[code] OTScanIt logfile created on: 4/3/2008 5:22:52 PM OTScanIt by OldTimer - Version 1.0.8.3 Folder = C:\Documents and Settings\Aaron\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.17% Memory free 3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.86% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.70 Gb Total Space | 36.97 Gb Free Space | 66.38% Space Free | Partition Type: NTFS Drive D: | 37.26 Gb Total Space | 37.19 Gb Free Space | 99.82% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AARONS-COMPUTER Current User Name: Aaron Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ] cdac11ba.exe -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 3/30/2007 7:58:26 PM | Attr = ] cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 6/16/2004 7:44:06 PM | Attr = ] dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 4:38:26 PM | Attr = ] ebstrsvc.exe -> %ProgramFiles%\eBoostr\EBstrSvc.exe -> [Ver = | Size = 327168 bytes | Modified Date = 12/19/2007 9:39:56 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7882 | Size = 127042 bytes | Modified Date = 8/23/2005 4:33:00 AM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 3:27:52 AM | Attr = ] smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 5:50:10 PM | Attr = ] swupdtmr.exe -> %SystemDrive%\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 5/13/2004 5:46:02 PM | Attr = ] smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 5, 0, 2, 2 | Size = 1388544 bytes | Modified Date = 10/14/2004 12:11:10 PM | Attr = ] apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/24/2004 1:40:42 AM | Attr = ] 00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 24 | Size = 258048 bytes | Modified Date = 6/28/2004 8:24:28 PM | Attr = ] tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 8, 0, 0 | Size = 73728 bytes | Modified Date = 6/28/2004 1:16:34 PM | Attr = ] padexe.exe -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 6, 0 | Size = 1077326 bytes | Modified Date = 6/29/2004 9:04:10 PM | Attr = ] toshkcw.exe -> %ProgramFiles%\Toshiba\Wireless Hotkey\TosHKCW.exe -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 1 | Size = 49152 bytes | Modified Date = 9/9/2002 6:07:34 PM | Attr = ] touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 9:00:06 PM | Attr = ] tvstray.exe -> %ProgramFiles%\Toshiba\Tvs\TvsTray.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Modified Date = 9/3/2004 12:25:06 PM | Attr = ] tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 14, 1 | Size = 278528 bytes | Modified Date = 8/27/2004 12:34:20 PM | Attr = ] tospehk.exe -> %ProgramFiles%\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe -> TOSHIBA Corp. [Ver = 2, 5, 0, 0 | Size = 638976 bytes | Modified Date = 8/17/2004 7:51:04 PM | Attr = ] tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/3/2004 4:05:00 AM | Attr = ] toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 6:24:46 AM | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS] ramasst.exe -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 3/14/2003 2:38:12 PM | Attr = ] zdwlan.exe -> %ProgramFiles%\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -> [Ver = 2, 26, 3, 0 | Size = 487424 bytes | Modified Date = 9/1/2006 11:13:52 AM | Attr = ] tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 45056 bytes | Modified Date = 6/1/2004 11:43:10 PM | Attr = ] apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 2:08:42 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 1:10:16 PM | Attr = ] wirelessmon.exe -> %ProgramFiles%\WirelessMon\WirelessMon.exe -> PassMark Software® [Ver = 2, 1, 0, 1001 | Size = 2053464 bytes | Modified Date = 11/8/2007 2:41:08 PM | Attr = ] wirelessmon.exe -> %ProgramFiles%\WirelessMon\WirelessMon.exe -> PassMark Software® [Ver = 2, 1, 0, 1001 | Size = 2053464 bytes | Modified Date = 11/8/2007 2:41:08 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.3 | Size = 368640 bytes | Modified Date = 4/2/2008 4:21:18 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ] (C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 3/30/2007 7:58:26 PM | Attr = ] (CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 6/16/2004 7:44:06 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] (DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 4:38:26 PM | Attr = ] (EBOOSTRSVC) eBoostr Service [Win32_Own | Auto | Running] -> %ProgramFiles%\eBoostr\EBstrSvc.exe -> [Ver = | Size = 327168 bytes | Modified Date = 12/19/2007 9:39:56 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 5/15/2007 1:01:24 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 1:10:16 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7882 | Size = 127042 bytes | Modified Date = 8/23/2005 4:33:00 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 3:27:52 AM | Attr = ] (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 5:50:10 PM | Attr = ] (Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 5/13/2004 5:46:02 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 000StTHK -> %SystemRoot%\system32\000StTHK.exe [000StTHK.exe] -> [Ver = | Size = 24576 bytes | Modified Date = 6/23/2001 11:28:06 PM | Attr = ] 00THotkey -> %SystemRoot%\system32\00THotkey.exe [C:\WINDOWS\system32\00THotkey.exe] -> TOSHIBA Corporation [Ver = 1, 0, 0, 24 | Size = 258048 bytes | Modified Date = 6/28/2004 8:24:28 PM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/24/2004 1:40:42 AM | Attr = ] dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/3/2004 4:05:00 AM | Attr = ] Notebook Maximizer -> %ProgramFiles%\Notebook Maximizer\maximizer_startup.exe [C:\Program Files\Notebook Maximizer\maximizer_startup.exe] -> Ingenuiti [Ver = 1.00 | Size = 40960 bytes | Modified Date = 5/4/2006 8:59:07 PM | Attr = ] PadTouch -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> TOSHIBA [Ver = 1, 2, 6, 0 | Size = 1077326 bytes | Modified Date = 6/29/2004 9:04:10 PM | Attr = ] Pinger -> %SystemDrive%\TOSHIBA\Ivp\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe /run] -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 8:37:26 PM | Attr = ] SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe [C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray] -> Analog Devices, Inc. [Ver = 5, 0, 2, 4 | Size = 860160 bytes | Modified Date = 8/6/2004 11:27:00 AM | Attr = ] SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] -> Analog Devices, Inc. [Ver = 5, 0, 2, 2 | Size = 1388544 bytes | Modified Date = 10/14/2004 12:11:10 PM | Attr = ] TFNF5 -> %SystemRoot%\system32\TFNF5.exe [TFNF5.exe] -> TOSHIBA Corp. [Ver = 2, 8, 0, 0 | Size = 73728 bytes | Modified Date = 6/28/2004 1:16:34 PM | Attr = ] TOSHIBA Picture Enhancement Utility -> %ProgramFiles%\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe [C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe] -> TOSHIBA Corp. [Ver = 2, 5, 0, 0 | Size = 638976 bytes | Modified Date = 8/17/2004 7:51:04 PM | Attr = ] TosHKCW.exe -> %ProgramFiles%\Toshiba\Wireless Hotkey\TosHKCW.exe ["C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"] -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 1 | Size = 49152 bytes | Modified Date = 9/9/2002 6:07:34 PM | Attr = ] TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe [C:\Program Files\TOSHIBA\TouchED\TouchED.Exe] -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 9:00:06 PM | Attr = ] TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 14, 1 | Size = 278528 bytes | Modified Date = 8/27/2004 12:34:20 PM | Attr = ] Tvs -> %ProgramFiles%\Toshiba\Tvs\TvsTray.exe [C:\Program Files\Toshiba\Tvs\TvsTray.exe] -> TOSHIBA Corporation [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Modified Date = 9/3/2004 12:25:06 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS] TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 6:24:46 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\] > -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS] TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 6:24:46 AM | Attr = ] < Aaron Startup Folder > -> C:\Documents and Settings\Aaron\Start Menu\Programs\Startup -> < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 3/14/2003 2:38:12 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\ZDWLan Utility.lnk -> %ProgramFiles%\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -> [Ver = 2, 26, 3, 0 | Size = 487424 bytes | Modified Date = 9/1/2006 11:13:52 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005] > -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005] > -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (229153 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.myownstartpage.net/?cm=740755<=1&it=2008-02-21%2023%3A16%3A36&dt=2008-03-02%2020%3A43%3A05&q=http://toshibadirect.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://toshibadirect.com/ -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://toshibadirect.com/ -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\] > -> -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\: Main\\Start Page -> http://www.myownstartpage.net/?cm=740755<=1&it=2008-02-21%2023%3A16%3A36&dt=2008-03-02%2020%3A43%3A05&q=http://toshibadirect.com/ -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4266 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6404 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 97 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4265 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 97 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4265 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 97 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\] > -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6404 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\] > -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 97 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 8/3/2004 4:05:00 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/15/2007 1:01:23 AM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 2/21/2008 7:22:10 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/15/2007 1:01:23 AM | Attr = R ] {4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/15/2007 1:01:23 AM | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/15/2007 1:01:23 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/15/2007 1:01:23 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\] > -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/15/2007 1:01:23 AM | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {4982D40A-C53B-4615-B15B-B5B5E98D167C}:BandCLSID -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\] > -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\] > -> HKEY_USERS\S-1-5-21-2887493815-2988245535-1941197569-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {6633CBE8-3890-4A45-A7F5-A53E4D14EE89} -> () -> {7A5EEB9A-372E-44F5-BD72-E95D9A3CEB8B} -> () -> {B6537993-24F1-4066-8A69-CF525D002030} -> ((ZD1211B)IEEE 802.11 b+g USB Adapter) -> {C992CCC9-CD86-4E93-8133-12909ED81C7F} -> (Intel(R) PRO/Wireless 2200BG Network Connection) -> {C99B63DA-608F-4C72-9A7B-F8C55593A860} -> (1394 Net Adapter) -> {E68F8BBB-0660-4576-97A2-7AD88A6AF441} -> (Intel(R) PRO/100 VE Network Connection) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[Office Genuine Advantage Validation Tool] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8}[HKEY_LOCAL_MACHINE] -> file:///F:/win/setup/iaieplay.dll[IEPlayInterface Class] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206163583761[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206296231008[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iaieplay.