoot%\System32\grb.rs -> Microsoft [Ver = 1.0.0.1 | Size = 16896 bytes | Created Date = 07/05/2008 7:22:20 PM | Attr = ] IasMigPlugin.dll -> %SystemRoot%\System32\IasMigPlugin.dll -> Microsoft [Ver = 1.0.0.1 | Size = 445952 bytes | Created Date = 07/05/2008 7:23:29 PM | Attr = ] l3codeca.acm -> %SystemRoot%\System32\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0401 | Size = 62464 bytes | Created Date = 07/05/2008 7:19:46 PM | Attr = ] l3codecp.acm -> %SystemRoot%\System32\l3codecp.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 3, 4, 0, 0 | Size = 220672 bytes | Created Date = 07/05/2008 7:20:20 PM | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 20/02/2008 9:05:34 PM | Attr = ] locale.nls -> %SystemRoot%\System32\locale.nls -> [Ver = | Size = 3662296 bytes | Created Date = 07/05/2008 7:23:10 PM | Attr = ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 368640 bytes | Created Date = 07/05/2008 7:20:30 PM | Attr = ] onex.tmf -> %SystemRoot%\System32\onex.tmf -> [Ver = | Size = 261163 bytes | Created Date = 07/05/2008 7:21:36 PM | Attr = ] perfmon.msc -> %SystemRoot%\System32\perfmon.msc -> [Ver = | Size = 145455 bytes | Created Date = 07/05/2008 7:19:17 PM | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 13/02/2008 11:29:19 PM | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 13/02/2008 11:29:21 PM | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 13/02/2008 11:29:22 PM | Attr = ] PresentationCFFRasterizerNative_v0300.dll -> %SystemRoot%\System32\PresentationCFFRasterizerNative_v0300.dll -> Adobe Systems Incorporated [Ver = 3.0.6920.1109 (lh_tools_devdiv_wpf.071009-1109) | Size = 106520 bytes | Created Date = 07/05/2008 7:21:23 PM | Attr = ] RacUR.xml -> %SystemRoot%\System32\RacUR.xml -> [Ver = | Size = 9987 bytes | Created Date = 07/05/2008 7:19:52 PM | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.45 | Size = 185944 bytes | Created Date = 13/02/2008 11:29:45 PM | Attr = ] Robocopy.exe -> %SystemRoot%\System32\Robocopy.exe -> Microsoft [Ver = 5, 1, 10, 1027 | Size = 87552 bytes | Created Date = 07/05/2008 7:21:16 PM | Attr = ] slmgr.vbs -> %SystemRoot%\System32\slmgr.vbs -> [Ver = | Size = 80047 bytes | Created Date = 07/05/2008 7:21:07 PM | Attr = ] SMBHelperClass.dll -> %SystemRoot%\System32\SMBHelperClass.dll -> Microsoft [Ver = 1.0.0.1 | Size = 83456 bytes | Created Date = 07/05/2008 7:23:38 PM | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 20/02/2008 9:05:34 PM | Attr = ] StructuredQuerySchema.bin -> %SystemRoot%\System32\StructuredQuerySchema.bin -> [Ver = | Size = 100043 bytes | Created Date = 07/05/2008 7:19:59 PM | Attr = ] systemsf.ebd -> %SystemRoot%\System32\systemsf.ebd -> [Ver = | Size = 132148 bytes | Created Date = 07/05/2008 7:23:19 PM | Attr = ] tcpmon.ini -> %SystemRoot%\System32\tcpmon.ini -> [Ver = | Size = 60124 bytes | Created Date = 07/05/2008 7:21:55 PM | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Created Date = 04/05/2008 11:16:41 AM | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.11 | Size = 28416 bytes | Created Date = 04/05/2008 11:16:48 AM | Attr = ] WAH dir -> %SystemRoot%\System32\WAH dir -> [Folder | Created Date = 23/02/2008 10:43:55 PM | Attr = ] WAH.scr -> %SystemRoot%\System32\WAH.scr -> ScreenTime Media [Ver = 3.5.4 | Size = 520192 bytes | Created Date = 23/02/2008 10:43:55 PM | Attr = ] WFP.TMF -> %SystemRoot%\System32\WFP.TMF -> [Ver = | Size = 175508 bytes | Created Date = 07/05/2008 7:22:20 PM | Attr = ] winrm.vbs -> %SystemRoot%\System32\winrm.vbs -> [Ver = | Size = 195122 bytes | Created Date = 07/05/2008 7:21:41 PM | Attr = ] wlan.tmf -> %SystemRoot%\System32\wlan.tmf -> [Ver = | Size = 1675370 bytes | Created Date = 07/05/2008 7:23:49 PM | Attr = ] WlanMmHC.dll -> %SystemRoot%\System32\WlanMmHC.dll -> Microsoft [Ver = 1.0.0.1 | Size = 41472 bytes | Created Date = 07/05/2008 7:19:56 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 02/05/2008 7:09:31 PM | Attr = ] 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 02/05/2008 7:08:50 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 02/05/2008 7:08:50 PM | Attr = ] HideWin.exe -> %SystemRoot%\HideWin.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.1 | Size = 315392 bytes | Created Date = 09/03/2008 8:10:06 PM | Attr = ] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 202377473 bytes | Created Date = 18/02/2008 9:25:11 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 18/02/2008 9:25:33 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 02/05/2008 7:08:50 PM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Created Date = 18/02/2008 7:30:50 PM | Attr = ] PCHEALTH -> %SystemRoot%\PCHEALTH -> [Folder | Created Date = 12/02/2008 7:03:05 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 02/05/2008 7:12:28 PM | Attr = ] RtlExUpd.dll -> %SystemRoot%\RtlExUpd.