[code] OTScanIt logfile created on: 6/14/2008 9:08:39 PM OTScanIt by OldTimer - Version 1.0.15.15 Folder = C:\Documents and Settings\Daniel Ristvedt\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.42 Mb Total Physical Memory | 564.91 Mb Available Physical Memory | 55.63% Memory free 2.39 Gb Paging File | 1.79 Gb Available in Paging File | 74.90% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.54 Gb Total Space | 89.30 Gb Free Space | 80.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DEEJ Current User Name: Daniel Ristvedt Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 86016 bytes | Modified Date = 7/23/2005 12:40:54 AM | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 372809 bytes | Modified Date = 7/23/2005 12:43:46 AM | Attr = ] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 3/24/2006 5:14:58 PM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 3/24/2006 5:14:52 PM | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 4/11/2006 5:13:38 PM | Attr = ] aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/4/2007 7:04:36 PM | Attr = ] aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 3:54:12 PM | Attr = ] cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 31472 bytes | Modified Date = 6/15/2006 1:40:16 AM | Attr = ] dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 3:33:00 AM | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 139264 bytes | Modified Date = 7/23/2005 12:40:16 AM | Attr = ] savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.4.4000 | Size = 115952 bytes | Modified Date = 6/15/2006 1:40:28 AM | Attr = ] swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/12/2005 8:14:42 PM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 1805552 bytes | Modified Date = 6/15/2006 1:40:24 AM | Attr = ] tappsrv.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 10M | Size = 35328 bytes | Modified Date = 8/10/2005 1:15:50 PM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:18 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 401408 bytes | Modified Date = 7/23/2005 12:46:52 AM | Attr = ] 1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 2, 11 | Size = 245760 bytes | Modified Date = 7/23/2005 12:41:58 AM | Attr = ] cfsserv.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSServ.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 115 | Size = 798720 bytes | Modified Date = 7/29/2005 5:31:56 PM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 124656 bytes | Modified Date = 6/15/2006 1:40:34 AM | Attr = ] tvstray.exe -> %ProgramFiles%\TOSHIBA\Tvs\TvsTray.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 6 | Size = 73728 bytes | Modified Date = 11/10/2005 1:24:50 PM | Attr = ] thotkey.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe -> TOSHIBA [Ver = 1.00.0008 | Size = 352256 bytes | Modified Date = 11/23/2005 7:32:12 PM | Attr = ] tfncky.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.14.00 | Size = 114688 bytes | Modified Date = 10/25/2004 6:23:10 PM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.1 15Nov05 | Size = 761947 bytes | Modified Date = 11/15/2005 6:54:34 PM | Attr = ] smoothview.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 4/26/2005 7:13:20 PM | Attr = ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.2.6 | Size = 15473664 bytes | Modified Date = 11/10/2005 2:14:06 PM | Attr = ] pinger.exe -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 8:37:26 PM | Attr = ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4332 | Size = 114688 bytes | Modified Date = 6/8/2005 1:03:08 PM | Attr = ] ndstray.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 17 | Size = 978944 bytes | Modified Date = 8/6/2005 5:18:38 AM | Attr = ] ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.76 | Size = 188416 bytes | Modified Date = 5/19/2005 10:57:36 AM | Attr = ] ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 385024 bytes | Modified Date = 7/23/2005 12:47:12 AM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4332 | Size = 77824 bytes | Modified Date = 6/8/2005 12:59:06 PM | Attr = ] dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.10.15a | Size = 122940 bytes | Modified Date = 8/1/2005 7:10:00 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 3/24/2006 5:14:48 PM | Attr = ] agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 10/15/2005 9:29:08 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] toscdspd.exe -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr = ] aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 11:15:06 AM | Attr = ] ccaagent.exe -> %ProgramFiles%\Cisco Systems\Clean Access Agent\CCAAgent.exe -> Cisco Systems, Inc [Ver = 3.06.0004 | Size = 1527887 bytes | Modified Date = 7/28/2006 6:09:30 PM | Attr = ] ramasst.exe -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 3:37:00 AM | Attr = ] toshiba.exe -> %ProgramFiles%\Synaptics\SynTP\Toshiba.exe -> Synaptics, Inc. [Ver = 8.2.4.1 15Nov05 | Size = 151552 bytes | Modified Date = 11/15/2005 6:45:20 PM | Attr = ] aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 12:16:08 PM | Attr = ] igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4332 | Size = 155648 bytes | Modified Date = 6/8/2005 12:58:58 PM | Attr = ] zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 401408 bytes | Modified Date = 7/23/2005 12:46:52 AM | Attr = ] 1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 2, 11 | Size = 245760 bytes | Modified Date = 7/23/2005 12:41:58 AM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 124656 bytes | Modified Date = 6/15/2006 1:40:34 AM | Attr = ] tvstray.exe -> %ProgramFiles%\TOSHIBA\Tvs\TvsTray.