[code] OTScanIt logfile created on: 8/12/2008 4:54:58 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\HP_Administrator\Favorites\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.30 Mb Total Physical Memory | 273.17 Mb Available Physical Memory | 26.91% Memory free 2.39 Gb Paging File | 1.72 Gb Available in Paging File | 72.04% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 224.43 Gb Total Space | 189.94 Gb Free Space | 84.63% Space Free | Partition Type: NTFS Drive D: | 8.43 Gb Total Space | 0.43 Gb Free Space | 5.14% Space Free | Partition Type: FAT32 Drive E: | 214.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NEWROBYN Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 8:19:16 PM | Attr = ] dsncservice.exe -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 6, 0, 0, 12733 | Size = 423280 bytes | Modified Date = 2/8/2008 7:27:14 PM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 12/18/2005 10:26:54 PM | Attr = ] mbackmonitor.exe -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> McAfee [Ver = 1.0.2564.29819 | Size = 71208 bytes | Modified Date = 1/16/2007 1:59:46 PM | Attr = ] mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 3:27:52 AM | Attr = ] mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4421 | Size = 77824 bytes | Modified Date = 11/3/2005 11:22:36 AM | Attr = ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4421 | Size = 118784 bytes | Modified Date = 11/3/2005 11:26:30 AM | Attr = ] arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/2/2005 8:19:16 PM | Attr = ] soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 21 | Size = 86016 bytes | Modified Date = 9/21/2005 6:24:02 AM | Attr = ] dmascheduler.exe -> %ProgramFiles%\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe -> Sonic Solutions [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 11/1/2005 6:01:00 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ] kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 8:50:18 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] mcafeedatabackup.exe -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe -> McAfee [Ver = 0.9.2575.40163 | Size = 4838952 bytes | Modified Date = 1/16/2007 1:59:50 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 6/4/2008 10:11:04 AM | Attr = ] mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] alcmtr.exe -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 2:43:28 PM | Attr = ] alcwzrd.exe -> %SystemRoot%\ALCWZRD.EXE -> RealTek Semicoductor Corp. [Ver = 1.1.0.28 | Size = 2807808 bytes | Modified Date = 10/11/2005 9:33:20 AM | Attr = ] hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 AM | Attr = ] a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.476 | Size = 380536 bytes | Modified Date = 8/9/2008 9:31:15 AM | Attr = ] igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4421 | Size = 159744 bytes | Modified Date = 11/3/2005 11:22:28 AM | Attr = ] otscanit.exe -> %UserProfile%\Favorites\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.476 | Size = 380536 bytes | Modified Date = 8/9/2008 9:31:15 AM | Attr = ] (ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 8:19:16 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr = ] (dsNcService) Juniper Network Connect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 6, 0, 0, 12733 | Size = 423280 bytes | Modified Date = 2/8/2008 7:27:14 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 7:24:18 AM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 12/18/2005 10:26:54 PM | Attr = ] (MBackMonitor) MBackMonitor [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> McAfee [Ver = 1.0.2564.29819 | Size = 71208 bytes | Modified Date = 1/16/2007 1:59:46 PM | Attr = ] (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 11/7/2007 9:35:40 AM | Attr = ] (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> -> File not found (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 3:27:52 AM | Attr = ] [Driver Services - Non-Microsoft Only] (actccid) ActivCard USB Reader V2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\actccid.sys -> ActivCard [Ver = 3.2.0.1 | Size = 47660 bytes | Modified Date = 8/2/2002 2:41:08 PM | Attr = ] (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.65 2.1.65 01/25/2006 16:24:23 | Size = 1149888 bytes | Modified Date = 1/25/2006 5:24:30 PM | Attr = ] (CO_Mon) CO_Mon [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\CO_Mon.sys -> [Ver = | Size = 34304 bytes | Modified Date = 8/12/2008 5:52:16 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 2:44:48 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 2:44:46 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/9/2004 5:00:00 PM | Attr = ] (dsNcAdpt) Juniper Network Connect Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dsNcAdpt.sys -> Juniper Networks [Ver = 5.5.0 | Size = 23552 bytes | Modified Date = 2/8/2008 7:11:00 PM | Attr = ] (E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.15.0 built by: WinDDK | Size = 155648 bytes | Modified Date = 10/14/2004 12:30:46 PM | Attr = ] (GearAspiWDM) GearAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr = ] (HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Hdaudio.