[code] OTScanIt logfile created on: 6/20/2008 2:34:10 PM OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Documents and Settings\Karens\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.71% Memory free 3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.87% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 293.32 Gb Total Space | 247.31 Gb Free Space | 84.32% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KAREN Current User Name: Karens Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 6/13/2008 8:52:19 AM | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 7:56:14 AM | Attr = ] dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] aolsoftware.exe -> %CommonProgramFiles%\AOL\1169003472\ee\aolsoftware.exe -> AOL LLC [Ver = 15.6.1.1 | Size = 41824 bytes | Modified Date = 10/8/2007 5:50:56 PM | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 9/14/2006 7:55:52 AM | Attr = ] realmon.exe -> %ProgramFiles%\CA\eTrust\Antivirus\Realmon.exe -> Computer Associates International, Inc. [Ver = 6.0.100.0 | Size = 378680 bytes | Modified Date = 8/24/2001 4:00:28 PM | Attr = ] logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/19/2007 1:38:29 PM | Attr = ] setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 805392 bytes | Modified Date = 5/2/2008 2:44:08 AM | Attr = ] khalmnpr.exe -> %CommonProgramFiles%\Logishrd\KHAL2\KHALMNPR.exe -> Logitech, Inc. [Ver = 4.60.42 | Size = 76304 bytes | Modified Date = 5/2/2008 2:40:56 AM | Attr = ] photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/14/2006 7:56:06 AM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 7:55:58 AM | Attr = ] inorpc.exe -> %ProgramFiles%\CA\eTrust\Antivirus\InoRpc.exe -> Computer Associates International, Inc. [Ver = 6.0.100.0 | Size = 137016 bytes | Modified Date = 8/24/2001 3:59:50 PM | Attr = ] inort.exe -> %ProgramFiles%\CA\eTrust\Antivirus\InoRT.exe -> Computer Associates International, Inc. [Ver = 6.0.100.0 | Size = 186168 bytes | Modified Date = 8/24/2001 3:59:52 PM | Attr = ] inotask.exe -> %ProgramFiles%\CA\eTrust\Antivirus\InoTask.exe -> Computer Associates International, Inc. [Ver = 6.0.100.0 | Size = 218936 bytes | Modified Date = 8/24/2001 3:59:58 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7774 | Size = 127043 bytes | Modified Date = 7/8/2005 11:57:00 PM | Attr = ] wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ] elservice.exe -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 4:52:32 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 6/20/2008 1:47:40 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 6/13/2008 8:52:19 AM | Attr = ] (AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/14/2006 7:56:06 AM | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R ] (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr = ] (ELService) Intel® Quick Resume Technology Drivers [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 4:52:32 PM | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2/1/2008 3:39:54 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/1/2007 4:27:36 PM | Attr = ] (IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 7:55:58 AM | Attr = ] (InoRPC) InoculateIT RPC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust\Antivirus\InoRpc.exe -> Computer Associates International, Inc. [Ver = 6.0.100.0 | Size = 137016 bytes | Modified Date = 8/24/2001 3:59:50 PM | Attr = ] (InoRT) InoculateIT Realtime Server [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust\Antivirus\InoRT.exe -> Computer Associates International, Inc. [Ver = 6.0.100.0 | Size = 186168 bytes | Modified Date = 8/24/2001 3:59:52 PM | Attr = ] (InoTask) InoculateIT Job Server [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust\Antivirus\InoTask.exe -> Computer Associates International, Inc. [Ver = 6.0.100.0 | Size = 218936 bytes | Modified Date = 8/24/2001 3:59:58 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found (LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logitech\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 121360 bytes | Modified Date = 5/2/2008 2:42:06 AM | Attr = ] (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 11:26:40 AM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7774 | Size = 127043 bytes | Modified Date = 7/8/2005 11:57:00 PM | Attr = ] (WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 9/14/2006 7:55:52 AM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 8:50:37 AM | Attr = R ] DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr = ] HostManager -> %CommonProgramFiles%\AOL\1169003472\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1169003472\ee\AOLSoftware.exe] -> AOL LLC [Ver = 15.6.1.1 | Size = 41824 bytes | Modified Date = 10/8/2007 5:50:56 PM | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 7:56:14 AM | Attr = ] Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech, Inc. [Ver = 4.60.42 | Size = 76304 bytes | Modified Date = 2/29/2008 3:12:38 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7774 | Size = 7110656 bytes | Modified Date = 7/8/2005 11:57:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ] RealtimeMonitor -> %ProgramFiles%\CA\eTrust\Antivirus\Realmon.exe ["C:\Program Files\CA\eTrust\Antivirus\realmon.exe"] -> Computer Associates International, Inc. [Ver = 6.0.100.0 | Size = 378680 bytes | Modified Date = 8/24/2001 4:00:28 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 3/1/2007 12:06:56 AM | Attr = ] LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/19/2007 1:38:29 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.32 | Size = 443968 bytes | Modified Date = 9/27/2007 9:17:36 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.32 | Size = 443968 bytes | Modified Date = 9/27/2007 9:17:36 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\] > -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 3/1/2007 12:06:56 AM | Attr = ] LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/19/2007 1:38:29 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\AOL 9.1 Tray Icon.lnk -> %ProgramFiles%\America Online 9.0\aoltray.exe -> America Online, Inc. [Ver = 9.00.001 | Size = 156784 bytes | Modified Date = 9/1/2004 11:56:34 AM | Attr = H ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 805392 bytes | Modified Date = 5/2/2008 2:44:08 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Karens Startup Folder > -> C:\Documents and Settings\Karens\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006] > -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> LBTWlgn -> %CommonProgramFiles%\Logitech\Bluetooth\LBTWLgn.dll -> Logitech, Inc. [Ver = 4.60.122 | Size = 72208 bytes | Modified Date = 5/2/2008 2:42:30 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006] > -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVD+-RW_GWA4164B_______________E113____\5&286e6a4&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/16/2005 4:43:04 AM | Attr = ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ig?hl=en -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> localhost;*.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\] > -> -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\: Main\\Start Page -> http://www.google.com/ig?hl=en -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\: ProxyOverride -> localhost;*.