Hello all.

Name some ways one can detect a recently executed program in Windows XP SP2. (Rootkits, Trojans, or any other malware excluded, for now..)

I will start with some easy ones..

%Userprofile%\Cookies\
%Userprofile%\Local Settings\Temporary Internet Files\
%Userprofile%\Local Settings\History\
%Userprofile%\Local Settings\Temp\
%Userprofile%\Recent\
%windir%\Temp\

And perhaps even Windows prefetch or pagefile.sys

Say all this stuff has been shredded on logon/logoff. Where will he/she look next?