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 145920 bytes | Modified Date = 1/7/2005 9:07:16 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 12:36:05 PM | Attr = ] (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hpzid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 3/8/2005 9:52:26 AM | Attr = ] (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 3/8/2005 9:52:26 AM | Attr = ] (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 3/8/2005 9:52:28 AM | Attr = ] (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSXHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 241664 bytes | Modified Date = 12/6/2005 7:20:50 AM | Attr = ] (HSX_DP) HSX_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSX_DP.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 936448 bytes | Modified Date = 12/6/2005 7:20:40 AM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4421 | Size = 1353820 bytes | Modified Date = 11/3/2005 11:50:58 AM | Attr = ] (iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> Intel Corporation [Ver = 5.1.0.1022 | Size = 872064 bytes | Modified Date = 6/17/2005 2:33:40 AM | Attr = ] (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5178 built by: WinDDK | Size = 4034048 bytes | Modified Date = 10/18/2005 9:15:42 AM | Attr = ] (MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 6/30/2006 11:11:15 PM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/5/2005 11:57:08 AM | Attr = ] (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 79304 bytes | Modified Date = 11/22/2007 6:44:08 AM | Attr = ] (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 35240 bytes | Modified Date = 11/22/2007 6:44:08 AM | Attr = ] (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 201320 bytes | Modified Date = 11/22/2007 6:44:08 AM | Attr = ] (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 33832 bytes | Modified Date = 11/22/2007 6:44:04 AM | Attr = ] (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 12/2/2007 12:51:42 PM | Attr = ] (MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Modified Date = 7/13/2007 6:20:24 AM | Attr = ] (Ps2) Ps2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 19072 bytes | Modified Date = 12/12/2005 5:27:00 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/9/2004 5:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 4/25/2005 6:03:00 AM | Attr = ] (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 10:31:34 AM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 5/22/2008 8:59:05 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 5/22/2008 8:59:05 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ] (tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 7/5/2008 10:36:48 AM | Attr = ] (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> File not found (winachsx) winachsx [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 670208 bytes | Modified Date = 12/6/2005 7:20:42 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AlwaysReady Power Message APP -> %SystemRoot%\arpwrmsg.exe [ARPWRMSG.EXE] -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/2/2005 8:19:16 PM | Attr = ] DMAScheduler -> %ProgramFiles%\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe [c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe] -> Sonic Solutions [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 11/1/2005 6:01:00 AM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ] HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> Hewlett-Packard Company [Ver = 2, 0, 5, 1 | Size = 249856 bytes | Modified Date = 11/9/2005 1:29:16 PM | Attr = ] HPHUPD08 -> %ProgramFiles%\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe] -> Hewlett-Packard [Ver = 8,1,0,12 | Size = 49152 bytes | Modified Date = 6/1/2005 7:35:56 PM | Attr = ] igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4421 | Size = 77824 bytes | Modified Date = 11/3/2005 11:22:36 AM | Attr = ] igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4421 | Size = 118784 bytes | Modified Date = 11/3/2005 11:26:30 AM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 8:50:42 PM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["c:\progra~1\common~1\instal~1\update~1\issch.exe" -start] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 8:50:18 PM | Attr = ] KBD -> %SystemDrive%\hp\KBD\kbd.exe [C:\HP\KBD\KBD.EXE] -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr = ] MBkLogOnHook -> %ProgramFiles%\McAfee\MBK\LogonHook.exe [C:\Program Files\McAfee\MBK\LogOnHook.exe] -> McAfee [Ver = 1.0.2563.24415 | Size = 20480 bytes | Modified Date = 1/8/2007 11:22:46 AM | Attr = ] McAfee Backup -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe] -> McAfee [Ver = 0.9.2575.40163 | Size = 4838952 bytes | Modified Date = 1/16/2007 1:59:50 PM | Attr = ] mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr = ] PCDrProfiler -> [] -> File not found Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/22/2005 7:14:00 PM | Attr = ] SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 21 | Size = 86016 bytes | Modified Date = 9/21/2005 6:24:02 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 6/4/2008 10:11:04 AM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ] < RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> CleanUp! -> %ProgramFiles%\CleanUp!