[code] OTScanIt logfile created on: 5/18/2008 2:43:16 PM OTScanIt by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\Deborah\My Documents\OTScanit\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.30 Mb Total Physical Memory | 44.46 Mb Available Physical Memory | 17.48% Memory free 625.75 Mb Paging File | 112.88 Mb Available in Paging File | 18.04% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.88 Gb Total Space | 45.66 Gb Free Space | 81.70% Space Free | Partition Type: FAT32 D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DEB Current User Name: Deborah Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 5/12/2008 7:56:38 PM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\vptray.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 5/21/2003 12:21:18 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:22 AM | Attr = ] cfp.exe -> %ProgramFiles%\Comodo\Firewall\cfp.exe -> COMODO [Ver = 3.0.22.222 | Size = 1572608 bytes | Modified Date = 5/16/2008 8:01:50 AM | Attr = ] sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:36 PM | Attr = ] lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 5/24/2004 2:23:38 PM | Attr = ] lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 5/24/2004 2:22:06 PM | Attr = ] sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [Ver = 2.02.0001 | Size = 233472 bytes | Modified Date = 8/29/2003 11:14:58 AM | Attr = ] defwatch.exe -> %SystemDrive%\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/21/2003 12:22:36 AM | Attr = ] rtvscan.exe -> %SystemDrive%\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/21/2003 12:27:46 AM | Attr = ] minidm.exe -> %ProgramFiles%\IEPro\MiniDM.exe -> IE7Pro.com [Ver = 1, 0, 0, 7 | Size = 617608 bytes | Modified Date = 1/2/2008 3:34:12 AM | Attr = ] otscanit.exe -> %UserProfile%\My Documents\OTScanit\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 5/9/2008 9:51:12 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 5/12/2008 7:56:38 PM | Attr = ] (cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 507648 bytes | Modified Date = 5/16/2008 8:05:00 AM | Attr = ] (DefWatch) DefWatch [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/21/2003 12:22:36 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 1/28/2008 2:14:04 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> File not found (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 5/24/2004 2:23:38 PM | Attr = ] (Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/21/2003 12:27:46 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cfp.exe ["C:\Program Files\Comodo\Firewall\cfp.exe" -h] -> COMODO [Ver = 3.0.22.222 | Size = 1572608 bytes | Modified Date = 5/16/2008 8:01:50 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:22 AM | Attr = ] vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\vptray.exe [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe] -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 5/21/2003 12:21:18 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 10/23/2007 4:18:16 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 10/23/2007 4:18:16 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Deborah Startup Folder > -> C:\Documents and Settings\Deborah\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:36 PM | Attr = ] < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\WINDOWS\system32\guard32.dll -> %SystemRoot%\system32\guard32.dll -> [Ver = | Size = 139008 bytes | Modified Date = 5/16/2008 8:14:10 AM | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [SpywareGuard] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/2/2003 10:20:58 PM | Attr = R ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004] > -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [Ver = | Size = 45056 bytes | Modified Date = 5/21/2003 12:19:00 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004] > -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_CD-ROM_SC-148C__________________C002____\5&18bef761&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < HOSTS File > (237050 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/clientapps/AutoSearch/SearchBarLM/YSetSearch/2006/06/01/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> https://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&_lang=EN&lc=1033 -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\] > -> -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\: Main\\Start Page -> https://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&_lang=EN&lc=1033 -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4393 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6441 domain(s) found. -> 41 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4419 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4419 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4129 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4129 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\] > -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6441 domain(s) found. -> 41 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\] > -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {00011268-E188-40DF-A514-835FCD78B1BF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\iepro.dll [IE7Pro BHO] -> IE7Pro.com [Ver = 2, 0, 0, 7 | Size = 699496 bytes | Modified Date = 1/2/2008 3:34:10 AM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 8/2/2003 11:24:02 PM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:20 AM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {EB9EDE30-C8CA-4428-B41E-BFCF5A6E6F37} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\] > -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {EB9EDE30-C8CA-4428-B41E-BFCF5A6E6F37} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\] > -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {0026439F-A980-4f18-8C95-4F1CBBF9C1D8}:{B119EB0C-C021-46CF-85B0-34A760E0D5FE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\iepro.dll [IE7Pro Preferences] -> IE7Pro.com [Ver = 2, 0, 0, 7 | Size = 699496 bytes | Modified Date = 1/2/2008 3:34:10 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:20 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:20 AM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\iepro.dll [IE7Pro Preferences] -> IE7Pro.com [Ver = 2, 0, 0, 7 | Size = 699496 bytes | Modified Date = 1/2/2008 3:34:10 AM | Attr = ] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:20 AM | Attr = ] CmdMapping\\{48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\] > -> HKEY_USERS\S-1-5-21-1645522239-789336058-1202660629-1004\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\iepro.dll [IE7Pro Preferences] -> IE7Pro.com [Ver = 2, 0, 0, 7 | Size = 699496 bytes | Modified Date = 1/2/2008 3:34:10 AM | Attr = ] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:20 AM | Attr = ] CmdMapping\\{48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {712FD38B-DF77-4B14-AEC3-AA542FC26886} -> (3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)) -> {E2469521-B89C-44CF-96BD-BF0FF990D650} -> () -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F}[HKEY_LOCAL_MACHINE] -> https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00[FavImport Class] -> {0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] -> {138E6DC9-722B-4F4B-B09D-95D191869696}[HKEY_LOCAL_MACHINE] -> http://www.bebo.com/files/BeboUploader.5.1.4.cab[Bebo Uploader Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {43E3F87D-DE7F-4087-BD4F-0DC854981158}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB[CTAdjust Class] -> {48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://southerngal64.spaces.live.com//PhotoUpload/MsnPUpld.cab[MSN Photo Upload Tool] -> {55027008-315F-4F45-BBC3-8BE119764741}[HKEY_LOCAL_MACHINE] -> http://www.slide.com/uploader/SlideImageUploader.cab[Slide Image Uploader Control] -> {5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab[Windows Live Safety Center Base Module] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138760836440[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138761654942[MUWebControl Class] -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Wwlaunch Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {A93D84FD-641F-43AE-B963-E6FA84BE7FE7}[HKEY_LOCAL_MACHINE] -> http://www.linksysfix.com/netcheck/67/install/gtdownls.cab[LinkSys Content Update] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306}[HKEY_LOCAL_MACHINE] -> https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab[SecurityManager Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DBA230D1-8467-4e69-987E-5FAE815A3B45}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> {F04A8AE2-A59D-11D2-8792-00C04F8EF29D}[HKEY_LOCAL_MACHINE] -> http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt.ocx[Hotmail Attachments Control] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/cpbrkpie.