[code] OTScanIt logfile created on: 5/10/2008 1:02:41 PM OTScanIt by OldTimer - Version 1.0.14.0 Folder = C:\Users\JasonAmy\Desktop\OTScanIt Windows Vista (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16643) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1013.88 Mb Total Physical Memory | 346.83 Mb Available Physical Memory | 34.21% Memory free 2.23 Gb Paging File | 1.33 Gb Available in Paging File | 59.55% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69.59 Gb Total Space | 14.64 Gb Free Space | 21.04% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHEN-NOTEBOOK Current User Name: JasonAmy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107624 bytes | Modified Date = 11/22/2006 6:12:16 PM | Attr = ] tpfnf7sp.exe -> %ProgramFiles%\Lenovo\NPDIRECT\tpfnf7sp.exe -> [Ver = | Size = 56368 bytes | Modified Date = 12/21/2006 2:00:00 PM | Attr = ] pmhandler.exe -> %ProgramFiles%\Lenovo\PM Driver\PMHandler.exe -> Lenovo [Ver = 2, 3000, 0, 2 | Size = 34352 bytes | Modified Date = 6/5/2007 8:11:28 PM | Attr = ] tpwaudap.exe -> %ProgramFiles%\Lenovo\HOTKEY\TpWAudAp.exe -> [Ver = | Size = 54824 bytes | Modified Date = 9/6/2006 3:38:44 AM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 9.0.3 20Oct06 | Size = 815104 bytes | Modified Date = 10/22/2006 10:00:36 PM | Attr = ] rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1.0.0.9 | Size = 4018176 bytes | Modified Date = 11/20/2006 1:13:00 AM | Attr = ] igfxtray.exe -> %SystemRoot%\System32\igfxtray.exe -> Intel Corporation [Ver = 7.14.10.1114 | Size = 98304 bytes | Modified Date = 11/5/2006 8:02:32 PM | Attr = ] hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.1114 | Size = 106496 bytes | Modified Date = 11/5/2006 8:05:32 PM | Attr = ] igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1114 | Size = 81920 bytes | Modified Date = 11/5/2006 8:02:18 PM | Attr = ] scheduler_proxy.exe -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,112,0 | Size = 536576 bytes | Modified Date = 12/14/2006 2:23:50 AM | Attr = ] awaysch.exe -> %ProgramFiles%\Lenovo\AwayTask\AwaySch.EXE -> Lenovo Group Limited [Ver = 3, 0, 0, 0 | Size = 91688 bytes | Modified Date = 11/7/2006 6:51:20 AM | Attr = ] lpmgr.exe -> %ProgramFiles%\Lenovo\LenovoCare\LPMGR.EXE -> Lenovo Group Limited [Ver = 1, 0, 0, 2 | Size = 120368 bytes | Modified Date = 1/31/2007 1:01:00 PM | Attr = ] cssauth.exe -> %ProgramFiles%\Lenovo\Client Security Solution\cssauth.exe -> Lenovo Group Limited [Ver = 8.00.0117.00 | Size = 2614848 bytes | Modified Date = 12/13/2006 3:10:56 PM | Attr = ] actray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.31a | Size = 419376 bytes | Modified Date = 3/9/2007 5:23:18 PM | Attr = ] acwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.31a | Size = 120368 bytes | Modified Date = 3/9/2007 5:23:36 PM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107112 bytes | Modified Date = 11/22/2006 6:12:36 PM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 134808 bytes | Modified Date = 11/28/2006 7:34:38 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 1:10:26 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr = ] ipssvc.exe -> %SystemRoot%\System32\IPSSVC.EXE -> Lenovo Group Limited [Ver = 3, 0, 0, 0 | Size = 108080 bytes | Modified Date = 11/20/2006 1:10:04 AM | Attr = ] acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.31a | Size = 83504 bytes | Modified Date = 3/9/2007 5:23:02 PM | Attr = ] agrsmsvc.exe -> %SystemRoot%\System32\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 10/5/2006 12:10:12 AM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 30872 bytes | Modified Date = 11/28/2006 7:34:00 AM | Attr = ] dkservice.exe -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 9.0.545.0 | Size = 634988 bytes | Modified Date = 11/15/2006 7:20:46 PM | Attr = ] fnf5svc.exe -> %ProgramFiles%\Lenovo\HOTKEY\FnF5svc.exe -> Lenovo. [Ver = 1.00.2006 | Size = 54832 bytes | Modified Date = 11/10/2006 12:43:28 AM | Attr = ] pmsveh.exe -> %ProgramFiles%\Lenovo\PM Driver\PMSveH.exe -> Lenovo [Ver = 1, 0, 0, 8 | Size = 57344 bytes | Modified Date = 5/24/2006 4:33:32 PM | Attr = ] psiservice.exe -> %SystemRoot%\System32\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 11/2/2006 11:40:12 PM | Attr = ] savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.2.0.276 | Size = 122008 bytes | Modified Date = 11/28/2006 7:34:26 AM | Attr = ] suservice.exe -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> [Ver = 0.0.0.0 | Size = 