[code] OTScanIt logfile created on: 8/24/2008 9:41:13 AM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Users\agglaser\Desktop\OTScanIt Windows Vista (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16711) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.81% Memory free 4.00 Gb Paging File | 3.08 Gb Available in Paging File | 76.89% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.97 Gb Total Space | 33.54 Gb Free Space | 24.14% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 7.00 Gb Free Space | 70.00% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AGGLASER-OFFICE Current User Name: agglaser Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 2:19:22 PM | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107624 bytes | Modified Date = 11/22/2006 5:12:16 PM | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 8/16/2008 9:25:58 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 5.0.00.0340 | Size = 1516584 bytes | Modified Date = 4/3/2007 4:18:08 PM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 30872 bytes | Modified Date = 11/28/2006 6:34:00 AM | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 6.2.0.2002 | Size = 81920 bytes | Modified Date = 9/29/2006 12:38:50 PM | Attr = ] lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 2:17:28 PM | Attr = ] sp_rsser.exe -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.3.0.324 | Size = 570880 bytes | Modified Date = 8/16/2008 9:33:08 PM | Attr = ] stacsv.exe -> %SystemRoot%\System32\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5511.0 nd595 cp1 | Size = 94208 bytes | Modified Date = 5/6/2007 6:11:36 PM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 1962136 bytes | Modified Date = 11/28/2006 6:34:18 AM | Attr = ] lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 2:17:28 PM | Attr = ] pdvddxsrv.exe -> %ProgramFiles%\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 118784 bytes | Modified Date = 10/20/2006 5:23:38 PM | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 6.2.0.2002 | Size = 151552 bytes | Modified Date = 9/29/2006 12:39:20 PM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107112 bytes | Modified Date = 11/22/2006 5:12:36 PM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 134808 bytes | Modified Date = 11/28/2006 6:34:38 AM | Attr = ] eeventmanager.exe -> %ProgramFiles%\epson\Creativity Suite\Event Manager\EEventManager.exe -> SEIKO EPSON CORPORATION [Ver = 1, 7, 0, 0 | Size = 102400 bytes | Modified Date = 4/8/2005 2:09:42 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/11/2008 8:54:31 PM | Attr = ] sttray.exe -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe -> SigmaTel, Inc. [Ver = 1.0.5511.0 nd595 cp1 | Size = 405504 bytes | Modified Date = 5/6/2007 6:10:44 PM | Attr = ] communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 10/25/2007 5:33:22 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 1/4/2008 10:22:59 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ] dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 12:09:36 PM | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 7/7/2008 9:42:06 AM | Attr = RHS] reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ] cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.5.0.1169 | Size = 407824 bytes | Modified Date = 10/25/2007 5:32:58 PM | Attr = ] zstatus.exe -> %SystemRoot%\System32\zstatus.exe -> Zenographics [Ver = 1, 0, 50501, 1 | Size = 36864 bytes | Modified Date = 12/15/2001 1:10:36 PM | Attr = ] fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 8/26/2007 4:53:28 PM | Attr = ] wmiadap.exe -> \?\%SystemRoot%\system32\wbem\WMIADAP.EXE -> File not found otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 8/16/2008 9:25:58 PM | Attr = ] (Adobe Version Cue CS3) Adobe Version Cue CS3 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 153792 bytes | Modified Date = 3/20/2007 4:41:24 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107624 bytes | Modified Date = 11/22/2006 5:12:16 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107624 bytes | Modified Date = 11/22/2006 5:12:16 PM | Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107624 bytes | Modified Date = 11/22/2006 5:12:16 PM | Attr = ] (CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 5.0.00.0340 | Size = 1516584 bytes | Modified Date = 4/3/2007 4:18:08 PM | Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 30872 bytes | Modified Date = 11/28/2006 6:34:00 AM | Attr = ] (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 9 | Size = 70656 bytes | Modified Date = 3/19/2007 12:44:44 PM | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 8/26/2007 4:53:28 PM | Attr = ] (GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 8/7/2007 8:41:34 PM | Attr = ] (IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 6.2.0.2002 | Size = 81920 bytes | Modified Date = 9/29/2006 12:38:50 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.26 | Size = 2541248 bytes | Modified Date = 10/31/2006 10:32:09 AM | Attr = ] (LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 2:17:28 PM | Attr = ] (LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 2:19:22 PM | Attr = ] (LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 2:21:16 PM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found (SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.2.0.276 | Size = 122008 bytes | Modified Date = 11/28/2006 6:34:26 AM | Attr = ] (SBAMSvc) Sunbelt VIPRE Antivirus Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBAMSvc.exe -> Sunbelt Software [Ver = 3.1.2252 | Size = 849192 bytes | Modified Date = 8/17/2008 8:50:22 AM | Attr = ] (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5, 5, 1, 0 | Size = 337800 bytes | Modified Date = 8/16/2008 9:29:51 PM | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.1.9 | Size = 1017224 bytes | Modified Date = 8/16/2008 9:29:52 PM | Attr = ] (sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.3.0.324 | Size = 570880 bytes | Modified Date = 8/16/2008 9:33:08 PM | Attr = ] (STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5511.0 nd595 cp1 | Size = 94208 bytes | Modified Date = 5/6/2007 6:11:36 PM | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.2.0.276 | Size = 1962136 bytes | Modified Date = 11/28/2006 6:34:18 AM | Attr = ] (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Running] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/11/2008 8:54:31 PM | Attr = ] Adobe_ID0EYTHM -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE] -> Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 1884160 bytes | Modified Date = 3/20/2007 4:40:44 PM | Attr = ] AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.1.4.4 | Size = 107112 bytes | Modified Date = 11/22/2006 5:12:36 PM | Attr = ] ECenter -> %SystemDrive%\DELL\E-Center\EULALauncher.exe [c:\dell\E-Center\EULALauncher.exe] -> [Ver = 1.0.2489.24404 | Size = 17920 bytes | Modified Date = 3/16/2007 6:20:42 AM | Attr = ] EEventManager -> %ProgramFiles%\epson\Creativity Suite\Event Manager\EEventManager.exe [C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe] -> SEIKO EPSON CORPORATION [Ver = 1, 7, 0, 0 | Size = 102400 bytes | Modified Date = 4/8/2005 2:09:42 PM | Attr = ] Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 8/7/2007 8:41:34 PM | Attr = ] hp 1000 firmware -> %ProgramFiles%\hp LaserJet 1000\fwdl.exe [C:\Program Files\hp LaserJet 1000\fwdl.exe] -> Zenographics [Ver = 1, 0, 41801, 1 | Size = 36864 bytes | Modified Date = 12/15/2001 1:10:36 PM | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe ["C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"] -> Intel Corporation [Ver = 6.2.0.2002 | Size = 151552 bytes | Modified Date = 9/29/2006 12:39:20 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ] LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> [Ver = | Size = 563984 bytes | Modified Date = 10/25/2007 5:33:22 PM | Attr = ] LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ["C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide] -> [Ver = | Size = 2178832 bytes | Modified Date = 10/25/2007 5:37:32 PM | Attr = ] NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.6371 | Size = 8497696 bytes | Modified Date = 9/17/2007 9:07:00 AM | Attr = ] NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 9:07:00 AM | Attr = ] NvSvc -> %SystemRoot%\System32\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.11.6371 | Size = 86016 bytes | Modified Date = 9/17/2007 9:07:00 AM | Attr = ] PDVDDXSrv -> %ProgramFiles%\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 118784 bytes | Modified Date = 10/20/2006 5:23:38 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ] SBAMTray -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBAMTray.exe [C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe] -> Sunbelt Software [Ver = 3.1.2252 | Size = 660776 bytes | Modified Date = 8/17/2008 8:57:40 AM | Attr = ] SigmatelSysTrayApp -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe] -> SigmaTel, Inc. [Ver = 1.0.5511.0 nd595 cp1 | Size = 405504 