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 7 | Size = 520192 bytes | Created Date = 09/03/2008 8:10:06 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 02/05/2008 7:08:50 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 02/05/2008 7:08:50 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 02/05/2008 7:08:50 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 02/05/2008 7:08:50 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 02/05/2008 7:12:06 PM | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 35 bytes | Created Date = 18/02/2008 7:30:44 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 02/05/2008 7:08:50 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 02/05/2008 7:08:50 PM | Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 500 bytes | Created Date = 04/05/2008 11:16:59 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Apple -> %AllUsersProfile%\Apple -> [Folder | Created Date = 22/04/2008 12:42:49 AM | Attr = ] Apple Computer -> %AllUsersProfile%\Apple Computer -> [Folder | Created Date = 13/02/2008 10:34:40 PM | Attr = ] BM1981a7f5.xml -> %AllUsersProfile%\BM1981a7f5.xml -> [Ver = | Size = 109738 bytes | Created Date = 29/04/2008 6:48:26 PM | Attr = ] DVD Shrink -> %AllUsersProfile%\DVD Shrink -> [Folder | Created Date = 22/04/2008 4:10:46 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Created Date = 03/05/2008 9:11:39 PM | Attr = ] pskt.ini -> %AllUsersProfile%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 29/04/2008 6:48:26 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Created Date = 07/05/2008 6:55:56 PM | Attr = ] TEMP -> %AllUsersProfile%\TEMP -> [Folder | Created Date = 15/03/2008 11:30:36 PM | Attr = ] @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\TEMP:5C321E34 TuneUp Software -> %AllUsersProfile%\TuneUp Software -> [Folder | Created Date = 04/05/2008 11:15:51 AM | Attr = ] WLInstaller -> %AllUsersProfile%\WLInstaller -> [Folder | Created Date = 12/02/2008 6:58:56 PM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Created Date = 28/03/2008 4:46:16 PM | Attr = ] AutoPowerOn -> %AppData%\AutoPowerOn -> [Folder | Created Date = 15/02/2008 1:02:46 AM | Attr = ] BearShare -> %AppData%\BearShare -> [Folder | Created Date = 15/03/2008 11:38:56 PM | Attr = ] BitTorrent -> %AppData%\BitTorrent -> [Folder | Created Date = 09/03/2008 4:51:21 PM | Attr = ] DAEMON Tools -> %AppData%\DAEMON Tools -> [Folder | Created Date = 06/04/2008 1:40:43 PM | Attr = ] DataSafeOnline -> %AppData%\DataSafeOnline -> [Folder | Created Date = 15/03/2008 10:38:30 PM | Attr = ] DNA -> %AppData%\DNA -> [Folder | Created Date = 09/03/2008 4:51:10 PM | Attr = ] ErrorSmart -> %AppData%\ErrorSmart -> [Folder | Created Date = 23/04/2008 11:01:11 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Created Date = 12/02/2008 6:52:03 PM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Created Date = 15/03/2008 11:49:55 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 03/05/2008 9:11:43 PM | Attr = ] Microsoft Web Folders -> %AppData%\Microsoft Web Folders -> [Folder | Created Date = 18/02/2008 7:26:26 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Created Date = 13/02/2008 11:29:10 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 07/05/2008 6:55:15 PM | Attr = ] TuneUp Software -> %AppData%\TuneUp Software -> [Folder | Created Date = 04/05/2008 11:16:38 AM | Attr = ] Uniblue -> %AppData%\Uniblue -> [Folder | Created Date = 30/04/2008 5:50:24 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Created Date = 18/02/2008 1:04:12 AM | Attr = ] Apple -> %UserProfile%\AppData\Local\Apple -> [Folder | Created Date = 13/02/2008 10:33:23 PM | Attr = ] Apple Computer -> %UserProfile%\AppData\Local\Apple Computer -> [Folder | Created Date = 13/02/2008 10:36:52 PM | Attr = ] Apps -> %UserProfile%\AppData\Local\Apps -> [Folder | Created Date = 30/04/2008 10:42:26 PM | Attr = ] d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 1356 bytes | Created Date = 13/03/2008 6:46:46 PM | Attr = ] DNA -> %UserProfile%\AppData\Local\DNA -> [Folder | Created Date = 09/03/2008 4:51:11 PM | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 1819239 bytes | Created Date = 04/05/2008 11:37:26 AM | Attr = H ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Created Date = 02/05/2008 7:12:12 PM | Attr = ] Yahoo -> %SystemDrive%\Users\Public\Documents\Yahoo -> [Folder | Created Date = 13/02/2008 10:54:39 PM | Attr = ] 210px-Sugihara_b.jpg -> %UserProfile%\Documents\210px-Sugihara_b.jpg -> [Ver = | Size = 11530 bytes | Created Date = 29/04/2008 9:56:55 PM | Attr = ] b-ball -> %UserProfile%\Documents\b-ball -> [Folder | Created Date = 18/03/2008 9:05:43 PM | Attr = ] Capture..JPG -> %UserProfile%\Documents\Capture..JPG -> [Ver = | Size = 38479 bytes | Created Date = 13/04/2008 9:56:19 PM | Attr = ] Downloads -> %UserProfile%\Documents\Downloads -> [Folder | Created Date = 15/03/2008 11:23:50 PM | Attr = ] dracula.jpg -> %UserProfile%\Documents\dracula.jpg -> [Ver = | Size = 61923 bytes | Created Date = 17/02/2008 7:58:20 PM | Attr = ] DVDFab -> %UserProfile%\Documents\DVDFab -> [Folder | Created Date = 22/04/2008 4:00:35 PM | Attr = ] Internet Explorer Wallpaper.bmp -> %UserProfile%\Documents\Internet Explorer Wallpaper.bmp -> [Ver = | Size = 5292054 bytes | Created Date = 15/02/2008 12:07:15 AM | Attr = ] israel -> %UserProfile%\Documents\israel -> [Folder | Created Date = 13/03/2008 7:03:02 PM | Attr = ] LimeWire -> %UserProfile%\Documents\LimeWire -> [Folder | Created Date = 01/04/2008 9:01:03 PM | Attr = ] Lost Via Domus -> %UserProfile%\Documents\Lost Via Domus -> [Folder | Created Date = 06/04/2008 1:58:38 PM | Attr = ] LOTR The Return of the King (tm) Data -> %UserProfile%\Documents\LOTR The Return of the King (tm) Data -> [Folder | Created Date = 21/04/2008 10:01:26 PM | Attr = ] My Received Files -> %UserProfile%\Documents\My Received Files -> [Folder | Created Date = 12/02/2008 7:03:30 