\Cleanup.exe [C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart] -> Steven R. Gould [Ver = 3.0 | Size = 315392 bytes | Modified Date = 12/26/2002 5:00:00 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {28220052-D9A9-44B1-AB98-EDC594D238B6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/22/2008 8:59:05 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] avldr -> -> File not found efcDUlLD -> -> File not found igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4421 | Size = 135168 bytes | Modified Date = 11/3/2005 11:21:42 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> Welcome to the computer. Dont mess it up!!! -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableCAD -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DriveConfiguration -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_TS-H552L_______________0614____\5&3a0499b&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 50 bytes | Modified Date = 7/25/2006 7:34:35 PM | Attr = ] AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/27/2001 3:07:38 PM | Attr = HS] < HOSTS File > (206640 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\Local Page -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3917 domain(s) found. -> 31 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4700 domain(s) found. -> internet .[about] -> Trusted sites -> mcafee.com .[http] -> Trusted sites -> mcafee.com .[https] -> Trusted sites -> 37 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {28220052-D9A9-44B1-AB98-EDC594D238B6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [AVG Safe Search] -> File not found {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 11/9/2007 12:09:08 PM | Attr = ] {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [hpWebHelper Class] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> File not found {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {733BBE20-2515-4F6B-9CB0-36F2D5D6C054} -> (Intel(R) PRO/100 VE Network Connection) -> {7F478D9E-3D89-4D9F-9494-2DCC6B35FD66} -> (1394 Net Adapter) -> {892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> {DD17CFFB-B9D2-41A0-BDC4-5A3228098544} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {3107C2A8-9F0B-4404-A58B-21BD85268FBC}[HKEY_LOCAL_MACHINE] -> http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB[PogoWebLauncher Control] -> {7B297BFD-85E4-4092-B2AF-16A91B2EA103}[HKEY_LOCAL_MACHINE] -> http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab[WScanCtl Class] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B}[HKEY_LOCAL_MACHINE] -> https://131.158.223.3/dana-cached/setup/JuniperSetupSP1.cab[JuniperSetupSP1 Control] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/cpbrkpie.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/JuniperSetup.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/JuniperSetup.ocx\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/JuniperSetup.ocx\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PogoWebLauncher.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PogoWebLauncher.ocx\\.Owner -> {3107C2A8-9F0B-4404-A58B-21BD85268FBC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PogoWebLauncher.ocx\\{3107C2A8-9F0B-4404-A58B-21BD85268FBC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpinTopGamesLauncher.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpinTopGamesLauncher.dll\\.Owner -> {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpinTopGamesLauncher.dll\\{7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpinTopGamesLauncher.dll\\{8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_de.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_de.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_de.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_en.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_en.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_en.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_es.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_es.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_es.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_fr.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_fr.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_fr.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ja.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ja.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ja.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ko.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ko.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ko.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh_cn.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh_cn.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh_cn.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UERT_0001_D19M2109NetInstaller.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UERT_0001_D19M2109NetInstaller.exe\\.Owner -> {F919FBD3-A96B-4679-AF26-F551439BB5FD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/webscan.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/webscan.dll\\.Owner -> {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/webscan.dll\\{7B297BFD-85E4-4092-B2AF-16A91B2EA103} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MSINET.OCX\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MSINET.OCX\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/gdiplus.