[code] OTScanIt logfile created on: 7/10/2008 6:43:28 PM OTScanIt by OldTimer - Version 1.0.16.1 Folder = C:\Documents and Settings\Conor Battle\Desktop\OTScanIt Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.18% Memory free 3.84 Gb Paging File | 3.07 Gb Available in Paging File | 79.79% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 88.47 Gb Total Space | 50.30 Gb Free Space | 56.85% Space Free | Partition Type: NTFS Drive D: | 2.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BATTLE Current User Name: Conor Battle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 3:39:20 AM | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 3:31:22 AM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 11/21/2006 5:38:32 PM | Attr = ] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 11/21/2006 5:38:40 PM | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.3.0.2 | Size = 1160792 bytes | Modified Date = 1/10/2007 4:27:38 PM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online [Ver = 3.0.0.1 | Size = 10328 bytes | Modified Date = 10/20/2004 9:40:04 AM | Attr = R ] aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 4:54:14 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ] aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 4:54:12 PM | Attr = ] connectivity.windowsservice.jobdispatch.exe -> %ProgramFiles%\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -> Autodesk [Ver = 12.0.123.0 | Size = 32768 bytes | Modified Date = 2/13/2007 11:28:14 AM | Attr = ] connectivity.edmws.server.exe -> %ProgramFiles%\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -> Autodesk [Ver = 12.0.123.0 | Size = 49152 bytes | Modified Date = 2/13/2007 11:26:46 AM | Attr = ] cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 31424 bytes | Modified Date = 3/14/2007 7:48:40 PM | Attr = ] dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 3:33:00 AM | Attr = ] kraidsvc.exe -> %ProgramFiles%\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe -> TOSHIBA Corporation [Ver = 1, 3, 0, 3 | Size = 233554 bytes | Modified Date = 8/7/2006 11:37:52 PM | Attr = ] lkcitdl.exe -> %SystemRoot%\system32\lkcitdl.exe -> National Instruments, Inc. [Ver = 4.5.2.0 | Size = 695136 bytes | Modified Date = 1/22/2007 11:38:44 AM | Attr = ] krdevctl.exe -> %ProgramFiles%\Toshiba\TOSHIBA RAID\Service\krdevctl.exe -> TOSHIBA Corporation [Ver = 1, 0, 3, 0 | Size = 49152 bytes | Modified Date = 3/17/2006 10:01:22 PM | Attr = ] lkads.exe -> %SystemRoot%\system32\lkads.exe -> National Instruments, Inc. [Ver = 4.7.1.8 | Size = 56096 bytes | Modified Date = 2/14/2007 10:48:56 PM | Attr = ] lktsrv.exe -> %SystemRoot%\system32\lktsrv.exe -> National Instruments, Inc. [Ver = 4.7.1.8 | Size = 64288 bytes | Modified Date = 2/14/2007 10:49:16 PM | Attr = ] nimxs.exe -> %ProgramFiles%\National Instruments\MAX\nimxs.exe -> National Instruments Corporation [Ver = 2.1.1f0 | Size = 12696 bytes | Modified Date = 2/22/2007 8:46:24 AM | Attr = ] nidmsrv.exe -> %ProgramFiles%\National Instruments\Shared\Security\nidmsrv.exe -> National Instruments, Inc. [Ver = 4.7.1.8 | Size = 207648 bytes | Modified Date = 2/14/2007 10:54:06 PM | Attr = ] nisvcloc.exe -> %SystemRoot%\system32\nisvcloc.exe -> National Instruments Corp. [Ver = 8, 0, 0, 3 | Size = 56096 bytes | Modified Date = 2/21/2007 5:15:52 PM | Attr = ] tagsrv.exe -> %ProgramFiles%\National Instruments\Shared\Tagger\tagsrv.exe -> National Instruments, Inc. [Ver = 1.2.2.8 | Size = 703264 bytes | Modified Date = 2/6/2007 10:47:46 PM | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 3:24:22 AM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 1816768 bytes | Modified Date = 3/14/2007 7:48:50 PM | Attr = ] thpsrv.exe -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 3:46:20 PM | Attr = ] tmesrv31.exe -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 50, 0 | Size = 126976 bytes | Modified Date = 12/14/2005 3:00:32 PM | Attr = ] ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.75 | Size = 184320 bytes | Modified Date = 8/18/2004 6:37:44 AM | Attr = ] agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 10/15/2005 9:29:08 AM | Attr = ] igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4436 | Size = 98304 bytes | Modified Date = 11/28/2005 4:55:14 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4436 | Size = 77824 bytes | Modified Date = 11/28/2005 4:52:00 PM | Attr = ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4436 | Size = 118784 bytes | Modified Date = 11/28/2005 4:55:58 PM | Attr = ] apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/24/2004 1:40:42 AM | Attr = ] 00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 1, 0, 1 | Size = 258048 bytes | Modified Date = 1/17/2006 7:20:38 PM | Attr = ] crossmenu.exe -> %ProgramFiles%\Toshiba\CrossMenu\CrossMenu.