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk -> [Ver = | Size = 503 bytes | Created Date = 18/02/2008 6:35:40 PM | Attr = ] My Virtual Machines -> %UserProfile%\Documents\My Virtual Machines -> [Folder | Created Date = 14/04/2008 6:30:54 PM | Attr = ] pourim -> %UserProfile%\Documents\pourim -> [Folder | Created Date = 31/03/2008 9:21:00 PM | Attr = ] Programs -> %UserProfile%\Documents\Programs -> [Folder | Created Date = 18/02/2008 9:28:59 PM | Attr = ] Recieved -> %UserProfile%\Documents\Recieved -> [Folder | Created Date = 19/03/2008 6:08:10 PM | Attr = ] SANYO_PEX -> %UserProfile%\Documents\SANYO_PEX -> [Folder | Created Date = 19/03/2008 8:38:11 PM | Attr = ] us-army_germany_1944-46_p36.jpg -> %UserProfile%\Documents\us-army_germany_1944-46_p36.jpg -> [Ver = | Size = 450580 bytes | Created Date = 29/04/2008 9:37:38 PM | Attr = ] Yanniv -> %UserProfile%\Documents\Yanniv -> [Folder | Created Date = 17/02/2008 7:58:19 PM | Attr = ] YANNIV.MSWMM -> %UserProfile%\Documents\YANNIV.MSWMM -> [Ver = | Size = 170496 bytes | Created Date = 30/04/2008 10:56:59 PM | Attr = ] YANNIVproject.wmv -> %UserProfile%\Documents\YANNIVproject.wmv -> [Ver = | Size = 29694352 bytes | Created Date = 30/04/2008 10:56:59 PM | Attr = ] Adobe Reader 8.lnk -> %SystemDrive%\Users\Public\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1889 bytes | Created Date = 14/02/2008 1:12:26 AM | Attr = ] LOTR The Return of the King tm.lnk -> %SystemDrive%\Users\Public\Desktop\LOTR The Return of the King tm.lnk -> [Ver = | Size = 1983 bytes | Created Date = 21/04/2008 9:17:09 PM | Attr = ] QuickTime Player.lnk -> %SystemDrive%\Users\Public\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1728 bytes | Created Date = 11/04/2008 5:42:32 PM | Attr = ] RealPlayer.lnk -> %SystemDrive%\Users\Public\Desktop\RealPlayer.lnk -> [Ver = | Size = 1039 bytes | Created Date = 13/02/2008 11:30:05 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 904 bytes | Created Date = 07/05/2008 6:55:20 PM | Attr = ] Yahoo! Music Jukebox.lnk -> %SystemDrive%\Users\Public\Desktop\Yahoo! Music Jukebox.lnk -> [Ver = | Size = 2251 bytes | Created Date = 14/02/2008 1:20:51 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1876 bytes | Created Date = 02/05/2008 6:47:50 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 08/05/2008 6:46:33 PM | Attr = ] 2 C:\Users\Yanniv Perez\Desktop\*.tmp files -> C:\Users\Yanniv Perez\Desktop\*.tmp -> OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 543217 bytes | Created Date = 08/05/2008 6:45:58 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 814 bytes | Created Date = 07/05/2008 6:52:48 PM | Attr = ] Virus -> %UserProfile%\Desktop\Virus -> [Folder | Created Date = 03/05/2008 10:52:47 PM | Attr = ] VLC media player.lnk -> %UserProfile%\Desktop\VLC media player.lnk -> [Ver = | Size = 861 bytes | Created Date = 18/02/2008 1:03:39 AM | Attr = ] Microsoft Office.lnk -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk -> [Ver = | Size = 1873 bytes | Created Date = 18/02/2008 7:29:46 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 14/02/2008 1:12:13 AM | Attr = ] Designer -> %CommonProgramFiles%\Designer -> [Folder | Created Date = 18/02/2008 7:29:24 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Created Date = 13/02/2008 11:29:11 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 12/02/2008 6:59:37 PM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 06/04/2008 1:56:12 PM | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 13/02/2008 11:30:22 PM | Attr = ] AGEIA Technologies -> %ProgramFiles%\AGEIA Technologies -> [Folder | Created Date = 06/04/2008 1:56:40 PM | Attr = ] Apple Software Update -> %ProgramFiles%\Apple Software Update -> [Folder | Created Date = 22/04/2008 12:42:49 AM | Attr = ] AutoPowerOn -> %ProgramFiles%\AutoPowerOn -> [Folder | Created Date = 15/02/2008 1:02:38 AM | Attr = ] BearShare Applications -> %ProgramFiles%\BearShare Applications -> [Folder | Created Date = 15/03/2008 11:38:51 PM | Attr = ] Belkin -> %ProgramFiles%\Belkin -> [Folder | Created Date = 12/02/2008 6:52:18 PM | Attr = ] BitTorrent -> %ProgramFiles%\BitTorrent -> [Folder | Created Date = 09/03/2008 4:51:09 PM | Attr = ] DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite -> [Folder | Created Date = 06/04/2008 1:45:40 PM | Attr = ] DivX -> %ProgramFiles%\DivX -> [Folder | Created Date = 09/03/2008 1:11:02 AM | Attr = ] DNA -> %ProgramFiles%\DNA -> [Folder | Created Date = 09/03/2008 4:51:10 PM | Attr = ] DVDFab HD Decrypter 4 -> %ProgramFiles%\DVDFab HD Decrypter 4 -> [Folder | Created Date = 22/04/2008 3:57:55 PM | Attr = ] EA GAMES -> %ProgramFiles%\EA GAMES -> [Folder | Created Date = 21/04/2008 9:45:13 PM | Attr = ] Eset -> %ProgramFiles%\Eset -> [Folder | Created Date = 01/03/2008 8:27:48 PM | Attr = ] LSoft Technologies -> %ProgramFiles%\LSoft Technologies -> [Folder | Created Date = 15/03/2008 11:30:33 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 03/05/2008 9:11:38 PM | Attr = ] Microsoft FrontPage -> %ProgramFiles%\Microsoft FrontPage -> [Folder | Created Date = 18/02/2008 7:28:25 PM | Attr = ] Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [Folder | Created Date = 28/02/2008 1:51:10 PM | Attr = ] Microsoft Virtual PC -> %ProgramFiles%\Microsoft Virtual PC -> [Folder | Created Date = 14/04/2008 6:28:28 PM | Attr = ] Microsoft Visual Studio -> %ProgramFiles%\Microsoft Visual Studio -> [Folder | Created Date = 18/02/2008 7:29:28 PM | Attr = ] MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 -> [Folder | Created Date = 13/02/2008 8:34:13 PM | Attr = ] NudgeMania -> %ProgramFiles%\NudgeMania -> [Folder | Created Date = 09/03/2008 1:07:31 PM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 13/02/2008 10:34:45 PM | Attr = ] QuickTime(7) -> %ProgramFiles%\QuickTime(7) -> [Folder | Created Date = 11/04/2008 5:42:08 PM | Attr = ] Real -> %ProgramFiles%\Real -> [Folder | Created Date = 13/02/2008 11:29:20 PM | Attr = ] Safari -> %ProgramFiles%\Safari -> [Folder | Created Date = 28/03/2008 4:43:54 PM | Attr = ] Serials 2000 -> %ProgramFiles%\Serials 2000 -> [Folder | Created Date = 12/03/2008 5:50:29 PM | Attr = ] SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [Folder | Created Date = 07/05/2008 6:52:46 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 07/05/2008 6:55:15 PM | Attr = ] TuneUp Utilities 2008 -> %ProgramFiles%\TuneUp Utilities 2008 -> [Folder | Created Date = 04/05/2008 11:15:38 AM | Attr = ] Ubisoft -> %ProgramFiles%\Ubisoft -> [Folder | Created Date = 06/04/2008 1:48:24 PM | Attr = ] Undisker -> %ProgramFiles%\Undisker -> [Folder | Created Date = 15/03/2008 11:34:39 PM | Attr = ] Uniblue -> %ProgramFiles%\Uniblue -> [Folder | Created Date = 30/04/2008 5:50:10 PM | Attr = ] VideoLAN -> %ProgramFiles%\VideoLAN -> [Folder | Created Date = 18/02/2008 1:03:27 AM | Attr = ] WinAce -> %ProgramFiles%\WinAce -> [Folder | Created Date = 01/03/2008 8:23:53 PM | Attr = ] Windows Live -> %ProgramFiles%\Windows Live -> [Folder | Created Date = 12/02/2008 6:59:25 PM | Attr = ] [Files/Folders - Modified Within 90 days] !Temp -> %SystemDrive%\!Temp -> [Folder | Modified Date = 15/03/2008 10:46:37 PM | Attr = ] ActiveISO -> %SystemDrive%\ActiveISO -> [Folder | Modified Date = 15/03/2008 11:30:36 PM | Attr = ] Boot -> %SystemDrive%\Boot -> [Folder | Modified Date = 07/05/2008 8:08:51 PM | Attr = HS] DELL -> %SystemDrive%\DELL -> [Folder | Modified Date = 14/03/2008 4:08:05 PM | Attr = ] DOWNLOADS -> %SystemDrive%\DOWNLOADS -> [Folder | Modified Date = 15/03/2008 10:46:37 PM | Attr = ] My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 15/03/2008 10:50:36 PM | Attr = ] PerfLogs -> %SystemDrive%\PerfLogs -> [Folder | Modified Date = 07/05/2008 7:58:43 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 07/05/2008 6:55:15 PM | Attr = R ] ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 07/05/2008 6:55:56 PM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 08/05/2008 6:43:33 PM | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 28/02/2008 1:51:17 PM | Attr = ] Users -> %SystemDrive%\Users -> [Folder | Modified Date = 13/04/2008 8:52:19 AM | Attr = R ] Windows -> %SystemRoot% -> [Folder | Modified Date = 07/05/2008 8:09:07 PM | Attr = ] en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 07/05/2008 7:59:23 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 04/05/2008 11:22:54 AM | Attr = ] sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Modified Date = 06/04/2008 1:40:52 PM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 07/05/2008 7:54:36 PM | Attr = ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3568 bytes | Modified Date = 08/05/2008 6:37:43 PM | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3568 bytes | Modified Date = 08/05/2008 6:37:43 PM | Attr = H ] AdvancedInstallers -> %SystemRoot%\System32\AdvancedInstallers -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] AGEIA -> %SystemRoot%\System32\AGEIA -> [Folder | Modified Date = 06/04/2008 1:56:42 PM | Attr = ] ar-SA -> %SystemRoot%\System32\ar-SA -> [Folder | Modified Date = 07/05/2008 7:59:22 PM | Attr = ] authuitu.dll -> %SystemRoot%\System32\authuitu.dll -> TuneUp Software GmbH [Ver = 1.0.0.5 | Size = 16640 bytes | Modified Date = 04/04/2008 2:51:28 PM | Attr = ] axaltocm.dll -> %SystemRoot%\System32\axaltocm.dll -> Gemalto, Inc. [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 82432 bytes | Modified Date = 07/05/2008 7:38:03 PM | Attr = ] Boot -> %SystemRoot%\System32\Boot -> [Folder | Modified Date = 07/05/2008 7:58:43 PM | Attr = ] catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 07/05/2008 8:09:03 PM | Attr = ] catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 07/05/2008 8:08:30 PM | Attr = ] CodeIntegrity -> %SystemRoot%\System32\CodeIntegrity -> [Folder | Modified Date = 02/05/2008 9:28:55 PM | Attr = ] com -> %SystemRoot%\System32\com -> [Folder | Modified Date = 07/05/2008 7:59:31 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 04/05/2008 11:37:03 AM | Attr = ] cs-CZ -> %SystemRoot%\System32\cs-CZ -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] da-DK -> %SystemRoot%\System32\da-DK -> [Folder | Modified Date = 07/05/2008 7:59:31 PM | Attr = ] de-DE -> %SystemRoot%\System32\de-DE -> [Folder | Modified Date = 07/05/2008 7:59:28 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 07/05/2008 7:59:23 PM | Attr = ] el-GR -> %SystemRoot%\System32\el-GR -> [Folder | Modified Date = 07/05/2008 7:59:28 PM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 07/05/2008 7:59:26 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 07/05/2008 7:59:31 PM | Attr = ] es-ES -> %SystemRoot%\System32\es-ES -> [Folder | Modified Date = 07/05/2008 7:59:26 PM | Attr = ] fi-FI -> %SystemRoot%\System32\fi-FI -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 