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iaieplay.dll\\.Owner -> {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iaieplay.dll\\{2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 744 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 16746 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\ivp\NetInt\Netint.exe -> C:\TOSHIBA\Ivp\NetInt\netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine] -> TOSHIBA Corporation [Ver = 3.6.0.0 | Size = 462848 bytes | Modified Date = 11/3/2004 6:06:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\Ivp\ISM\pinger.exe -> C:\TOSHIBA\Ivp\ISM\pinger.exe [C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 8:37:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 231000 bytes | Modified Date = 4/21/2006 12:13:30 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 40960 bytes | Modified Date = 4/20/2006 9:28:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 87640 bytes | Modified Date = 4/20/2006 11:43:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [Ver = 7.0.0.177 | Size = 192512 bytes | Modified Date = 2/17/2006 12:19:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 7.0.0.177 | Size = 1085440 bytes | Modified Date = 2/16/2006 10:49:52 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 181848 bytes | Modified Date = 4/21/2006 12:06:26 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 7.0.0.175 | Size = 147511 bytes | Modified Date = 2/15/2006 10:37:26 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 456280 bytes | Modified Date = 4/21/2006 12:13:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 63064 bytes | Modified Date = 4/20/2006 11:42:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 139264 bytes | Modified Date = 2/19/2006 5:29:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 12/11/2007 1:10:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 3/20/2008 8:54:17 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < ControlSets > HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 -> [Files/Folders - Created Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 3/13/2008 1:36:47 PM | Attr = RH ] 4f7343445041bd1c9134ccd22d588b8d -> %SystemDrive%\4f7343445041bd1c9134ccd22d588b8d -> [Folder | Created Date = 3/23/2008 4:24:37 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 4/3/2008 4:28:20 PM | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 3/5/2008 4:45:02 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146750464 bytes | Created Date = 3/22/2008 11:16:02 PM | Attr = HS] pebuilder3110a -> %SystemDrive%\pebuilder3110a -> [Folder | Created Date = 3/28/2008 3:18:19 PM | Attr = ] _Backup -> %SystemDrive%\_Backup -> [Folder | Created Date = 3/2/2008 8:52:29 PM | Attr = H ] _Backup.RC -> %SystemDrive%\_Backup.RC -> [Folder | Created Date = 3/2/2008 8:52:32 PM | Attr = RHS] apphelp.sdb -> %SystemRoot%\System32\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 3/23/2008 4:22:24 PM | Attr = ] apph_sp.sdb -> %SystemRoot%\System32\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 3/23/2008 4:22:24 PM | Attr = ] sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 3/23/2008 4:22:24 PM | Attr = ] BRGSp50.sys -> %SystemRoot%\System32\drivers\BRGSp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.03 built by: WinDDK | Size = 20608 bytes | Created Date = 2/22/2008 1:08:18 AM | Attr = ] BRGSp50a64.sys -> %SystemRoot%\System32\drivers\BRGSp50a64.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.03 built by: WinDDK | Size = 29184 bytes | Created Date = 2/22/2008 1:08:18 AM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 3/23/2008 4:16:32 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 3/23/2008 4:16:33 PM | Attr = H ] ZD1211BU.sys -> %SystemRoot%\System32\drivers\ZD1211BU.sys -> ZyDAS Technology Corporation [Ver = 6, 19, 0, 0 | Size = 477696 bytes | Created Date = 2/22/2008 1:08:19 AM | Attr = ] ZDPSp50.sys -> %SystemRoot%\System32\drivers\ZDPSp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.02 | Size = 17664 bytes | Created Date = 2/22/2008 1:08:19 AM | Attr = ] ZDPSp50a64.sys -> %SystemRoot%\System32\drivers\ZDPSp50a64.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.03 built by: WinDDK | Size = 31744 bytes | Created Date = 2/22/2008 1:08:18 AM | Attr = ] AudDesign.dll -> %SystemRoot%\System32\AudDesign.dll -> NCT Company Ltd. [Ver = 2,6,1,107 | Size = 2084864 bytes | Created Date = 3/26/2008 11:36:29 PM | Attr = ] AudDisplay.dll -> %SystemRoot%\System32\AudDisplay.dll -> NCT Company Ltd. [Ver = 2,6,1,107 | Size = 417792 bytes | Created Date = 3/26/2008 11:36:29 PM | Attr = ] AudFile.dll -> %SystemRoot%\System32\AudFile.dll -> NCT Company Ltd. [Ver = 2,6,2,570 | Size = 1986560 bytes | Created Date = 3/26/2008 11:36:29 PM | Attr = ] AudioInfos.dll -> %SystemRoot%\System32\AudioInfos.dll -> NCT Company Ltd. [Ver = 2,6,1,254 | Size = 1212416 bytes | Created Date = 3/26/2008 11:36:30 PM | Attr = ] AudioRecord.dll -> %SystemRoot%\System32\AudioRecord.dll -> NCT Company Ltd. [Ver = 2,6,1,217 | Size = 454656 bytes | Created Date = 3/26/2008 11:36:30 PM | Attr = ] AudioVisu.dll -> %SystemRoot%\System32\AudioVisu.dll -> NCT Company Ltd. [Ver = 2,6,1,108 | Size = 479232 bytes | Created Date = 3/26/2008 11:36:30 PM | Attr = ] AudPlayer.dll -> %SystemRoot%\System32\AudPlayer.dll -> NCT Company Ltd. [Ver = 2,6,1,260 | Size = 458752 bytes | Created Date = 3/26/2008 11:36:30 PM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 3/26/2008 4:44:38 PM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 3/4/2008 10:34:24 PM | Attr = H ] InsDrvZD.dll -> %SystemRoot%\System32\InsDrvZD.dll -> [Ver = 1, 0, 323, 2004 | Size = 28672 bytes | Created Date = 2/22/2008 1:08:14 AM | Attr = ] InsDrvZD64.DLL -> %SystemRoot%\System32\InsDrvZD64.DLL -> [Ver = 1, 0, 323, 2004 | Size = 15872 bytes | Created Date = 2/22/2008 1:08:14 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/9/2008 6:59:35 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 3/9/2008 6:59:35 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/9/2008 6:59:35 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/9/2008 6:59:35 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 3/2/2008 9:07:52 PM | Attr = ] OEMINFO.PNF -> %SystemRoot%\System32\OEMINFO.PNF -> [Ver = | Size = 3156 bytes | Created Date = 3/26/2008 10:57:19 PM | Attr = ] OGACheckControl.DLL -> %SystemRoot%\System32\OGACheckControl.DLL -> [Ver = | Size = 693792 bytes | Created Date = 2/4/2008 6:23:10 PM | Attr = ] WMAFile.dll -> %SystemRoot%\System32\WMAFile.dll -> NCT Company Ltd. [Ver = 2,4,1,113 | Size = 348160 bytes | Created Date = 3/26/2008 11:36:30 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Created Date = 3/23/2008 4:28:45 PM | Attr = ] ZDPN50.DLL -> %SystemRoot%\System32\ZDPN50.DLL -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.55 | Size = 81920 bytes | Created Date = 2/22/2008 1:08:19 AM | Attr = ] ZDPNDIS5.SYS -> %SystemRoot%\System32\ZDPNDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.55 | Size = 17151 bytes | Created Date = 2/22/2008 1:08:19 AM | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 