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> online_musicmatch.com [https] -> Trusted sites -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3536 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> Interealty.com .[*] -> Out of zone range - ( 6 ) -> MLXchange.com .[*] -> Out of zone range - ( 6 ) -> stumbleupon.com .[*] -> Trusted sites -> 132 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3532 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3532 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3532 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3532 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\] > -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3536 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> Interealty.com .[*] -> Out of zone range - ( 6 ) -> MLXchange.com .[*] -> Out of zone range - ( 6 ) -> stumbleupon.com .[*] -> Trusted sites -> 132 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\] > -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\] > -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 9/7/2006 4:59:50 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\] > -> HKEY_USERS\S-1-5-21-2914176191-405003845-1956232635-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 9/7/2006 4:59:50 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {E44317F4-D918-4CD7-AB0C-B9A9A7D0D234} -> (Intel(R) PRO/1000 PL Network Connection) -> {FCDFB1BE-84D5-425B-B6A0-2EB014BEB375} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 1:42:30 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 3/19/2007 1:38:29 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] -> {20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] -> {233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www.costcophotocenter.com/CostcoActivia.cab[Snapfish Activia] -> {474F00F5-3853-492C-AC3A-476512BBC336}[HKEY_LOCAL_MACHINE] -> http://picasaweb.google.com/s/v/29.58/uploader2.cab[UploadListView Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195604598390[MUWebControl Class] -> {74E4A24D-5224-4F05-8A41-99445E0FC22B}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/free-trial-mind-medley/gamehouseplayer.cab[GameHouse Games Player] -> {7D492D61-303A-45C3-8A55-63449339943D}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/free-trial-the-nightshift-code/NightShiftCodeWeb.1.0.0.5.cab[CPlayFirstNightShiftControl Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/free-trial-mystery-pi-the-lottery-ticket/SpinTopGamesLauncher.cab[SpinTop Games Launcher] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab[PopCapLoader Object] -> {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://symantec.webex.com/client/T23L/support/ieatgpc.cab[GpcContainer Class] -> {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}[HKEY_LOCAL_MACHINE] -> https://secure.gopetslive.com/dev/GoPetsWeb.cab[GoPetsWeb Control] -> Jungle Gin by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/applet-6.9.1.32/gin2/gin2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Lottso by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/applet-6.8.3.22/lottso/lottso-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ghgamesplayer.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ghgamesplayer.dll\\.Owner -> {74E4A24D-5224-4F05-8A41-99445E0FC22B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ghgamesplayer.dll\\{74E4A24D-5224-4F05-8A41-99445E0FC22B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GoPetsWeb.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GoPetsWeb.ocx\\.Owner -> {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GoPetsWeb.ocx\\{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\.Owner -> {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NightShiftCodeWeb.1.0.0.5.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NightShiftCodeWeb.1.0.0.5.dll\\.Owner -> {7D492D61-303A-45C3-8A55-63449339943D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NightShiftCodeWeb.1.0.0.5.dll\\{7D492D61-303A-45C3-8A55-63449339943D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpinTopGamesLauncher.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpinTopGamesLauncher.dll\\.Owner -> {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpinTopGamesLauncher.dll\\{8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\.Owner -> {474F00F5-3853-492C-AC3A-476512BBC336} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\{474F00F5-3853-492C-AC3A-476512BBC336} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 756 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 0E 35 B1 A0 ED 3B C5 7E 9F DF 09 45 B7 87 50 6D 37 61 30 62 66 61 31 63 00 00 00 00 EC 10 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 A8 BD A1 5B 6A F3 0B 8F DB E4 21 7A [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> A0 6E 92 2D D4 2D BC D0 12 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 83 6D 70 FF 6A 22 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 99 5B 3C 9D 93 D9 CF E1 36 23 46 33 2C F6 AB 4D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 60 FA F8 0D 77 78 C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 68 B1 78 FB 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 28 8E 6A B8 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 68 B1 78 FB 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8360 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 8:50:37 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> America Online, Inc. [Ver = 9.00.003 | Size = 259632 bytes | Modified Date = 2/9/2007 4:59:48 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/19/2007 1:38:29 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe -> %ProgramFiles%\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe [C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7] -> [Ver = | Size = 194072 bytes | Modified Date = 5/1/2007 4:09:22 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10244:TCP -> 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10285:UDP -> 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10286:UDP -> 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10287:UDP -> 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10288:UDP -> 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10289:UDP -> 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 8:50:37 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> America Online, Inc. [Ver = 9.00.003 | Size = 259632 bytes | Modified Date = 2/9/2007 4:59:48 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2/8/2008 5:32:57 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\utorrent\utorrent.exe -> %ProgramFiles%\utorrent\utorrent.exe [C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 174163 bytes | Modified Date = 12/23/2006 8:57:31 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/19/2007 1:38:29 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1169003472\ee\aolsoftware.exe -> %CommonProgramFiles%\AOL\1169003472\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1169003472\ee\aolsoftware.exe:*:Enabled:AOL Shared Components] -> AOL LLC [Ver = 15.6.1.1 | Size = 41824 bytes | Modified Date = 10/8/2007 5:50:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\sony\Everquest II\LaunchPad.exe -> %ProgramFiles%\sony\Everquest II\LaunchPad.exe [C:\Program Files\sony\Everquest II\LaunchPad.exe:*:Enabled:LaunchPad] -> [Ver = | Size = 2326528 bytes | Modified Date = 11/14/2007 11:41:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe -> %CommonProgramFiles%\AOL\TopSpeed\3.0\aoltpsd3.exe [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed] -> AOL LLC [Ver = 3, 0, 0, 4 | Size = 63120 bytes | Modified Date = 4/2/2007 8:33:32 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> %CommonProgramFiles%\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information] -> AOL LLC [Ver = 2, 4, 6, 2 | Size = 206176 bytes | Modified Date = 9/17/2007 9:02:47 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe [C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server] -> [Ver = | Size = 4374528 bytes | Modified Date = 9/14/2006 7:55:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Encompass\AdminTools.exe -> %ProgramFiles%\Encompass\AdminTools.exe [C:\Program Files\Encompass\AdminTools.exe:*:Enabled:Admin Tools] -> Ellie Mae, Inc. [Ver = 3.0.0.4 | Size = 335872 bytes | Modified Date = 9/26/2007 3:28:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Encompass\Encompass.exe -> %ProgramFiles%\Encompass\Encompass.exe [C:\Program Files\Encompass\Encompass.exe:*:Enabled:Encompass] -> Ellie Mae, Inc. [Ver = 3.0.0.10 | Size = 1069056 bytes | Modified Date = 2/6/2008 8:20:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6300.5000 | Size = 12829216 bytes | Modified Date = 12/12/2007 11:56:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/27/2006 3:37:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/27/2006 3:03:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> %SystemRoot%\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe -> %ProgramFiles%\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe [C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7] -> [Ver = | Size = 194072 bytes | Modified Date = 5/1/2007 4:09:22 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft LifeCam\LifeCam.exe -> %ProgramFiles%\Microsoft LifeCam\LifeCam.exe [C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe] -> Microsoft Corporation [Ver = 1.30.175.0 | Size = 4270872 bytes | Modified Date = 1/4/2007 6:14:33 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft LifeCam\LifeExp.exe -> %ProgramFiles%\Microsoft LifeCam\LifeExp.exe [C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe] -> Microsoft Corporation [Ver = 1.30.176.0 | Size = 275800 bytes | Modified Date = 1/12/2007 9:48:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10244:TCP -> 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10285:UDP -> 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10286:UDP -> 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10287:UDP -> 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10288:UDP -> 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10289:UDP -> 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 6/19/2008 5:00:48 PM | Attr = ] img025.jpg -> %SystemDrive%\img025.jpg -> [Ver = | Size = 893273 bytes | Created Date = 4/26/2008 10:33:55 AM | Attr = ] img026.jpg -> %SystemDrive%\img026.jpg -> [Ver = | Size = 1004057 bytes | Created Date = 4/26/2008 10:33:55 AM | Attr = ] img027.jpg -> %SystemDrive%\img027.jpg -> [Ver = | Size = 1214148 bytes | Created Date = 4/26/2008 10:33:55 AM | Attr = ] img028.jpg -> %SystemDrive%\img028.jpg -> [Ver = | Size = 803209 bytes | Created Date = 4/26/2008 10:33:55 AM | Attr = ] img029.jpg -> %SystemDrive%\img029.jpg -> [Ver = | Size = 860767 bytes | Created Date = 4/26/2008 10:33:55 AM | Attr = ] img030.jpg -> %SystemDrive%\img030.jpg -> [Ver = | Size = 939848 bytes | Created Date = 4/26/2008 10:33:55 AM | Attr = ] img031.jpg -> %SystemDrive%\img031.jpg -> [Ver = | Size = 1004161 bytes | Created Date = 4/26/2008 10:33:55 AM | Attr = ] img032.jpg -> %SystemDrive%\img032.jpg -> [Ver = | Size = 720643 bytes | Created Date = 4/26/2008 10:33:55 AM | Attr = ] mikespix -> %SystemDrive%\mikespix -> [Folder | Created Date = 4/27/2008 3:39:54 PM | Attr = ] Platform.ini -> %SystemDrive%\Platform.ini -> [Ver = | Size = 102 bytes | Created Date = 6/16/2008 6:59:20 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/19/2008 5:48:25 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 6/19/2008 6:17:52 PM | Attr = HS] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Created Date = 3/25/2008 12:50:40 AM | Attr = ] Awrtpd.sys -> %SystemRoot%\System32\drivers\Awrtpd.sys -> Lavasoft AB [Ver = 1.0.0.134 | Size = 12960 bytes | Created Date = 4/29/2008 11:19:50 AM | Attr = ] Awrtrd.sys -> %SystemRoot%\System32\drivers\Awrtrd.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Created Date = 4/29/2008 11:19:54 AM | Attr = ] MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Created Date = 6/8/2008 3:13:42 PM | Attr = H ] Msft_Kernel_zumbus_01007.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_zumbus_01007.Wdf -> [Ver = | Size = 0 bytes | Created Date = 6/8/2008 3:13:43 PM | Attr = H ] NSDriver.sys -> %SystemRoot%\System32\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Created Date = 4/29/2008 11:20:00 AM | Attr = ] BAZLib.dll -> %SystemRoot%\System32\BAZLib.dll -> iipl [Ver = 1.00 | Size = 24576 bytes | Created Date = 6/12/2008 2:40:38 PM | Attr = ] BtCoreIf.dll -> %SystemRoot%\System32\BtCoreIf.dll -> Broadcom Corporation. [Ver = 5.1.0.3600 | Size = 301656 bytes | Created Date = 6/8/2008 3:30:24 PM | Attr = ] cdintf.dll -> %SystemRoot%\System32\cdintf.dll -> AMYUNI Consultants http://www.amyuni.com [Ver = 2.07 | Size = 348160 bytes | Created Date = 6/13/2008 2:15:12 PM | Attr = ] ConTest.dll -> %SystemRoot%\System32\ConTest.dll -> Ascentive [Ver = 1.00.0005 | Size = 208896 bytes | Created Date = 6/12/2008 2:40:38 PM | Attr = ] DUNZIP32.DLL -> %SystemRoot%\System32\DUNZIP32.DLL -> Inner Media, Inc. [Ver = 3.00.17 | Size = 98304 bytes | Created Date = 6/13/2008 2:15:11 PM | Attr = ] ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [Ver = | Size = 56 bytes | Created Date = 5/9/2008 10:08:28 AM | Attr = H ] GNETPRINTER.DLL -> %SystemRoot%\System32\GNETPRINTER.DLL -> [Ver = 1, 0, 0, 1 | Size = 405504 bytes | Created Date = 6/13/2008 2:15:11 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/16/2008 4:04:29 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/16/2008 4:04:29 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 5/16/2008 4:04:29 PM | Attr = ] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Created Date = 5/16/2008 11:58:04 AM | Attr = ] SysRestore.dll -> %SystemRoot%\System32\SysRestore.dll -> Ascentive LLC [Ver = 1.00 | Size = 20480 bytes | Created Date = 6/12/2008 2:40:38 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 6/19/2008 5:01:16 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 6/19/2008 5:48:24 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 6/19/2008 5:48:24 PM | Attr = ] msoffice.ini -> %SystemRoot%\msoffice.ini -> [Ver = | Size = 4 bytes | Created Date = 6/13/2008 9:21:22 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 6/19/2008 5:48:24 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/20/2008 10:28:27 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/20/2008 10:28:27 AM | Attr = H ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 