Here is the rest of the report:
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1080 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 3E 5A 6D FB 2D D4 26 F0 88 52 10 F0 C7 F3 AD 8E 33 32 39 36 62 37 66 31 00 FD 07 00 F7 3C 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 A5 03 21 AA 62 A7 96 BD E6 79 7B 32 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 08 B0 FB E0 F3 3E 49 CF BA [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> DA C1 14 19 C5 96 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 90 29 AD 48 DD 6A 2B FD 55 A1 74 5E F3 47 56 14 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL ->
http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 00 4B EA AC ED 2A C7 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5061 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1167429418\ee\AOLSoftware.exe -> C:\Program Files\Common Files\AOL\1167429418\ee\AOLSoftware.exe [C:\Program Files\Common Files\AOL\1167429418\ee\AOLSoftware.exe:*:Enabled:AOL Services] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
[Files/Folders - Created Within 30 days]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/18/2008 6:48:33 AM | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/18/2008 6:48:33 AM | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 4/18/2008 6:48:33 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 4/27/2008 10:59:16 AM | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 4/27/2008 10:59:28 AM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 4/27/2008 10:59:17 AM | Attr = ]
1201667_PM_EN.pdf -> %UserProfile%\Desktop\1201667_PM_EN.pdf -> [Ver = | Size = 431096 bytes | Created Date = 4/15/2008 10:14:02 PM | Attr = ]
596714319_m.jpg -> %UserProfile%\Desktop\596714319_m.jpg -> [Ver = | Size = 4200 bytes | Created Date = 4/24/2008 9:31:32 PM | Attr = ]
Coaching_Terminology.doc -> %UserProfile%\Desktop\Coaching_Terminology.doc -> [Ver = | Size = 56832 bytes | Created Date = 4/26/2008 6:22:14 PM | Attr = ]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1546928 bytes | Created Date = 4/27/2008 10:58:24 AM | Attr = ]
mom cell.doc -> %UserProfile%\Desktop\mom cell.doc -> [Ver = | Size = 24064 bytes | Created Date = 4/12/2008 4:27:13 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/27/2008 11:34:33 AM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541685 bytes | Created Date = 4/27/2008 11:34:01 AM | Attr = ]
Sol gale.doc -> %UserProfile%\Desktop\Sol gale.doc -> [Ver = | Size = 24064 bytes | Created Date = 4/7/2008 7:42:05 PM | Attr = ]
spy.html -> %UserProfile%\Desktop\spy.html -> [Ver = | Size = 337023 bytes | Created Date = 4/25/2008 8:14:29 PM | Attr = ]
[Files/Folders - Modified Within 30 days]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/27/2008 10:59:15 AM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/25/2008 8:53:50 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/9/2008 3:13:17 AM | Attr = ]
APPFCONT.DAT -> %SystemRoot%\System32\drivers\APPFCONT.DAT -> [Ver = | Size = 299264 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
APPFCONT.DAT.bck -> %SystemRoot%\System32\drivers\APPFCONT.DAT.bck -> [Ver = | Size = 299264 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
APPFLTR.CFG -> %SystemRoot%\System32\drivers\APPFLTR.CFG -> [Ver = | Size = 1204 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
APPFLTR.CFG.bck -> %SystemRoot%\System32\drivers\APPFLTR.CFG.bck -> [Ver = | Size = 1204 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
COMFiltr.sys -> %SystemRoot%\System32\drivers\COMFiltr.sys -> [Ver = 5, 1, 0, 5 | Size = 13880 bytes | Modified Date = 4/27/2008 4:30:07 AM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
DsaFlt.cfg -> %SystemRoot%\System32\drivers\etc\DsaFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
DsaFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\DsaFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
DsaFlt.rls -> %SystemRoot%\System32\drivers\etc\DsaFlt.rls -> [Ver = | Size = 272836 bytes | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
DsaFlt.rls.bck -> %SystemRoot%\System32\drivers\etc\DsaFlt.rls.bck -> [Ver = | Size = 272836 bytes | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
IdsFlt.cfg -> %SystemRoot%\System32\drivers\etc\IdsFlt.cfg -> [Ver = | Size = 252 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
IdsFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\IdsFlt.cfg.bck -> [Ver = | Size = 252 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
NetAR.wlt -> %SystemRoot%\System32\drivers\etc\NetAR.wlt -> [Ver = | Size = 72 bytes | Modified Date = 4/27/2008 4:29:30 AM | Attr = ]
NetAR.wlt.bck -> %SystemRoot%\System32\drivers\etc\NetAR.wlt.bck -> [Ver = | Size = 72 bytes | Modified Date = 4/27/2008 4:29:30 AM | Attr = ]