11776 bytes | Modified Date = 12/15/2006 7:50:52 PM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 1962136 bytes | Modified Date = 11/28/2006 7:34:18 AM | Attr = ] tvt_reg_monitor_svc.exe -> %CommonProgramFiles%\Lenovo\tvt_reg_monitor_svc.exe -> Lenovo Group Limited [Ver = 1.20.0111.00 | Size = 644672 bytes | Modified Date = 12/13/2006 2:43:16 PM | Attr = ] tphksvc.exe -> %ProgramFiles%\Lenovo\HOTKEY\TPHKSVC.exe -> [Ver = | Size = 55928 bytes | Modified Date = 10/13/2006 12:08:56 AM | Attr = ] tvttcsd.exe -> %ProgramFiles%\Lenovo\Client Security Solution\tvttcsd.exe -> IBM [Ver = 1,1,3,107 | Size = 722496 bytes | Modified Date = 12/13/2006 2:52:44 PM | Attr = ] rrpservice.exe -> %ProgramFiles%\Lenovo\Rescue and Recovery\rrpservice.exe -> [Ver = 4,0,118,0 | Size = 569344 bytes | Modified Date = 12/14/2006 2:13:02 AM | Attr = ] rrservice.exe -> %ProgramFiles%\Lenovo\Rescue and Recovery\rrservice.exe -> Lenovo Group Limited [Ver = 4,0,118,0 | Size = 950272 bytes | Modified Date = 12/14/2006 2:11:14 AM | Attr = ] tvtsched.exe -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,112,0 | Size = 1118208 bytes | Modified Date = 12/14/2006 2:23:42 AM | Attr = ] acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.31a | Size = 194096 bytes | Modified Date = 3/9/2007 5:23:08 PM | Attr = ] logmon.exe -> %CommonProgramFiles%\Lenovo\Logger\logmon.exe -> [Ver = | Size = 22016 bytes | Modified Date = 12/14/2006 1:59:04 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 1:10:16 PM | Attr = ] dkicon.exe -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkIcon.exe -> Diskeeper Corporation [Ver = 9.0.545.0 | Size = 217176 bytes | Modified Date = 11/15/2006 7:21:56 PM | Attr = ] svcguihlpr.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> Lenovo [Ver = 4.31a | Size = 124464 bytes | Modified Date = 3/9/2007 5:24:04 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 5/9/2008 9:51:12 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.31a | Size = 83504 bytes | Modified Date = 3/9/2007 5:23:02 PM | Attr = ] (AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.31a | Size = 194096 bytes | Modified Date = 3/9/2007 5:23:08 PM | Attr = ] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 3/29/2008 8:57:23 PM | Attr = ] (AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> %SystemRoot%\System32\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 10/5/2006 12:10:12 AM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107624 bytes | Modified Date = 11/22/2006 6:12:16 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107624 bytes | Modified Date = 11/22/2006 6:12:16 PM | Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107624 bytes | Modified Date = 11/22/2006 6:12:16 PM | Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 30872 bytes | Modified Date = 11/28/2006 7:34:00 AM | Attr = ] (Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 9.0.545.0 | Size = 634988 bytes | Modified Date = 11/15/2006 7:20:46 PM | Attr = ] (DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found (FNF5SVC) Fn+F5 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\HOTKEY\FnF5svc.exe -> Lenovo. [Ver = 1.00.2006 | Size = 54832 bytes | Modified Date = 11/10/2006 12:43:28 AM | Attr = ] (gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.699.25363.beta | Size = 135608 bytes | Modified Date = 12/4/2006 12:53:55 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 4:06:04 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 1:10:16 PM | Attr = ] (IPSSVC) IPS Core Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\IPSSVC.EXE -> Lenovo Group Limited [Ver = 3, 0, 0, 0 | Size = 108080 bytes | Modified Date = 11/20/2006 1:10:04 AM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.26 | Size = 2541248 bytes | Modified Date = 10/31/2006 11:32:09 AM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found (PMSveH) PMSveH [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\PM Driver\PMSveH.exe -> Lenovo [Ver = 1, 0, 0, 8 | Size = 57344 bytes | Modified Date = 5/24/2006 4:33:32 PM | Attr = ] (ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\System32\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 11/2/2006 11:40:12 PM | Attr = ] (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found (SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.2.0.276 | Size = 122008 bytes | Modified Date = 11/28/2006 7:34:26 AM | Attr = ] (SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found (SUService) System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> [Ver = 0.0.0.0 | Size = 11776 bytes | Modified Date = 12/15/2006 7:50:52 PM | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 1962136 bytes | Modified Date = 11/28/2006 7:34:18 AM | Attr = ] (ThinkVantage Registry Monitor Service) ThinkVantage Registry Monitor Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\tvt_reg_monitor_svc.exe -> Lenovo Group Limited [Ver = 1.20.0111.00 | Size = 644672 bytes | Modified Date = 12/13/2006 2:43:16 PM | Attr = ] (TPHKSVC) On Screen Display [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\HOTKEY\TPHKSVC.exe -> [Ver = | Size = 55928 bytes | Modified Date = 10/13/2006 12:08:56 AM | Attr = ] (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found (TSSCoreService) TSS Core Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\Client Security Solution\tvttcsd.exe -> IBM [Ver = 1,1,3,107 | Size = 722496 bytes | Modified Date = 12/13/2006 2:52:44 PM | Attr = ] (TVT Backup Protection Service) TVT Backup Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\Rescue and Recovery\rrpservice.exe -> [Ver = 4,0,118,0 | Size = 569344 bytes | Modified Date = 12/14/2006 2:13:02 AM | Attr = ] (TVT Backup Service) TVT Backup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\Rescue and Recovery\rrservice.exe -> Lenovo Group Limited [Ver = 4,0,118,0 | Size = 950272 bytes | Modified Date = 12/14/2006 2:11:14 AM | Attr = ] (TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,112,0 | Size = 1118208 bytes | Modified Date = 12/14/2006 2:23:42 AM | Attr = ] (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found ACTray -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe [C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe] -> Lenovo [Ver = 4.31a | Size = 419376 bytes | Modified Date = 3/9/2007 5:23:18 PM | Attr = ] ACWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe [C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe] -> Lenovo [Ver = 4.31a | Size = 120368 bytes | Modified Date = 3/9/2007 5:23:36 PM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] AMSG -> %ProgramFiles%\ThinkVantage\AMSG\Amsg.exe [C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup] -> LENOVO [Ver = 3, 0, 0, 0 | Size = 493104 bytes | Modified Date = 12/21/2006 5:51:04 AM | Attr = ] AwaySch -> %ProgramFiles%\Lenovo\AwayTask\AwaySch.EXE [C:\Program Files\Lenovo\AwayTask\AwaySch.EXE] -> Lenovo Group Limited [Ver = 3, 0, 0, 0 | Size = 91688 bytes | Modified Date = 11/7/2006 6:51:20 AM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107112 bytes | Modified Date = 11/22/2006 6:12:36 PM | Attr = ] cssauth -> %ProgramFiles%\Lenovo\Client Security Solution\cssauth.exe ["C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent] -> Lenovo Group Limited [Ver = 8.00.0117.00 | Size = 2614848 bytes | Modified Date = 12/13/2006 3:10:56 PM | Attr = ] DiskeeperSystray -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkIcon.exe ["C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"] -> Diskeeper Corporation [Ver = 9.0.545.0 | Size = 217176 bytes | Modified Date = 11/15/2006 7:21:56 PM | Attr = ] HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> Intel Corporation [Ver = 6.14.10.1114 | Size = 106496 bytes | Modified Date = 11/5/2006 8:05:32 PM | Attr = ] IgfxTray -> %SystemRoot%\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> Intel Corporation [Ver = 7.14.10.1114 | Size = 98304 bytes | Modified Date = 11/5/2006 8:02:32 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 1:10:26 PM | Attr = ] LenovoOobeOffers -> %SystemDrive%\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"] -> Lenovo [Ver = 1.0.0.0 | Size = 28672 bytes | Modified Date = 12/29/2006 1:01:22 PM | Attr = ] LPManager -> %ProgramFiles%\Lenovo\LenovoCare\LPMGR.EXE [C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe] -> Lenovo Group Limited [Ver = 1, 0, 0, 2 | Size = 120368 bytes | Modified Date = 1/31/2007 1:01:00 PM | Attr = ] Persistence -> %SystemRoot%\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> Intel Corporation [Ver = 7.14.10.1114 | Size = 81920 bytes | Modified Date = 11/5/2006 8:02:18 PM | Attr = ] PMHandler -> %ProgramFiles%\Lenovo\PM Driver\PMHandler.exe [C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe] -> Lenovo [Ver = 2, 3000, 0, 2 | Size = 34352 bytes | Modified Date = 6/5/2007 8:11:28 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 11:56:54 AM | Attr = ] RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1.0.0.9 | Size = 4018176 bytes | Modified Date = 11/20/2006 1:13:00 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 9.0.3 20Oct06 | Size = 815104 bytes | Modified Date = 10/22/2006 10:00:36 PM | Attr = ] TPFNF7 -> %ProgramFiles%\Lenovo\NPDIRECT\tpfnf7sp.exe [C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r] -> [Ver = | Size = 56368 bytes | Modified Date = 12/21/2006 2:00:00 PM | Attr = ] TPWAUDAP -> %ProgramFiles%\Lenovo\HOTKEY\TpWAudAp.exe [C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe] -> [Ver = | Size = 54824 bytes | Modified Date = 9/6/2006 3:38:44 AM | Attr = ] TVT Scheduler Proxy -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe [C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe] -> Lenovo Group Limited [Ver = 4,0,112,0 | Size = 536576 bytes | Modified Date = 12/14/2006 2:23:50 AM | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.2.0.276 | Size = 134808 bytes | Modified Date = 11/28/2006 7:34:38 AM | Attr = ] Windows Defender -> [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003] > -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1114 | Size = 212992 bytes | Modified Date = 11/5/2006 8:00:48 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003] > -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> TORiSAN CD-ROM CDR_C36 -> -> File not found NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\Windows\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 11/2/2006 4:51:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____\5&8a2f32b&0&1.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 5:43:36 PM | Attr = ] < HOSTS File > (238972 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> ::1 localhost -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR -> HKEY_CURRENT_USER\: Main\\Search Page -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\] > -> -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\: Main\\Search Bar -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\: Main\\Search Page -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\: Main\\Start Page -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\: SearchURL\\ -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4422 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4422 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4422 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4422 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\] > -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4422 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\] > -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {0045D4BC-5189-4b67-969C-83BB1906C421}:{0FE81B52-73FA-425F-8F06-3F32451AC73F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [ThinkVantage Password Manager...] -> Lenovo Group Limited [Ver = 2.1.0 | Size = 796224 bytes | Modified Date = 12/13/2006 3:18:44 PM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Open with WordPerfect -> %ProgramFiles%\WordPerfect Office X3\Programs\WPLauncher.hta -> [Ver = | Size = 2506 bytes | Modified Date = 6/21/2005 6:54:18 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\] > -> HKEY_USERS\S-1-5-21-2082384514-563400761-2671063600-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Open with WordPerfect -> %ProgramFiles%\WordPerfect Office X3\Programs\WPLauncher.hta -> [Ver = | Size = 2506 bytes | Modified Date = 6/21/2005 6:54:18 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1200F424-0959-42FA-94FB-E57B2BD2A8A9} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {D0095879-C136-448E-9EAF-A447C8DA05BD} -> (Broadcom 802.11g Network Adapter) -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> [Files/Folders - Created Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 5/9/2008 10:10:29 PM | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 5/8/2008 7:38:59 AM | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 5/8/2008 7:38:59 AM | Attr = RHS] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 5/9/2008 10:06:24 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 5/9/2008 12:06:14 AM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 27048 bytes | Created Date = 5/9/2008 12:06:14 AM | Attr = ] agremove.exe -> %SystemRoot%\System32\agremove.exe -> Absolute Software Corp. [Ver = 0, 0, 0, 0 | Size = 44544 bytes | Created Date = 3/10/2008 8:02:29 PM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Created Date = 2/13/2008 1:39:46 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/7/2008 11:05:13 