[code]
OTScanIt logfile created on: 5/29/2008 4:06:34 PM
OTScanIt by OldTimer - Version 1.0.15.4     Folder = C:\Documents and Settings\Paul\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.48 Mb Total Physical Memory | 672.82 Mb Available Physical Memory | 65.74% Memory free
2.40 Gb Paging File | 2.20 Gb Available in Paging File | 91.44% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 31.40 Gb Free Space | 54.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.88 Gb Total Space | 1.59 Gb Free Space | 84.83% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-47A287B4BB
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
umxcfg.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxCfg.exe -> CA [Ver = 1.0.2.153 | Size = 708608 bytes | Modified Date = 10/18/2006 1:04:56 PM | Attr = R  ]
umxfwhlp.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -> CA [Ver = 6.5.4.8 | Size = 135168 bytes | Modified Date = 10/17/2006 2:00:26 PM | Attr = R  ]
qoeloader.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe -> CA [Ver = 5.0.418.0 | Size = 6656 bytes | Modified Date = 11/7/2006 8:27:40 PM | Attr =    ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 1/12/2005 2:54:58 PM | Attr =    ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 12:11:42 AM | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 11:54:04 AM | Attr =    ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.0.59 | Size = 257088 bytes | Modified Date = 3/2/2007 4:24:28 PM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_14\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 3/14/2007 5:23:09 PM | Attr =    ]
jucheck.exe -> %ProgramFiles%\Java\j2re1.4.2_14\bin\jucheck.exe ->  [Ver = 1, 0, 0, 1 | Size = 241777 bytes | Modified Date = 3/14/2007 5:23:09 PM | Attr =    ]
devldr32.exe -> %SystemRoot%\system32\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Modified Date = 8/17/2001 11:36:42 PM | Attr =    ]
itmrtsvc.exe -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.15 | Size = 263696 bytes | Modified Date = 10/4/2006 8:25:36 PM | Attr =    ]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr =    ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.0.59 | Size = 500800 bytes | Modified Date = 3/2/2007 4:24:20 PM | Attr =    ]
cappactiveprotection.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe -> CA, Inc. [Ver = 9, 0, 0, 17 | Size = 212032 bytes | Modified Date = 12/16/2006 12:03:55 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.4 | Size = 374784 bytes | Modified Date = 5/28/2008 9:25:08 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 7:56:50 PM | Attr =    ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.0.59 | Size = 500800 bytes | Modified Date = 3/2/2007 4:24:20 PM | Attr =    ]
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.15 | Size = 263696 bytes | Modified Date = 10/4/2006 8:25:36 PM | Attr =    ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc ->  [Folder | Modified Date = 11/6/2006 10:39:20 PM | Attr =    ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr =    ]
(UmxAgent) HIPS Event Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxAgent.exe -> CA [Ver = 6, 0, 1, 172 | Size = 884736 bytes | Modified Date = 10/6/2006 6:42:02 PM | Attr = R  ]
(UmxCfg) HIPS Configuration Interpreter [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxCfg.exe -> CA [Ver = 1.0.2.153 | Size = 708608 bytes | Modified Date = 10/18/2006 1:04:56 PM | Attr = R  ]
(UmxFwHlp) HIPS Firewall Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -> CA [Ver = 6.5.4.8 | Size = 135168 bytes | Modified Date = 10/17/2006 2:00:26 PM | Attr = R  ]
(UmxPol) HIPS Policy Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxPol.exe -> File not found

[Driver Services - Non-Microsoft Only]
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> Adaptec [Ver = 4.57 (1008) | Size = 23936 bytes | Modified Date = 12/22/1997 9:02:46 PM | Attr =    ]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 8/3/2004 5:29:28 PM | Attr =    ]
(cmuda) C-Media WDM Audio Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\cmuda.sys -> C-Media Inc [Ver = 5.12.01.0051.3 (73) | Size = 1373120 bytes | Modified Date = 6/9/2006 11:58:22 PM | Attr =    ]
(ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ctljystk.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3712 bytes | Modified Date = 8/17/2001 1:19:20 PM | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 6:07:18 PM | Attr =    ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 6:07:18 PM | Attr =    ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 3:00:00 PM | Attr =    ]