6/19/2008 5:48:24 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 6/19/2008 5:48:24 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 6/19/2008 5:48:24 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/19/2008 5:48:24 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/19/2008 5:48:24 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 6/19/2008 5:48:24 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] GameBlend -> %AllUsersProfile%\Application Data\GameBlend -> [Folder | Created Date = 5/16/2008 3:43:37 PM | Attr = ] Gogii -> %AllUsersProfile%\Application Data\Gogii -> [Folder | Created Date = 5/16/2008 7:42:00 PM | Attr = ] JollyBear -> %AllUsersProfile%\Application Data\JollyBear -> [Folder | Created Date = 5/16/2008 4:09:50 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 6/13/2008 8:51:50 AM | Attr = ] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Created Date = 5/9/2008 10:06:21 AM | Attr = ] EPSON -> %AppData%\EPSON -> [Folder | Created Date = 4/26/2008 9:58:51 AM | Attr = ] GameBlend -> %AppData%\GameBlend -> [Folder | Created Date = 5/16/2008 3:43:37 PM | Attr = ] iWin -> %AppData%\iWin -> [Folder | Created Date = 5/18/2008 7:25:46 PM | Attr = ] skypePM -> %AppData%\skypePM -> [Folder | Created Date = 5/9/2008 10:08:28 AM | Attr = ] JollyBear -> %UserProfile%\Local Settings\Application Data\JollyBear -> [Folder | Created Date = 5/16/2008 4:09:50 PM | Attr = ] 16bigbuck047.jpg -> %UserProfile%\My Documents\16bigbuck047.jpg -> [Ver = | Size = 103486 bytes | Created Date = 4/24/2008 1:38:04 PM | Attr = ] 20080423WDTCCTR.jpg -> %UserProfile%\My Documents\20080423WDTCCTR.jpg -> [Ver = | Size = 54223 bytes | Created Date = 4/24/2008 1:55:16 PM | Attr = ] 20080620113103139.pdf -> %UserProfile%\My Documents\20080620113103139.pdf -> [Ver = | Size = 902079 bytes | Created Date = 6/20/2008 11:40:29 AM | Attr = ] Bobby002 -> %UserProfile%\My Documents\Bobby002 -> [Folder | Created Date = 5/18/2008 7:58:47 AM | Attr = ] Bobby002.zip -> %UserProfile%\My Documents\Bobby002.zip -> [Ver = | Size = 1641184 bytes | Created Date = 5/18/2008 7:58:36 AM | Attr = ] Charles Wisniewski.docx -> %UserProfile%\My Documents\Charles Wisniewski.docx -> [Ver = | Size = 10572 bytes | Created Date = 5/20/2008 12:56:59 PM | Attr = ] Dear Dave.docx -> %UserProfile%\My Documents\Dear Dave.docx -> [Ver = | Size = 12700 bytes | Created Date = 6/6/2008 2:24:30 PM | Attr = ] DSC_0525 -> %UserProfile%\My Documents\DSC_0525 -> [Folder | Created Date = 4/25/2008 9:50:20 AM | Attr = ] DSC_0525.zip -> %UserProfile%\My Documents\DSC_0525.zip -> [Ver = | Size = 673861 bytes | Created Date = 4/25/2008 9:50:15 AM | Attr = ] FFF-ReflexV3 -> %UserProfile%\My Documents\FFF-ReflexV3 -> [Folder | Created Date = 5/16/2008 3:38:02 PM | Attr = ] FFF-ReflexV3.zip -> %UserProfile%\My Documents\FFF-ReflexV3.zip -> [Ver = | Size = 33194 bytes | Created Date = 5/16/2008 3:37:59 PM | Attr = ] for Mike's hearing.docx -> %UserProfile%\My Documents\for Mike's hearing.docx -> [Ver = | Size = 11775 bytes | Created Date = 4/27/2008 5:54:53 PM | Attr = ] Fw -> %UserProfile%\My Documents\Fw -> [Folder | Created Date = 5/3/2008 9:16:12 PM | Attr = ] Fw.zip -> %UserProfile%\My Documents\Fw.zip -> [Ver = | Size = 138265 bytes | Created Date = 5/3/2008 9:16:01 PM | Attr = ] Fw_Memory -> %UserProfile%\My Documents\Fw_Memory -> [Folder | Created Date = 6/5/2008 2:23:57 PM | Attr = ] Fw_Memory.zip -> %UserProfile%\My Documents\Fw_Memory.zip -> [Ver = | Size = 5083811 bytes | Created Date = 6/5/2008 2:23:23 PM | Attr = ] GeoTracks003 -> %UserProfile%\My Documents\GeoTracks003 -> [Folder | Created Date = 5/17/2008 5:06:09 PM | Attr = ] GeoTracks003.zip -> %UserProfile%\My Documents\GeoTracks003.zip -> [Ver = | Size = 9477807 bytes | Created Date = 5/17/2008 5:02:56 PM | Attr = ] Girl'sNightinvitetake2.pdf -> %UserProfile%\My Documents\Girl'sNightinvitetake2.pdf -> [Ver = | Size = 287313 bytes | Created Date = 5/6/2008 8:43:55 PM | Attr = ] Gottalovedogs.wmv -> %UserProfile%\My Documents\Gottalovedogs.wmv -> [Ver = | Size = 2652748 bytes | Created Date = 4/20/2008 3:16:34 PM | Attr = ] hearingquestion3.docx -> %UserProfile%\My Documents\hearingquestion3.docx -> [Ver = | Size = 10955 bytes | Created Date = 4/27/2008 9:57:26 PM | Attr = ] houseonanita -> %UserProfile%\My Documents\houseonanita -> [Folder | Created Date = 4/23/2008 1:49:50 PM | Attr = ] houseonanita.zip -> %UserProfile%\My Documents\houseonanita.zip -> [Ver = | Size = 231519 bytes | Created Date = 4/23/2008 1:49:47 PM | Attr = ] HowNottoTakeaBreathTest.wmv -> %UserProfile%\My Documents\HowNottoTakeaBreathTest.wmv -> [Ver = | Size = 2657114 bytes | Created Date = 5/3/2008 9:22:41 PM | Attr = ] HowtoEnjoyAColonoscopy.wmv -> %UserProfile%\My Documents\HowtoEnjoyAColonoscopy.wmv -> [Ver = | Size = 2258854 bytes | Created Date = 4/23/2008 10:20:56 PM | Attr = ] imstp_pets_cat1_en.gif -> %UserProfile%\My Documents\imstp_pets_cat1_en.gif -> [Ver = | Size = 36179 bytes | Created Date = 4/12/2008 12:32:01 PM | Attr = ] In my opinion the parent who is more likely to allow the child frequent and continuing contact with the non.docx -> %UserProfile%\My Documents\In my opinion the parent who is more likely to allow the child frequent and continuing contact with the non.docx -> [Ver = | Size = 13715 bytes | Created Date = 4/25/2008 12:15:15 PM | Attr = ] Jackwiththeboys4-9-08003.jpg -> %UserProfile%\My Documents\Jackwiththeboys4-9-08003.jpg -> [Ver = | Size = 60246 bytes | Created Date = 4/9/2008 1:42:43 PM | Attr = ] jacobtookthese004 -> %UserProfile%\My Documents\jacobtookthese004 -> [Folder | Created Date = 5/23/2008 8:20:07 PM | Attr = ] jacobtookthese004.zip -> %UserProfile%\My Documents\jacobtookthese004.zip -> [Ver = | Size = 15108607 bytes | Created Date = 5/23/2008 8:13:15 PM | Attr = ] jacobtookthese023 -> %UserProfile%\My Documents\jacobtookthese023 -> [Folder | Created Date = 5/24/2008 7:58:30 PM | Attr = ] jacobtookthese023.zip -> %UserProfile%\My Documents\jacobtookthese023.zip -> [Ver = | Size = 4126506 bytes | Created Date = 5/24/2008 7:58:06 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Created Date = 6/10/2008 12:02:08 PM | Attr = ] MakeMyDay.wmv -> %UserProfile%\My Documents\MakeMyDay.wmv -> [Ver = | Size = 2263158 bytes | Created Date = 4/17/2008 3:14:03 PM | Attr = ] mikeshouse.pdf -> %UserProfile%\My Documents\mikeshouse.pdf -> [Ver = | Size = 476054 bytes | Created Date = 4/20/2008 6:04:01 PM | Attr = ] mom.doc -> %UserProfile%\My Documents\mom.doc -> [Ver = | Size = 33280 bytes | Created Date = 4/25/2008 3:26:38 PM | Attr = ] MVC-005S.jpg -> %UserProfile%\My Documents\MVC-005S.jpg -> [Ver = | Size = 40319 bytes | Created Date = 4/23/2008 1:53:20 PM | Attr = ] P1030344 -> %UserProfile%\My Documents\P1030344 -> [Folder | Created Date = 5/26/2008 6:37:34 PM | Attr = ] P1030344.zip -> %UserProfile%\My Documents\P1030344.zip -> [Ver = | Size = 2423276 bytes | Created Date = 5/26/2008 6:37:04 PM | Attr = ] P1030379 -> %UserProfile%\My Documents\P1030379 -> [Folder | Created Date = 6/4/2008 8:54:24 PM | Attr = ] P1030379.zip -> %UserProfile%\My Documents\P1030379.zip -> [Ver = | Size = 1808173 bytes | Created Date = 6/4/2008 8:54:08 PM | Attr = ] photo.jpg -> %UserProfile%\My Documents\photo.jpg -> [Ver = | Size = 86905 bytes | Created Date = 5/3/2008 10:37:37 PM | Attr = ] Picture074.jpg -> %UserProfile%\My Documents\Picture074.jpg -> [Ver = | Size = 111886 bytes | Created Date = 4/14/2008 6:12:32 PM | Attr = ] Picture075 -> %UserProfile%\My Documents\Picture075 -> [Folder | Created Date = 4/14/2008 6:38:42 PM | Attr = ] Picture075.zip -> %UserProfile%\My Documents\Picture075.zip -> [Ver = | Size = 275664 bytes | Created Date = 4/14/2008 6:38:40 PM | Attr = ] Picture086 -> %UserProfile%\My Documents\Picture086 -> [Folder | Created Date = 4/14/2008 6:16:51 PM | Attr = ] Picture086.zip -> %UserProfile%\My Documents\Picture086.zip -> [Ver = | Size = 9776591 bytes | Created Date = 4/14/2008 6:13:08 PM | Attr = ] question2hearing.docx -> %UserProfile%\My Documents\question2hearing.docx -> [Ver = | Size = 11880 bytes | Created Date = 4/27/2008 9:15:03 PM | Attr = ] richpics -> %UserProfile%\My Documents\richpics -> [Folder | Created Date = 5/27/2008 9:38:45 AM | Attr = ] richpics.zip -> %UserProfile%\My Documents\richpics.zip -> [Ver = | Size = 9484969 bytes | Created Date = 5/27/2008 9:37:48 AM | Attr = ] romantic_ballad.wmv -> %UserProfile%\My Documents\romantic_ballad.wmv -> [Ver = | Size = 2020657 bytes | Created Date = 4/16/2008 12:21:44 PM | Attr = ] TaxRefund_1_.pps -> %UserProfile%\My Documents\TaxRefund_1_.pps -> [Ver = | Size = 273408 bytes | Created Date = 6/19/2008 4:34:27 PM | Attr = ] Underwear.mpeg -> %UserProfile%\My Documents\Underwear.mpeg -> [Ver = | Size = 1610277 bytes | Created Date = 5/8/2008 3:05:27 PM | Attr = ] UnreleasedBudAd1.mpg -> %UserProfile%\My Documents\UnreleasedBudAd1.mpg -> [Ver = | Size = 2506756 bytes | Created Date = 4/20/2008 3:31:33 PM | Attr = ] winthrop009.jpg -> %UserProfile%\My Documents\winthrop009.jpg -> [Ver = | Size = 1062302 bytes | Created Date = 3/24/2008 5:01:31 PM | Attr = ] X,awintercoat,andawatertable.jpg -> %UserProfile%\My Documents\X,awintercoat,andawatertable.jpg -> [Ver = | Size = 1053023 bytes | Created Date = 5/6/2008 8:50:54 PM | Attr = ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 793 bytes | Created Date = 6/13/2008 8:51:55 AM | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 793 bytes | Created Date = 6/13/2008 8:51:55 AM | Attr = ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Created Date = 5/5/2008 9:51:24 AM | Attr = ] AOL 9.0.lnk -> %AllUsersProfile%\Desktop\AOL 9.0.lnk -> [Ver = | Size = 651 bytes | Created Date = 6/13/2008 9:21:30 AM | Attr = ] Logitech Mouse and Keyboard Settings.lnk -> %AllUsersProfile%\Desktop\Logitech Mouse and Keyboard Settings.lnk -> [Ver = | Size = 1681 bytes | Created Date = 6/8/2008 3:30:24 PM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 6/13/2008 8:50:59 AM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1843873 bytes | Created Date = 6/19/2008 6:07:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 6/19/2008 5:00:11 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier EncompassV3.0-MissingFiles.exe -> %UserProfile%\Desktop\EncompassV3.0-MissingFiles.exe -> [Ver = | Size = 8001661 bytes | Created Date = 6/13/2008 2:14:07 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\EncompassV3.0-MissingFiles.exe:Zone.Identifier FFF-ReflexV3.exe -> %UserProfile%\Desktop\FFF-ReflexV3.exe -> [Ver = | Size = 35840 bytes | Created Date = 5/16/2008 3:38:42 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 6/13/2008 9:46:58 AM | Attr = ] Hotel Mahjong Deluxe.lnk -> %UserProfile%\Desktop\Hotel Mahjong Deluxe.lnk -> [Ver = | Size = 786 bytes | Created Date = 5/30/2008 6:34:40 PM | Attr = ] Jewel Quest Solitaire II.lnk -> %UserProfile%\Desktop\Jewel Quest Solitaire II.lnk -> [Ver = | Size = 834 bytes | Created Date = 5/16/2008 4:16:34 PM | Attr = ] Joanne Temp -> %UserProfile%\Desktop\Joanne Temp -> [Folder | Created Date = 6/13/2008 8:45:56 AM | Attr = ] LimeWire 4.16.6.lnk -> %UserProfile%\Desktop\LimeWire 4.16.6.lnk -> [Ver = | Size = 1580 bytes | Created Date = 6/10/2008 12:01:58 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/20/2008 2:33:02 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Created Date = 6/20/2008 2:30:53 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier The Hidden Object Show.lnk -> %UserProfile%\Desktop\The Hidden Object Show.lnk -> [Ver = | Size = 756 bytes | Created Date = 5/16/2008 7:20:39 PM | Attr = ] unused desktops -> %UserProfile%\Desktop\unused desktops -> [Folder | Created Date = 5/4/2008 6:07:35 PM | Attr = ] WordJong.lnk -> %UserProfile%\Desktop\WordJong.lnk -> [Ver = | Size = 505 bytes | Created Date = 5/16/2008 3:43:00 PM | Attr = ] AOL 9.1 Tray Icon.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\AOL 9.1 Tray Icon.lnk -> [Ver = | Size = 809 bytes | Created Date = 6/13/2008 9:21:30 AM | Attr = ] Logishrd -> %CommonProgramFiles%\Logishrd -> [Folder | Created Date = 6/8/2008 3:29:42 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 6/13/2008 8:51:31 AM | Attr = ] CA -> %ProgramFiles%\CA -> [Folder | Created Date = 6/16/2008 6:59:15 PM | Attr = ] CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 6/13/2008 8:50:59 AM | Attr = ] cherry -> %ProgramFiles%\cherry -> [Folder | Created Date = 4/10/2008 9:31:58 PM | Attr = ] cherry.zip -> %ProgramFiles%\cherry.zip -> [Ver = | Size = 366965 bytes | Created Date = 4/10/2008 9:31:54 PM | Attr = ] Hotel Mahjong Deluxe -> %ProgramFiles%\Hotel Mahjong Deluxe -> [Folder | Created Date = 5/30/2008 6:34:25 PM | Attr = ] Jewel Quest Solitaire II -> %ProgramFiles%\Jewel Quest Solitaire II -> [Folder | Created Date = 5/16/2008 4:16:23 PM | Attr = ] Lavasoft -> %ProgramFiles%\Lavasoft -> [Folder | Created Date = 6/13/2008 8:51:51 AM | Attr = ] Mahjong Escape -> %ProgramFiles%\Mahjong Escape -> [Folder | Created Date = 5/16/2008 3:57:47 PM | Attr = ] properti -> %ProgramFiles%\properti -> [Folder | Created Date = 4/11/2008 3:08:03 PM | Attr = ] properti.zip -> %ProgramFiles%\properti.zip -> [Ver = | Size = 18325 bytes | Created Date = 4/11/2008 3:08:01 PM | Attr = ] ReflexiveArcade -> %ProgramFiles%\ReflexiveArcade -> [Folder | Created Date = 5/16/2008 3:42:35 PM | Attr = ] The Hidden Object Show -> %ProgramFiles%\The Hidden Object Show -> [Folder | Created Date = 5/16/2008 7:20:16 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 6/13/2008 9:46:57 AM | Attr = ] WordJong -> %ProgramFiles%\WordJong -> [Folder | Created Date = 5/16/2008 3:42:54 PM | Attr = ] [Files/Folders - Modified Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 6/19/2008 5:00:48 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145546240 bytes | Modified Date = 6/20/2008 3:07:14 AM | Attr = HS] img025.jpg -> %SystemDrive%\img025.jpg -> [Ver = | Size = 893273 bytes | Modified Date = 4/26/2008 10:11:52 AM | Attr = ] img026.jpg -> %SystemDrive%\img026.jpg -> [Ver = | Size = 1004057 bytes | Modified Date = 4/26/2008 10:16:09 AM | Attr = ] img027.jpg -> %SystemDrive%\img027.jpg -> [Ver = | Size = 1214148 bytes | Modified Date = 4/26/2008 10:17:05 AM | Attr = ] img028.jpg -> %SystemDrive%\img028.jpg -> [Ver = | Size = 803209 bytes | Modified Date = 4/26/2008 10:17:54 AM | Attr = ] img029.jpg -> %SystemDrive%\img029.jpg -> [Ver = | Size = 860767 bytes | Modified Date = 4/26/2008 10:19:31 AM | Attr = ] img030.jpg -> %SystemDrive%\img030.jpg -> [Ver = | Size = 