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/7/2008 11:05:13 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/7/2008 11:05:13 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 5/9/2008 10:10:37 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 361 bytes | Created Date = 5/8/2008 1:02:37 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe Systems -> %AllUsersProfile%\Adobe Systems -> [Folder | Created Date = 3/29/2008 9:06:27 PM | Attr = ] BM557eaee7.xml -> %AllUsersProfile%\BM557eaee7.xml -> [Ver = | Size = 109803 bytes | Created Date = 5/8/2008 11:59:11 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Created Date = 5/9/2008 12:06:15 AM | Attr = ] pskt.ini -> %AllUsersProfile%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 5/8/2008 11:59:11 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy -> [Folder | Created Date = 5/8/2008 12:24:33 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Created Date = 5/9/2008 12:45:58 AM | Attr = ] Download Manager -> %AppData%\Download Manager -> [Folder | Created Date = 5/9/2008 12:30:12 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 5/9/2008 12:06:25 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 5/9/2008 12:43:20 AM | Attr = ] Adobe -> %UserProfile%\AppData\Local\Adobe -> [Folder | Created Date = 5/9/2008 12:42:38 PM | Attr = ] Apple -> %UserProfile%\AppData\Local\Apple -> [Folder | Created Date = 5/9/2008 8:54:38 AM | Attr = ] Adobe PDF -> %SystemDrive%\Users\Public\Documents\Adobe PDF -> [Folder | Created Date = 3/29/2008 8:57:45 PM | Attr = ] Behaviorism.ppt -> %UserProfile%\Documents\Behaviorism.ppt -> [Ver = | Size = 663552 bytes | Created Date = 2/24/2008 9:30:24 PM | Attr = ] DVDFab -> %UserProfile%\Documents\DVDFab -> [Folder | Created Date = 2/15/2008 12:36:07 AM | Attr = ] Updater -> %UserProfile%\Documents\Updater -> [Folder | Created Date = 3/29/2008 9:10:09 PM | Attr = ] 303WeeklyPlanSPRING2008.REV2.doc -> %UserProfile%\Desktop\303WeeklyPlanSPRING2008.REV2.doc -> [Ver = | Size = 75776 bytes | Created Date = 3/2/2008 12:21:05 AM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 5/9/2008 10:07:52 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier Malware Stuff -> %UserProfile%\Desktop\Malware Stuff -> [Folder | Created Date = 5/9/2008 2:39:09 PM | Attr = ] NSCLC Articles -> %UserProfile%\Desktop\NSCLC Articles -> [Folder | Created Date = 5/9/2008 9:16:43 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Created Date = 5/9/2008 10:04:52 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 5/10/2008 1:00:13 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 543023 bytes | Created Date = 5/10/2008 12:59:47 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Pajares Articles -> %UserProfile%\Desktop\Pajares Articles -> [Folder | Created Date = 2/23/2008 2:43:22 AM | Attr = ] Pajares.Data -> %UserProfile%\Desktop\Pajares.Data -> [Folder | Created Date = 2/23/2008 2:47:37 AM | Attr = ] Pajares.enl -> %UserProfile%\Desktop\Pajares.enl -> [Ver = | Size = 45822 bytes | Created Date = 2/23/2008 2:47:37 AM | Attr = ] StereotypeThreatACTIVITY-LABELS.doc -> %UserProfile%\Desktop\StereotypeThreatACTIVITY-LABELS.doc -> [Ver = | Size = 43008 bytes | Created Date = 4/15/2008 11:05:59 PM | Attr = ] StereotypeThreatActivityAfter.doc -> %UserProfile%\Desktop\StereotypeThreatActivityAfter.doc -> [Ver = | Size = 30720 bytes | Created Date = 4/15/2008 11:02:26 PM | Attr = ] StereotypeThreatActivityBefore.doc -> %UserProfile%\Desktop\StereotypeThreatActivityBefore.doc -> [Ver = | Size = 30720 bytes | Created Date = 4/15/2008 10:59:58 PM | Attr = ] Teaching to the Testosterone.NYT.3.2.2008.doc -> %UserProfile%\Desktop\Teaching to the Testosterone.NYT.3.2.2008.doc -> [Ver = | Size = 77824 bytes | Created Date = 3/2/2008 8:32:43 PM | Attr = ] Tompkins1990.pdf -> %UserProfile%\Desktop\Tompkins1990.pdf -> [Ver = | Size = 221757 bytes | Created Date = 4/11/2008 12:53:28 AM | Attr = ] Adobe Gamma.lnk -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk -> [Ver = | Size = 1180 bytes | Created Date = 3/29/2008 8:57:58 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 3/13/2008 4:22:50 PM | Attr = ] Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Created Date = 3/29/2008 8:57:23 PM | Attr = ] Adobe -> %ProgramFiles%\Adobe -> [Folder | Created Date = 3/13/2008 4:22:50 PM | Attr = ] DVDFab HD Decrypter 4 -> %ProgramFiles%\DVDFab HD Decrypter 4 -> [Folder | Created Date = 2/15/2008 12:16:10 AM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 