bytes | Modified Date = 5/6/2007 6:10:44 PM | Attr = ] SpywareTerminator -> %ProgramFiles%\Spyware Terminator\SpywareTerminatorShield.Exe ["C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"] -> Crawler.com [Ver = 2.3.0.315 | Size = 1783808 bytes | Modified Date = 8/16/2008 9:33:08 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 1/4/2008 10:22:59 AM | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.2.0.276 | Size = 134808 bytes | Modified Date = 11/28/2006 6:34:38 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> aeEDbjAJuN -> %AllUsersProfile%\khslsdor\spwbixqp.exe [C:\ProgramData\khslsdor\spwbixqp.exe] -> File not found DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 12:09:36 PM | Attr = ] RegistryMechanic -> %ProgramFiles%\Registry Mechanic\RMTray.exe [C:\Program Files\Registry Mechanic\RMTray.exe /H] -> PC Tools [Ver = 7.00.0006 | Size = 812952 bytes | Modified Date = 7/3/2008 10:37:24 AM | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 7/7/2008 9:42:06 AM | Attr = RHS] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 5/28/2008 10:33:34 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\] > -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> aeEDbjAJuN -> %AllUsersProfile%\khslsdor\spwbixqp.exe [C:\ProgramData\khslsdor\spwbixqp.exe] -> File not found DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 12:09:36 PM | Attr = ] RegistryMechanic -> %ProgramFiles%\Registry Mechanic\RMTray.exe [C:\Program Files\Registry Mechanic\RMTray.exe /H] -> PC Tools [Ver = 7.00.0006 | Size = 812952 bytes | Modified Date = 7/3/2008 10:37:24 AM | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 7/7/2008 9:42:06 AM | Attr = RHS] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 5/28/2008 10:33:34 AM | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %SystemDrive%\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> File not found *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2923520 bytes | Modified Date = 11/14/2007 3:22:29 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 24576 bytes | Modified Date = 11/2/2006 5:45:50 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 11315712 bytes | Modified Date = 4/24/2008 12:51:39 AM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 238080 bytes | Modified Date = 11/2/2006 5:44:42 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000] > -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000] > -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> TORiSAN CD-ROM CDR_C36 -> -> File not found NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 11/2/2006 4:51:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_DVD-ROM_TS-H353B_______________D200____\4&d9859c0&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomTSSTcorp_CDDVDW_SH-S203N________________SB02____\4&d9859c0&0&0.2.0 -> < Drives - Autoruns > -> -> autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 5:43:36 PM | Attr = ] < HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> ::1 localhost -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.cnn.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\] > -> -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\: Main\\Start Page -> http://www.cnn.com/ -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 32159 domain(s) found. -> whatboyswant.com .[http] -> Trusted sites -> 313 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1217 range(s) found. -> GD [:Range = 127.0.0.1] -> http = Local intranet | -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\] > -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 32159 domain(s) found. -> whatboyswant.com .[http] -> Trusted sites -> 313 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\] > -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1217 range(s) found. -> GD [:Range = 127.0.0.1] -> http = Local intranet | -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1377576 bytes | Modified Date = 12/7/2007 4:08:02 PM | Attr = ] {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.522 | Size = 370296 bytes | Modified Date = 1/4/2008 10:23:17 AM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1306, 3130 | Size = 2193280 bytes | Modified Date = 8/7/2007 8:41:28 PM | Attr = R ] {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.3 | Size = 98304 bytes | Modified Date = 3/16/2007 6:20:26 AM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1306, 3130 | Size = 2193280 bytes | Modified Date = 8/7/2007 8:41:28 PM | Attr = R ] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1306, 3130 | Size = 2193280 bytes | Modified Date = 8/7/2007 8:41:28 PM | Attr = R ] WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\] > -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1306, 3130 | Size = 2193280 bytes | Modified Date = 8/7/2007 8:41:28 PM | Attr = R ] WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1377576 bytes | Modified Date = 12/7/2007 4:08:02 PM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\] > -> HKEY_USERS\S-1-5-21-789059501-1513016106-3123713937-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {00625541-A568-4E52-9ED3-00980F366ECB} -> () -> {24920ED9-10E8-4413-A105-8E64B704F8D2} -> (Intel(R) 82566DC Gigabit Platform LAN Connect) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 12/7/2007 4:08:02 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_05] -> {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/olepro32.dll\\.Owner -> Unknown Owner -> [Files/Folders - Created Within 90 days] Dunns River.mds -> %SystemDrive%\Dunns River.mds -> [Ver = | Size = 4324 bytes | Created Date = 6/6/2008 1:14:46 PM | Attr = ] ie-spyad_zo -> %SystemDrive%\ie-spyad_zo -> [Folder | Created Date = 8/22/2008 10:43:12 AM | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 8/17/2008 10:09:34 AM | Attr = RHS] MDT -> %SystemDrive%\MDT -> [Folder | Created Date = 6/6/2008 1:22:14 PM | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 8/17/2008 10:09:34 AM | Attr = RHS] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Created Date = 8/16/2008 9:28:58 PM | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 8/16/2008 9:28:58 PM | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 8/16/2008 9:28:58 PM | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 8/16/2008 9:28:58 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/16/2008 12:58:46 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/16/2008 12:58:45 PM | Attr = ] pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0 | Size = 28544 bytes | Created Date = 8/22/2008 9:00:10 AM | Attr = ] sbapifs.sys -> %SystemRoot%\System32\drivers\sbapifs.sys -> Sunbelt Software [Ver = 3.1.2241 | Size = 68912 bytes | Created Date = 7/18/2008 1:26:32 AM | Attr = ] sp_rsdrv2.sys -> %SystemRoot%\System32\drivers\sp_rsdrv2.sys -> [Ver = | Size = 141312 bytes | Created Date = 8/16/2008 9:33:08 PM | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 683520 bytes | Created Date = 5/30/2008 7:22:46 PM | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.3.0.63 | Size = 630784 bytes | Created Date = 5/30/2008 7:22:40 PM | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Created Date = 5/30/2008 7:22:48 PM | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 815104 bytes | Created Date = 5/30/2008 7:22:46 PM | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Created Date = 5/30/2008 7:22:48 PM | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 802816 bytes | Created Date = 5/30/2008 7:22:48 PM | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 5/30/2008 7:22:54 PM | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 5/30/2008 7:22:54 PM | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 5/30/2008 7:22:58 PM | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 5/30/2008 7:22:54 PM | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 5/30/2008 7:22:54 PM | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 5/30/2008 7:22:54 PM | Attr = ] Flash9e.ocx -> %SystemRoot%\System32\Flash9e.ocx -> Adobe Systems, Inc. [Ver = 9,0,115,0 | Size = 2987392 bytes | Created Date = 7/11/2008 8:56:25 AM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Created Date = 5/29/2008 8:42:25 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/3/2008 10:30:23 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/3/2008 10:30:23 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 8/3/2008 10:30:23 AM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Created Date = 5/27/2008 10:50:34 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Created Date = 5/27/2008 10:50:34 AM | Attr = ] sbbd.exe -> %SystemRoot%\System32\sbbd.exe -> Sunbelt Software [Ver = 3.1.2252 | Size = 59176 bytes | Created Date = 8/17/2008 8:50:24 AM | Attr = ] unacev2.dll -> %SystemRoot%\System32\unacev2.dll -> [Ver = | Size = 75264 bytes | Created Date = 8/16/2008 11:51:46 AM | Attr = ] unrar3.dll -> %SystemRoot%\System32\unrar3.dll -> [Ver = | Size = 153088 bytes | Created Date = 8/16/2008 11:51:46 AM | Attr = ] ztvunace26.dll -> %SystemRoot%\System32\ztvunace26.dll -> [Ver = | Size = 77312 bytes | Created Date = 8/16/2008 11:51:46 AM | Attr = ] ztvunrar36.dll -> %SystemRoot%\System32\ztvunrar36.dll -> [Ver = | Size = 162304 bytes | Created Date = 8/16/2008 11:51:46 AM | Attr = ] msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Created Date = 7/11/2008 10:22:01 AM | Attr = H ] 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 7/11/2008 10:22:05 AM | Attr = ] [Files/Folders - Modified Within 90 days] Dunns River.mds -> %SystemDrive%\Dunns River.mds -> [Ver = | Size = 4324 bytes | Modified Date = 6/6/2008 1:14:46 PM | Attr = ] ie-spyad_zo -> %SystemDrive%\ie-spyad_zo -> [Folder | Modified Date = 8/22/2008 10:43:13 AM | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 8/17/2008 10:09:34 AM | Attr = RHS] MDT -> %SystemDrive%\MDT -> [Folder | Modified Date = 8/24/2008 9:39:04 AM | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 8/17/2008 10:09:34 AM | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/22/2008 8:59:34 AM | Attr = R ] ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 8/23/2008 6:44:39 PM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/16/2008 4:51:13 PM | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 8/16/2008 4:56:12 PM | Attr = ] Windows -> %SystemRoot% -> [Folder | Modified Date = 8/18/2008 5:10:48 PM | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Modified Date = 8/16/2008 9:29:52 PM | Attr = ] lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs -> [Ver = | Size = 0 bytes | Modified Date = 8/24/2008 9:36:16 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:01:14 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:01:18 PM | Attr = ] pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0 | Size = 28544 bytes | Modified Date = 6/19/2008 5:24:30 PM | Attr = ] sbapifs.sys -> %SystemRoot%\System32\drivers\sbapifs.sys -> Sunbelt Software [Ver = 3.1.2241 | Size = 68912 bytes | Modified Date = 7/18/2008 1:26:32 AM | Attr = ] sp_rsdrv2.sys -> %SystemRoot%\System32\drivers\sp_rsdrv2.sys -> [Ver = | Size = 141312 bytes | Modified Date = 8/16/2008 9:33:08 PM | Attr = ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 5168 bytes | Modified Date = 8/24/2008 9:36:32 AM | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 5168 bytes | Modified Date = 8/24/2008 9:36:32 AM | Attr = H ] catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 8/17/2008 5:51:36 PM | Attr = ] catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 8/17/2008 5:40:41 PM | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 683520 bytes | Modified Date = 5/30/2008 7:22:46 PM | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.3.0.63 | Size = 630784 bytes | Modified Date = 5/30/2008 7:22:40 PM | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Modified Date = 5/30/2008 7:22:48 PM | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 815104 bytes | Modified Date = 5/30/2008 7:22:46 PM | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Modified Date = 5/30/2008 7:22:48 PM | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 802816 bytes | Modified Date = 5/30/2008 7:22:48 PM | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 5/30/2008 7:22:54 PM | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 5/30/2008 7:22:54 PM | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 5/30/2008 7:22:58 PM | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 5/30/2008 7:22:54 PM | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 5/30/2008 7:22:54 PM | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 5/30/2008 7:22:54 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/23/2008 7:00:29 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 8/17/2008 5:48:28 PM | Attr = ] Flash9e.ocx -> %SystemRoot%\System32\Flash9e.ocx -> Adobe Systems, Inc. [Ver = 9,0,115,0 | Size = 2987392 bytes | Modified Date = 6/26/2008 11:22:32 AM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 8/5/2008 9:54:52 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:01 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:04 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 8/16/2008 1:52:12 PM | Attr = ] migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 8/17/2008 5:48:28 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 104662 bytes | Modified Date = 8/23/2008 9:33:28 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 621314 bytes | Modified Date = 8/23/2008 9:33:28 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 720952 bytes | Modified Date = 