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 798720 bytes | Modified Date = 9/20/2005 8:06:02 PM | Attr = ] ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 1, 2 | Size = 974848 bytes | Modified Date = 3/16/2006 4:58:50 PM | Attr = ] taudeff.exe -> %ProgramFiles%\Toshiba\TAudEffect\TAudEff.exe -> TOSHIBA [Ver = 2, 5, 0, 0 | Size = 344144 bytes | Modified Date = 10/5/2005 3:33:46 PM | Attr = ] tacelmgr.exe -> %ProgramFiles%\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe -> TOSHIBA Corporation [Ver = 2, 0, 1, 0 | Size = 90112 bytes | Modified Date = 12/16/2004 2:56:52 PM | Attr = ] tskrmain.exe -> %ProgramFiles%\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 6/30/2004 7:29:34 PM | Attr = ] tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.23.00 | Size = 188416 bytes | Modified Date = 11/29/2005 11:45:36 PM | Attr = ] thpsrv.exe -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 3:46:20 PM | Attr = ] tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 9, 1, 0 | Size = 192512 bytes | Modified Date = 11/10/2005 2:47:44 PM | Attr = ] tmerzctl.exe -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 26 | Size = 86016 bytes | Modified Date = 2/22/2006 8:41:00 PM | Attr = ] psqltray.exe -> %ProgramFiles%\Protector Suite QL\psqltray.exe -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 46592 bytes | Modified Date = 5/5/2006 8:39:54 PM | Attr = ] tmetemnu.exe -> %ProgramFiles%\Toshiba\TME3\TMETEMnu.exe -> TOSHIBA [Ver = 1, 0, 0, 6 | Size = 77824 bytes | Modified Date = 2/24/2004 6:57:32 PM | Attr = ] tpsoddctl.exe -> %SystemRoot%\system32\TPSODDCtl.exe -> TOSHIBA Corporation [Ver = 1, 0, 14, 0 | Size = 110592 bytes | Modified Date = 3/10/2006 3:01:56 PM | Attr = ] kraidman.exe -> %ProgramFiles%\Toshiba\TOSHIBA RAID\Console\KRaidMan.exe -> TOSHIBA CORPORATION [Ver = 1, 1, 2, 0 | Size = 1130578 bytes | Modified Date = 3/19/2006 7:33:42 PM | Attr = ] apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 2:08:42 PM | Attr = ] trot.exe -> %ProgramFiles%\Toshiba\TOSHIBA Rotation Utility\TRot.exe -> TOSHIBA [Ver = 4, 0, 0, 5 | Size = 266240 bytes | Modified Date = 11/29/2005 7:37:22 PM | Attr = ] toshkcw.exe -> %ProgramFiles%\Toshiba\Wireless Hotkey\TosHKCW.exe -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 2 | Size = 49152 bytes | Modified Date = 5/17/2005 2:42:02 PM | Attr = ] smoothview.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 5/23/2005 7:21:36 PM | Attr = ] tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 3, 0 | Size = 45056 bytes | Modified Date = 3/10/2006 3:01:44 PM | Attr = ] touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 1, 0 | Size = 126976 bytes | Modified Date = 6/28/2005 11:43:00 PM | Attr = ] dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.09a | Size = 122940 bytes | Modified Date = 10/6/2005 8:20:00 AM | Attr = ] zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.0.5 | Size = 802816 bytes | Modified Date = 8/2/2006 3:38:30 AM | Attr = ] ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.0.1 | Size = 696320 bytes | Modified Date = 8/2/2006 3:32:44 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 11/21/2006 5:38:28 PM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 125632 bytes | Modified Date = 3/14/2007 7:49:02 PM | Attr = ] dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.0.3 | Size = 479232 bytes | Modified Date = 8/2/2006 3:27:54 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 2:10:32 PM | Attr = ] toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/30/2007 11:18:49 AM | Attr = ] inihid.exe -> %ProgramFiles%\INITIO\Button Manager v1.836\inihid.exe -> [Ver = 1, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/14/2007 12:48:52 PM | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ] ramasst.exe -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 3:37:00 AM | Attr = ] ubbmonitor.exe -> %ProgramFiles%\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe -> ArcSoft, Inc. [Ver = 1.0.0.3 | Size = 270336 bytes | Modified Date = 2/12/2007 6:19:28 PM | Attr = ] ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.1.039 (Build 039) | Size = 54512 bytes | Modified Date = 8/28/2007 1:09:10 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr = ] ivpsvmgr.exe -> %SystemDrive%\TOSHIBA\IVP\ISM\Ivpsvmgr.exe -> TOSHIBA Corporation [Ver = 3.5.3.1 | Size = 475136 bytes | Modified Date = 10/20/2003 12:37:58 PM | Attr = ] otmoveit2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Modified Date = 7/10/2008 6:41:20 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.1 | Size = 396800 bytes | Modified Date = 7/5/2008 11:19:06 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online [Ver = 3.0.0.1 | Size = 10328 bytes | Modified Date = 10/20/2004 9:40:04 AM | Attr = R ] (AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 4:54:14 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ] (Autodesk Data Management Job Dispatch) Autodesk Data Management Job Dispatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -> Autodesk [Ver = 12.0.123.0 | Size = 32768 bytes | Modified Date = 2/13/2007 11:28:14 AM | Attr = ] (Autodesk EDM Server) Autodesk EDM Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -> Autodesk [Ver = 12.0.123.0 | Size = 49152 bytes | Modified Date = 2/13/2007 11:26:46 AM | Attr = ] (Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 79360 bytes | Modified Date = 1/23/2008 8:06:53 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 11/21/2006 5:38:32 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 11/21/2006 5:38:40 PM | Attr = ] (CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr = ] (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 31424 bytes | Modified Date = 3/14/2007 7:48:40 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] (DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 3:33:00 AM | Attr = ] (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 