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 6 | Size = 73728 bytes | Modified Date = 11/10/2005 1:24:50 PM | Attr = ] tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 282624 bytes | Modified Date = 6/1/2005 12:00:12 AM | Attr = ] thotkey.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe -> TOSHIBA [Ver = 1.00.0008 | Size = 352256 bytes | Modified Date = 11/23/2005 7:32:12 PM | Attr = ] tfncky.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.14.00 | Size = 114688 bytes | Modified Date = 10/25/2004 6:23:10 PM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.1 15Nov05 | Size = 761947 bytes | Modified Date = 11/15/2005 6:54:34 PM | Attr = ] smoothview.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 4/26/2005 7:13:20 PM | Attr = ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.2.6 | Size = 15473664 bytes | Modified Date = 11/10/2005 2:14:06 PM | Attr = ] pinger.exe -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 8:37:26 PM | Attr = ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4332 | Size = 114688 bytes | Modified Date = 6/8/2005 1:03:08 PM | Attr = ] ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.76 | Size = 188416 bytes | Modified Date = 5/19/2005 10:57:36 AM | Attr = ] ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 385024 bytes | Modified Date = 7/23/2005 12:47:12 AM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4332 | Size = 77824 bytes | Modified Date = 6/8/2005 12:59:06 PM | Attr = ] dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.10.15a | Size = 122940 bytes | Modified Date = 8/1/2005 7:10:00 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 3/24/2006 5:14:48 PM | Attr = ] agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 10/15/2005 9:29:08 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] toshiba.exe -> %ProgramFiles%\Synaptics\SynTP\Toshiba.exe -> Synaptics, Inc. [Ver = 8.2.4.1 15Nov05 | Size = 151552 bytes | Modified Date = 11/15/2005 6:45:20 PM | Attr = ] toscdspd.exe -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 45056 bytes | Modified Date = 5/31/2005 11:59:58 PM | Attr = ] ccaagent.exe -> %ProgramFiles%\Cisco Systems\Clean Access Agent\CCAAgent.exe -> Cisco Systems, Inc [Ver = 3.06.0004 | Size = 1527887 bytes | Modified Date = 7/28/2006 6:09:30 PM | Attr = ] ramasst.exe -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 3:37:00 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.15 | Size = 397312 bytes | Modified Date = 6/12/2008 12:29:06 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/4/2007 7:04:36 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 3/24/2006 5:14:52 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 3/24/2006 5:14:58 PM | Attr = ] (CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr = ] (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 31472 bytes | Modified Date = 6/15/2006 1:40:16 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 3:33:00 AM | Attr = ] (EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 86016 bytes | Modified Date = 7/23/2005 12:40:54 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 2:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] (RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 139264 bytes | Modified Date = 7/23/2005 12:40:16 AM | Attr = ] (S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 372809 bytes | Modified Date = 7/23/2005 12:43:46 AM | Attr = ] (SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.4.4000 | Size = 115952 bytes | Modified Date = 6/15/2006 1:40:28 AM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.2.211 | Size = 214720 bytes | Modified Date = 1/24/2006 8:06:58 PM | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 4/11/2006 5:13:38 PM | Attr = ] (Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/12/2005 8:14:42 PM | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 1805552 bytes | Modified Date = 6/15/2006 1:40:24 AM | Attr = ] (TAPPSRV) TOSHIBA Application Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 10M | Size = 35328 bytes | Modified Date = 8/10/2005 1:15:50 PM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AGRSMMSG -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 10/15/2005 9:29:08 AM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 3/24/2006 5:14:48 PM | Attr = ] CFSServ.exe -> [CFSServ.exe -NoClient] -> File not found DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.10.15a | Size = 122940 bytes | Modified Date = 8/1/2005 7:10:00 AM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4332 | Size = 77824 bytes | Modified