8/23/2008 9:33:28 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Modified Date = 5/27/2008 10:50:34 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Modified Date = 5/27/2008 10:50:34 AM | Attr = ] sbbd.exe -> %SystemRoot%\System32\sbbd.exe -> Sunbelt Software [Ver = 3.1.2252 | Size = 59176 bytes | Modified Date = 8/17/2008 8:50:24 AM | Attr = ] Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 8/16/2008 10:41:40 AM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 6/11/2008 10:15:02 AM | Attr = ] WDI -> %SystemRoot%\System32\WDI -> [Folder | Modified Date = 8/17/2008 6:31:19 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 8/17/2008 5:48:27 PM | Attr = ] 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 8/17/2008 5:41:06 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 8/24/2008 9:36:24 AM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 8/18/2008 12:39:12 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/16/2008 5:01:23 PM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 6/26/2008 6:43:27 AM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/13/2008 9:34:14 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/23/2008 9:33:27 PM | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/22/2008 10:55:03 AM | Attr = HS] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 6/11/2008 10:22:50 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 8/16/2008 5:01:30 PM | Attr = ] msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Modified Date = 7/11/2008 10:22:09 AM | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/23/2008 7:00:29 PM | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 7/11/2008 10:22:09 AM | Attr = ] rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 8/17/2008 6:07:15 PM | Attr = ] System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 8/23/2008 9:33:28 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/24/2008 9:41:04 AM | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 7/11/2008 12:08:12 PM | Attr = RH ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 188 bytes | Modified Date = 8/16/2008 11:27:09 PM | Attr = ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 8/17/2008 5:51:39 PM | Attr = ] wt -> %SystemRoot%\wt -> [Folder | Modified Date = 8/16/2008 11:27:10 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/24/2008 9:36:33 AM | Attr = H ] SyncBack Gary's Backup.job -> %SystemRoot%\tasks\SyncBack Gary's Backup.job -> [Ver = | Size = 442 bytes | Modified Date = 7/26/2008 11:59:01 PM | Attr = ] C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys -> [Folder | Modified Date = 8/25/2007 11:31:20 AM | Attr = ] capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> [Ver = | Size = 8 bytes | Modified Date = 8/14/2007 9:31:03 PM | Attr = ] C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader -> [Folder | Modified Date = 8/14/2007 7:07:40 PM | Attr = ] qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 15680 bytes | Modified Date = 8/23/2008 9:21:06 PM | Attr = ] qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 17983 bytes | Modified Date = 8/23/2008 9:21:06 PM | Attr = ] C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 1/2/2008 5:14:31 PM | Attr = ] opa11.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11106 bytes | Modified Date = 1/2/2008 5:14:38 PM | Attr = ] opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8414 bytes | Modified Date = 8/15/2007 10:49:19 AM | Attr = ] C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData -> [Folder | Modified Date = 8/15/2007 10:47:42 AM | Attr = ] PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 187680 bytes | Modified Date = 8/23/2008 10:29:51 AM | Attr = ] PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 8/23/2008 10:29:51 AM | Attr = ] PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 8/23/2008 10:29:51 AM | Attr = ] PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 8760 bytes | Modified Date = 8/23/2008 10:29:50 AM | Attr = ] PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 3588 bytes | Modified Date = 8/23/2008 10:29:51 AM | Attr = ] PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 184884 bytes | Modified Date = 8/23/2008 10:29:51 AM | Attr = ] C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures -> [Folder | Modified Date = 8/14/2007 7:02:47 PM | Attr = ] agglaser.dat -> C:\ProgramData\Microsoft\User Account Pictures\agglaser.dat -> [Ver = | Size = 0 bytes | Modified Date = 8/14/2007 7:02:47 PM | Attr = ] < End of report > [/code]