3:39:20 AM | Attr = ] (GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe -> WildTangent, Inc. [Ver = 1.0.0.1 | Size = 181784 bytes | Modified Date = 8/28/2007 7:06:40 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 7/22/2007 2:41:00 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 6:24:18 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr = ] (kraidsvc) TOSHIBA RAID Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe -> TOSHIBA Corporation [Ver = 1, 3, 0, 3 | Size = 233554 bytes | Modified Date = 8/7/2006 11:37:52 PM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 4:36:33 PM | Attr = ] (LkCitadelServer) Lookout Citadel Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lkcitdl.exe -> National Instruments, Inc. [Ver = 4.5.2.0 | Size = 695136 bytes | Modified Date = 1/22/2007 11:38:44 AM | Attr = ] (lkClassAds) National Instruments PSP Server Locator [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lkads.exe -> National Instruments, Inc. [Ver = 4.7.1.8 | Size = 56096 bytes | Modified Date = 2/14/2007 10:48:56 PM | Attr = ] (lkTimeSync) National Instruments Time Synchronization [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lktsrv.exe -> National Instruments, Inc. [Ver = 4.7.1.8 | Size = 64288 bytes | Modified Date = 2/14/2007 10:49:16 PM | Attr = ] (mxssvr) NI Configuration Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\National Instruments\MAX\nimxs.exe -> National Instruments Corporation [Ver = 2.1.1f0 | Size = 12696 bytes | Modified Date = 2/22/2007 8:46:24 AM | Attr = ] (NIDomainService) National Instruments Domain Service [Win32_Own | Auto | Running] -> %ProgramFiles%\National Instruments\Shared\Security\nidmsrv.exe -> National Instruments, Inc. [Ver = 4.7.1.8 | Size = 207648 bytes | Modified Date = 2/14/2007 10:54:06 PM | Attr = ] (NILM License Manager) NILM License Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\National Instruments\Shared\License Manager\Bin\lmgrd.exe -> Macrovision Corporation [Ver = 11, 1, 1, 0 | Size = 1007616 bytes | Modified Date = 1/29/2007 3:19:48 PM | Attr = ] (niSvcLoc) NI Service Locator [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nisvcloc.exe -> National Instruments Corp. [Ver = 8, 0, 0, 3 | Size = 56096 bytes | Modified Date = 2/21/2007 5:15:52 PM | Attr = ] (NITaggerService) National Instruments Variable Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\National Instruments\Shared\Tagger\tagsrv.exe -> National Instruments, Inc. [Ver = 1.2.2.8 | Size = 703264 bytes | Modified Date = 2/6/2007 10:47:46 PM | Attr = ] (OpcEnum) OpcEnum [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\Opcenum.exe -> OPC Foundation [Ver = 1.10.1.30 | Size = 98304 bytes | Modified Date = 12/2/2004 8:28:32 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/3/2006 9:03:10 PM | Attr = ] (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 3:24:22 AM | Attr = ] (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 3:31:22 AM | Attr = ] (SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.6.6000 | Size = 116416 bytes | Modified Date = 3/14/2007 7:48:56 PM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.5.506 | Size = 214672 bytes | Modified Date = 2/12/2007 5:23:10 PM | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.3.0.2 | Size = 1160792 bytes | Modified Date = 1/10/2007 4:27:38 PM | Attr = ] (Swupdtmr) Swupdtmr [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/12/2005 8:14:42 PM | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 1816768 bytes | Modified Date = 3/14/2007 7:48:50 PM | Attr = ] (Thpsrv) TOSHIBA HDD Protection [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 3:46:20 PM | Attr = ] (Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 50, 0 | Size = 126976 bytes | Modified Date = 12/14/2005 3:00:32 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 000StTHK -> %SystemRoot%\system32\000StTHK.exe [000StTHK.exe] -> [Ver = | Size = 24576 bytes | Modified Date = 6/23/2001 11:28:06 PM | Attr = ] 00THotkey -> %SystemRoot%\system32\00THotkey.exe [C:\WINDOWS\system32\00THotkey.exe] -> TOSHIBA Corporation [Ver = 1, 1, 0, 1 | Size = 258048 bytes | Modified Date = 1/17/2006 7:20:38 PM | Attr = ] AGRSMMSG -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 10/15/2005 9:29:08 AM | Attr = ] Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/24/2004 1:40:42 AM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 11/21/2006 5:38:28 PM | Attr = ] CrossMenu -> %ProgramFiles%\Toshiba\CrossMenu\CrossMenu.exe [C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 798720 bytes | Modified Date = 9/20/2005 8:06:02 PM | Attr = ] DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.20.09a | Size = 122940 bytes | Modified Date = 10/6/2005 8:20:00 AM | Attr = ] igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4436 | Size = 77824 bytes | Modified Date = 11/28/2005 4:52:00 PM | Attr = ] igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4436 | Size = 118784 bytes | Modified Date = 11/28/2005 4:55:58 PM | Attr = ] igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4436 | Size = 98304 bytes | Modified Date = 11/28/2005 4:55:14 PM | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 10.5.0.1 | Size = 696320 bytes | Modified Date = 8/2/2006 3:32:44 AM | Attr = ] IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> Intel Corporation [Ver = 10.5.0.5 | Size = 802816 bytes | Modified Date = 8/2/2006 3:38:30 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 2:10:32 PM | Attr = ] KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k] -> File not found Kraidman -> %ProgramFiles%\Toshiba\TOSHIBA RAID\Console\KRaidMan.exe [c:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe] -> TOSHIBA CORPORATION [Ver = 1, 1, 2, 0 | Size = 1130578 bytes | Modified Date = 3/19/2006 7:33:42 PM | Attr = ] LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe [C:\Program Files\ltmoh\Ltmoh.exe] -> Agere Systems [Ver = 1.75 | Size = 184320 bytes | Modified Date = 8/18/2004 6:37:44 AM | Attr = ] MSKDetectorExe -> [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> File not found NDSTray.exe -> [NDSTray.exe] -> File not found Pinger -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 8:37:26 PM | Attr = ] PSQLLauncher -> %ProgramFiles%\Protector Suite QL\launcher.exe ["C:\Program Files\Protector Suite QL\launcher.exe" /startup] -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 30208 bytes | Modified Date = 5/5/2006 8:36:28 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2/1/2008 12:13:08 AM | Attr = ] SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 5/23/2005 7:21:36 PM | Attr = ] TAcelMgr -> %ProgramFiles%\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe [C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe] -> TOSHIBA Corporation [Ver = 2, 0, 1, 0 | Size = 90112 bytes | Modified Date = 12/16/2004 2:56:52 PM | Attr = ] TAudEffect -> %ProgramFiles%\Toshiba\TAudEffect\TAudEff.exe [C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run] -> TOSHIBA [Ver = 2, 5, 0, 0 | Size = 344144 bytes | Modified Date = 10/5/2005 3:33:46 PM | Attr = ] TFncKy -> [TFncKy.exe] -> File not found TFNF5 -> %SystemRoot%\system32\TFNF5.exe [TFNF5.exe] -> TOSHIBA Corp. [Ver = 2, 9, 1, 0 | Size = 192512 bytes | Modified Date = 11/10/2005 2:47:44 PM | Attr = ] ThpSrv -> %SystemRoot%\system32\ThpSrv.exe [thpsrv /logon] -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 3:46:20 PM | Attr = ] TMERzCtl.EXE -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe [C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service] -> TOSHIBA [Ver = 1, 0, 2, 26 | Size = 86016 bytes | Modified Date = 2/22/2006 8:41:00 PM | Attr = ] TMESRV.EXE -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe [C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon] -> TOSHIBA [Ver = 3, 1, 50, 0 | Size = 126976 bytes | Modified Date = 12/14/2005 3:00:32 PM | Attr = ] TosHKCW.exe -> %ProgramFiles%\Toshiba\Wireless Hotkey\TosHKCW.exe ["C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"] -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 2 | Size = 49152 bytes | Modified Date = 5/17/2005 2:42:02 PM | Attr = ] TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe [C:\Program Files\TOSHIBA\TouchED\TouchED.Exe] -> TOSHIBA Corporation [Ver = 2, 5, 1, 0 | Size = 126976 bytes | Modified Date = 6/28/2005 11:43:00 PM | Attr = ] TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 23, 0 | Size = 315392 bytes | Modified Date = 3/10/2006 3:01:54 PM | Attr = ] TPSODDCtl -> %SystemRoot%\system32\TPSODDCtl.exe [TPSODDCtl.exe] -> TOSHIBA Corporation [Ver = 1, 0, 14, 0 | Size = 110592 bytes | Modified Date = 3/10/2006 3:01:56 PM | Attr = ] TRot.exe -> %ProgramFiles%\Toshiba\TOSHIBA Rotation Utility\TRot.exe [c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe] -> TOSHIBA [Ver = 4, 0, 0, 5 | Size = 266240 bytes | Modified Date = 11/29/2005 7:37:22 PM | Attr = ] TSkrMain -> %ProgramFiles%\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe [C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 6/30/2004 7:29:34 PM | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 125632 bytes | Modified Date = 3/14/2007 7:49:02 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> [] -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/30/2007 11:18:49 AM | Attr = ] TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> TabletWizard -> %SystemRoot%\Help\WIZARD.HTA [%windir%\help\wizard.hta] -> [Ver = | Size = 0 bytes | Modified Date = 7/7/2008 6:27:59 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> TabletWizard -> %SystemRoot%\Help\WIZARD.HTA [%windir%\help\wizard.hta] -> [Ver = | Size = 0 bytes | Modified Date = 7/7/2008 6:27:59 PM | Attr = ] < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> TabletWizard -> %SystemRoot%\Help\WIZARD.HTA [%windir%\help\wizard.hta] -> [Ver = | Size = 0 bytes | Modified Date = 7/7/2008 6:27:59 PM | Attr = ] < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> TabletWizard -> %SystemRoot%\Help\WIZARD.HTA [%windir%\help\wizard.hta] -> [Ver = | Size = 0 bytes | Modified Date = 7/7/2008 6:27:59 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\] > -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> [] -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/30/2007 11:18:49 AM | Attr = ] TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Button Manager v1.836.lnk -> %ProgramFiles%\INITIO\Button Manager v1.836\inihid.exe -> [Ver = 1, 0, 0, 0 | Size = 192512 bytes | Modified Date = 3/14/2007 12:48:52 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 3:37:00 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk -> %ProgramFiles%\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe -> ArcSoft, Inc. [Ver = 1.0.0.3 | Size = 270336 bytes | Modified Date = 2/12/2007 6:19:28 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.1.039 (Build 039) | Size = 54512 bytes | Modified Date = 8/28/2007 1:09:10 PM | Attr = ] < Conor Battle Startup Folder > -> C:\Documents and Settings\Conor Battle\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 4.2006.627.443 | Size = 135680 bytes | Modified Date = 9/11/2006 10:16:33 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005] > -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4436 | Size = 135168 bytes | Modified Date = 11/28/2005 4:51:04 PM | Attr = ] NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 43712 bytes | Modified Date = 3/14/2007 7:49:14 PM | Attr = ] psfus -> %SystemRoot%\system32\psqlpwd.dll -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 40448 bytes | Modified Date = 5/5/2006 8:48:24 PM | Attr = ] TosBtNP -> %SystemRoot%\system32\TosBtNP.dll -> TOSHIBA CORPORATION [Ver = 1, 0, 0, 10 | Size = 61440 bytes | Modified Date = 2/8/2006 1:53:56 AM | Attr = ] TSigNP -> %SystemRoot%\system32\TSigNP.dll -> TOSHIBA [Ver = 1, 0, 0, 2 | Size = 53248 bytes | Modified Date = 3/2/2006 5:51:54 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> FF 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005] > -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> FF 00 00 00 [binary data] -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATSHITA_DVD-RAM_UJ-842S________________1.40____\5&28005bdb&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> autodesk [] -> %SystemDrive%\autodesk [ NTFS ] -> [Folder | Modified Date = 1/23/2008 5:34:34 PM | Attr = ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [] -> Ask.com [Ver = 1, 1, 0, 1 | Size = 66912 bytes | Modified Date = 3/22/2008 2:55:35 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\] > -> -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\: URLSearchHooks\\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [] -> Ask.com [Ver = 1, 1, 0, 1 | Size = 66912 bytes | Modified Date = 3/22/2008 2:55:35 PM | Attr = ] HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1493 domain(s) found. -> learn_vt.edu [http] -> Trusted sites -> learn_vt.edu [https] -> Trusted sites -> 81 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\] > -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1493 domain(s) found. -> learn_vt.edu [http] -> Trusted sites -> learn_vt.edu [https] -> Trusted sites -> 81 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\] > -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [Ask Search Assistant BHO] -> Ask.com [Ver = 1, 1, 0, 1 | Size = 66912 bytes | Modified Date = 3/22/2008 2:55:35 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 4:56:50 AM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.09a | Size = 110652 bytes | Modified Date = 10/6/2005 8:20:00 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 2:55:32 AM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 4/9/2008 11:22:12 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 2:55:32 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 2:55:32 AM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 2:55:32 AM | Attr = R ] WebBrowser\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\] > -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 2:55:32 AM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 2:55:32 AM | Attr = R ] WebBrowser\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_07\bin\NPJPI150_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 69746 bytes | Modified Date = 5/3/2006 6:14:37 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ] {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> PokerStars [Ver = 1.031 | Size = 587032 bytes | Modified Date = 6/26/2008 10:56:00 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_07\bin\NPJPI150_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 69746 bytes | Modified Date = 5/3/2006 6:14:37 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_07\bin\NPJPI150_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 69746 bytes | Modified Date = 5/3/2006 6:14:37 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_07\bin\NPJPI150_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 69746 bytes | Modified Date = 5/3/2006 6:14:37 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\] > -> HKEY_USERS\S-1-5-21-2892771297-2362739334-252580087-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_07\bin\NPJPI150_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 69746 bytes | Modified Date = 5/3/2006 6:14:37 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> AntivirXP08_reg -> AntivirXP08_reg -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {494FFC8C-14D3-46BD-9D22-97767202D594} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {FD92A9AA-1747-4DDD-9941-AD45F0A372B1} -> (Intel(R) PRO/1000 PL Network Connection) -> {FEF0904D-7DE8-453B-807B-83C0329AAF5E} -> (1394 Net Adapter) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\MSAFDLsp.dll -> [Ver = 5, 0, 62, 0 | Size = 266240 bytes | Modified Date = 8/16/2007 11:26:04 AM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab[Java Plug-in 1.5.0_07] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> [Files/Folders - Created Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 7/10/2008 4:11:41 