(emu10k) Creative SB Live! (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\emu10k1m.sys -> Creative Technology Ltd. [Ver = 5.12.01.3300 built by: WinDDK | Size = 283904 bytes | Modified Date = 8/17/2001 1:19:26 PM | Attr =    ]
(emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ctlfacem.sys -> Creative Technology Ltd. [Ver = 5.12.01.2108 built by: WinDDK | Size = 6912 bytes | Modified Date = 8/17/2001 1:19:28 PM | Attr =    ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =    ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 7/7/2005 4:09:24 AM | Attr =    ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 7/7/2005 4:09:24 AM | Attr =    ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 7/7/2005 4:09:24 AM | Attr =    ]
(KmxAgent) KmxAgent [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\kmxagent.sys -> CA [Ver = 6.0.0.47 | Size = 68096 bytes | Modified Date = 9/26/2006 4:43:14 AM | Attr =    ]
(KmxCF) KmxCF [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\KmxCF.sys -> CA [Ver = 6.5.4.52 | Size = 112128 bytes | Modified Date = 10/17/2006 4:35:08 PM | Attr = R  ]
(KmxCfg) KmxCfg [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\kmxcfg.sys -> CA [Ver = 6.0.6.222 | Size = 75008 bytes | Modified Date = 9/25/2006 6:38:04 PM | Attr =    ]
(KmxFile) KmxFile [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\KmxFile.sys -> CA [Ver = 6.0.0.40 | Size = 46080 bytes | Modified Date = 9/26/2006 4:44:32 AM | Attr =    ]
(KmxFw) KmxFw [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\kmxfw.sys -> CA [Ver = 6.5.4.31 | Size = 104960 bytes | Modified Date = 8/30/2006 6:20:38 PM | Attr =    ]
(KmxSbx) KmxSbx [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\KmxSbx.sys -> CA [Ver = 6.0.0.78 | Size = 67584 bytes | Modified Date = 9/26/2006 4:23:20 AM | Attr =    ]
(KmxStart) KmxStart [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\kmxstart.sys -> CA [Ver = 6.5.4.14 | Size = 95232 bytes | Modified Date = 8/30/2006 6:19:08 PM | Attr =    ]
(MotoSwitchService) MotoSwitch Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\motswch.sys -> Motorola INC. [Ver = 1.0.0.0 | Size = 5632 bytes | Modified Date = 6/8/2006 7:55:50 PM | Attr =    ]
(P2k) Motorola USB Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\P2k.sys -> Motorola Inc [Ver = 2.5 | Size = 40960 bytes | Modified Date = 9/28/2006 6:33:08 PM | Attr =    ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 3:00:00 PM | Attr =    ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\RTL8139.SYS -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 5:31:34 PM | Attr =    ]
(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Internet Explorer\SABProcEnum.sys -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 5/27/2008 3:47:19 PM | Attr =    ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 5/27/2008 3:47:19 PM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =    ]
(sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\sfmanm.sys -> Creative Technology Ltd. [Ver = 4.10.3300 | Size = 36480 bytes | Modified Date = 8/17/2001 1:19:34 PM | Attr =    ]
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 6:07:44 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
cafwc -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl] -> CA, Inc. [Ver = Version 9.0.0.53 | Size = 1122304 bytes | Modified Date = 11/7/2006 8:27:39 PM | Attr =    ]
capfaem -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe [C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe] -> CA, Inc. [Ver = Version 9.0.0.53 | Size = 81920 bytes | Modified Date = 11/7/2006 8:27:39 PM | Attr =    ]
cctray -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray.exe ["C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"] -> CA, Inc. [Ver = Version 3.0.0.196 | Size = 165392 bytes | Modified Date = 11/7/2006 8:27:35 PM | Attr =    ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 1/12/2005 2:54:58 PM | Attr =    ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 12:11:42 AM | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.1.0.59 | Size = 257088 bytes | Modified Date = 3/2/2007 4:24:28 PM | Attr =    ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 1:50:42 PM | Attr =    ]