351728 bytes | Modified Date = 07/05/2008 8:03:17 PM | Attr = ] fr-FR -> %SystemRoot%\System32\fr-FR -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] he-IL -> %SystemRoot%\System32\he-IL -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] hu-HU -> %SystemRoot%\System32\hu-HU -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] ifxcardm.dll -> %SystemRoot%\System32\ifxcardm.dll -> Infineon Technologies AG [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 101888 bytes | Modified Date = 07/05/2008 7:38:10 PM | Attr = ] it-IT -> %SystemRoot%\System32\it-IT -> [Folder | Modified Date = 07/05/2008 7:59:28 PM | Attr = ] ja-JP -> %SystemRoot%\System32\ja-JP -> [Folder | Modified Date = 07/05/2008 7:59:26 PM | Attr = ] ko-KR -> %SystemRoot%\System32\ko-KR -> [Folder | Modified Date = 07/05/2008 7:59:31 PM | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 20/02/2008 9:05:34 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 12/02/2008 7:01:21 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 22/02/2008 1:50:09 PM | Attr = ] manifeststore -> %SystemRoot%\System32\manifeststore -> [Folder | Modified Date = 07/05/2008 7:59:26 PM | Attr = ] migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 07/05/2008 7:59:28 PM | Attr = ] migwiz -> %SystemRoot%\System32\migwiz -> [Folder | Modified Date = 07/05/2008 7:59:20 PM | Attr = ] nb-NO -> %SystemRoot%\System32\nb-NO -> [Folder | Modified Date = 07/05/2008 7:59:22 PM | Attr = ] nl-NL -> %SystemRoot%\System32\nl-NL -> [Folder | Modified Date = 07/05/2008 7:59:22 PM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 07/05/2008 7:59:28 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 106838 bytes | Modified Date = 08/05/2008 6:42:57 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 602292 bytes | Modified Date = 08/05/2008 6:42:57 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 690960 bytes | Modified Date = 08/05/2008 6:42:57 PM | Attr = ] pl-PL -> %SystemRoot%\System32\pl-PL -> [Folder | Modified Date = 07/05/2008 7:59:26 PM | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 13/02/2008 11:29:19 PM | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 13/02/2008 11:29:21 PM | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 13/02/2008 11:29:22 PM | Attr = ] pt-BR -> %SystemRoot%\System32\pt-BR -> [Folder | Modified Date = 07/05/2008 7:59:20 PM | Attr = ] pt-PT -> %SystemRoot%\System32\pt-PT -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.45 | Size = 185944 bytes | Modified Date = 13/02/2008 11:29:45 PM | Attr = ] ro-RO -> %SystemRoot%\System32\ro-RO -> [Folder | Modified Date = 07/05/2008 7:59:25 PM | Attr = ] RTCOM -> %SystemRoot%\System32\RTCOM -> [Folder | Modified Date = 07/05/2008 7:51:59 PM | Attr = ] ru-RU -> %SystemRoot%\System32\ru-RU -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] setup -> %SystemRoot%\System32\setup -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] SLUI -> %SystemRoot%\System32\SLUI -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 02/05/2008 9:28:55 PM | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 20/02/2008 9:05:34 PM | Attr = ] sv-SE -> %SystemRoot%\System32\sv-SE -> [Folder | Modified Date = 07/05/2008 7:59:27 PM | Attr = ] sysprep -> %SystemRoot%\System32\sysprep -> [Folder | Modified Date = 07/05/2008 7:59:28 PM | Attr = ] Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 04/05/2008 11:17:00 AM | Attr = ] tr-TR -> %SystemRoot%\System32\tr-TR -> [Folder | Modified Date = 07/05/2008 7:59:23 PM | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 04/05/2008 11:16:42 AM | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.11 | Size = 28416 bytes | Modified Date = 04/04/2008 2:51:32 PM | Attr = ] WAH dir -> %SystemRoot%\System32\WAH dir -> [Folder | Modified Date = 23/02/2008 10:44:03 PM | Attr = ] WAH.scr -> %SystemRoot%\System32\WAH.scr -> ScreenTime Media [Ver = 3.5.4 | Size = 520192 bytes | Modified Date = 23/02/2008 10:43:55 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 07/05/2008 7:59:22 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 07/05/2008 7:59:31 PM | Attr = ] zh-CN -> %SystemRoot%\System32\zh-CN -> [Folder | Modified Date = 07/05/2008 7:59:26 PM | Attr = ] zh-TW -> %SystemRoot%\System32\zh-TW -> [Folder | Modified Date = 07/05/2008 7:59:26 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 07/05/2008 7:58:52 PM | Attr = ] 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 07/05/2008 8:42:12 PM | Attr = R S] Boot -> %SystemRoot%\Boot -> [Folder | Modified Date = 07/05/2008 7:58:44 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 08/05/2008 6:37:14 PM | Attr = S] bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 12 bytes | Modified Date = 07/05/2008 11:29:15 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 13/02/2008 8:38:57 PM | Attr = ] DigitalLocker -> %SystemRoot%\DigitalLocker -> [Folder | Modified Date = 07/05/2008 7:59:32 PM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 14/02/2008 1:20:05 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 09/04/2008 10:16:40 PM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 07/05/2008 7:59:37 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 02/05/2008 7:09:31 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 19/03/2008 8:14:10 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 18/02/2008 7:30:44 PM | Attr = ] HideWin.exe -> %SystemRoot%\HideWin.