939848 bytes | Modified Date = 4/26/2008 10:20:16 AM | Attr = ] img031.jpg -> %SystemDrive%\img031.jpg -> [Ver = | Size = 1004161 bytes | Modified Date = 4/26/2008 10:21:07 AM | Attr = ] img032.jpg -> %SystemDrive%\img032.jpg -> [Ver = | Size = 720643 bytes | Modified Date = 4/26/2008 10:21:54 AM | Attr = ] img2-001.raw -> %SystemDrive%\img2-001.raw -> [Ver = | Size = 230424 bytes | Modified Date = 3/27/2008 8:19:58 PM | Attr = ] mikespix -> %SystemDrive%\mikespix -> [Folder | Modified Date = 4/27/2008 3:41:20 PM | Attr = ] Platform.ini -> %SystemDrive%\Platform.ini -> [Ver = | Size = 102 bytes | Modified Date = 6/16/2008 6:59:20 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/16/2008 6:59:15 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/19/2008 5:51:26 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/19/2008 6:17:52 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/20/2008 12:55:11 PM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 5/7/2008 12:55:40 AM | Attr = ] Awrtpd.sys -> %SystemRoot%\System32\drivers\Awrtpd.sys -> Lavasoft AB [Ver = 1.0.0.134 | Size = 12960 bytes | Modified Date = 4/29/2008 11:19:50 AM | Attr = ] Awrtrd.sys -> %SystemRoot%\System32\drivers\Awrtrd.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Modified Date = 4/29/2008 11:19:54 AM | Attr = ] MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 6/8/2008 3:13:42 PM | Attr = H ] Msft_Kernel_zumbus_01007.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_zumbus_01007.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 6/8/2008 3:13:43 PM | Attr = H ] NSDriver.sys -> %SystemRoot%\System32\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Modified Date = 4/29/2008 11:20:00 AM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 6/8/2008 3:13:23 PM | Attr = ] en-US -> %SystemRoot%\System32\drivers\UMDF\en-US -> [Folder | Modified Date = 6/8/2008 3:13:06 PM | Attr = ] es-ES -> %SystemRoot%\System32\drivers\UMDF\es-ES -> [Folder | Modified Date = 6/8/2008 3:14:38 PM | Attr = ] fr-FR -> %SystemRoot%\System32\drivers\UMDF\fr-FR -> [Folder | Modified Date = 6/8/2008 3:14:40 PM | Attr = ] BtCoreIf.dll -> %SystemRoot%\System32\BtCoreIf.dll -> Broadcom Corporation. [Ver = 5.1.0.3600 | Size = 301656 bytes | Modified Date = 5/2/2008 2:38:42 AM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 5/10/2008 3:03:11 AM | Attr = ] 11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/19/2008 5:50:54 PM | Attr = ] ConTest.dll -> %SystemRoot%\System32\ConTest.dll -> Ascentive [Ver = 1.00.0005 | Size = 208896 bytes | Modified Date = 4/29/2008 1:57:08 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/20/2008 3:01:01 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/20/2008 3:01:01 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 6/8/2008 3:13:00 PM | Attr = ] ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [Ver = | Size = 56 bytes | Modified Date = 5/9/2008 10:08:28 AM | Attr = H ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 1596968 bytes | Modified Date = 4/9/2008 3:14:49 AM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 5/24/2008 6:46:00 PM | Attr = ] kemutb.dll -> %SystemRoot%\System32\kemutb.dll -> Logitech, Inc. [Ver = 4.60.122 | Size = 170512 bytes | Modified Date = 5/2/2008 2:39:50 AM | Attr = ] KemUtil.dll -> %SystemRoot%\System32\KemUtil.dll -> Logitech, Inc. [Ver = 4.60.122 | Size = 145936 bytes | Modified Date = 5/2/2008 2:39:54 AM | Attr = ] KemWnd.dll -> %SystemRoot%\System32\KemWnd.dll -> Logitech, Inc. [Ver = 4.60.122 | Size = 117264 bytes | Modified Date = 5/2/2008 2:40:02 AM | Attr = ] KemXML.dll -> %SystemRoot%\System32\KemXML.dll -> Logitech, Inc. [Ver = 4.60.122 | Size = 84496 bytes | Modified Date = 5/2/2008 2:40:08 AM | Attr = ] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 5/16/2008 11:58:04 AM | Attr = ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 29204 bytes | Modified Date = 6/20/2008 3:07:22 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 79544 bytes | Modified Date = 4/12/2008 3:03:34 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 449448 bytes | Modified Date = 4/12/2008 3:03:34 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 518074 bytes | Modified Date = 4/12/2008 3:03:34 AM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 5/7/2008 12:55:40 AM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 6/8/2008 3:30:52 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/20/2008 3:08:01 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/20/2008 3:00:53 AM | Attr = H ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 6/8/2008 3:14:34 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/20/2008 3:07:16 AM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 6/13/2008 8:52:48 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/9/2008 6:13:04 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 6/19/2008 5:48:40 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/12/2008 3:04:14 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/20/2008 3:01:05 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/16/2008 6:59:20 PM | Attr = HS] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 6/8/2008 3:39:04 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 6/13/2008 8:52:46 AM | Attr = ] msoffice.ini -> %SystemRoot%\msoffice.ini -> [Ver = | Size = 4 bytes | Modified Date = 6/13/2008 9:21:27 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 6/7/2008 6:11:50 PM | Attr = ] popcinfot.dat -> %SystemRoot%\popcinfot.dat -> [Ver = | Size = 16 bytes | Modified Date = 6/8/2008 5:56:51 PM | Attr = ] popcreg.dat -> %SystemRoot%\popcreg.dat -> [Ver = | Size = 64 bytes | Modified Date = 6/8/2008 5:56:51 PM | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/19/2008 5:55:33 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/20/2008 10:28:27 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/20/2008 10:28:27 AM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/20/2008 3:07:59 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/19/2008 5:50:18 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/20/2008 3:01:00 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/13/2008 10:05:53 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/20/2008 12:55:11 PM | Attr = ] Twain001.Mtx -> %SystemRoot%\Twain001.Mtx -> [Ver = | Size = 6 bytes | Modified Date = 6/20/2008 12:55:11 PM | Attr = ] Twunk001.MTX -> %SystemRoot%\Twunk001.MTX -> [Ver = | Size = 156 bytes | Modified Date = 6/20/2008 12:55:11 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 841 bytes | Modified Date = 6/20/2008 11:47:43 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/12/2008 3:03:29 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/20/2008 3:07:23 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 5/15/2006 7:14:07 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 13932 bytes | Modified Date = 6/20/2008 3:08:24 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 13932 bytes | Modified Date = 6/20/2008 3:08:24 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 9/8/2007 12:40:51 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11092 bytes | Modified Date = 5/25/2006 7:04:47 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 9/8/2007 12:40:51 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc -> [Folder | Modified Date = 6/20/2008 3:07:46 AM | Attr = ] Perflib_Perfdata_db8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_db8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/20/2008 3:07:46 AM | Attr = ] 2 C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 6/20/2008 12:55:11 PM | Attr = ] Perflib_Perfdata_bbc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bbc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/20/2008 3:07:34 AM | Attr = ] 3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 5/5/2008 9:51:12 AM | Attr = ] AOL -> %AllUsersProfile%\Application Data\AOL -> [Folder | Modified Date = 6/13/2008 9:21:30 AM | Attr = ] GameBlend -> %AllUsersProfile%\Application Data\GameBlend -> [Folder | Modified Date = 5/16/2008 3:43:37 PM | Attr = ] Gogii -> %AllUsersProfile%\Application Data\Gogii -> [Folder | Modified Date = 5/16/2008 7:42:00 PM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 6/13/2008 10:03:02 AM | Attr = ] JollyBear -> %AllUsersProfile%\Application Data\JollyBear -> [Folder | Modified Date = 5/16/2008 4:09:50 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 6/13/2008 8:53:26 AM | Attr = ] McAfee -> %AllUsersProfile%\Application Data\McAfee -> [Folder | Modified Date = 6/13/2008 10:09:38 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 6/8/2008 3:13:06 PM | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 5/14/2008 3:05:34 AM | Attr = ] SiteAdvisor -> %AllUsersProfile%\Application Data\SiteAdvisor -> [Folder | Modified Date = 6/13/2008 10:05:22 AM | Attr = ] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Modified Date = 6/15/2008 5:41:28 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 6/15/2008 4:44:30 PM | Attr = ] Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Modified Date = 6/13/2008 10:02:48 AM | Attr = ] AOL -> %AppData%\AOL -> [Folder | Modified Date = 6/13/2008 9:21:28 AM | Attr = ] EPSON -> %AppData%\EPSON -> [Folder | Modified Date = 4/26/2008 9:58:51 AM | Attr = ] GameBlend -> %AppData%\GameBlend -> [Folder | Modified Date = 5/16/2008 3:43:37 PM | Attr = ] iWin -> %AppData%\iWin -> [Folder | Modified Date = 5/18/2008 7:25:46 PM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 6/10/2008 12:02:05 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 6/9/2008 12:38:51 PM | Attr = S] skypePM -> %AppData%\skypePM -> [Folder | Modified Date = 6/15/2008 4:00:29 PM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 6/13/2008 10:02:48 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 6/15/2008 3:26:18 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 22016 bytes | Modified Date = 6/5/2008 2:24:01 PM | Attr = ] JollyBear -> %UserProfile%\Local Settings\Application Data\JollyBear -> [Folder | Modified Date = 5/16/2008 4:09:50 PM | Attr = ] 16bigbuck047.jpg -> %UserProfile%\My Documents\16bigbuck047.jpg -> [Ver = | Size = 103486 bytes | Modified Date = 4/24/2008 1:38:08 PM | Attr = ] 20080423WDTCCTR.jpg -> %UserProfile%\My Documents\20080423WDTCCTR.jpg -> [Ver = | Size = 54223 bytes | Modified Date = 4/24/2008 1:55:17 PM | Attr = ] 20080620113103139.pdf -> %UserProfile%\My Documents\20080620113103139.pdf -> [Ver = | Size = 902079 bytes | Modified Date = 6/20/2008 11:40:36 AM | Attr = ] Bobby002 -> %UserProfile%\My Documents\Bobby002 -> [Folder | Modified Date = 5/18/2008 7:59:02 AM | Attr = ] Bobby002.zip -> %UserProfile%\My Documents\Bobby002.zip -> [Ver = | Size = 1641184 bytes | Modified Date = 5/18/2008 7:58:46 AM | Attr = ] Charles Wisniewski.docx -> %UserProfile%\My Documents\Charles Wisniewski.docx -> [Ver = | Size = 10572 bytes | Modified Date = 5/20/2008 12:56:59 PM | Attr = ] Dear Dave.docx -> %UserProfile%\My Documents\Dear Dave.docx -> [Ver = | Size = 12700 bytes | Modified Date = 6/9/2008 12:23:06 PM | Attr = ] DSC_0525 -> %UserProfile%\My Documents\DSC_0525 -> [Folder | Modified Date = 4/25/2008 9:50:26 AM | Attr = ] DSC_0525.zip -> %UserProfile%\My Documents\DSC_0525.zip -> [Ver = | Size = 673861 bytes | Modified Date = 4/25/2008 9:50:19 AM | Attr = ] faxKarenfuller -> %UserProfile%\My Documents\faxKarenfuller -> [Folder | Modified Date = 5/21/2008 1:19:46 PM | Attr = ] FFF-ReflexV3 -> %UserProfile%\My Documents\FFF-ReflexV3 -> [Folder | Modified Date = 5/16/2008 3:38:02 PM | Attr = ] FFF-ReflexV3.zip -> %UserProfile%\My Documents\FFF-ReflexV3.zip -> [Ver = | Size = 33194 bytes | Modified Date = 5/16/2008 3:38:01 PM | Attr = ] for Mike's hearing.docx -> %UserProfile%\My Documents\for Mike's hearing.docx -> [Ver = | Size = 11775 bytes | Modified Date = 4/28/2008 10:17:16 AM | Attr = ] Fw -> %UserProfile%\My Documents\Fw -> [Folder | Modified Date = 5/3/2008 9:20:40 PM | Attr = ] Fw.zip -> %UserProfile%\My Documents\Fw.zip -> [Ver = | Size = 138265 bytes | Modified Date = 5/3/2008 9:16:11 PM | Attr = ] Fw_Memory -> %UserProfile%\My Documents\Fw_Memory -> [Folder | Modified Date = 6/5/2008 2:24:01 PM | Attr = ] Fw_Memory.zip -> %UserProfile%\My Documents\Fw_Memory.zip -> [Ver = | Size = 5083811 bytes | Modified Date = 6/5/2008 2:23:57 PM | Attr = ] GeoTracks003 -> %UserProfile%\My Documents\GeoTracks003 -> [Folder | Modified Date = 5/17/2008 5:06:16 PM | Attr = ] GeoTracks003.zip -> %UserProfile%\My Documents\GeoTracks003.zip -> [Ver = | Size = 9477807 bytes | Modified Date = 5/17/2008 5:06:09 PM | Attr = ] Girl'sNightinvitetake2.pdf -> %UserProfile%\My Documents\Girl'sNightinvitetake2.pdf -> [Ver = | Size = 287313 bytes | Modified Date = 5/6/2008 8:43:58 PM | Attr = ] Gottalovedogs.wmv -> %UserProfile%\My Documents\Gottalovedogs.wmv -> [Ver = | Size = 2652748 bytes | Modified Date = 4/20/2008 3:16:55 PM | Attr = ] hearingquestion3.docx -> %UserProfile%\My Documents\hearingquestion3.docx -> [Ver = | Size = 10955 bytes | Modified Date = 4/27/2008 10:04:31 PM | Attr = ] houseonanita -> %UserProfile%\My Documents\houseonanita -> [Folder | Modified Date = 4/23/2008 1:49:58 PM | Attr = ] houseonanita.zip -> %UserProfile%\My Documents\houseonanita.zip -> [Ver = | Size = 231519 bytes | Modified Date = 4/23/2008 1:49:50 PM | Attr = ] HowNottoTakeaBreathTest.wmv -> %UserProfile%\My Documents\HowNottoTakeaBreathTest.wmv -> [Ver = | Size = 2657114 bytes | Modified Date = 5/3/2008 9:23:05 PM | Attr = ] HowtoEnjoyAColonoscopy.wmv -> %UserProfile%\My Documents\HowtoEnjoyAColonoscopy.wmv -> [Ver = | Size = 2258854 bytes | Modified Date = 4/23/2008 10:22:49 PM | Attr = ] imstp_pets_cat1_en.gif -> %UserProfile%\My Documents\imstp_pets_cat1_en.gif -> [Ver = | Size = 36179 bytes | Modified Date = 4/12/2008 12:32:02 PM | Attr = ] In my opinion the parent who is more likely to allow the child frequent and continuing contact with the non.docx -> %UserProfile%\My Documents\In my opinion the parent who is more likely to allow the child frequent and continuing contact with the non.docx -> [Ver = | Size = 13715 bytes | Modified Date = 4/25/2008 1:57:49 PM | Attr = ] Jackwiththeboys4-9-08003.jpg -> %UserProfile%\My Documents\Jackwiththeboys4-9-08003.jpg -> [Ver = | Size = 60246 bytes | Modified Date = 4/9/2008 1:42:44 PM | Attr = ] jacobtookthese004 -> %UserProfile%\My Documents\jacobtookthese004 -> [Folder | Modified Date = 5/23/2008 8:33:03 PM | Attr = ] jacobtookthese004.zip -> %UserProfile%\My Documents\jacobtookthese004.zip -> [Ver = | Size = 