Date = 6/8/2005 12:59:06 PM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4332 | Size = 94208 bytes | Modified Date = 6/8/2005 1:02:22 PM | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 385024 bytes | Modified Date = 7/23/2005 12:47:12 AM | Attr = ] IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe [C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe] -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 401408 bytes | Modified Date = 7/23/2005 12:46:52 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe [C:\Program Files\ltmoh\Ltmoh.exe] -> Agere Systems [Ver = 1.76 | Size = 188416 bytes | Modified Date = 5/19/2005 10:57:36 AM | Attr = ] NDSTray.exe -> [NDSTray.exe] -> File not found Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4332 | Size = 114688 bytes | Modified Date = 6/8/2005 1:03:08 PM | Attr = ] Pinger -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 8:37:26 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.0.2.6 | Size = 15473664 bytes | Modified Date = 11/10/2005 2:14:06 PM | Attr = ] SmoothView -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 4/26/2005 7:13:20 PM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.4.1 15Nov05 | Size = 761947 bytes | Modified Date = 11/15/2005 6:54:34 PM | Attr = ] TFncKy -> [TFncKy.exe] -> File not found THotkey -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe [C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe] -> TOSHIBA [Ver = 1.00.0008 | Size = 352256 bytes | Modified Date = 11/23/2005 7:32:12 PM | Attr = ] TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 282624 bytes | Modified Date = 6/1/2005 12:00:12 AM | Attr = ] Tvs -> %ProgramFiles%\TOSHIBA\Tvs\TvsTray.exe [C:\Program Files\Toshiba\Tvs\TvsTray.exe] -> TOSHIBA Corporation [Ver = 1, 0, 0, 6 | Size = 73728 bytes | Modified Date = 11/10/2005 1:24:50 PM | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 124656 bytes | Modified Date = 6/15/2006 1:40:34 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 11:15:06 AM | Attr = ] SUPERAntiSpyware -> [C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware] -> File not found TOSCDSPD -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 5:45:08 PM | Attr = R ] < Run [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 11:15:06 AM | Attr = ] SUPERAntiSpyware -> [C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware] -> File not found TOSCDSPD -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 5:45:08 PM | Attr = R ] < Run [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl [C:\Program Files\AIM\aim.exe -cnetwait.odl] -> File not found Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 11:15:06 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> File not found TOSCDSPD -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Clean Access Agent.lnk -> %ProgramFiles%\Cisco Systems\Clean Access Agent\CCAAgent.exe -> Cisco Systems, Inc [Ver = 3.06.0004 | Size = 1527887 bytes | Modified Date = 7/28/2006 6:09:30 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 3:37:00 AM | Attr = ] < Daniel Ristvedt Startup Folder > -> C:\Documents and Settings\Daniel Ristvedt\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4332 | Size = 131072 bytes | Modified Date = 6/8/2005 12:58:10 PM | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 2, 11 | Size = 110592 bytes | Modified Date = 7/23/2005 12:46:56 AM | Attr = ] NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 43760 bytes | Modified Date = 6/15/2006 1:40:42 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> [binary data] -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATSHITA_DVD-RAM_UJ-841S________________1.50____\5&22345997&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 11/4/2005 9:41:04 PM | Attr = ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.aol.com/?src=aim -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\] > -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\: Main\\Start Page -> http://www.aol.com/?src=aim -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\] > -> -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\: Main\\Start Page -> http://yahoo.com/ -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.10.15a | Size = 110652 bytes | Modified Date = 8/1/2005 7:10:00 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {13C1DBF6-7535-495c-91F6-8C13714ED485}:Exec -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found {94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2008, 5, 21, 1 | Size = 3741000 bytes | Modified Date = 5/21/2008 9:36:58 AM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr = ] {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}:Exec -> %ProgramFiles%\Bodog Poker\BPGame.exe [Bodog Poker] -> Bodog [Ver = 2, 13, 6, 4 | Size = 4231243 bytes | Modified Date = 4/21/2008 4:38:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{40B2063F-DB01-4962-BE63-59435C01283C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr = ] CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bodog Poker\BPGame.exe [Bodog Poker] -> Bodog [Ver = 2, 13, 6, 4 | Size = 4231243 bytes | Modified Date = 4/21/2008 4:38:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{40B2063F-DB01-4962-BE63-59435C01283C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr = ] CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bodog Poker\BPGame.exe [Bodog Poker] -> Bodog [Ver = 2, 13, 6, 4 | Size = 4231243 bytes | Modified Date = 4/21/2008 4:38:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\] > -> HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-501\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1EF4ABD5-981E-4E94-8A99-8663A4FBB3E4} -> (Intel(R) PRO/Wireless 2200BG Network Connection) -> {52BFE179-F3E1-4CCA-9FBC-C01BEBE5C22E} -> (1394 Net Adapter) -> {55092A5E-F7CC-4835-A630-30420B2826D5} -> (Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller) -> {BB2AB5A1-4C31-4241-B9A4-9C01C1D0D7CD} -> (1394 Net Adapter) -> {C1F0C306-28A6-4E57-8E97-D607A8FCBC49} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {95D88B35-A521-472B-A182-BB1A98356421}[HKEY_LOCAL_MACHINE] -> http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab[Pearson Installation Assistant 2] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC}[HKEY_LOCAL_MACHINE] -> http://10.161.0.71/Webinstall/webinst.cab[WebBasedClientInstall Class] -> {E6D23284-0E9B-417D-A782-03E4487FC947}[HKEY_LOCAL_MACHINE] -> http://asp.mathxl.com/books/_Players/MathPlayer.cab[Pearson MathXL Player] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MathPlayer.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MathPlayer.ocx\\.Owner -> {E6D23284-0E9B-417D-A782-03E4487FC947} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MathPlayer.ocx\\{E6D23284-0E9B-417D-A782-03E4487FC947} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PearsonInstallAsst2.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PearsonInstallAsst2.ocx\\.Owner -> {95D88B35-A521-472B-A182-BB1A98356421} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PearsonInstallAsst2.ocx\\{95D88B35-A521-472B-A182-BB1A98356421} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebInst.Dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebInst.Dll\\.Owner -> {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebInst.Dll\\{D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> [Files/Folders - Created Within 90 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064812544 bytes | Created Date = 6/13/2008 10:50:25 AM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/13/2008 8:44:50 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 6/13/2008 9:04:36 PM | Attr = HS] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 6/13/2008 8:37:51 PM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Created Date = 3/24/2008 11:50:40 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 6/13/2008 11:46:41 AM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 6/13/2008 11:46:41 AM | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Created Date = 4/6/2008 8:36:20 PM | Attr = ] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Created Date = 3/28/2008 11:37:26 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Created Date = 3/28/2008 11:37:26 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 6/13/2008 8:45:43 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 6/13/2008 8:44:49 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 6/13/2008 8:44:49 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 6/13/2008 8:44:49 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 6/13/2008 8:44:49 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 6/13/2008 8:44:49 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 6/13/2008 8:44:49 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/13/2008 8:44:48 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 6/13/2008 8:49:36 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/13/2008 8:44:49 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 6/13/2008 8:44:49 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 4/18/2008 1:00:43 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 6/13/2008 11:46:41 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 6/13/2008 12:03:36 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 6/13/2008 11:46:43 AM | Attr = ] shct5tj0el6c -> %AppData%\shct5tj0el6c -> [Folder | Created Date = 6/13/2008 12:46:29 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 6/13/2008 12:03:31 PM | Attr = ] Bio paper sources.wps -> %UserProfile%\My Documents\Bio paper sources.wps -> [Ver = | Size = 9216 bytes | Created Date = 4/18/2008 4:28:46 PM | Attr = ] diet pills.wps -> %UserProfile%\My Documents\diet pills.wps -> [Ver = | Size = 9728 bytes | Created Date = 5/7/2008 11:31:52 PM | Attr = ] java download error.rtf -> %UserProfile%\My Documents\java download error.rtf -> [Ver = | Size = 208 bytes | Created Date = 6/13/2008 8:35:38 PM | Attr = ] next post.rtf -> %UserProfile%\My Documents\next post.rtf -> [Ver = | Size = 436 bytes | Created Date = 6/13/2008 8:44:34 PM | Attr = ] overs.xlr -> %UserProfile%\My Documents\overs.xlr -> [Ver = | Size = 10752 bytes | Created Date = 3/23/2008 