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 7/10/2008 6:41:48 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 7/8/2008 5:10:24 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 7/8/2008 5:10:23 PM | Attr = ] pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0 | Size = 28544 bytes | Created Date = 7/8/2008 8:34:05 PM | Attr = ] CMMGR32.EXE -> %SystemRoot%\System32\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Created Date = 7/7/2008 6:27:49 PM | Attr = ] colbac.dll -> %SystemRoot%\System32\colbac.dll -> [Ver = | Size = 88576 bytes | Created Date = 5/3/2008 8:06:03 PM | Attr = ] klkSBJlm.ini -> %SystemRoot%\System32\klkSBJlm.ini -> [Ver = | Size = 266897 bytes | Created Date = 7/2/2008 2:30:18 PM | Attr = HS] lqniuweu.ini -> %SystemRoot%\System32\lqniuweu.ini -> [Ver = | Size = 1587882 bytes | Created Date = 7/3/2008 8:02:50 PM | Attr = HS] NavLogon.dll -> %SystemRoot%\System32\NavLogon.dll -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 43712 bytes | Created Date = 7/2/2008 7:39:58 PM | Attr = ] pcndrhjd.ini -> %SystemRoot%\System32\pcndrhjd.ini -> [Ver = | Size = 1588002 bytes | Created Date = 7/3/2008 8:08:33 PM | Attr = HS] qwpqnnlc.ini -> %SystemRoot%\System32\qwpqnnlc.ini -> [Ver = | Size = 1606347 bytes | Created Date = 7/5/2008 10:38:46 PM | Attr = HS] xqnirsyx.ini -> %SystemRoot%\System32\xqnirsyx.ini -> [Ver = | Size = 1587942 bytes | Created Date = 5/3/2008 8:05:35 PM | Attr = HS] .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Created Date = 6/27/2008 9:20:09 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 7/10/2008 4:11:58 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 7/7/2008 6:07:17 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 7/8/2008 5:10:23 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 7/7/2008 6:16:48 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 7/8/2008 5:10:46 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 7/7/2008 6:16:17 PM | Attr = ] CyberDefender -> %UserProfile%\Local Settings\Application Data\CyberDefender -> [Folder | Created Date = 7/2/2008 7:59:51 PM | Attr = ] AIMLogger -> %UserProfile%\My Documents\AIMLogger -> [Folder | Created Date = 7/8/2008 3:09:09 PM | Attr = ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Created Date = 7/8/2008 5:33:16 PM | Attr = ] My Safe -> %UserProfile%\My Documents\My Safe -> [Folder | Created Date = 7/9/2008 3:45:30 PM | Attr = R S] Sean.doc -> %UserProfile%\My Documents\Sean.doc -> [Ver = | Size = 26624 bytes | Created Date = 5/18/2008 12:56:13 PM | Attr = ] sisetup.exe -> %UserProfile%\My Documents\sisetup.exe -> [Ver = | Size = 1838290 bytes | Created Date = 7/2/2008 7:48:04 PM | Attr = ] Full Tilt Poker.lnk -> %AllUsersProfile%\Desktop\Full Tilt Poker.lnk -> [Ver = | Size = 1657 bytes | Created Date = 6/26/2008 11:10:57 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 707 bytes | Created Date = 7/8/2008 5:10:24 PM | Attr = ] PokerStars.lnk -> %AllUsersProfile%\Desktop\PokerStars.lnk -> [Ver = | Size = 747 bytes | Created Date = 6/26/2008 10:56:01 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Created Date = 7/7/2008 6:16:21 PM | Attr = ] ATF Cleaner.exe -> %UserProfile%\Desktop\ATF Cleaner.exe -> Atribune.org [Ver = 2.00.0002 | Size = 45568 bytes | Created Date = 7/7/2008 6:12:18 PM | Attr = ] ccleaner.exe -> %UserProfile%\Desktop\ccleaner.exe -> Piriform Ltd [Ver = 2, 3, 0, 532 | Size = 787696 bytes | Created Date = 7/8/2008 4:39:42 PM | Attr = ] Cleanup.exe -> %UserProfile%\Desktop\Cleanup.exe -> Steven R. Gould [Ver = 4.0 | Size = 409600 bytes | Created Date = 7/8/2008 4:39:43 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 7/10/2008 4:11:33 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier FullTiltSetup.exe -> %UserProfile%\Desktop\FullTiltSetup.exe -> Macrovision Corporation [Ver = 14.0.162 | Size = 19188461 bytes | Created Date = 6/26/2008 11:09:36 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 7/8/2008 5:08:47 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Created Date = 7/10/2008 6:41:17 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 7/10/2008 6:42:30 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568114 bytes | Created Date = 7/10/2008 6:42:21 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier PC Support.url -> %UserProfile%\Desktop\PC Support.url -> [Ver = | Size = 178 bytes | Created Date = 7/2/2008 7:58:52 PM | Attr = R ] PokerStarsInstall.exe -> %UserProfile%\Desktop\PokerStarsInstall.exe -> PokerStars [Ver = 2, 5, 1, 3 | Size = 7271864 bytes | Created Date = 6/26/2008 10:54:12 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 7/7/2008 6:14:04 PM | Attr = ] CyberDefender -> %ProgramFiles%\CyberDefender -> [Folder | Created Date = 7/2/2008 7:58:31 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 7/8/2008 5:10:22 PM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 7/8/2008 8:33:51 PM | Attr = ] PokerStars -> %ProgramFiles%\PokerStars -> [Folder | Created Date = 6/26/2008 10:55:46 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 7/7/2008 6:16:18 PM | Attr = ] Symantec AntiVirus -> %ProgramFiles%\Symantec AntiVirus -> [Folder | Created Date = 7/3/2008 3:34:29 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 7/8/2008 5:08:47 PM | Attr = ] [Files/Folders - Modified Within 90 days] bar.emf -> %SystemDrive%\bar.emf -> [Ver = | Size = 