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/gdiplus.dll\\.Owner -> Unknown Owner -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr = ] C:\WINDOWS\system32\rqRkKDsp -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 848 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 8:12:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 6A 99 23 BE 22 7A 53 7A 3D 51 A0 FB 4F 3D 3E 36 63 62 35 39 65 64 34 65 00 00 00 00 5F E0 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 8B EC 16 90 3D E5 59 63 11 4C 3D CB [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 54 48 CE 4C 93 25 F0 BC D4 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 41 FB E4 80 FC E5 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/9/2004 5:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 46 99 85 1B 76 29 2A 23 51 BC 36 11 7A A1 C9 BE [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 84 5A CD 84 D9 F3 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 10298 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> %ProgramFiles%\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/12/2005 3:23:26 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 5/12/2005 4:40:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 225280 bytes | Modified Date = 6/3/2005 1:50:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 40960 bytes | Modified Date = 6/3/2005 1:50:14 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 81920 bytes | Modified Date = 6/3/2005 1:45:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [Ver = 3, 2, 0,940 | Size = 200704 bytes | Modified Date = 5/11/2005 1:50:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 5.1.0.940 | Size = 1081344 bytes | Modified Date = 5/11/2005 1:07:26 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 172032 bytes | Modified Date = 6/3/2005 2:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 2.4 | Size = 151635 bytes | Modified Date = 5/11/2005 1:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 458752 bytes | Modified Date = 6/3/2005 1:51:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [Ver = 6.0.0.145 | Size = 421888 bytes | Modified Date = 9/16/2005 4:29:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [Ver = 6.0.0.145 | Size = 733184 bytes | Modified Date = 9/16/2005 4:34:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 57344 bytes | Modified Date = 6/3/2005 2:06:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> %ProgramFiles%\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\\\ROBYN\C\StubInstaller.exe -> \\ROBYN\C\StubInstaller.exe:*:Enabled:StubInstaller.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 9/17/2007 10:19:14 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/13/2008 8:12:28 PM | Attr = HS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> %ProgramFiles%\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\fxsclnt.exe -> %SystemRoot%\system32\fxsclnt.exe [C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console] -> Microsoft Corporation [Ver = 5.2.2600.5512 (xpsp.080413-0852) | Size = 142848 bytes | Modified Date = 4/13/2008 8:12:21 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> %ProgramFiles%\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup] -> McAfee [Ver = 0.9.2575.40163 | Size = 4838952 bytes | Modified Date = 1/16/2007 1:59:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{CD904408-C223-4BEA-A8FA-BBF09589938D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{892900FC-9814-4488-99C0-81491C1EE93D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A197E35B-D8E0-4AE7-85DB-DB00FA27F69B} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{30E0835C-1DB2-46F7-84F3-F9AF567AA736} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{3FC97F07-6A9C-4454-B896-27CD8E654D51} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 8:12:11 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> %SystemRoot%\system32\qmgr.dll [C:\WINDOWS\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.7.2600.5512 (xpsp.080413-2108) | Size = 409088 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 10298 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> %ProgramFiles%\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/12/2005 3:23:26 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 5/12/2005 4:40:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 225280 bytes | Modified Date = 6/3/2005 1:50:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 40960 bytes | Modified Date = 6/3/2005 1:50:14 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 81920 bytes | Modified Date = 6/3/2005 1:45:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [Ver = 3, 2, 0,940 | Size = 200704 bytes | Modified Date = 5/11/2005 1:50:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 5.1.0.940 | Size = 1081344 bytes | Modified Date = 5/11/2005 1:07:26 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 172032 bytes | Modified Date = 6/3/2005 2:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 2.4 | Size = 151635 bytes | Modified Date = 5/11/2005 1:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 458752 bytes | Modified Date = 6/3/2005 1:51:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [Ver = 6.0.0.145 | Size = 421888 bytes | Modified Date = 9/16/2005 4:29:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [Ver = 6.0.0.145 | Size = 733184 bytes | Modified Date = 9/16/2005 4:34:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 57344 bytes | Modified Date = 6/3/2005 2:06:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> %ProgramFiles%\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\\\ROBYN\C\StubInstaller.exe -> \\ROBYN\C\StubInstaller.exe:*:Enabled:StubInstaller.