NetAV.alt -> %SystemRoot%\System32\drivers\etc\NetAV.alt -> [Ver = | Size = 656 bytes | Modified Date = 4/27/2008 4:29:25 AM | Attr = ]
NetAV.alt.bck -> %SystemRoot%\System32\drivers\etc\NetAV.alt.bck -> [Ver = | Size = 656 bytes | Modified Date = 4/27/2008 4:29:25 AM | Attr = ]
NetFlt.cfg -> %SystemRoot%\System32\drivers\etc\NetFlt.cfg -> [Ver = | Size = 64 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
NetFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\NetFlt.cfg.bck -> [Ver = | Size = 64 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
SmsFlt.cfg -> %SystemRoot%\System32\drivers\etc\SmsFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
SmsFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\SmsFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
WnmFlt.cfg -> %SystemRoot%\System32\drivers\etc\WnmFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
WnmFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\WnmFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 4/9/2008 3:03:59 AM | Attr = ]
11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/27/2008 8:14:23 AM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 4/9/2008 3:03:57 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 248696 bytes | Modified Date = 4/9/2008 3:10:31 AM | Attr = ]
mmf.sys -> %SystemRoot%\System32\mmf.sys -> [Ver = | Size = 2601 bytes | Modified Date = 4/27/2008 4:26:54 AM | Attr = HS]
mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 4/11/2008 12:06:18 AM | Attr = ]
PAV_FOG.OPC -> %SystemRoot%\System32\PAV_FOG.OPC -> [Ver = | Size = 8627 bytes | Modified Date = 4/27/2008 11:05:16 AM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 61026 bytes | Modified Date = 4/11/2008 12:08:32 AM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 401032 bytes | Modified Date = 4/11/2008 12:08:32 AM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 448780 bytes | Modified Date = 4/11/2008 12:08:32 AM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 4/25/2008 8:53:50 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 4/27/2008 4:29:51 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/9/2008 3:04:02 AM | Attr = H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/11/2008 6:38:33 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/27/2008 4:26:40 AM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/25/2008 6:19:01 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 4/9/2008 3:03:59 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/9/2008 3:04:08 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/18/2008 6:48:57 AM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/11/2008 6:38:40 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/27/2008 11:34:25 AM | Attr = ]
SOMH.INI -> %SystemRoot%\SOMH.INI -> [Ver = | Size = 993 bytes | Modified Date = 4/26/2008 10:44:40 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/27/2008 11:27:14 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 4/27/2008 11:31:43 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/11/2008 12:08:08 AM | Attr = ]
Basic clean-up.job -> %SystemRoot%\tasks\Basic clean-up.job -> [Ver = | Size = 496 bytes | Modified Date = 4/21/2008 | Attr = ]
Basic clean-up1.job -> %SystemRoot%\tasks\Basic clean-up1.job -> [Ver = | Size = 496 bytes | Modified Date = 4/20/2008 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/27/2008 4:26:44 AM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 12/28/2006 7:49:32 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 4/18/2008 6:45:42 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5346 bytes | Modified Date = 4/18/2008 6:45:41 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 12/29/2006 11:20:28 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 12/29/2006 11:20:28 AM | Attr = ]
C:\Documents and Settings\Barry\Local Settings\Temp\ -> C:\Documents and Settings\Barry\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 11:34:01 AM | Attr = ]
SymLCSVC.EXE -> C:\Documents and Settings\Barry\Local Settings\Temp\SymLCSVC.EXE -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 11/23/2007 9:16:17 AM | Attr = ]
vmpremov.exe -> C:\Documents and Settings\Barry\Local Settings\Temp\vmpremov.exe -> Viewpoint Corporation [Ver = 3, 5, 0, 37 | Size = 114688 bytes | Modified Date = 8/10/2007 3:10:02 PM | Attr = ]
xpinstall.exe -> C:\Documents and Settings\Barry\Local Settings\Temp\xpinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 376832 bytes | Modified Date = 9/25/2007 2:24:00 AM | Attr = ]
334 C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\Barry\Local Settings\Temp\ICD1.tmp\ -> C:\Documents and Settings\Barry\Local Settings\Temp\ICD1.tmp\ -> [Folder | Modified Date = 3/23/2008 9:29:26 PM | Attr = ]