3/9/2008 8:52:02 PM | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Created Date = 3/9/2008 8:51:11 PM | Attr = ] ZyDelReg.exe -> %SystemRoot%\System32\ZyDelReg.exe -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Created Date = 2/22/2008 1:08:17 AM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 3/5/2008 5:06:14 PM | Attr = ] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 3/9/2008 8:50:04 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 2/22/2008 2:26:47 AM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1690 bytes | Created Date = 3/19/2008 7:01:38 PM | Attr = ] msoffice.ini -> %SystemRoot%\msoffice.ini -> [Ver = | Size = 2 bytes | Created Date = 3/3/2008 5:30:41 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 3/20/2008 9:33:13 PM | Attr = ] WinRAR -> %SystemRoot%\WinRAR -> [Folder | Created Date = 3/20/2008 9:29:59 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Created Date = 3/22/2008 1:03:01 AM | Attr = ] Avg7 -> %AllUsersProfile%\Application Data\Avg7 -> [Folder | Created Date = 3/28/2008 10:21:53 PM | Attr = ] BVRP Software -> %AllUsersProfile%\Application Data\BVRP Software -> [Folder | Created Date = 3/2/2008 8:53:47 PM | Attr = ] eboostr -> %AllUsersProfile%\Application Data\eboostr -> [Folder | Created Date = 3/3/2008 4:06:45 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 2/22/2008 3:34:50 AM | Attr = ] MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Created Date = 3/9/2008 8:52:14 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 3/7/2008 6:15:04 PM | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Created Date = 3/23/2008 2:45:50 PM | Attr = ] PassMark -> %AllUsersProfile%\Application Data\PassMark -> [Folder | Created Date = 4/1/2008 4:45:31 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 2/22/2008 1:36:27 AM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 2/22/2008 12:18:05 AM | Attr = ] @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D @Alternate Data Stream - 112 bytes -> %AllUsersProfile%\Application Data\TEMP:B7177954 {E0FD8DB4-0B1B-427B-B11A-E920A60A344E} -> %AllUsersProfile%\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E} -> [Folder | Created Date = 3/30/2008 11:12:00 PM | Attr = ] Avanquest -> %AppData%\Avanquest -> [Folder | Created Date = 3/2/2008 8:49:59 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 3/7/2008 6:15:15 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 2/22/2008 1:24:07 PM | Attr = ] OfficeUpdate12 -> %AppData%\OfficeUpdate12 -> [Folder | Created Date = 3/23/2008 2:46:36 PM | Attr = ] OverDrive -> %AppData%\OverDrive -> [Folder | Created Date = 3/26/2008 10:09:57 PM | Attr = ] Seven Zip -> %AppData%\Seven Zip -> [Folder | Created Date = 3/30/2008 11:10:49 PM | Attr = ] tor -> %AppData%\tor -> [Folder | Created Date = 3/20/2008 9:18:51 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 3/20/2008 8:54:14 PM | Attr = ] Vidalia -> %AppData%\Vidalia -> [Folder | Created Date = 3/20/2008 9:18:15 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Created Date = 2/19/2008 4:22:27 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 3/20/2008 9:30:09 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 3/22/2008 1:05:07 AM | Attr = ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Created Date = 3/22/2008 2:20:34 AM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 2/22/2008 1:24:07 PM | Attr = ] {6448F0A6-6813-11D6-A77B-00B0D0160050} -> %UserProfile%\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0160050} -> [Folder | Created Date = 3/9/2008 6:52:33 PM | Attr = ] BVRP Software -> %AllUsersProfile%\Documents\BVRP Software -> [Folder | Created Date = 3/2/2008 8:53:47 PM | Attr = ] microsoft -> %AllUsersProfile%\Documents\microsoft -> [Folder | Created Date = 3/26/2008 4:57:14 PM | Attr = ] cc_20080320_0031.reg -> %UserProfile%\My Documents\cc_20080320_0031.reg -> [Ver = | Size = 194082 bytes | Created Date = 3/20/2008 12:31:45 AM | Attr = ] cc_20080322_0210.reg -> %UserProfile%\My Documents\cc_20080322_0210.reg -> [Ver = | Size = 5126 bytes | Created Date = 3/22/2008 2:10:58 AM | Attr = ] cc_20080325_1755.reg -> %UserProfile%\My Documents\cc_20080325_1755.reg -> [Ver = | Size = 136768 bytes | Created Date = 3/25/2008 5:55:22 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Created Date = 3/20/2008 9:24:41 PM | Attr = ] MBSASetup-EN.msi -> %UserProfile%\My Documents\MBSASetup-EN.msi -> [Ver = | Size = 1324032 bytes | Created Date = 3/23/2008 2:53:10 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\MBSASetup-EN.msi:Zone.Identifier my codes.htm -> %UserProfile%\My Documents\my codes.htm -> [Ver = | Size = 4304 bytes | Created Date = 3/9/2008 9:50:39 PM | Attr = ] my codes_files -> %UserProfile%\My Documents\my codes_files -> [Folder | Created Date = 3/9/2008 9:50:39 PM | Attr = ] My Media -> %UserProfile%\My Documents\My Media -> [Folder | Created Date = 3/26/2008 10:09:57 PM | Attr = ] Clear with 1 click.lnk -> %AllUsersProfile%\Desktop\Clear with 1 click.lnk -> [Ver = | Size = 1732 bytes | Created Date = 3/29/2008 7:46:02 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 3/7/2008 6:15:04 PM | Attr = ] MediaJoin.lnk -> %AllUsersProfile%\Desktop\MediaJoin.lnk -> [Ver = | Size = 714 bytes | Created Date = 3/30/2008 11:12:07 PM | Attr = ] Microsoft Baseline Security Analyzer 2.0.1.lnk -> %AllUsersProfile%\Desktop\Microsoft Baseline Security Analyzer 2.0.1.lnk -> [Ver = | Size = 870 bytes | Created Date = 3/23/2008 2:54:06 PM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 2/22/2008 1:24:00 PM | Attr = ] OverDrive Media Console.lnk -> %AllUsersProfile%\Desktop\OverDrive Media Console.lnk -> [Ver = | Size = 2317 bytes | Created Date = 3/26/2008 10:05:00 PM | Attr = ] Wise Registry Cleaner.lnk -> %AllUsersProfile%\Desktop\Wise Registry Cleaner.lnk -> [Ver = | Size = 842 bytes | Created Date = 3/29/2008 7:46:02 PM | Attr = ] CaptainBlood.odm -> %UserProfile%\Desktop\CaptainBlood.odm -> [Ver = | Size = 3846 bytes | Created Date = 3/26/2008 9:58:01 PM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 3/20/2008 12:28:29 AM | Attr = ] Clean disk with 1 click.lnk -> %UserProfile%\Desktop\Clean disk with 1 click.lnk -> [Ver = | Size = 1668 bytes | Created Date = 3/29/2008 7:42:45 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 4/3/2008 4:27:34 PM | Attr = ] GoodbyetoAllThat-70.odm -> %UserProfile%\Desktop\GoodbyetoAllThat-70.odm -> [Ver = | Size = 3132 bytes | Created Date = 3/26/2008 9:57:46 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 3/5/2008 12:59:18 AM | Attr = ] IntruderintheDust9781415951187.odm -> %UserProfile%\Desktop\IntruderintheDust9781415951187.odm -> [Ver = | Size = 3120 bytes | Created Date = 3/26/2008 9:57:53 PM | Attr = ] netstumblerinstaller_0_4_0.exe -> %UserProfile%\Desktop\netstumblerinstaller_0_4_0.exe -> [Ver = | Size = 1324940 bytes | Created Date = 4/1/2008 3:30:53 PM | Attr = ] Network Stumbler.lnk -> %UserProfile%\Desktop\Network Stumbler.lnk -> [Ver = | Size = 753 bytes | Created Date = 4/1/2008 3:32:29 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/3/2008 5:19:56 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 539905 bytes | Created Date = 4/3/2008 5:17:03 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Created Date = 3/9/2008 8:19:39 PM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Created Date = 3/9/2008 8:08:58 PM | Attr = ] The.Jungle.1906.Upton.Sinclair.Audio.Book.14.Discs.MP3 -> %UserProfile%\Desktop\The.Jungle.1906.Upton.Sinclair.Audio.Book.14.Discs.MP3 -> [Folder | Created Date = 3/27/2008 12:09:46 AM | Attr = ] TheSeaWolf.odm -> %UserProfile%\Desktop\TheSeaWolf.odm -> [Ver = | Size = 3987 bytes | Created Date = 3/26/2008 9:56:32 PM | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Created Date = 3/22/2008 1:16:10 AM | Attr = ] upton 3.mp3 -> %UserProfile%\Desktop\upton 3.mp3 -> [Ver = | Size = 66354363 bytes | Created Date = 3/31/2008 11:16:43 PM | Attr = ] upton the jungle.mp3 -> %UserProfile%\Desktop\upton the jungle.mp3 -> [Ver = | Size = 335410154 bytes | Created Date = 3/31/2008 12:29:02 AM | Attr = ] Windows Explorer.lnk -> %UserProfile%\Desktop\Windows Explorer.lnk -> [Ver = | Size = 1487 bytes | Created Date = 3/23/2008 1:53:20 PM | Attr = ] Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk -> [Ver = | Size = 786 bytes | Created Date = 3/26/2008 10:11:26 PM | Attr = ] wirelessmon.exe -> %UserProfile%\Desktop\wirelessmon.exe -> PassMark Software ® [Ver = 2.1.0.1001 | Size = 2149360 bytes | Created Date = 4/1/2008 4:42:08 PM | Attr = ] WirelessMon.lnk -> %UserProfile%\Desktop\WirelessMon.lnk -> [Ver = | Size = 660 bytes | Created Date = 4/1/2008 4:45:20 PM | Attr = ] Wise Disk Cleaner 3.lnk -> %UserProfile%\Desktop\Wise Disk Cleaner 3.lnk -> [Ver = | Size = 1678 bytes | Created Date = 3/29/2008 7:42:45 PM | Attr = ] µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [Ver = | Size = 630 bytes | Created Date = 3/20/2008 8:54:18 PM | Attr = ] ZDWLan Utility.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\ZDWLan Utility.lnk -> [Ver = | Size = 1860 bytes | Created Date = 3/31/2008 2:09:37 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 3/9/2008 6:57:53 PM | Attr = ] [Files/Folders - Modified Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 3/23/2008 5:27:40 PM | Attr = RH ] 4f7343445041bd1c9134ccd22d588b8d -> %SystemDrive%\4f7343445041bd1c9134ccd22d588b8d -> [Folder | Modified Date = 3/23/2008 4:24:39 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 3/22/2008 1:45:53 AM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/30/2008 11:12:12 PM | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 4/3/2008 4:28:20 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/28/2008 11:16:51 PM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 3/28/2008 10:31:35 PM | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 4/2/2008 6:23:41 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146750464 bytes | Modified Date = 4/2/2008 9:43:46 PM | Attr = HS] pebuilder3110a -> %SystemDrive%\pebuilder3110a -> [Folder | Modified Date = 3/28/2008 9:00:55 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/1/2008 4:45:18 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 3/23/2008 6:27:11 PM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/9/2008 2:27:18 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/3/2008 9:11:35 AM | Attr = ] _Backup -> %SystemDrive%\_Backup -> [Folder | Modified Date = 3/5/2008 5:47:12 PM | Attr = H ] _Backup.RC -> %SystemDrive%\_Backup.RC -> [Folder | Modified Date = 3/2/2008 8:52:32 PM | Attr = RHS] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 3/28/2008 3:16:17 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 229153 bytes | Modified Date = 3/28/2008 3:16:17 PM | Attr = R ] hosts.20080310-192013.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080310-192013.backup -> [Ver = | Size = 27 bytes | Modified Date = 3/5/2008 5:19:36 PM | Attr = ] hosts.20080323-102353.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080323-102353.backup -> [Ver = | Size = 227001 bytes | Modified Date = 3/10/2008 7:20:13 PM | Attr = R ] hosts.20080328-151617.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080328-151617.backup -> [Ver = | Size = 227891 bytes | Modified Date = 3/23/2008 10:23:53 AM | Attr = R ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 375 bytes | Modified Date = 3/14/2008 11:03:35 PM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 3/23/2008 4:17:58 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 3/23/2008 4:16:33 PM | Attr = H ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 3/26/2008 4:44:38 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 3/26/2008 11:31:13 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/2/2008 9:44:39 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 3/26/2008 4:55:29 PM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 3/10/2008 6:41:28 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 3/26/2008 11:25:06 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/31/2008 2:10:47 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 3/26/2008 4:46:21 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 3/26/2008 9:04:06 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 161936 bytes | Modified Date = 3/27/2008 5:35:35 PM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 3/21/2008 6:57:27 PM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 3/4/2008 