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 9/17/2007 10:19:14 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/13/2008 8:12:28 PM | Attr = HS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> %ProgramFiles%\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\fxsclnt.exe -> %SystemRoot%\system32\fxsclnt.exe [C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console] -> Microsoft Corporation [Ver = 5.2.2600.5512 (xpsp.080413-0852) | Size = 142848 bytes | Modified Date = 4/13/2008 8:12:21 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> %ProgramFiles%\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup] -> McAfee [Ver = 0.9.2575.40163 | Size = 4838952 bytes | Modified Date = 1/16/2007 1:59:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{CD904408-C223-4BEA-A8FA-BBF09589938D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{892900FC-9814-4488-99C0-81491C1EE93D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A197E35B-D8E0-4AE7-85DB-DB00FA27F69B} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{30E0835C-1DB2-46F7-84F3-F9AF567AA736} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{3FC97F07-6A9C-4454-B896-27CD8E654D51} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 8:12:11 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> [Files/Folders - Created Within 30 days] Backgammon.Dat -> %SystemDrive%\Backgammon.Dat -> [Ver = | Size = 796 bytes | Created Date = 7/30/2008 5:26:56 PM | Attr = ] Board.Dat -> %SystemDrive%\Board.Dat -> [Ver = | Size = 25 bytes | Created Date = 7/16/2008 6:19:15 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 7/31/2008 10:31:10 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 7/31/2008 10:31:09 PM | Attr = ] mfeavfk.sys -> %SystemRoot%\System32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 79304 bytes | Created Date = 7/31/2008 9:28:37 PM | Attr = ] mfebopk.sys -> %SystemRoot%\System32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 35240 bytes | Created Date = 7/31/2008 9:28:37 PM | Attr = ] mfehidk.sys -> %SystemRoot%\System32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 201320 bytes | Created Date = 7/31/2008 9:28:37 PM | Attr = ] mferkdk.sys -> %SystemRoot%\System32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 33832 bytes | Created Date = 7/31/2008 9:28:39 PM | Attr = ] mfesmfk.sys -> %SystemRoot%\System32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Created Date = 7/31/2008 9:28:37 PM | Attr = ] Mpfp.sys -> %SystemRoot%\System32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Created Date = 7/31/2008 9:28:32 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 13775 bytes | Created Date = 7/31/2008 9:31:00 PM | Attr = ] dunzip32.dll -> %SystemRoot%\System32\dunzip32.dll -> Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 7/31/2008 9:30:36 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/26/2008 7:43:13 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 7/26/2008 7:43:13 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/26/2008 7:43:13 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 7/26/2008 7:43:13 AM | Attr = ] msmesscon.02567 -> %SystemRoot%\System32\msmesscon.02567 -> [Ver = | Size = 25 bytes | Created Date = 7/20/2008 9:38:14 AM | Attr = ] msserver.02567 -> %SystemRoot%\System32\msserver.02567 -> [Ver = | Size = 4 bytes | Created Date = 7/20/2008 9:38:14 AM | Attr = ] BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 7/27/2008 9:23:25 AM | Attr = ] Cache -> %SystemRoot%\Cache -> [Folder | Created Date = 7/27/2008 7:48:47 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 7/24/2008 6:37:31 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 7/24/2008 6:37:31 PM | Attr = H ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 362 bytes | Created Date = 7/31/2008 9:28:20 PM | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 360 bytes | Created Date = 7/31/2008 9:28:19 PM | Attr = ] [Files/Folders - Modified Within 30 days] Backgammon.Dat -> %SystemDrive%\Backgammon.Dat -> [Ver = | Size = 796 bytes | Modified Date = 7/30/2008 5:27:04 PM | Attr = ] Board.Dat -> %SystemDrive%\Board.Dat -> [Ver = | Size = 25 bytes | Modified Date = 7/16/2008 6:21:35 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 279 bytes | Modified Date = 8/8/2008 8:13:24 PM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/9/2008 8:36:47 AM | Attr = H ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 8/9/2008 9:28:24 AM | Attr = ] GDPHOME -> %SystemDrive%\GDPHOME -> [Folder | Modified Date = 7/25/2008 1:37:31 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064685568 bytes | Modified Date = 8/9/2008 8:07:22 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/9/2008 12:28:41 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/7/2008 9:07:15 PM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 7/25/2008 11:38:49 AM | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 7/27/2008 2:15:45 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/9/2008 8:09:05 AM | Attr = ] CO_Mon.sys -> %SystemRoot%\System32\drivers\CO_Mon.sys -> [Ver = | Size = 34304 bytes | Modified Date = 8/12/2008 5:52:16 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/30/2008 8:07:52 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 7/30/2008 8:07:56 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 8/5/2008 