15108607 bytes | Modified Date = 5/23/2008 8:20:06 PM | Attr = ] jacobtookthese023 -> %UserProfile%\My Documents\jacobtookthese023 -> [Folder | Modified Date = 5/24/2008 7:58:34 PM | Attr = ] jacobtookthese023.zip -> %UserProfile%\My Documents\jacobtookthese023.zip -> [Ver = | Size = 4126506 bytes | Modified Date = 5/24/2008 7:58:30 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Modified Date = 6/10/2008 12:02:08 PM | Attr = ] MakeMyDay.wmv -> %UserProfile%\My Documents\MakeMyDay.wmv -> [Ver = | Size = 2263158 bytes | Modified Date = 4/17/2008 3:14:24 PM | Attr = ] mikeshouse.pdf -> %UserProfile%\My Documents\mikeshouse.pdf -> [Ver = | Size = 476054 bytes | Modified Date = 4/20/2008 6:04:22 PM | Attr = ] mom.doc -> %UserProfile%\My Documents\mom.doc -> [Ver = | Size = 33280 bytes | Modified Date = 4/25/2008 3:58:04 PM | Attr = ] MVC-005S.jpg -> %UserProfile%\My Documents\MVC-005S.jpg -> [Ver = | Size = 40319 bytes | Modified Date = 4/23/2008 1:53:21 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 6/13/2008 10:02:49 AM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 6/18/2008 7:16:25 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 590 bytes | Modified Date = 6/20/2008 9:16:53 AM | Attr = ] P1030344 -> %UserProfile%\My Documents\P1030344 -> [Folder | Modified Date = 5/26/2008 6:37:42 PM | Attr = ] P1030344.zip -> %UserProfile%\My Documents\P1030344.zip -> [Ver = | Size = 2423276 bytes | Modified Date = 5/26/2008 6:37:33 PM | Attr = ] P1030379 -> %UserProfile%\My Documents\P1030379 -> [Folder | Modified Date = 6/4/2008 8:54:27 PM | Attr = ] P1030379.zip -> %UserProfile%\My Documents\P1030379.zip -> [Ver = | Size = 1808173 bytes | Modified Date = 6/4/2008 8:54:23 PM | Attr = ] photo.jpg -> %UserProfile%\My Documents\photo.jpg -> [Ver = | Size = 86905 bytes | Modified Date = 5/3/2008 10:37:39 PM | Attr = ] Picture074.jpg -> %UserProfile%\My Documents\Picture074.jpg -> [Ver = | Size = 111886 bytes | Modified Date = 4/14/2008 6:12:36 PM | Attr = ] Picture075 -> %UserProfile%\My Documents\Picture075 -> [Folder | Modified Date = 4/14/2008 6:38:45 PM | Attr = ] Picture075.zip -> %UserProfile%\My Documents\Picture075.zip -> [Ver = | Size = 275664 bytes | Modified Date = 4/14/2008 6:38:42 PM | Attr = ] Picture086 -> %UserProfile%\My Documents\Picture086 -> [Folder | Modified Date = 4/14/2008 6:16:55 PM | Attr = ] Picture086.zip -> %UserProfile%\My Documents\Picture086.zip -> [Ver = | Size = 9776591 bytes | Modified Date = 4/14/2008 6:16:51 PM | Attr = ] question2hearing.docx -> %UserProfile%\My Documents\question2hearing.docx -> [Ver = | Size = 11880 bytes | Modified Date = 4/27/2008 9:31:27 PM | Attr = ] richpics -> %UserProfile%\My Documents\richpics -> [Folder | Modified Date = 5/27/2008 9:38:53 AM | Attr = ] richpics.zip -> %UserProfile%\My Documents\richpics.zip -> [Ver = | Size = 9484969 bytes | Modified Date = 5/27/2008 9:38:44 AM | Attr = ] romantic_ballad.wmv -> %UserProfile%\My Documents\romantic_ballad.wmv -> [Ver = | Size = 2020657 bytes | Modified Date = 4/16/2008 12:21:56 PM | Attr = ] TaxRefund_1_.pps -> %UserProfile%\My Documents\TaxRefund_1_.pps -> [Ver = | Size = 273408 bytes | Modified Date = 6/19/2008 4:34:30 PM | Attr = ] Underwear.mpeg -> %UserProfile%\My Documents\Underwear.mpeg -> [Ver = | Size = 1610277 bytes | Modified Date = 5/8/2008 3:05:36 PM | Attr = ] UnreleasedBudAd1.mpg -> %UserProfile%\My Documents\UnreleasedBudAd1.mpg -> [Ver = | Size = 2506756 bytes | Modified Date = 4/20/2008 3:31:48 PM | Attr = ] winthrop009.jpg -> %UserProfile%\My Documents\winthrop009.jpg -> [Ver = | Size = 1062302 bytes | Modified Date = 3/24/2008 5:01:39 PM | Attr = ] X,awintercoat,andawatertable.jpg -> %UserProfile%\My Documents\X,awintercoat,andawatertable.jpg -> [Ver = | Size = 1053023 bytes | Modified Date = 5/6/2008 8:51:05 PM | Attr = ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 793 bytes | Modified Date = 6/13/2008 8:51:55 AM | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 793 bytes | Modified Date = 6/13/2008 8:51:55 AM | Attr = ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Modified Date = 5/5/2008 9:51:24 AM | Attr = ] AOL 9.0.lnk -> %AllUsersProfile%\Desktop\AOL 9.0.lnk -> [Ver = | Size = 651 bytes | Modified Date = 6/13/2008 9:21:30 AM | Attr = ] Logitech Mouse and Keyboard Settings.lnk -> %AllUsersProfile%\Desktop\Logitech Mouse and Keyboard Settings.lnk -> [Ver = | Size = 1681 bytes | Modified Date = 6/8/2008 3:30:24 PM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 6/13/2008 8:50:59 AM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1843873 bytes | Modified Date = 6/19/2008 6:07:21 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 6/19/2008 5:00:15 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier EncompassV3.0-MissingFiles.exe -> %UserProfile%\Desktop\EncompassV3.0-MissingFiles.exe -> [Ver = | Size = 8001661 bytes | Modified Date = 6/13/2008 2:14:20 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\EncompassV3.0-MissingFiles.exe:Zone.Identifier FFF-ReflexV3.exe -> %UserProfile%\Desktop\FFF-ReflexV3.exe -> [Ver = | Size = 35840 bytes | Modified Date = 5/5/2008 2:13:42 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 6/19/2008 5:55:22 PM | Attr = ] Hotel Mahjong Deluxe.lnk -> %UserProfile%\Desktop\Hotel Mahjong Deluxe.lnk -> [Ver = | Size = 786 bytes | Modified Date = 5/30/2008 6:34:40 PM | Attr = ] Jewel Quest Solitaire II.lnk -> %UserProfile%\Desktop\Jewel Quest Solitaire II.lnk -> [Ver = | Size = 834 bytes | Modified Date = 5/18/2008 7:25:46 PM | Attr = ] Joanne Temp -> %UserProfile%\Desktop\Joanne Temp -> [Folder | Modified Date = 6/19/2008 6:06:36 PM | Attr = ] LimeWire 4.16.6.lnk -> %UserProfile%\Desktop\LimeWire 4.16.6.lnk -> [Ver = | Size = 1580 bytes | Modified Date = 6/10/2008 12:01:58 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/20/2008 2:33:03 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Modified Date = 6/20/2008 2:30:56 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier The Hidden Object Show.lnk -> %UserProfile%\Desktop\The Hidden Object Show.lnk -> [Ver = | Size = 756 bytes | Modified Date = 5/16/2008 7:20:39 PM | Attr = ] unused desktops -> %UserProfile%\Desktop\unused desktops -> [Folder | Modified Date = 5/4/2008 6:08:49 PM | Attr = ] WordJong.lnk -> %UserProfile%\Desktop\WordJong.lnk -> [Ver = | Size = 505 bytes | Modified Date = 5/16/2008 3:43:00 PM | Attr = ] AOL 9.1 Tray Icon.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\AOL 9.1 Tray Icon.lnk -> [Ver = | Size = 809 bytes | Modified Date = 6/13/2008 9:21:30 AM | Attr = ] Logitech SetPoint.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> [Ver = | Size = 1687 bytes | Modified Date = 6/8/2008 3:30:24 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 5/5/2008 9:51:03 AM | Attr = ] AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 6/13/2008 9:21:30 AM | Attr = ] aolshare -> %CommonProgramFiles%\aolshare -> [Folder | Modified Date = 6/13/2008 9:21:30 AM | Attr = ] Logishrd -> %CommonProgramFiles%\Logishrd -> [Folder | Modified Date = 6/8/2008 3:30:32 PM | Attr = ] Logitech -> %CommonProgramFiles%\Logitech -> [Folder | Modified Date = 6/8/2008 3:30:27 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 6/13/2008 8:51:31 AM | Attr = ] < End of report > [/code]