10:34:24 PM | Attr = H ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 3/23/2008 4:16:32 PM | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Modified Date = 3/26/2008 4:58:27 PM | Attr = S] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 30327 bytes | Modified Date = 4/2/2008 9:45:52 PM | Attr = ] OEMINFO.PNF -> %SystemRoot%\System32\OEMINFO.PNF -> [Ver = | Size = 3156 bytes | Modified Date = 3/26/2008 10:57:20 PM | Attr = ] OGACheckControl.DLL -> %SystemRoot%\System32\OGACheckControl.DLL -> [Ver = | Size = 693792 bytes | Modified Date = 2/4/2008 6:23:10 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 73418 bytes | Modified Date = 3/30/2008 7:48:17 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 445286 bytes | Modified Date = 3/30/2008 7:48:18 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 527672 bytes | Modified Date = 3/30/2008 7:48:17 PM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 3/23/2008 4:32:06 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 3/9/2008 2:27:18 PM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 3/23/2008 4:25:50 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 4/2/2008 9:46:05 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 3/26/2008 9:03:57 PM | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 3/9/2008 9:38:30 PM | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 3/26/2008 4:29:57 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/26/2008 4:43:52 PM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 3/23/2008 4:44:04 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/26/2008 9:11:41 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/2/2008 9:43:49 PM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 3/25/2008 5:56:25 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/3/2008 4:30:37 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 4/3/2008 4:29:10 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/23/2008 4:28:34 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/23/2008 4:14:36 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 3/23/2008 3:37:54 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/31/2008 2:10:45 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/30/2008 11:12:12 PM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 3/26/2008 4:26:27 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/26/2008 9:11:43 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 3/29/2008 8:04:53 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1690 bytes | Modified Date = 3/22/2008 12:58:24 AM | Attr = ] msoffice.ini -> %SystemRoot%\msoffice.ini -> [Ver = | Size = 2 bytes | Modified Date = 3/3/2008 5:30:41 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 3/14/2008 11:43:03 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/3/2008 5:17:20 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/22/2008 1:45:50 AM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/2/2008 9:44:22 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 3/23/2008 4:42:44 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 3/23/2008 2:19:52 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 3/28/2008 10:21:21 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/22/2008 1:45:53 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/1/2008 3:32:29 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/24/2008 4:40:06 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/3/2008 4:33:09 PM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 3/29/2008 8:04:53 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 710 bytes | Modified Date = 3/26/2008 11:41:26 PM | Attr = ] WinRAR -> %SystemRoot%\WinRAR -> [Folder | Modified Date = 3/20/2008 9:29:59 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/26/2008 4:45:20 PM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 3/23/2008 4:18:09 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/2/2008 9:43:53 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5605 bytes | Modified Date = 4/3/2008 10:08:44 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 4/3/2008 10:08:44 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11708 bytes | Modified Date = 10/29/2006 3:32:51 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/19/2007 5:45:53 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162451 bytes | Modified Date = 9/19/2007 5:46:14 PM | Attr = ] Perflib_Perfdata_5cc.dat -> C:\Documents and Settings\Aaron\Local Settings\Temp\Perflib_Perfdata_5cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/3/2008 9:12:20 AM | Attr = ] Perflib_Perfdata_5dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/2/2008 9:46:23 PM | Attr = ] Perflib_Perfdata_6dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/2/2008 9:44:15 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 3/22/2008 1:05:42 AM | Attr = ] AOL -> %AllUsersProfile%\Application Data\AOL -> [Folder | Modified Date = 3/3/2008 5:32:30 PM | Attr = ] Avg7 -> %AllUsersProfile%\Application Data\Avg7 -> [Folder | Modified Date = 3/28/2008 10:43:31 PM | Attr = ] BVRP Software -> %AllUsersProfile%\Application Data\BVRP Software -> [Folder | Modified Date = 3/2/2008 8:53:47 PM | Attr = ] DIGStream -> %AllUsersProfile%\Application Data\DIGStream -> [Folder | Modified Date = 3/10/2008 6:32:39 PM | Attr = ] eboostr -> %AllUsersProfile%\Application Data\eboostr -> [Folder | Modified Date = 4/3/2008 4:33:10 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 2/22/2008 3:35:36 AM | Attr = ] MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Modified Date = 3/9/2008 8:52:14 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 3/7/2008 6:15:04 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 3/26/2008 5:04:36 PM | Attr = S] Napster -> %AllUsersProfile%\Application Data\Napster -> [Folder | Modified Date = 2/22/2008 1:12:00 PM | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Modified Date = 3/23/2008 2:45:50 PM | Attr = ] PassMark -> %AllUsersProfile%\Application Data\PassMark -> [Folder | Modified Date = 4/1/2008 4:45:31 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 3/9/2008 10:17:10 PM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 3/24/2008 4:51:18 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 