jinstall.exe -> C:\Documents and Settings\Barry\Local Settings\Temp\ICD1.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 376832 bytes | Modified Date = 2/22/2008 4:50:34 AM | Attr = ]
C:\Documents and Settings\Barry\Local Settings\Temp\ -> C:\Documents and Settings\Barry\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 11:34:01 AM | Attr = ]
progupd.dll -> C:\Documents and Settings\Barry\Local Settings\Temp\progupd.dll -> AOL LLC. [Ver = 1, 0, 1, 0 | Size = 83504 bytes | Modified Date = 10/4/2007 11:51:45 AM | Attr = ]
uninst.dll -> C:\Documents and Settings\Barry\Local Settings\Temp\uninst.dll -> [Ver = | Size = 118784 bytes | Modified Date = 4/18/2007 3:23:36 AM | Attr = ]
UninstallRC-8876480.dll -> C:\Documents and Settings\Barry\Local Settings\Temp\UninstallRC-8876480.dll -> BackWeb Technologies Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 65536 bytes | Modified Date = 12/6/2007 8:22:07 PM | Attr = ]
334 C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\Barry\Local Settings\Temp\ -> C:\Documents and Settings\Barry\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 11:34:01 AM | Attr = ]
Perflib_Perfdata_1ad4.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\Perflib_Perfdata_1ad4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/8/2008 4:37:25 PM | Attr = ]
Perflib_Perfdata_53b4.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\Perflib_Perfdata_53b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/14/2008 11:43:31 PM | Attr = ]
srtspse.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\srtspse.dat -> [Ver = | Size = 284 bytes | Modified Date = 11/21/2007 7:17:37 PM | Attr = ]
srtspso.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\srtspso.dat -> [Ver = | Size = 2204 bytes | Modified Date = 11/21/2007 7:17:37 PM | Attr = ]
srtspsp.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\srtspsp.dat -> [Ver = | Size = 524 bytes | Modified Date = 11/21/2007 7:17:37 PM | Attr = ]
334 C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\Barry\Local Settings\Temp\ -> C:\Documents and Settings\Barry\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 11:34:01 AM | Attr = ]
setup.ini -> C:\Documents and Settings\Barry\Local Settings\Temp\setup.ini -> [Ver = | Size = 4188 bytes | Modified Date = 12/9/2007 12:18:00 AM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\Documents and Settings\Barry\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> [Ver = | Size = 802 bytes | Modified Date = 11/27/2007 8:33:34 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\Documents and Settings\Barry\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> [Ver = | Size = 769 bytes | Modified Date = 2/9/2008 5:27:16 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\Barry\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 578 bytes | Modified Date = 2/9/2008 5:28:00 PM | Attr = ]
334 C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp ->
C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP -> [Folder | Modified Date = 4/27/2008 11:31:53 AM | Attr = ]
Perflib_Perfdata_34e0.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_34e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/11/2008 12:09:43 AM | Attr = ]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 4/27/2008 10:59:16 AM | Attr = ]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 4/27/2008 5:03:05 AM | Attr = ]
@Alternate Data Stream - 157 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 139 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 4/27/2008 10:59:28 AM | Attr = ]
HJT -> %UserProfile%\My Documents\HJT -> [Folder | Modified Date = 4/25/2008 8:37:44 PM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 4/27/2008 10:59:17 AM | Attr = ]
1201667_PM_EN.pdf -> %UserProfile%\Desktop\1201667_PM_EN.pdf -> [Ver = | Size = 431096 bytes | Modified Date = 4/15/2008 10:14:04 PM | Attr = ]
596714319_m.jpg -> %UserProfile%\Desktop\596714319_m.jpg -> [Ver = | Size = 4200 bytes | Modified Date = 4/24/2008 9:31:32 PM | Attr = ]
Coaching_Terminology.doc -> %UserProfile%\Desktop\Coaching_Terminology.doc -> [Ver = | Size = 56832 bytes | Modified Date = 4/26/2008 6:22:10 PM | Attr = ]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1546928 bytes | Modified Date = 4/27/2008 10:58:13 AM | Attr = ]
mom cell.doc -> %UserProfile%\Desktop\mom cell.doc -> [Ver = | Size = 24064 bytes | Modified Date = 4/12/2008 4:27:14 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/27/2008 11:34:33 AM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541685 bytes | Modified Date = 4/27/2008 11:33:55 AM | Attr = ]
Sol gale.doc -> %UserProfile%\Desktop\Sol gale.doc -> [Ver = | Size = 24064 bytes | Modified Date = 4/7/2008 7:42:05 PM | Attr = ]
spy.html -> %UserProfile%\Desktop\spy.html -> [Ver = | Size = 337023 bytes | Modified Date = 4/25/2008 8:14:32 PM | Attr = ]
< End of report >
[/code]