10104 bytes | Modified Date = 4/18/2008 12:27:13 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 7/7/2008 6:16:35 PM | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 7/10/2008 4:11:41 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2137964544 bytes | Modified Date = 7/9/2008 3:37:45 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/10/2008 6:41:56 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 7/2/2008 2:27:11 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/10/2008 6:41:57 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 7/10/2008 6:41:48 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 6/28/2008 2:16:36 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 6/28/2008 2:16:40 PM | Attr = ] pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0 | Size = 28544 bytes | Modified Date = 6/19/2008 5:24:30 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/10/2008 4:15:10 PM | Attr = ] CMMGR32.EXE -> %SystemRoot%\System32\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Modified Date = 7/7/2008 6:27:49 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 7/3/2008 3:37:41 PM | Attr = ] DLA -> %SystemRoot%\System32\DLA -> [Folder | Modified Date = 7/9/2008 3:37:57 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/2/2008 2:21:52 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7/8/2008 8:35:38 PM | Attr = ] klkSBJlm.ini -> %SystemRoot%\System32\klkSBJlm.ini -> [Ver = | Size = 266897 bytes | Modified Date = 7/8/2008 5:27:12 PM | Attr = HS] lqniuweu.ini -> %SystemRoot%\System32\lqniuweu.ini -> [Ver = | Size = 1587882 bytes | Modified Date = 7/3/2008 8:03:03 PM | Attr = HS] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 5/14/2008 5:40:31 PM | Attr = ] pcndrhjd.ini -> %SystemRoot%\System32\pcndrhjd.ini -> [Ver = | Size = 1588002 bytes | Modified Date = 7/5/2008 10:38:23 PM | Attr = HS] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 83268 bytes | Modified Date = 7/6/2008 2:46:06 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 457850 bytes | Modified Date = 7/6/2008 2:46:06 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 549918 bytes | Modified Date = 7/6/2008 2:46:06 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 AM | Attr = ] qwpqnnlc.ini -> %SystemRoot%\System32\qwpqnnlc.ini -> [Ver = | Size = 1606347 bytes | Modified Date = 7/6/2008 2:39:44 PM | Attr = HS] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 7/3/2008 3:33:20 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 7/3/2008 3:36:41 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 7/7/2008 4:28:15 PM | Attr = ] xqnirsyx.ini -> %SystemRoot%\System32\xqnirsyx.ini -> [Ver = | Size = 1587942 bytes | Modified Date = 5/3/2008 8:05:46 PM | Attr = HS] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 7/3/2008 3:47:16 PM | Attr = H ] .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 6/28/2008 1:45:08 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/12/2008 11:38:04 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/9/2008 3:37:54 PM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 7/8/2008 4:40:32 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/10/2008 4:15:13 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 7/10/2008 4:11:58 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/15/2008 11:44:17 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/7/2008 5:11:13 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/8/2008 4:44:49 PM | Attr = HS] machine.ver -> %SystemRoot%\machine.ver -> [Ver = | Size = 2838 bytes | Modified Date = 6/28/2008 12:08:47 AM | Attr = ] Microsoft.Net -> %SystemRoot%\Microsoft.Net -> [Folder | Modified Date = 4/12/2008 11:37:12 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 7/9/2008 3:27:32 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 6/1/2008 7:47:58 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/10/2008 6:43:06 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 7/7/2008 6:07:17 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 7/9/2008 3:45:46 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 7/3/2008 3:36:40 PM | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 7/8/2008 4:44:52 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 7/10/2008 6:41:56 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/9/2008 3:41:20 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/10/2008 6:42:57 PM | Attr = ] ToshibaDirect -> %SystemRoot%\ToshibaDirect -> [Folder | Modified Date = 7/8/2008 4:44:56 PM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 7/8/2008 4:44:56 PM | Attr = ] VALUEADD -> %SystemRoot%\VALUEADD -> [Folder | Modified Date = 5/31/2008 11:56:08 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 791 bytes | Modified Date = 7/2/2008 8:01:06 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/12/2008 11:32:31 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 7/4/2008 12:04:04 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 7/9/2008 3:41:21 PM | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/9/2008 3:38:31 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Experience Pack\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Experience Pack\Data -> [Folder | Modified Date = 9/11/2006 9:46:10 PM | Attr = ] EnergyB.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Experience Pack\Data\EnergyB.dat -> [Ver = | Size = 2415616 bytes | Modified Date = 3/17/2005 10:03:04 PM | Attr = ] InkArt.