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.1 | Size = 315392 bytes | Modified Date = 09/03/2008 8:10:06 PM | Attr = ] IME -> %SystemRoot%\IME -> [Folder | Modified Date = 07/05/2008 7:59:32 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 08/05/2008 6:42:56 PM | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 07/05/2008 6:55:24 PM | Attr = HS] L2Schemas -> %SystemRoot%\L2Schemas -> [Folder | Modified Date = 07/05/2008 7:59:32 PM | Attr = ] LiveKernelReports -> %SystemRoot%\LiveKernelReports -> [Folder | Modified Date = 03/04/2008 10:52:00 PM | Attr = ] Logs -> %SystemRoot%\Logs -> [Folder | Modified Date = 12/02/2008 7:14:17 PM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 18/02/2008 7:29:15 PM | Attr = R S] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 202377473 bytes | Modified Date = 18/02/2008 9:25:33 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 07/05/2008 8:42:16 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 04/05/2008 11:23:49 AM | Attr = ] MSAgent -> %SystemRoot%\MSAgent -> [Folder | Modified Date = 07/05/2008 7:59:33 PM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 18/02/2008 7:30:50 PM | Attr = ] PCHEALTH -> %SystemRoot%\PCHEALTH -> [Folder | Modified Date = 12/02/2008 7:03:05 PM | Attr = ] PolicyDefinitions -> %SystemRoot%\PolicyDefinitions -> [Folder | Modified Date = 07/05/2008 7:59:31 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 08/05/2008 6:47:11 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 02/05/2008 7:13:42 PM | Attr = ] registration -> %SystemRoot%\registration -> [Folder | Modified Date = 02/05/2008 9:28:54 PM | Attr = ] rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 07/05/2008 8:20:13 PM | Attr = ] servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 07/05/2008 7:59:37 PM | Attr = ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 18/02/2008 7:28:15 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 13/02/2008 8:32:39 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 18/02/2008 7:26:09 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 215 bytes | Modified Date = 02/05/2008 7:12:31 PM | Attr = ] System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 08/05/2008 6:42:57 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 04/05/2008 11:28:38 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 08/05/2008 6:47:06 PM | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 35 bytes | Modified Date = 18/02/2008 7:30:44 PM | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 07/05/2008 8:08:36 PM | Attr = RH ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 07/05/2008 8:20:02 PM | Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 500 bytes | Modified Date = 08/05/2008 6:38:42 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 08/05/2008 6:37:20 PM | Attr = H ] User_Feed_Synchronization-{4C5FDE7D-CFE9-41B4-A61E-51F3522E9E50}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{4C5FDE7D-CFE9-41B4-A61E-51F3522E9E50}.job -> [Ver = | Size = 432 bytes | Modified Date = 07/05/2008 10:48:17 PM | Attr = H ] C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader -> [Folder | Modified Date = 02/11/2006 8:04:06 AM | Attr = ] qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 08/05/2008 6:43:12 PM | Attr = ] qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 08/05/2008 6:43:12 PM | Attr = ] C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData -> [Folder | Modified Date = 29/01/2008 2:53:16 PM | Attr = ] PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 21528 bytes | Modified Date = 07/05/2008 6:00:47 PM | Attr = ] PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 07/05/2008 6:00:47 PM | Attr = ] PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 07/05/2008 6:00:47 PM | Attr = ] PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 2400 bytes | Modified Date = 07/05/2008 6:00:47 PM | Attr = ] PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 2484 bytes | Modified Date = 07/05/2008 6:00:47 PM | Attr = ] PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 82360 bytes | Modified Date = 07/05/2008 6:00:47 PM | Attr = ] C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures -> [Folder | Modified Date = 28/01/2008 5:28:19 PM | Attr = ] Yanniv Perez.dat -> C:\ProgramData\Microsoft\User Account Pictures\Yanniv Perez.dat -> [Ver = | Size = 0 bytes | Modified Date = 28/01/2008 5:28:19 PM | Attr = ] C:\ProgramData\Microsoft\Works\ -> C:\ProgramData\Microsoft\Works -> [Folder | Modified Date = 28/01/2008 9:52:12 PM | Attr = ] wkcalcat.dat -> C:\ProgramData\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 28/01/2008 9:52:12 PM | Attr = ] wklntsk1.dat -> C:\ProgramData\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 155262 bytes | Modified Date = 28/01/2008 9:52:12 PM | Attr = ] C:\Users\Yanniv Perez\AppData\Local\Temp\ -> C:\Users\Yanniv Perez\AppData\Local\Temp -> [Folder | Modified Date = 08/05/2008 6:45:37 PM | Attr = ] SSUPDATE.EXE -> C:\Users\Yanniv Perez\AppData\Local\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 29/02/2008 4:03:44 PM | Attr = ] 6 C:\Users\Yanniv Perez\AppData\Local\Temp\*.tmp files -> C:\Users\Yanniv Perez\AppData\Local\Temp\*.tmp -> C:\Users\Yanniv Perez\AppData\Local\Temp\ -> C:\Users\Yanniv Perez\AppData\Local\Temp -> [Folder | Modified Date = 08/05/2008 6:45:37 PM | Attr = ] ~DMF3.ini -> C:\Users\Yanniv