4/3/2008 9:12:20 AM | Attr = ] @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D @Alternate Data Stream - 112 bytes -> %AllUsersProfile%\Application Data\TEMP:B7177954 {E0FD8DB4-0B1B-427B-B11A-E920A60A344E} -> %AllUsersProfile%\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E} -> [Folder | Modified Date = 3/30/2008 11:12:13 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 3/22/2008 1:06:22 AM | Attr = ] AOL -> %AppData%\AOL -> [Folder | Modified Date = 3/3/2008 5:31:58 PM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 3/31/2008 4:32:28 PM | Attr = ] Avanquest -> %AppData%\Avanquest -> [Folder | Modified Date = 3/2/2008 8:49:59 PM | Attr = ] Image Zone Express -> %AppData%\Image Zone Express -> [Folder | Modified Date = 4/2/2008 7:01:05 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 3/7/2008 6:15:15 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 3/28/2008 10:21:23 PM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 2/22/2008 1:24:07 PM | Attr = ] OfficeUpdate12 -> %AppData%\OfficeUpdate12 -> [Folder | Modified Date = 3/23/2008 2:57:21 PM | Attr = ] OverDrive -> %AppData%\OverDrive -> [Folder | Modified Date = 3/26/2008 10:09:57 PM | Attr = ] Seven Zip -> %AppData%\Seven Zip -> [Folder | Modified Date = 3/30/2008 11:10:49 PM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 3/24/2008 4:51:18 PM | Attr = ] tor -> %AppData%\tor -> [Folder | Modified Date = 3/27/2008 12:35:17 AM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 3/30/2008 4:12:33 PM | Attr = ] Vidalia -> %AppData%\Vidalia -> [Folder | Modified Date = 3/26/2008 11:54:11 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 2/19/2008 4:22:27 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 3/20/2008 9:30:09 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 3/22/2008 1:06:28 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 3/23/2008 4:24:35 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 7680 bytes | Modified Date = 3/28/2008 10:32:08 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4319492 bytes | Modified Date = 3/6/2008 2:09:55 PM | Attr = H ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Modified Date = 3/22/2008 2:20:34 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 3/28/2008 10:21:24 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Modified Date = 2/22/2008 1:24:07 PM | Attr = ] {6448F0A6-6813-11D6-A77B-00B0D0160050} -> %UserProfile%\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0160050} -> [Folder | Modified Date = 3/9/2008 6:52:33 PM | Attr = ] BVRP Software -> %AllUsersProfile%\Documents\BVRP Software -> [Folder | Modified Date = 3/2/2008 8:53:47 PM | Attr = ] microsoft -> %AllUsersProfile%\Documents\microsoft -> [Folder | Modified Date = 3/26/2008 4:57:14 PM | Attr = ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 3/12/2008 8:58:00 PM | Attr = R ] cc_20080320_0031.reg -> %UserProfile%\My Documents\cc_20080320_0031.reg -> [Ver = | Size = 194082 bytes | Modified Date = 3/20/2008 12:32:50 AM | Attr = ] cc_20080322_0210.reg -> %UserProfile%\My Documents\cc_20080322_0210.reg -> [Ver = | Size = 5126 bytes | Modified Date = 3/22/2008 2:11:52 AM | Attr = ] cc_20080325_1755.reg -> %UserProfile%\My Documents\cc_20080325_1755.reg -> [Ver = | Size = 136768 bytes | Modified Date = 3/25/2008 5:55:34 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 3/29/2008 3:11:09 PM | Attr = ] MBSASetup-EN.msi -> %UserProfile%\My Documents\MBSASetup-EN.msi -> [Ver = | Size = 1324032 bytes | Modified Date = 3/23/2008 2:53:27 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\MBSASetup-EN.msi:Zone.Identifier my codes.htm -> %UserProfile%\My Documents\my codes.htm -> [Ver = | Size = 4304 bytes | Modified Date = 3/9/2008 9:50:39 PM | Attr = ] my codes_files -> %UserProfile%\My Documents\my codes_files -> [Folder | Modified Date = 3/9/2008 9:50:39 PM | Attr = ] My Media -> %UserProfile%\My Documents\My Media -> [Folder | Modified Date = 3/26/2008 10:15:49 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 3/27/2008 12:56:06 AM | Attr = R ] My Scans -> %UserProfile%\My Documents\My Scans -> [Folder | Modified Date = 3/22/2008 1:56:11 AM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 3/22/2008 5:33:42 PM | Attr = R ] Clear with 1 click.lnk -> %AllUsersProfile%\Desktop\Clear with 1 click.lnk -> [Ver = | Size = 1732 bytes | Modified Date = 3/29/2008 7:46:02 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 4/3/2008 6:35:06 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 3/22/2008 2:03:19 AM | Attr = ] MediaJoin.lnk -> %AllUsersProfile%\Desktop\MediaJoin.lnk -> [Ver = | Size = 714 bytes | Modified Date = 3/30/2008 11:12:07 PM | Attr = ] Microsoft Baseline Security Analyzer 2.0.1.lnk -> %AllUsersProfile%\Desktop\Microsoft Baseline Security Analyzer 2.0.1.lnk -> [Ver = | Size = 870 bytes | Modified Date = 3/23/2008 2:54:06 PM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 2/22/2008 1:24:00 PM | Attr = ] OverDrive Media Console.lnk -> %AllUsersProfile%\Desktop\OverDrive Media Console.lnk -> [Ver = | Size = 2317 bytes | Modified Date = 3/30/2008 11:08:09 PM | Attr = ] Wise Registry Cleaner.lnk -> %AllUsersProfile%\Desktop\Wise Registry Cleaner.lnk -> [Ver = | Size = 842 bytes | Modified Date = 3/29/2008 7:46:02 PM | Attr = ] CaptainBlood.odm -> %UserProfile%\Desktop\CaptainBlood.odm -> [Ver = | Size = 3846 bytes | Modified Date = 3/26/2008 9:57:58 PM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 3/20/2008 12:28:29 AM | Attr = ] Clean disk with 1 click.lnk -> %UserProfile%\Desktop\Clean disk with 1 click.lnk -> [Ver = | Size = 1668 bytes | Modified Date = 3/29/2008 7:42:45 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 4/3/2008 4:27:53 PM | Attr = ] GoodbyetoAllThat-70.odm -> %UserProfile%\Desktop\GoodbyetoAllThat-70.odm -> [Ver = | Size = 3132 bytes | Modified Date = 3/26/2008 9:57:40 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 3/5/2008 12:59:19 AM | Attr = ] IntruderintheDust9781415951187.odm -> %UserProfile%\Desktop\IntruderintheDust9781415951187.odm -> [Ver = | Size = 3120 bytes | Modified Date = 3/26/2008 9:57:51 PM | Attr = ] netstumblerinstaller_0_4_0.exe -> %UserProfile%\Desktop\netstumblerinstaller_0_4_0.exe -> [Ver = | Size = 1324940 bytes | Modified Date = 4/1/2008 3:31:14 PM | Attr = ] Network Stumbler.lnk -> %UserProfile%\Desktop\Network Stumbler.lnk -> [Ver = | Size = 753 bytes | Modified Date = 4/1/2008 3:32:29 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/3/2008 5:19:56 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 539905 bytes | Modified Date = 4/3/2008 5:17:04 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Modified Date = 3/27/2008 6:20:54 PM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Modified Date = 3/9/2008 8:08:58 PM | Attr = ] The.Jungle.1906.Upton.Sinclair.Audio.Book.14.Discs.MP3 -> %UserProfile%\Desktop\The.Jungle.1906.Upton.Sinclair.Audio.Book.14.Discs.MP3 -> [Folder | Modified Date = 3/28/2008 11:59:58 PM | Attr = ] TheSeaWolf.odm -> %UserProfile%\Desktop\TheSeaWolf.odm -> [Ver = | Size = 3987 bytes | Modified Date = 3/26/2008 9:56:28 PM | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 3/30/2008 1:33:47 PM | Attr = ] upton 3.mp3 -> %UserProfile%\Desktop\upton 3.mp3 -> [Ver = | Size = 66354363 bytes | Modified Date = 3/31/2008 11:22:21 PM | Attr = ] upton the jungle.mp3 -> %UserProfile%\Desktop\upton the jungle.mp3 -> [Ver = | Size = 335410154 bytes | Modified Date = 3/31/2008 12:53:15 AM | Attr = ] Windows Explorer.lnk -> %UserProfile%\Desktop\Windows Explorer.lnk -> [Ver = | Size = 1487 bytes | Modified Date = 3/20/2008 12:12:29 AM | Attr = ] Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk -> [Ver = | Size = 786 bytes | Modified Date = 3/26/2008 11:41:28 PM | Attr = ] wirelessmon.exe -> %UserProfile%\Desktop\wirelessmon.exe -> PassMark Software ® [Ver = 2.1.0.1001 | Size = 2149360 bytes | Modified Date = 4/1/2008 4:42:45 PM | Attr = ] WirelessMon.lnk -> %UserProfile%\Desktop\WirelessMon.lnk -> [Ver = | Size = 660 bytes | Modified Date = 4/1/2008 4:45:20 PM | Attr = ] Wise Disk Cleaner 3.lnk -> %UserProfile%\Desktop\Wise Disk Cleaner 3.lnk -> [Ver = | Size = 1678 bytes | Modified Date = 3/29/2008 7:42:45 PM | Attr = ] µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [Ver = | Size = 630 bytes | Modified Date = 3/20/2008 8:54:18 PM | Attr = ] ZDWLan Utility.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\ZDWLan Utility.lnk -> [Ver = | Size = 1860 bytes | Modified Date = 3/31/2008 2:09:37 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 3/22/2008 1:03:17 AM | Attr = ] AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 3/3/2008 5:32:33 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 3/9/2008 6:57:53 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 3/23/2008 3:24:04 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 3/24/2008 4:51:21 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 3/23/2008 3:15:15 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\VALUEADD\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\Aaron\Application Data\Microsoft\eHome\mcl_images\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\Favorites\CalorieKing - Calorie Counter - Turkey - Turkey.url:favicon 22486 bytes C:\Documents and Settings\Aaron\Favorites\fantasy football.url:favicon 1406 bytes C:\Documents and Settings\Aaron\Favorites\My ex-girlfriend on cam - Free Porn - freeviewmovies.com.url:favicon 3638 bytes C:\Documents and Settings\Aaron\Local Settings\Application Data\Microsoft\ehome\Image.db:encryptable 0 bytes C:\Documents and Settings\Aaron\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\Local Settings\Application Data\Microsoft\ehome\Video.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\athens halloween\athens haloween 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\athens halloween\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\athens haloween 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\50\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\Akon\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\Big Tymers\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\Cam'ron\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\David Banner\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\Eminem\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\Jay-Z\The Blueprint\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\Jay-Z\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\kanye\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\Lloyd Banks\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\The Game\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\timbaland\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\Unknown Artist\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Music\Unknown Artist\Unknown Album (9-2-2007 5-16-49 PM)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Pictures\athens halloween\athens haloween 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Pictures\athens halloween\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Pictures\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Pictures\friends\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Pictures\girl pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Pictures\PhotoBase Samples\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Pictures\Seattle\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Scans\2008-01 (Jan)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Scans\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Aaron\My Documents\My Videos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Application Data\Symantec\hpc:468323563 61 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 115 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D 98 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B7177954 112 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Impressionism - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Impressionism - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Travel - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Travel - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Vintage - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Vintage - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Videos\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Videos\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 57 < End of report > [/code]