9:36:19 PM | Attr = ] panda security.rtf -> %UserProfile%\My Documents\panda security.rtf -> [Ver = | Size = 8863 bytes | Created Date = 6/13/2008 7:55:21 PM | Attr = ] pot odds calls.wps -> %UserProfile%\My Documents\pot odds calls.wps -> [Ver = | Size = 9216 bytes | Created Date = 3/23/2008 7:27:06 PM | Attr = ] Scientific paper bio.wps -> %UserProfile%\My Documents\Scientific paper bio.wps -> [Ver = | Size = 10752 bytes | Created Date = 4/14/2008 6:40:07 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 4/18/2008 1:09:43 AM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1979425 bytes | Created Date = 6/13/2008 8:44:37 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/14/2008 9:06:58 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568240 bytes | Created Date = 6/14/2008 9:05:38 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 6/13/2008 11:46:25 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 6/13/2008 12:03:12 PM | Attr = ] iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 4/18/2008 1:08:51 AM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 6/13/2008 11:46:40 AM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 6/13/2008 3:36:38 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 6/13/2008 12:03:31 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 6/13/2008 1:24:38 AM | Attr = ] [Files/Folders - Modified Within 90 days] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/13/2008 1:30:37 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064812544 bytes | Modified Date = 6/14/2008 1:42:25 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/13/2008 9:05:30 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/13/2008 8:49:34 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/14/2008 1:29:53 PM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/13/2008 12:01:19 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/13/2008 8:49:36 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 6/13/2008 8:37:51 PM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/24/2008 11:50:40 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 12:18:48 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 6/10/2008 7:02:40 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 6/10/2008 7:02:44 PM | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 4/15/2008 7:47:49 PM | Attr = ] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/14/2008 1:06:58 AM | Attr = ] d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 5/10/2008 11:41:07 PM | Attr = ] DLA -> %SystemRoot%\System32\DLA -> [Folder | Modified Date = 6/14/2008 1:42:33 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/11/2008 10:56:53 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/13/2008 8:46:06 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 157160 bytes | Modified Date = 4/9/2008 3:29:31 AM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 6/13/2008 9:14:13 PM | Attr = ] Lang -> %SystemRoot%\System32\Lang -> [Folder | Modified Date = 6/13/2008 9:10:01 PM | Attr = ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/24/2008 11:50:40 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 12:18:48 AM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Modified Date = 3/28/2008 11:37:26 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Modified Date = 3/28/2008 11:37:26 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 6/13/2008 12:01:20 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/14/2008 8:58:17 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/11/2008 3:03:03 AM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/14/2008 1:42:31 AM | Attr = S] dirsaver.ini -> %SystemRoot%\dirsaver.ini -> [Ver = | Size = 12 bytes | Modified Date = 6/13/2008 10:48:53 AM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 6/13/2008 8:45:43 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/11/2008 3:01:34 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/13/2008 3:37:40 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/13/2008 9:06:36 PM | Attr = HS] machine.ver -> %SystemRoot%\machine.ver -> [Ver = | Size = 3833 bytes | Modified Date = 5/18/2008 11:41:06 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1709 bytes | Modified Date = 4/6/2008 8:36:34 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/14/2008 9:05:51 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/14/2008 8:58:27 PM | Attr = H ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 256 bytes | Modified Date = 6/13/2008 8:48:08 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/14/2008 9:03:33 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/18/2008 1:00:43 AM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 6/14/2008 1:42:43 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 740 bytes | Modified Date = 3/30/2008 3:11:34 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 5/8/2008 9:57:01 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/14/2008 1:42:43 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 6/16/2006 2:00:37 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5524 bytes | Modified Date = 6/14/2008 1:43:34 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5524 bytes | Modified Date = 6/14/2008 1:43:34 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 11/8/2005 4:47:00 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11144 bytes | Modified Date = 6/13/2008 8:57:40 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 6/13/2008 7:38:50 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/12/2006 9:48:07 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162475 bytes | Modified Date = 6/12/2006 9:48:42 PM | Attr = ] C:\Documents and Settings\Daniel Ristvedt\Local Settings\Temp\ -> C:\Documents and Settings\Daniel Ristvedt\Local Settings\Temp -> [Folder | Modified Date = 6/14/2008 9:08:35 PM | Attr = H ] SSUPDATE.EXE -> C:\Documents and Settings\Daniel Ristvedt\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 3:55:46 PM | Attr = ] 3 C:\Documents and Settings\Daniel Ristvedt\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Daniel Ristvedt\Local Settings\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] AOL -> %AllUsersProfile%\Application Data\AOL -> [Folder | Modified Date = 3/30/2008 3:15:39 AM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 3/30/2008 3:03:48 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 6/13/2008 11:46:41 AM | Attr = ] McAfee.com -> %AllUsersProfile%\Application Data\McAfee.com -> [Folder | Modified Date = 6/13/2008 8:15:08 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 6/13/2008 12:03:36 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 4/6/2008 8:38:24 PM | Attr = ] AOL -> %AppData%\AOL -> [Folder | Modified Date = 3/29/2008 1:12:14 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 6/13/2008 11:46:43 AM | Attr = ] shct5tj0el6c -> %AppData%\shct5tj0el6c -> [Folder | Modified Date = 6/13/2008 12:46:29 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 6/13/2008 12:03:31 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 4/15/2008 12:11:57 AM | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 10914 bytes | Modified Date = 6/13/2008 9:14:02 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 3/30/2008 3:03:49 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2646896 bytes | Modified Date = 6/13/2008 8:16:00 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/13/2008 9:14:46 PM | Attr = ] Yahoo -> %UserProfile%\Local Settings\Application Data\Yahoo -> [Folder | Modified Date = 3/30/2008 3:05:27 AM | Attr = ] Bio paper sources.wps -> %UserProfile%\My Documents\Bio paper sources.wps -> [Ver = | Size = 9216 bytes | Modified Date = 4/18/2008 4:28:46 PM | Attr = ] coiners.xlr -> %UserProfile%\My Documents\coiners.xlr -> [Ver = | Size = 16384 bytes | Modified Date = 6/7/2008 12:53:42 AM | Attr = ] diet pills.wps -> %UserProfile%\My Documents\diet pills.wps -> [Ver = | Size = 9728 bytes | Modified Date = 5/7/2008 11:33:32 PM | Attr = ] java download error.rtf -> %UserProfile%\My Documents\java download error.rtf -> [Ver = | Size = 208 bytes | Modified Date = 6/13/2008 8:35:39 PM | Attr = ] milo.xlr -> %UserProfile%\My Documents\milo.xlr -> [Ver = | Size = 10752 bytes | Modified Date = 5/6/2008 10:43:18 PM | Attr = ] next post.rtf -> %UserProfile%\My Documents\next post.rtf -> [Ver = | Size = 436 bytes | Modified Date = 6/13/2008 8:44:34 PM | Attr = ] overs.xlr -> %UserProfile%\My Documents\overs.xlr -> [Ver = | Size = 10752 bytes | Modified Date = 3/24/2008 5:18:53 PM | Attr = ] panda security.rtf -> %UserProfile%\My Documents\panda security.rtf -> [Ver = | Size = 8863 bytes | Modified Date = 6/13/2008 8:15:22 PM | Attr = ] Poker -> %UserProfile%\My Documents\Poker -> [Folder | Modified Date = 5/19/2008 12:56:43 AM | Attr = ] pot odds calls.wps -> %UserProfile%\My Documents\pot odds calls.wps -> [Ver = | Size = 9216 bytes | Modified Date = 3/23/2008 7:27:06 PM | Attr = ] Results.xlr -> %UserProfile%\My Documents\Results.xlr -> [Ver = | Size = 31232 bytes | Modified Date = 5/17/2008 2:18:36 PM | Attr = ] Scientific paper bio.wps -> %UserProfile%\My Documents\Scientific paper bio.wps -> [Ver = | Size = 10752 bytes | Modified Date = 4/14/2008 7:26:30 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 6/13/2008 9:35:00 PM | Attr = ] UltimateBet.lnk -> %AllUsersProfile%\Desktop\UltimateBet.lnk -> [Ver = | Size = 1540 bytes | Modified Date = 5/23/2008 6:47:11 PM | Attr = ] Bodog Poker.lnk -> %UserProfile%\Desktop\Bodog Poker.lnk -> [Ver = | Size = 1567 bytes | Modified Date = 4/23/2008 3:55:21 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1979425 bytes | Modified Date = 6/13/2008 8:44:20 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/14/2008 9:06:58 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568240 bytes | Modified Date = 6/14/2008 9:04:37 PM | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 6/14/2008 12:33:18 AM | Attr = ] AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 3/30/2008 3:03:10 AM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 6/13/2008 11:46:25 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 6/13/2008 12:03:12 PM | Attr = ] < End of report > [/code]