Perez\AppData\Local\Temp\~DMF3.ini -> [Ver = | Size = 138 bytes | Modified Date = 07/05/2008 7:36:02 PM | Attr = ] 6 C:\Users\Yanniv Perez\AppData\Local\Temp\*.tmp files -> C:\Users\Yanniv Perez\AppData\Local\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Adobe -> [Folder | Modified Date = 14/02/2008 1:12:22 AM | Attr = ] Apple -> %AllUsersProfile%\Apple -> [Folder | Modified Date = 22/04/2008 12:42:49 AM | Attr = ] Apple Computer -> %AllUsersProfile%\Apple Computer -> [Folder | Modified Date = 13/02/2008 10:34:40 PM | Attr = ] BM1981a7f5.xml -> %AllUsersProfile%\BM1981a7f5.xml -> [Ver = | Size = 109738 bytes | Modified Date = 02/05/2008 6:30:59 PM | Attr = ] Dell -> %AllUsersProfile%\Dell -> [Folder | Modified Date = 26/02/2008 6:31:57 PM | Attr = ] DVD Shrink -> %AllUsersProfile%\DVD Shrink -> [Folder | Modified Date = 22/04/2008 4:10:46 PM | Attr = ] Google -> %AllUsersProfile%\Google -> [Folder | Modified Date = 13/03/2008 6:31:20 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Modified Date = 03/05/2008 9:11:39 PM | Attr = ] Microsoft -> %AllUsersProfile%\Microsoft -> [Folder | Modified Date = 01/03/2008 9:01:45 PM | Attr = S] pskt.ini -> %AllUsersProfile%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 02/05/2008 6:55:28 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Modified Date = 07/05/2008 6:55:57 PM | Attr = ] TEMP -> %AllUsersProfile%\TEMP -> [Folder | Modified Date = 07/05/2008 7:33:09 PM | Attr = ] @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\TEMP:5C321E34 TuneUp Software -> %AllUsersProfile%\TuneUp Software -> [Folder | Modified Date = 04/05/2008 11:15:51 AM | Attr = ] WLInstaller -> %AllUsersProfile%\WLInstaller -> [Folder | Modified Date = 14/04/2008 8:26:33 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 21/02/2008 9:26:14 PM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 28/03/2008 4:46:16 PM | Attr = ] AutoPowerOn -> %AppData%\AutoPowerOn -> [Folder | Modified Date = 15/02/2008 1:08:22 AM | Attr = ] BearShare -> %AppData%\BearShare -> [Folder | Modified Date = 01/04/2008 8:20:31 PM | Attr = ] BitTorrent -> %AppData%\BitTorrent -> [Folder | Modified Date = 16/04/2008 11:51:25 PM | Attr = ] DAEMON Tools -> %AppData%\DAEMON Tools -> [Folder | Modified Date = 06/04/2008 1:40:43 PM | Attr = ] DataSafeOnline -> %AppData%\DataSafeOnline -> [Folder | Modified Date = 15/03/2008 10:38:31 PM | Attr = ] DNA -> %AppData%\DNA -> [Folder | Modified Date = 08/05/2008 6:49:29 PM | Attr = ] ErrorSmart -> %AppData%\ErrorSmart -> [Folder | Modified Date = 23/04/2008 11:01:11 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Modified Date = 12/02/2008 6:52:03 PM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 16/03/2008 12:11:52 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 03/05/2008 9:11:43 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 14/04/2008 6:30:31 PM | Attr = S] Microsoft Web Folders -> %AppData%\Microsoft Web Folders -> [Folder | Modified Date = 18/02/2008 7:26:26 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 21/03/2008 5:49:58 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 07/05/2008 6:55:15 PM | Attr = ] TuneUp Software -> %AppData%\TuneUp Software -> [Folder | Modified Date = 04/05/2008 11:16:38 AM | Attr = ] Uniblue -> %AppData%\Uniblue -> [Folder | Modified Date = 30/04/2008 5:50:24 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 18/02/2008 1:04:13 AM | Attr = ] Apple -> %UserProfile%\AppData\Local\Apple -> [Folder | Modified Date = 13/02/2008 10:33:23 PM | Attr = ] Apple Computer -> %UserProfile%\AppData\Local\Apple Computer -> [Folder | Modified Date = 28/03/2008 4:46:16 PM | Attr = ] Apps -> %UserProfile%\AppData\Local\Apps -> [Folder | Modified Date = 30/04/2008 10:42:26 PM | Attr = ] d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 1356 bytes | Modified Date = 04/05/2008 9:52:31 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 45056 bytes | Modified Date = 07/05/2008 11:23:55 PM | Attr = ] DNA -> %UserProfile%\AppData\Local\DNA -> [Folder | Modified Date = 09/03/2008 4:51:11 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 98176 bytes | Modified Date = 19/03/2008 8:14:53 PM | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 1819239 bytes | Modified Date = 07/05/2008 11:28:32 PM | Attr = H ] Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Modified Date = 24/04/2008 12:29:58 AM | Attr = ] Microsoft Games -> %UserProfile%\AppData\Local\Microsoft Games -> [Folder | Modified Date = 16/02/2008 10:21:22 PM | Attr = ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Modified Date = 08/05/2008 6:45:37 PM | Attr = ] desktop.ini -> %SystemDrive%\Users\Public\Documents\desktop.ini -> [Ver = | Size = 280 bytes | Modified Date = 07/05/2008 8:08:36 PM | Attr = HS] Yahoo -> %SystemDrive%\Users\Public\Documents\Yahoo -> [Folder | Modified Date = 19/03/2008 6:06:40 PM | Attr = ] 210px-Sugihara_b.jpg -> %UserProfile%\Documents\210px-Sugihara_b.jpg -> [Ver = | Size = 11530 bytes | Modified Date = 29/04/2008 9:56:55 PM | Attr = ] b-ball -> %UserProfile%\Documents\b-ball -> [Folder | Modified Date = 10/04/2008 10:06:39 PM | Attr = ] BMW_M3_Challenge -> %UserProfile%\Documents\BMW_M3_Challenge -> [Folder | Modified Date = 07/05/2008 7:41:34 PM | Attr = ] Capture..JPG -> %UserProfile%\Documents\Capture..JPG -> [Ver = | Size = 38479 bytes | Modified Date = 13/04/2008 9:56:22 PM | Attr = ] Contacts -> %UserProfile%\Documents\Contacts -> [Folder | Modified Date = 09/03/2008 7:57:03 PM | Attr = R ] Downloads -> %UserProfile%\Documents\Downloads -> [Folder | Modified Date = 14/04/2008 10:51:08 PM | Attr = ] DVDFab -> %UserProfile%\Documents\DVDFab -> [Folder | Modified Date = 22/04/2008 4:00:35 PM | Attr = ] Internet Explorer Wallpaper.bmp -> %UserProfile%\Documents\Internet Explorer Wallpaper.bmp -> [Ver = | Size = 5292054 bytes | Modified Date = 23/04/2008 11:19:26 PM | Attr = ] israel -> %UserProfile%\Documents\israel -> [Folder | Modified Date = 07/05/2008 6:56:05 PM | Attr = ] LimeWire -> %UserProfile%\Documents\LimeWire -> [Folder | Modified Date = 01/04/2008 9:01:37 PM | Attr = ] Lost Via Domus -> %UserProfile%\Documents\Lost Via Domus -> [Folder | Modified Date = 06/04/2008 2:00:56 PM | Attr = ] LOTR The Return of the King (tm) Data -> %UserProfile%\Documents\LOTR The Return of the King (tm) Data -> [Folder | Modified Date = 21/04/2008 10:08:28 PM | Attr = ] My Received Files -> %UserProfile%\Documents\My Received Files -> [Folder | Modified Date = 25/03/2008 8:35:34 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk -> [Ver = | Size = 503 bytes | Modified Date = 08/05/2008 6:41:29 PM | Attr = ] My Virtual Machines -> %UserProfile%\Documents\My Virtual Machines -> [Folder | Modified Date = 14/04/2008 6:30:54 PM | Attr = ] NBA -> %UserProfile%\Documents\NBA -> [Folder | Modified Date = 25/02/2008 8:22:24 PM | Attr = ] PHOTO 2007 -> %UserProfile%\Documents\PHOTO 2007 -> [Folder | Modified Date = 17/02/2008 8:04:19 PM | Attr = ] pourim -> %UserProfile%\Documents\pourim -> [Folder | Modified Date = 03/04/2008 11:05:35 PM | Attr = ] Programs -> %UserProfile%\Documents\Programs -> [Folder | Modified Date = 15/04/2008 10:04:38 PM | Attr = ] Recieved -> %UserProfile%\Documents\Recieved -> [Folder | Modified Date = 28/04/2008 5:48:39 PM | Attr = ] SANYO_PEX -> %UserProfile%\Documents\SANYO_PEX -> [Folder | Modified Date = 19/03/2008 8:38:11 PM | Attr = ] Ulead DVD MovieFactory 4.0 SE for SANYO -> %UserProfile%\Documents\Ulead DVD MovieFactory 4.0 SE for SANYO -> [Folder | Modified Date = 13/04/2008 9:23:27 PM | Attr = ] us-army_germany_1944-46_p36.jpg -> %UserProfile%\Documents\us-army_germany_1944-46_p36.jpg -> [Ver = | Size = 450580 bytes | Modified Date = 29/04/2008 9:37:38 PM | Attr = ] Yanniv -> %UserProfile%\Documents\Yanniv -> [Folder | Modified Date = 15/03/2008 11:23:33 PM | Attr = ] Adobe Reader 8.lnk -> %SystemDrive%\Users\Public\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1889 bytes | Modified Date = 14/02/2008 1:12:26 AM | Attr = ] desktop.ini -> %SystemDrive%\Users\Public\Desktop\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 07/05/2008 8:08:36 PM | Attr = HS] LOTR The Return of the King tm.lnk -> %SystemDrive%\Users\Public\Desktop\LOTR The Return of the King tm.lnk -> [Ver = | Size = 1983 bytes | Modified Date = 21/04/2008 10:01:16 PM | Attr = ] QuickTime Player.lnk -> %SystemDrive%\Users\Public\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1728 bytes | Modified Date = 13/02/2008 10:35:16 PM | Attr = ] RealPlayer.lnk -> %SystemDrive%\Users\Public\Desktop\RealPlayer.lnk -> [Ver = | Size = 1039 bytes | Modified Date = 13/02/2008 11:30:05 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 904 bytes | Modified Date = 07/05/2008 6:55:20 PM | Attr = ] Yahoo! Music Jukebox.lnk -> %SystemDrive%\Users\Public\Desktop\Yahoo! Music Jukebox.lnk -> [Ver = | Size = 2251 bytes | Modified Date = 14/02/2008 1:20:51 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1876 bytes | Modified Date = 02/05/2008 6:47:50 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 08/05/2008 6:46:34 PM | Attr = ] 2 C:\Users\Yanniv Perez\Desktop\*.tmp files -> C:\Users\Yanniv Perez\Desktop\*.tmp -> OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 543217 bytes | Modified Date = 08/05/2008 6:46:07 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Snipping Tool.lnk -> %UserProfile%\Desktop\Snipping Tool.lnk -> [Ver = | Size = 1658 bytes | Modified Date = 24/02/2008 2:40:37 PM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 814 bytes | Modified Date = 07/05/2008 6:52:48 PM | Attr = ] Virus -> %UserProfile%\Desktop\Virus -> [Folder | Modified Date = 07/05/2008 6:56:39 PM | Attr = ] VLC media player.lnk -> %UserProfile%\Desktop\VLC media player.lnk -> [Ver = | Size = 861 bytes | Modified Date = 18/02/2008 1:03:39 AM | Attr = ] desktop.ini -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 07/05/2008 8:08:36 PM | Attr = HS] Microsoft Office.lnk -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk -> [Ver = | Size = 1873 bytes | Modified Date = 18/02/2008 7:29:46 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 14/02/2008 1:12:25 AM | Attr = ] Designer -> %CommonProgramFiles%\Designer -> [Folder | Modified Date = 18/02/2008 7:29:24 PM | Attr = ] microsoft shared -> %CommonProgramFiles%\microsoft shared -> [Folder | Modified Date = 18/02/2008 7:29:31 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 13/02/2008 11:29:59 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 07/05/2008 7:59:37 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 12/02/2008 7:02:47 PM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 07/05/2008 6:54:01 PM | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 13/02/2008 11:30:22 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]