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/cpbrkpie.ocx\\.Owner -> {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/cpbrkpie.ocx\\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BeboUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BeboUploader.ocx\\.Owner -> {138E6DC9-722B-4F4B-B09D-95D191869696} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BeboUploader.ocx\\{138E6DC9-722B-4F4B-B09D-95D191869696} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\\.Owner -> {615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cdTool.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cdTool.dll\\.Owner -> {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cdTool.dll\\{B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clearadjust2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clearadjust2.dll\\.Owner -> {43E3F87D-DE7F-4087-BD4F-0DC854981158} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clearadjust2.dll\\{43E3F87D-DE7F-4087-BD4F-0DC854981158} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ctelesvr.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ctelesvr.exe\\.Owner -> {43E3F87D-DE7F-4087-BD4F-0DC854981158} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ctelesvr.exe\\{43E3F87D-DE7F-4087-BD4F-0DC854981158} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FunGamesLoader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FunGamesLoader.dll\\.Owner -> {1A1F56AA-3401-46F9-B277-D57F3421F821} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FunGamesLoader.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HMAtchmt.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HMAtchmt.ocx\\.Owner -> {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HMAtchmt.ocx\\{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\\.Owner -> {55027008-315F-4F45-BBC3-8BE119764741} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\\{55027008-315F-4F45-BBC3-8BE119764741} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImportAx.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImportAx.dll\\.Owner -> {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImportAx.dll\\{03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comintfs.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comintfs.dll\\.Owner -> {615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comintfs.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\videoimpression -> videoimpression -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> videoimpression -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\videoimpression -> videoimpression -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> videoimpression -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/pcpbios.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/pcpbios.exe\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/pcpbios.exe\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\videoimpression -> videoimpression -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> videoimpression -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/sysres.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/sysres.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/sysres.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\\{55027008-315F-4F45-BBC3-8BE119764741} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\\{138E6DC9-722B-4F4B-B09D-95D191869696} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 4 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallDay -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallTime -> 17 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:16 AM | Attr = ] wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 588 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 15 0F 31 D3 F8 01 54 0A D2 D4 FA 99 64 8C 16 91 65 62 35 30 61 61 66 35 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 F3 8B 1D 8B [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 71 CA B5 4A CA 10 BD 53 A8 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 16 2A B0 4D C9 AF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 82 F3 88 ED 56 C3 CE DB 30 1F BE D6 6E 59 23 36 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 70 95 2A C4 1F 27 C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 36 F3 D1 E7 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 36 F3 D1 E7 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 36 F3 D1 E7 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4726 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\System32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\drivers\shellz\winspector.exe -> C:\WINDOWS\system32\drivers\shellz\winspector.exe [C:\WINDOWS\system32\drivers\shellz\winspector.exe:*:Enabled:Unspecified] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6667:TCP -> 6667:TCP:*:Enabled:winspector -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6667:UDP -> 6667:UDP:*:Enabled:winspector -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\7000:TCP -> 7000:TCP:*:Enabled:winspector -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\7000:UDP -> 7000:UDP:*:Enabled:winspector -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:*:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:*:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\RemoteAdminSettings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\RemoteAdminSettings\\RemoteAddresses -> * -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\RemoteAdminSettings\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16640 (vista_gdr.080213-1606) | Size = 625664 bytes | Modified Date = 2/29/2008 4:55:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Family Tree Maker 2005\Ftw.exe -> C:\Program Files\Family Tree Maker 2005\Ftw.exe [C:\Program Files\Family Tree Maker 2005\Ftw.exe:*:Enabled:Family Tree Maker 2005] -> MyFamily.com, Inc. [Ver = 12.0.345 SP1 | Size = 4878336 bytes | Modified Date = 7/30/2004 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 9,0,0,907 | Size = 3810544 bytes | Modified Date = 11/6/2007 7:51:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\LEXPPS.EXE -> C:\WINDOWS\System32\LEXPPS.EXE [C:\WINDOWS\System32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 5/24/2004 2:22:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\mmc.exe -> C:\WINDOWS\System32\mmc.exe [C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 815104 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:*:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:*:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6667:UDP -> 6667:UDP:*:Enabled:winspector -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7000:TCP -> 7000:TCP:*:Enabled:winspector -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7000:UDP -> 7000:UDP:*:Enabled:winspector -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\RemoteAdminSettings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\RemoteAdminSettings\\RemoteAddresses -> * -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\RemoteAdminSettings\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> [Files/Folders - Created Within 90 days] FOUND.001 -> %SystemDrive%\FOUND.001 -> [Folder | Created Date = 3/2/2008 7:02:42 PM | Attr = HS] student -> %SystemDrive%\student -> [Folder | Created Date = 3/13/2008 8:46:17 PM | Attr = ] ResultsManager -> %SystemDrive%\ResultsManager -> [Folder | Created Date = 3/13/2008 8:46:14 PM | Attr = ] 84764db85cc5fa25436a0323f3 -> %SystemDrive%\84764db85cc5fa25436a0323f3 -> [Folder | Created Date = 4/11/2008 1:32:09 PM | Attr = ] 6c412a69296dd6f26682c24cd2 -> %SystemDrive%\6c412a69296dd6f26682c24cd2 -> [Folder | Created Date = 5/18/2008 2:39:48 PM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Created Date = 3/25/2008 12:50:40 AM | Attr = ] cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 87312 bytes | Created Date = 5/16/2008 8:22:12 AM | Attr = ] cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 23824 bytes | Created Date = 5/16/2008 8:22:14 AM | Attr = ] inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3.0.14.275 | Size = 79760 bytes | Created Date = 5/16/2008 8:22:17 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/8/2008 1:58:52 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/8/2008 1:58:52 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 5/8/2008 1:58:52 AM | Attr = ] ijl15.dll -> %SystemRoot%\System32\ijl15.dll -> Intel Corporation [Ver = 1,5,4,36 | Size = 372736 bytes | Created Date = 4/25/2008 1:13:13 AM | Attr = ] ejuauezmb20.bit -> %SystemRoot%\System32\ejuauezmb20.bit -> [Ver = | Size = 17 bytes | Created Date = 2/28/2008 2:31:38 AM | Attr = ] guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 139008 bytes | Created Date = 5/16/2008 8:22:20 AM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Created Date = 5/18/2008 6:00:44 AM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> PaintX.dll -> %SystemRoot%\System32\PaintX.dll -> [Ver = 1, 0, 5, 0 | Size = 454656 bytes | Created Date = 4/25/2008 1:13:14 AM | Attr = ] NPSExec.exe -> %SystemRoot%\NPSExec.exe -> Electronic Arts [Ver = 1.01 | Size = 33792 bytes | Created Date = 4/9/2008 7:45:52 AM | Attr = R ] eReg.dat -> %SystemRoot%\eReg.dat -> [Ver = | Size = 500 bytes | Created Date = 4/9/2008 7:46:33 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 5/17/2008 9:51:30 PM | Attr = ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> MyHeritage.INI -> %SystemRoot%\MyHeritage.INI -> [Ver = | Size = 284 bytes | Created Date = 4/25/2008 1:16:57 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Notepad++ -> %AppData%\Notepad++ -> [Folder | Created Date = 4/19/2008 10:23:21 AM | Attr = ] The Complete Genealogy Reporter - FTB -> %AppData%\The Complete Genealogy Reporter - FTB -> [Folder | Created Date = 4/25/2008 1:13:10 AM | Attr = ] IMG019.jpg -> %UserProfile%\My Documents\IMG019.jpg -> [Ver = | Size = 500241 bytes | Created Date = 4/16/2008 2:18:42 AM | Attr = ] POGO -> %UserProfile%\My Documents\POGO -> [Folder | Created Date = 4/7/2008 2:04:04 AM | Attr = ] EasyInfo -> %UserProfile%\My Documents\EasyInfo -> [Folder | Created Date = 4/23/2008 10:45:10 AM | Attr = ] MyHeritage -> %UserProfile%\My Documents\MyHeritage -> [Folder | Created Date = 4/25/2008 1:14:16 AM | Attr = ] registration_form[1].pdf -> %UserProfile%\My Documents\registration_form[1].pdf -> [Ver = | Size = 154348 bytes | Created Date = 2/21/2008 3:18:27 PM | Attr = ] RYAN 401K Documents.pdf -> %UserProfile%\My Documents\RYAN 401K Documents.pdf -> [Ver = | Size = 108762 bytes | Created Date = 3/19/2008 1:32:28 PM | Attr = ] OTScanit -> %UserProfile%\My Documents\OTScanit -> [Folder | Created Date = 5/18/2008 2:08:43 PM | Attr = ] Notepad++.lnk -> %AllUsersProfile%\Desktop\Notepad++.lnk -> [Ver = | Size = 603 bytes | Created Date = 4/19/2008 10:23:25 AM | Attr = ] COMODO Firewall Pro.lnk -> %AllUsersProfile%\Desktop\COMODO Firewall Pro.lnk -> [Ver = | Size = 627 bytes | Created Date = 5/16/2008 12:32:57 PM | Attr = ] Yuwie Control Panel.url -> %UserProfile%\Desktop\Yuwie Control Panel.url -> [Ver = | Size = 266 bytes | Created Date = 3/27/2008 10:38:49 PM | Attr = ] The Sims...800x600.lnk -> %UserProfile%\Desktop\The Sims...800x600.lnk -> [Ver = | Size = 669 bytes | Created Date = 4/9/2008 8:17:36 AM | Attr = ] The Sims..1024x768.lnk -> %UserProfile%\Desktop\The Sims..1024x768.lnk -> [Ver = | Size = 693 bytes | Created Date = 4/9/2008 8:17:50 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1643 bytes | Created Date = 5/16/2008 3:08:07 PM | Attr = ] Shortcut to ComboFix.exe.lnk -> %UserProfile%\Desktop\Shortcut to ComboFix.exe.lnk -> [Ver = | Size = 855 bytes | Created Date = 5/17/2008 3:52:14 PM | Attr = ] Shortcut to dss(7).exe.lnk -> %UserProfile%\Desktop\Shortcut to dss(7).exe.lnk -> [Ver = | Size = 843 bytes | Created Date = 5/17/2008 4:00:48 PM | Attr = ] GA POWER.url -> %UserProfile%\Desktop\GA POWER.url -> [Ver = | Size = 223 bytes | Created Date = 4/23/2008 10:49:47 AM | Attr = ] EBT AccountWelcome to EBT Account.url -> %UserProfile%\Desktop\EBT AccountWelcome to EBT Account.url -> [Ver = | Size = 199 bytes | Created Date = 4/13/2008 11:26:49 AM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 842 bytes | Created Date = 4/19/2008 9:57:57 AM | Attr = ] MyHeritage Family Tree Builder.lnk -> %UserProfile%\Desktop\MyHeritage Family Tree Builder.lnk -> [Ver = | Size = 683 bytes | Created Date = 4/25/2008 1:13:45 AM | Attr = ] OTScanIt.exe.lnk -> %UserProfile%\Desktop\OTScanIt.exe.lnk -> [Ver = | Size = 936 bytes | Created Date = 5/18/2008 2:36:41 PM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 599 bytes | Created Date = 5/17/2008 10:15:05 PM | Attr = ] jv16 PowerTools.lnk -> %UserProfile%\Desktop\jv16 PowerTools.lnk -> [Ver = | Size = 609 bytes | Created Date = 5/17/2008 11:04:08 PM | Attr = ] InstallShieldold2 -> %CommonProgramFiles%\InstallShieldold2 -> [Folder | Created Date = 4/14/2008 5:04:46 AM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Created Date = 4/17/2008 1:06:15 AM | Attr = ] eMedia Beginner Guitar Lessons -> %ProgramFiles%\eMedia Beginner Guitar Lessons -> [Folder | Created Date = 2/27/2008 7:44:39 PM | Attr = ] Maxis -> %ProgramFiles%\Maxis -> [Folder | Created Date = 4/9/2008 7:42:25 AM | Attr = ] Electronic Arts -> %ProgramFiles%\Electronic Arts -> [Folder | Created Date = 4/9/2008 7:45:48 AM | Attr = ] Notepad++ -> %ProgramFiles%\Notepad++ -> [Folder | Created Date = 4/19/2008 10:23:21 AM | Attr = ] MyHeritage -> %ProgramFiles%\MyHeritage -> [Folder | Created Date = 4/25/2008 1:12:09 AM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 5/16/2008 3:07:59 PM | Attr = ] jv16 PowerTools -> %ProgramFiles%\jv16 PowerTools -> [Folder | Created Date = 5/17/2008 11:03:35 PM | Attr = ] [Files/Folders - Modified Within 90 days] FOUND.001 -> %SystemDrive%\FOUND.001 -> [Folder | Modified Date = 3/2/2008 7:02:42 PM | Attr = HS] student -> %SystemDrive%\student -> [Folder | Modified Date = 3/13/2008 8:46:18 PM | Attr = ] ResultsManager -> %SystemDrive%\ResultsManager -> [Folder | Modified Date = 3/13/2008 8:46:16 PM | Attr = ] 84764db85cc5fa25436a0323f3 -> %SystemDrive%\84764db85cc5fa25436a0323f3 -> [Folder | Modified Date = 4/11/2008 1:32:10 PM | Attr = ] 6c412a69296dd6f26682c24cd2 -> %SystemDrive%\6c412a69296dd6f26682c24cd2 -> [Folder | Modified Date = 5/18/2008 2:39:50 PM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 87312 bytes | Modified Date = 5/16/2008 8:12:02 AM | Attr = ] cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 23824 bytes | Modified Date = 5/16/2008 8:13:30 AM | Attr = ] inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3.0.14.275 | Size = 79760 bytes | Modified Date = 5/16/2008 8:13:52 AM | Attr = ] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 5/12/2008 7:59:02 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:36 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 5/18/2008 5:46:12 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:40 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 59838 bytes | Modified Date = 4/11/2008 1:40:34 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 398000 bytes | Modified Date = 4/11/2008 1:40:34 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 4/19/2008 10:06:56 AM | Attr = ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 4/19/2008 10:06:56 AM | Attr = ] ejuauezmb20.bit -> %SystemRoot%\System32\ejuauezmb20.bit -> [Ver = | Size = 17 bytes | Modified Date = 2/28/2008 2:31:40 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 119744 bytes | Modified Date = 4/9/2008 6:05:34 PM | Attr = ] guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 139008 bytes | Modified Date = 5/16/2008 8:14:10 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 444264 bytes | Modified Date = 4/11/2008 1:40:34 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 5/18/2008 6:00:46 AM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] EZMediaBox2.ini -> %SystemRoot%\EZMediaBox2.ini -> [Ver = | Size = 12612 bytes | Modified Date = 3/28/2008 2:21:22 AM | Attr = ] eReg.dat -> %SystemRoot%\eReg.dat -> [Ver = | Size = 500 bytes | Modified Date = 4/9/2008 7:46:34 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 5/17/2008 9:51:32 PM | Attr = ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 5/17/2008 9:47:30 PM | Attr = ] MyHeritage.INI -> %SystemRoot%\MyHeritage.INI -> [Ver = | Size = 284 bytes | Modified Date = 4/25/2008 1:36:22 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 705 bytes | Modified Date = 3/27/2008 11:58:52 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/18/2008 5:42:56 AM | Attr = S] LEXSTAT.INI -> %SystemRoot%\LEXSTAT.INI -> [Ver = | Size = 1166 bytes | Modified Date = 3/19/2008 1:28:20 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/18/2008 5:43:38 AM | Attr = H ] Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 292 bytes | Modified Date = 5/17/2008 10:00:02 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 5/18/2008 5:47:22 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 1/31/2006 9:16:02 PM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1309 bytes | Modified Date = 10/4/2006 5:55:24 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/31/2006 9:27:52 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6768 bytes | Modified Date = 5/18/2008 5:45:56 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6768 bytes | Modified Date = 5/18/2008 5:45:56 AM | Attr = ] C:\Documents and Settings\Deborah\Local Settings\Temp\ -> C:\Documents and Settings\Deborah\Local Settings\Temp -> [Folder | Modified Date = 1/31/2006 9:04:14 PM | Attr = ] npp.4.9.2.Installer.exe -> C:\Documents and Settings\Deborah\Local Settings\Temp\npp.4.9.2.Installer.exe -> [Ver = | Size = 2077269 bytes | Modified Date = 5/18/2008 2:28:58 PM | Attr = ] xmlUpdater.exe -> C:\Documents and Settings\Deborah\Local Settings\Temp\xmlUpdater.exe -> [Ver = | Size = 100247 bytes | Modified Date = 8/7/2007 6:49:16 PM | Attr = ] 2 C:\Documents and Settings\Deborah\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Deborah\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Deborah\Local Settings\Temp\ -> C:\Documents and Settings\Deborah\Local Settings\Temp -> [Folder | Modified Date = 1/31/2006 9:04:14 PM | Attr = ] mpengine.dll -> C:\Documents and Settings\Deborah\Local Settings\Temp\mpengine.dll -> Microsoft Corporation [Ver = 1.1.3520.0 | Size = 3308624 bytes | Modified Date = 5/18/2008 2:40:58 PM | Attr = ] 2 C:\Documents and Settings\Deborah\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Deborah\Local Settings\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Notepad++ -> %AppData%\Notepad++ -> [Folder | Modified Date = 4/19/2008 10:23:22 AM | Attr = ] The Complete Genealogy Reporter - FTB -> %AppData%\The Complete Genealogy Reporter - FTB -> [Folder | Modified Date = 4/25/2008 1:13:12 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 15360 bytes | Modified Date = 5/16/2008 1:23:22 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4835180 bytes | Modified Date = 5/8/2008 1:42:18 AM | Attr = H ] POGO -> %UserProfile%\My Documents\POGO -> [Folder | Modified Date = 4/7/2008 2:04:06 AM | Attr = ] EasyInfo -> %UserProfile%\My Documents\EasyInfo -> [Folder | Modified Date = 4/23/2008 10:45:12 AM | Attr = ] MyHeritage -> %UserProfile%\My Documents\MyHeritage -> [Folder | Modified Date = 4/25/2008 1:14:18 AM | Attr = ] registration_form[1].pdf -> %UserProfile%\My Documents\registration_form[1].pdf -> [Ver = | Size = 154348 bytes | Modified Date = 2/21/2008 3:18:30 PM | Attr = ] RYAN 401K Documents.pdf -> %UserProfile%\My Documents\RYAN 401K Documents.pdf -> [Ver = | Size = 108762 bytes | Modified Date = 3/19/2008 1:32:30 PM | Attr = ] OTScanit -> %UserProfile%\My Documents\OTScanit -> [Folder | Modified Date = 5/18/2008 2:08:44 PM | Attr = ] Notepad++.lnk -> %AllUsersProfile%\Desktop\Notepad++.lnk -> [Ver = | Size = 603 bytes | Modified Date = 5/18/2008 2:35:44 PM | Attr = ] COMODO Firewall Pro.lnk -> %AllUsersProfile%\Desktop\COMODO Firewall Pro.lnk -> [Ver = | Size = 627 bytes | Modified Date = 5/16/2008 12:32:58 PM | Attr = ] POGO.url -> %UserProfile%\Desktop\POGO.url -> [Ver = | Size = 229 bytes | Modified Date = 5/16/2008 2:25:10 PM | Attr = ] Yuwie Control Panel.url -> %UserProfile%\Desktop\Yuwie Control Panel.url -> [Ver = | Size = 266 bytes | Modified Date = 5/7/2008 7:30:04 AM | Attr = ] Wal-Mart Stores, Inc..url -> %UserProfile%\Desktop\Wal-Mart Stores, Inc..url -> [Ver = | Size = 263 bytes | Modified Date = 3/14/2008 2:06:20 PM | Attr = ] The Sims...800x600.lnk -> %UserProfile%\Desktop\The Sims...800x600.lnk -> [Ver = | Size = 669 bytes | Modified Date = 4/9/2008 8:17:38 AM | Attr = ] The Sims..1024x768.lnk -> %UserProfile%\Desktop\The Sims..1024x768.lnk -> [Ver = | Size = 693 bytes | Modified Date = 4/9/2008 8:17:52 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1643 bytes | Modified Date = 5/16/2008 3:08:14 PM | Attr = ] Shortcut to ComboFix.exe.lnk -> %UserProfile%\Desktop\Shortcut to ComboFix.exe.lnk -> [Ver = | Size = 855 bytes | Modified Date = 5/17/2008 3:52:16 PM | Attr = ] Shortcut to dss(7).exe.lnk -> %UserProfile%\Desktop\Shortcut to dss(7).exe.lnk -> [Ver = | Size = 843 bytes | Modified Date = 5/17/2008 4:00:50 PM | Attr = ] Green Dot Walmart.url -> %UserProfile%\Desktop\Green Dot Walmart.url -> [Ver = | Size = 245 bytes | Modified Date = 5/16/2008 6:40:02 PM | Attr = ] GA POWER.url -> %UserProfile%\Desktop\GA POWER.url -> [Ver = | Size = 223 bytes | Modified Date = 4/28/2008 3:16:54 PM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1457 bytes | Modified Date = 4/19/2008 9:47:34 AM | Attr = ] EBT AccountWelcome to EBT Account.url -> %UserProfile%\Desktop\EBT AccountWelcome to EBT Account.url -> [Ver = | Size = 199 bytes | Modified Date = 5/12/2008 12:00:48 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 842 bytes | Modified Date = 4/19/2008 9:57:58 AM | Attr = ] MyHeritage Family Tree Builder.lnk -> %UserProfile%\Desktop\MyHeritage Family Tree Builder.lnk -> [Ver = | Size = 683 bytes | Modified Date = 4/25/2008 1:13:50 AM | Attr = ] OTScanIt.exe.lnk -> %UserProfile%\Desktop\OTScanIt.exe.lnk -> [Ver = | Size = 936 bytes | Modified Date = 5/18/2008 2:36:42 PM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 599 bytes | Modified Date = 5/17/2008 10:15:06 PM | Attr = ] jv16 PowerTools.lnk -> %UserProfile%\Desktop\jv16 PowerTools.lnk -> [Ver = | Size = 609 bytes | Modified Date = 5/17/2008 11:04:16 PM | Attr = ] InstallShieldold2 -> %CommonProgramFiles%\InstallShieldold2 -> [Folder | Modified Date = 4/14/2008 5:04:48 AM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 4/17/2008 1:06:16 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]