QOELOADER -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe ["C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe"] -> CA [Ver = 5.0.418.0 | Size = 6656 bytes | Modified Date = 11/7/2006 8:27:40 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 11:54:04 AM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_14\bin\jusched.exe ["C:\Program Files\Java\j2re1.4.2_14\bin\jusched.exe"] ->  [Ver =  | Size = 32881 bytes | Modified Date = 3/14/2007 5:23:09 PM | Attr =    ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr =    ]
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/24/2005 1:05:26 AM | Attr =    ]
< Paul Startup Folder > -> C:\Documents and Settings\Paul\Start Menu\Programs\Startup -> 
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
Your Image File Name Here without a path ->  [Debugger] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/27/2008 3:47:19 PM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> Explorer.exe -> File not found
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> logonui.exe -> File not found
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 ->  -> File not found
Control_RunDLL "sysdm.cpl" ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 5/27/2008 3:47:20 PM | Attr =    ]
PFW -> %SystemRoot%\system32\UmxWNP.dll -> CA [Ver = 6, 0, 0, 5 | Size = 73728 bytes | Modified Date = 3/9/2006 4:46:48 PM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPLEXTOR_DVDR___PX-716A__________________1.10____\5&801ae74&0&0.1.0 [IDE\CdRomPLEXTOR_DVDR___PX-716A__________________1.10____\5&801ae74&0&0.1.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomPIONEER_DVD-ROM_DVD-105_________________1.33____\5&327442d2&0&0.0.0 [IDE\CdRomPIONEER_DVD-ROM_DVD-105_________________1.33____\5&327442d2&0&0.0.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> IDE\CdRomPLEXTOR_CD-R___PX-W8432T________________1.09____\5&327442d2&0&0.1.0 [IDE\CdRomPLEXTOR_CD-R___PX-W8432T________________1.09____\5&327442d2&0&0.1.0] -> File not found
< Drives - Autoruns > ->  -> 
autoAlbum.log [-i="C:\Documents and Settings\Paul Mankus\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0.txt" -o="C:\Documents and Settings\Paul Mankus\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0_out.txt" -g -b -s=4 -f="text"input text file:  C:\Documents and Settings\Paul Mankus\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0.txt | output file:  C:\Documents and Settings\Paul Mankus\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0_out.txt |  | Value of width is 2336 and ht is 1696creating book layout ... | layout is complete, writing output file of type 1... | ] -> %SystemDrive%\autoAlbum.log [ NTFS ] ->  [Ver =  | Size = 643 bytes | Modified Date = 9/17/2005 3:06:16 PM | Attr =    ]
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 2/17/2003 11:02:43 PM | Attr =  H ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 9:38:22 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec -> %windir%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6EC0D92C-96C0-4955-BC88-68D0ADD9CAC3} ->    (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr =    ]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_14] -> 
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] -> 
{BB383206-6DA1-4E80-B62A-3DF950FCC697}[HKEY_LOCAL_MACHINE] -> http://www.imgag.com/cp/install/AxCtp2.cab[Create & Print ActiveX Plug-in] -> 
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_14] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/AxCtp2.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/AxCtp2.dll\\.Owner -> {BB383206-6DA1-4E80-B62A-3DF950FCC697} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/AxCtp2.dll\\{BB383206-6DA1-4E80-B62A-3DF950FCC697} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\PowerDVD -> PowerDVD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> PowerDVD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\PowerDVD -> PowerDVD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> PowerDVD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ImageControl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ImageControl.dll\\.Owner -> {BB383206-6DA1-4E80-B62A-3DF950FCC697} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ImageControl.dll\\{BB383206-6DA1-4E80-B62A-3DF950FCC697} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\PowerDVD -> PowerDVD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> PowerDVD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sabprocenum.sys\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sabprocenum.sys\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sabprocenum.sys\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} ->  ->