5/9/2008 12:06:13 AM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 5/9/2008 12:17:27 PM | Attr = ] Photoshop CS2 -> %ProgramFiles%\Photoshop CS2 -> [Folder | Created Date = 3/29/2008 8:48:50 PM | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 5/8/2008 12:24:33 AM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 5/9/2008 12:43:20 AM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 5/9/2008 1:51:13 PM | Attr = ] uninstall.dat -> %ProgramFiles%\uninstall.dat -> [Ver = | Size = 0 bytes | Created Date = 5/8/2008 3:46:43 PM | Attr = ] Uninstall.exe -> %ProgramFiles%\Uninstall.exe -> $PROGRAMNAME [Ver = 1.0.0.1 | Size = 62910 bytes | Created Date = 5/8/2008 3:46:43 PM | Attr = ] [Files/Folders - Modified Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 5/9/2008 10:10:29 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063772160 bytes | Modified Date = 5/10/2008 12:40:19 PM | Attr = HS] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 5/8/2008 7:38:59 AM | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 5/8/2008 7:38:59 AM | Attr = RHS] NEW -> %SystemDrive%\NEW -> [Folder | Modified Date = 5/8/2008 3:34:43 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/9/2008 1:51:13 PM | Attr = R ] ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 5/9/2008 12:45:58 AM | Attr = H ] SWSHARE -> %SystemDrive%\SWSHARE -> [Folder | Modified Date = 5/9/2008 1:48:52 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 5/10/2008 12:49:02 PM | Attr = HS] Windows -> %SystemRoot% -> [Folder | Modified Date = 5/9/2008 10:10:37 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 5/9/2008 10:06:24 PM | Attr = ] en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 2/13/2008 9:37:36 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 5/8/2008 7:38:44 AM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 238972 bytes | Modified Date = 5/8/2008 7:38:44 AM | Attr = R ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 5/5/2008 8:46:32 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 27048 bytes | Modified Date = 5/5/2008 8:46:36 PM | Attr = ] 1A733FF93C.sys -> %SystemRoot%\System32\1A733FF93C.sys -> [Ver = | Size = 88 bytes | Modified Date = 3/29/2008 5:49:12 PM | Attr = RHS] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3456 bytes | Modified Date = 5/10/2008 12:40:34 PM | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3456 bytes | Modified Date = 5/10/2008 12:40:34 PM | Attr = H ] agremove.exe -> %SystemRoot%\System32\agremove.exe -> Absolute Software Corp. [Ver = 0, 0, 0, 0 | Size = 44544 bytes | Modified Date = 3/10/2008 8:02:34 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 3/30/2008 4:25:30 PM | Attr = ] catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 4/12/2008 12:44:07 AM | Attr = ] catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 5/10/2008 12:41:22 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 5/9/2008 12:22:07 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 4/12/2008 12:40:28 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 388528 bytes | Modified Date = 4/12/2008 12:43:01 AM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 3/30/2008 5:58:40 PM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 2/13/2008 1:39:47 AM | Attr = ] IPSCtrl.INI -> %SystemRoot%\System32\IPSCtrl.INI -> [Ver = | Size = 480 bytes | Modified Date = 5/10/2008 12:41:10 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 2:23:35 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 2:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 3:33:32 AM | Attr = ] KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys -> [Ver = | Size = 4704 bytes | Modified Date = 3/30/2008 5:58:37 PM | Attr = HS] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 3/1/2008 11:27:48 AM | Attr = ] mapisvc.inf -> %SystemRoot%\System32\mapisvc.inf -> [Ver = | Size = 1447 bytes | Modified Date = 2/13/2008 1:42:51 AM | Attr = ] migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 4/12/2008 12:40:25 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 122390 bytes | Modified Date = 5/9/2008 8:04:10 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 668260 bytes | Modified Date = 5/9/2008 8:04:10 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 786636 bytes | Modified Date = 5/9/2008 8:04:09 AM | Attr = ] PROCDB.INI -> %SystemRoot%\System32\PROCDB.INI -> [Ver = | Size = 25341 bytes | Modified Date = 5/10/2008 12:41:10 PM | Attr = ] Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 5/7/2008 11:51:03 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/12/2008 12:40:24 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2/13/2008 1:45:00 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 5/10/2008 12:40:25 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/9/2008 10:12:04 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 5/9/2008 10:10:37 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/9/2008 8:04:09 AM | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/9/2008 12:43:31 AM | Attr = HS] Logs -> %SystemRoot%\Logs -> [Folder | Modified Date = 4/4/2008 11:43:28 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2/13/2008 1:45:10 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/10/2008 1:00:58 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/10/2008 12:40:49 PM | Attr = H ] rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 4/12/2008 1:01:03 AM | Attr = ] servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 2/14/2008 1:54:36 PM | Attr = ] System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 5/10/2008 12:58:22 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/10/2008 1:00:50 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 361 bytes | Modified Date = 5/8/2008 5:06:20 PM | Attr = ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 4/12/2008 12:44:28 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/10/2008 12:40:34 PM | Attr = H ] C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys -> [Folder | Modified Date = 5/10/2008 12:46:19 PM | Attr = ] capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> [Ver = | Size = 8 bytes | Modified Date = 8/10/2007 9:23:07 AM | Attr = ] C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader -> [Folder | Modified Date = 11/2/2006 9:04:24 AM | Attr = ] qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6577 bytes | Modified Date = 5/8/2008 11:42:41 PM | Attr = ] qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 5/8/2008 11:42:41 PM | Attr = ] C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 8/19/2007 10:06:00 PM | Attr = ] opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8492 bytes | Modified Date = 5/9/2008 10:49:50 AM | Attr = ] C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData -> [Folder | Modified Date = 8/20/2007 7:44:59 PM | Attr = ] PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 8832 bytes | Modified Date = 5/10/2008 12:06:06 AM | Attr = ] PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 5/10/2008 12:06:06 AM | Attr = ] PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 5/10/2008 12:06:06 AM | Attr = ] PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 6360 bytes | Modified Date = 5/10/2008 12:06:05 AM | Attr = ] PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 3312 bytes | Modified Date = 5/10/2008 12:06:06 AM | Attr = ] PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 108488 bytes | Modified Date = 5/10/2008 12:06:06 AM | Attr = ] C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures -> [Folder | Modified Date = 8/16/2007 8:51:53 PM | Attr = ] JasonAmy.dat -> C:\ProgramData\Microsoft\User Account Pictures\JasonAmy.dat -> [Ver = | Size = 0 bytes | Modified Date = 8/16/2007 8:51:53 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Adobe -> [Folder | Modified Date = 3/29/2008 8:55:08 PM | Attr = ] Adobe Systems -> %AllUsersProfile%\Adobe Systems -> [Folder | Modified Date = 3/29/2008 9:06:27 PM | Attr = ] BM557eaee7.xml -> %AllUsersProfile%\BM557eaee7.xml -> [Ver = | Size = 109803 bytes | Modified Date = 5/8/2008 11:59:12 PM | Attr = ] DVD Shrink -> %AllUsersProfile%\DVD Shrink -> [Folder | Modified Date = 5/8/2008 3:34:23 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Modified Date = 5/9/2008 12:06:15 AM | Attr = ] Microsoft Help -> %AllUsersProfile%\Microsoft Help -> [Folder | Modified Date = 4/11/2008 10:12:51 PM | Attr = ] pskt.ini -> %AllUsersProfile%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 5/8/2008 11:59:19 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy -> [Folder | Modified Date = 5/9/2008 12:11:55 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Modified Date = 5/9/2008 12:45:58 AM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 4/17/2008 12:04:17 AM | Attr = ] CopyToDvd -> %AppData%\CopyToDvd -> [Folder | Modified Date = 5/8/2008 11:58:14 PM | Attr = ] Corel -> %AppData%\Corel -> [Folder | Modified Date = 3/30/2008 4:25:27 PM | Attr = ] Download Manager -> %AppData%\Download Manager -> [Folder | Modified Date = 5/9/2008 12:30:12 AM | Attr = ] EndNote -> %AppData%\EndNote -> [Folder | Modified Date = 3/29/2008 8:21:52 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 5/9/2008 12:06:25 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 5/9/2008 12:43:20 AM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 4/27/2008 6:00:00 PM | Attr = ] Vso -> %AppData%\Vso -> [Folder | Modified Date = 5/8/2008 11:58:14 PM | Attr = ] Adobe -> %UserProfile%\AppData\Local\Adobe -> [Folder | Modified Date = 5/9/2008 12:43:04 PM | Attr = ] Apple -> %UserProfile%\AppData\Local\Apple -> [Folder | Modified Date = 5/9/2008 8:54:38 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 11776 bytes | Modified Date = 4/4/2008 8:03:56 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 109272 bytes | Modified Date = 3/30/2008 4:13:05 PM | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 2671074 bytes | Modified Date = 5/10/2008 1:39:23 AM | Attr = H ] Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Modified Date = 4/4/2008 12:56:47 AM | Attr = ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Modified Date = 5/10/2008 12:51:54 PM | Attr = ] Adobe PDF -> %SystemDrive%\Users\Public\Documents\Adobe PDF -> [Folder | Modified Date = 3/29/2008 8:57:51 PM | Attr = ] 1Jason -> %UserProfile%\Documents\1Jason -> [Folder | Modified Date = 2/12/2008 1:42:54 AM | Attr = ] Behaviorism.ppt -> %UserProfile%\Documents\Behaviorism.ppt -> [Ver = | Size = 663552 bytes | Modified Date = 2/24/2008 9:30:27 PM | Attr = ] DVDFab -> %UserProfile%\Documents\DVDFab -> [Folder | Modified Date = 2/15/2008 12:38:10 AM | Attr = ] Updater -> %UserProfile%\Documents\Updater -> [Folder | Modified Date = 3/29/2008 9:24:04 PM | Attr = ] 303WeeklyPlanSPRING2008.REV2.doc -> %UserProfile%\Desktop\303WeeklyPlanSPRING2008.REV2.doc -> [Ver = | Size = 75776 bytes | Modified Date = 3/2/2008 12:21:07 AM | Attr = ] Baby Stuff -> %UserProfile%\Desktop\Baby Stuff -> [Folder | Modified Date = 3/17/2008 9:29:57 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 5/9/2008 10:07:59 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier Malware Stuff -> %UserProfile%\Desktop\Malware Stuff -> [Folder | Modified Date = 5/10/2008 12:41:05 PM | Attr = ] NSCLC Articles -> %UserProfile%\Desktop\NSCLC Articles -> [Folder | Modified Date = 5/9/2008 9:20:03 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Modified Date = 5/9/2008 10:04:58 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 5/10/2008 1:00:13 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 543023 bytes | Modified Date = 5/10/2008 12:59:57 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Pajares Articles -> %UserProfile%\Desktop\Pajares Articles -> [Folder | Modified Date = 2/23/2008 2:54:15 AM | Attr = ] Pajares.Data -> %UserProfile%\Desktop\Pajares.Data -> [Folder | Modified Date = 2/23/2008 2:47:37 AM | Attr = ] Pajares.enl -> %UserProfile%\Desktop\Pajares.enl -> [Ver = | Size = 45822 bytes | Modified Date = 2/23/2008 2:57:45 AM | Attr = ] StereotypeThreatACTIVITY-LABELS.doc -> %UserProfile%\Desktop\StereotypeThreatACTIVITY-LABELS.doc -> [Ver = | Size = 43008 bytes | Modified Date = 4/15/2008 11:06:00 PM | Attr = ] StereotypeThreatActivityAfter.doc -> %UserProfile%\Desktop\StereotypeThreatActivityAfter.doc -> [Ver = | Size = 30720 bytes | Modified Date = 4/15/2008 11:02:27 PM | Attr = ] StereotypeThreatActivityBefore.doc -> %UserProfile%\Desktop\StereotypeThreatActivityBefore.doc -> [Ver = | Size = 30720 bytes | Modified Date = 4/15/2008 11:00:05 PM | Attr = ] Teaching to the Testosterone.NYT.3.2.2008.doc -> %UserProfile%\Desktop\Teaching to the Testosterone.NYT.3.2.2008.doc -> [Ver = | Size = 77824 bytes | Modified Date = 3/2/2008 8:32:44 PM | Attr = ] Tompkins1990.pdf -> %UserProfile%\Desktop\Tompkins1990.pdf -> [Ver = | Size = 221757 bytes | Modified Date = 4/11/2008 12:53:28 AM | Attr = ] Adobe Gamma.lnk -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk -> [Ver = | Size = 1180 bytes | Modified Date = 3/29/2008 8:57:58 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 3/29/2008 8:57:56 PM | Attr = ] Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Modified Date = 3/29/2008 8:57:23 PM | Attr = ] Corel -> %CommonProgramFiles%\Corel -> [Folder | Modified Date = 3/30/2008 4:25:18 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 5/9/2008 12:42:29 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]