8:05:22 PM | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/12/2008 5:52:23 AM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 13775 bytes | Modified Date = 8/12/2008 4:50:54 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/9/2008 8:09:48 AM | Attr = ] msmesscon.02567 -> %SystemRoot%\System32\msmesscon.02567 -> [Ver = | Size = 25 bytes | Modified Date = 7/20/2008 9:38:14 AM | Attr = ] msserver.02567 -> %SystemRoot%\System32\msserver.02567 -> [Ver = | Size = 4 bytes | Modified Date = 7/20/2008 10:18:19 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 7/25/2008 11:38:49 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/9/2008 8:28:41 AM | Attr = ] hpsysdrv.DAT -> %SystemRoot%\System\hpsysdrv.DAT -> [Ver = | Size = 186 bytes | Modified Date = 8/9/2008 8:14:44 AM | Attr = ] BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 7/27/2008 1:04:32 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/9/2008 8:07:27 AM | Attr = S] Cache -> %SystemRoot%\Cache -> [Folder | Modified Date = 7/27/2008 7:48:47 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/12/2008 5:52:27 AM | Attr = S] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/8/2008 2:37:17 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/9/2008 8:36:47 AM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/12/2008 4:53:34 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 7/24/2008 6:37:31 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 7/25/2008 6:42:36 AM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/9/2008 8:08:38 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/8/2008 8:13:24 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/11/2008 8:40:12 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/31/2008 9:28:20 PM | Attr = S] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 8/12/2008 4:55:24 PM | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 761 bytes | Modified Date = 8/8/2008 8:13:24 PM | Attr = ] ErrorSmart Scheduled Scan.job -> %SystemRoot%\tasks\ErrorSmart Scheduled Scan.job -> [Ver = | Size = 424 bytes | Modified Date = 8/12/2008 3:30:01 AM | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 362 bytes | Modified Date = 7/31/2008 9:28:20 PM | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 360 bytes | Modified Date = 8/11/2008 1:00:28 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/9/2008 8:07:37 AM | Attr = H ] SpyHunter Scanner.job -> %SystemRoot%\tasks\SpyHunter Scanner.job -> [Ver = | Size = 464 bytes | Modified Date = 8/12/2008 5:00:01 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2/2/2007 12:06:44 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4646 bytes | Modified Date = 8/9/2008 8:33:39 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/9/2008 8:33:39 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/30/2006 10:19:30 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11146 bytes | Modified Date = 7/6/2006 4:19:10 PM | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\Administrator\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Application Data\TEMP:00C31200 127 bytes C:\Documents and Settings\All Users\Application Data\TEMP:03392111 104 bytes C:\Documents and Settings\All Users\Application Data\TEMP:038F475A 106 bytes C:\Documents and Settings\All Users\Application Data\TEMP:03B3646C 117 bytes C:\Documents and Settings\All Users\Application Data\TEMP:04A01449 112 bytes C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9 128 bytes C:\Documents and Settings\All Users\Application Data\TEMP:052A05A1 107 bytes C:\Documents and Settings\All Users\Application Data\TEMP:053FEC11 131 bytes C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:06029D5A 115 bytes C:\Documents and Settings\All Users\Application Data\TEMP:061FEEDF 121 bytes C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758 108 bytes C:\Documents and Settings\All Users\Application Data\TEMP:0AF3BFB9 110 bytes C:\Documents and Settings\All Users\Application Data\TEMP:0B91F08E 112 bytes C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:10025173 133 bytes C:\Documents and Settings\All Users\Application Data\TEMP:10B7A752 106 bytes C:\Documents and Settings\All Users\Application Data\TEMP:11F7EB8A 104 bytes C:\Documents and Settings\All Users\Application Data\TEMP:15F163AE 131 bytes C:\Documents and Settings\All Users\Application Data\TEMP:193426B4 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:19DCB437 101 bytes C:\Documents and Settings\All Users\Application Data\TEMP:1B0EE21A 133 bytes C:\Documents and Settings\All Users\Application Data\TEMP:1B1330FD 115 bytes C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3 107 bytes C:\Documents and Settings\All Users\Application Data\TEMP:1CB8D545 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:1DAA5CF6 116 bytes C:\Documents and Settings\All Users\Application Data\TEMP:1E0D6460 118 bytes C:\Documents and Settings\All Users\Application Data\TEMP:24AB14E7 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:258F3E77 153 bytes C:\Documents and Settings\All Users\Application Data\TEMP:268F887D 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C 99 bytes C:\Documents and Settings\All Users\Application Data\TEMP:28534A3F 108 bytes C:\Documents and Settings\All Users\Application Data\TEMP:2ABEB9EB 109 bytes C:\Documents and Settings\All Users\Application Data\TEMP:2C15EF07 127 bytes