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Experience Pack\Data\InkArt.dat -> [Ver = | Size = 1671168 bytes | Modified Date = 3/5/2005 12:16:08 AM | Attr = ] InkDesk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Experience Pack\Data\InkDesk.dat -> [Ver = | Size = 1572864 bytes | Modified Date = 3/17/2005 10:03:02 PM | Attr = ] InkXwd.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Experience Pack\Data\InkXwd.dat -> [Ver = | Size = 330240 bytes | Modified Date = 2/19/2005 1:07:44 AM | Attr = ] MediaT.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Experience Pack\Data\MediaT.dat -> [Ver = | Size = 2735104 bytes | Modified Date = 3/17/2005 3:08:30 PM | Attr = ] SnipTool.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Experience Pack\Data\SnipTool.dat -> Macrovision Corporation [Ver = 10.50.125 | Size = 5454824 bytes | Modified Date = 2/28/2005 5:57:44 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 9/11/2006 10:16:35 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 15108 bytes | Modified Date = 7/3/2008 3:41:52 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 15108 bytes | Modified Date = 7/3/2008 3:41:52 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 8/22/2007 9:34:54 AM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8388 bytes | Modified Date = 8/22/2007 9:35:16 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer -> [Folder | Modified Date = 7/8/2008 3:11:24 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 7/8/2008 5:10:23 PM | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 6/11/2008 10:07:17 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 7/7/2008 6:16:48 PM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 7/2/2008 7:40:02 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 7/8/2008 5:10:46 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 7/7/2008 6:16:17 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 7/2/2008 7:17:18 PM | Attr = ] CyberDefender -> %UserProfile%\Local Settings\Application Data\CyberDefender -> [Folder | Modified Date = 7/3/2008 3:34:18 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 12800 bytes | Modified Date = 5/31/2008 11:13:54 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 5/13/2008 5:04:49 PM | Attr = ] AIMLogger -> %UserProfile%\My Documents\AIMLogger -> [Folder | Modified Date = 7/8/2008 3:09:09 PM | Attr = ] Chemistry -> %UserProfile%\My Documents\Chemistry -> [Folder | Modified Date = 7/2/2008 2:02:01 PM | Attr = ] Engineering -> %UserProfile%\My Documents\Engineering -> [Folder | Modified Date = 4/25/2008 11:07:47 AM | Attr = ] english -> %UserProfile%\My Documents\english -> [Folder | Modified Date = 6/10/2008 10:48:31 AM | Attr = ] MATLAB -> %UserProfile%\My Documents\MATLAB -> [Folder | Modified Date = 4/25/2008 1:43:46 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 6/28/2008 5:40:36 PM | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 7/8/2008 5:33:16 PM | Attr = ] My Safe -> %UserProfile%\My Documents\My Safe -> [Folder | Modified Date = 7/9/2008 3:45:30 PM | Attr = R S] Sean.doc -> %UserProfile%\My Documents\Sean.doc -> [Ver = | Size = 26624 bytes | Modified Date = 5/18/2008 12:56:13 PM | Attr = ] sisetup.exe -> %UserProfile%\My Documents\sisetup.exe -> [Ver = | Size = 1838290 bytes | Modified Date = 7/2/2008 7:48:04 PM | Attr = ] Full Tilt Poker.lnk -> %AllUsersProfile%\Desktop\Full Tilt Poker.lnk -> [Ver = | Size = 1657 bytes | Modified Date = 6/26/2008 11:10:57 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 6/10/2008 5:03:54 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 707 bytes | Modified Date = 7/8/2008 5:10:24 PM | Attr = ] PokerStars.lnk -> %AllUsersProfile%\Desktop\PokerStars.lnk -> [Ver = | Size = 747 bytes | Modified Date = 6/26/2008 10:56:01 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Modified Date = 7/7/2008 6:16:21 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 7/10/2008 4:11:40 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier FullTiltSetup.exe -> %UserProfile%\Desktop\FullTiltSetup.exe -> Macrovision Corporation [Ver = 14.0.162 | Size = 19188461 bytes | Modified Date = 6/26/2008 11:10:29 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Modified Date = 7/8/2008 5:08:47 PM | Attr = ] Microsoft Office Word 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2007.lnk -> [Ver = | Size = 2515 bytes | Modified Date = 4/29/2008 9:27:48 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Modified Date = 7/10/2008 6:41:20 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 7/10/2008 6:42:30 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568114 bytes | Modified Date = 7/10/2008 6:42:28 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier PC Support.url -> %UserProfile%\Desktop\PC Support.url -> [Ver = | Size = 178 bytes | Modified Date = 7/2/2008 7:58:52 PM | Attr = R ] PokerStarsInstall.exe -> %UserProfile%\Desktop\PokerStarsInstall.exe -> PokerStars [Ver = 2, 5, 1, 3 | Size = 7271864 bytes | Modified Date = 6/26/2008 10:55:07 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 7/7/2008 6:14:04 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 7/3/2008 3:45:01 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 7/7/2008 6:15:52 PM | Attr = ] < End of report > [/code]