C:\Documents and Settings\All Users\Application Data\TEMP:2C327EC7 129 bytes C:\Documents and Settings\All Users\Application Data\TEMP:2F3A020A 135 bytes C:\Documents and Settings\All Users\Application Data\TEMP:308D04F0 164 bytes C:\Documents and Settings\All Users\Application Data\TEMP:30C46519 111 bytes C:\Documents and Settings\All Users\Application Data\TEMP:31080D0E 102 bytes C:\Documents and Settings\All Users\Application Data\TEMP:327FAF99 115 bytes C:\Documents and Settings\All Users\Application Data\TEMP:32B4D386 123 bytes C:\Documents and Settings\All Users\Application Data\TEMP:32FA3B00 111 bytes C:\Documents and Settings\All Users\Application Data\TEMP:33AE6B76 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45 107 bytes C:\Documents and Settings\All Users\Application Data\TEMP:35759C73 128 bytes C:\Documents and Settings\All Users\Application Data\TEMP:358F1DD6 111 bytes C:\Documents and Settings\All Users\Application Data\TEMP:36397F39 125 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3643E9B3 128 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3712CD64 133 bytes C:\Documents and Settings\All Users\Application Data\TEMP:38C65A30 111 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3A484ED8 149 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3C2E33C1 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3C2F0B53 120 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3CF7E866 124 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3D639181 104 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3DA64F2C 118 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3E39CAA9 110 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC 111 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3ED1AF68 111 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3F3421F5 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:405AC508 140 bytes C:\Documents and Settings\All Users\Application Data\TEMP:40751495 130 bytes C:\Documents and Settings\All Users\Application Data\TEMP:415BC428 111 bytes C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C 124 bytes C:\Documents and Settings\All Users\Application Data\TEMP:426796C0 102 bytes C:\Documents and Settings\All Users\Application Data\TEMP:437B9941 108 bytes C:\Documents and Settings\All Users\Application Data\TEMP:444169A0 102 bytes C:\Documents and Settings\All Users\Application Data\TEMP:45014D2C 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:45C61F94 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:46AA8FE7 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:48715D68 156 bytes C:\Documents and Settings\All Users\Application Data\TEMP:48FC7CA3 100 bytes C:\Documents and Settings\All Users\Application Data\TEMP:4ADB39BA 120 bytes C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2 114 bytes C:\Documents and Settings\All Users\Application Data\TEMP:4DF1E156 113 bytes C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25 117 bytes C:\Documents and Settings\All Users\Application Data\TEMP:4FA041F5 120 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5344D76C 108 bytes C:\Documents and Settings\All Users\Application Data\TEMP:54997B77 127 bytes C:\Documents and Settings\All Users\Application Data\TEMP:54CB420C 133 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5578A9D8 117 bytes C:\Documents and Settings\All Users\Application Data\TEMP:557AD709 125 bytes C:\Documents and Settings\All Users\Application Data\TEMP:558C8E0A 123 bytes C:\Documents and Settings\All Users\Application Data\TEMP:55B05554 116 bytes C:\Documents and Settings\All Users\Application Data\TEMP:575736B9 100 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5759F6F0 99 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5782349A 113 bytes C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612 125 bytes C:\Documents and Settings\All Users\Application Data\TEMP:57B5D46A 106 bytes C:\Documents and Settings\All Users\Application Data\TEMP:57BF34C6 110 bytes C:\Documents and Settings\All Users\Application Data\TEMP:580E04D8 111 bytes C:\Documents and Settings\All Users\Application Data\TEMP:588C390C 98 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5A27D490 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5ADF4B3F 104 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5B1CE48A 104 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5B85C37B 109 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5BDD0820 101 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5D7E5A8F 120 bytes C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB 101 bytes C:\Documents and Settings\All Users\Application Data\TEMP:615435BE 128 bytes C:\Documents and Settings\All Users\Application Data\TEMP:618BF152 132 bytes C:\Documents and Settings\All Users\Application Data\TEMP:61E5F0F7 118 bytes C:\Documents and Settings\All Users\Application Data\TEMP:6248E15F 132 bytes C:\Documents and Settings\All Users\Application Data\TEMP:636CB7E4 115 bytes C:\Documents and Settings\All Users\Application Data\TEMP:64FBF76E 110 bytes C:\Documents and Settings\All Users\Application Data\TEMP:65B701A9 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:680DD2F1 119 bytes C:\Documents and Settings\All Users\Application Data\TEMP:699C6EB5 117 bytes C:\Documents and Settings\All Users\Application Data\TEMP:69E17801 110 bytes C:\Documents and Settings\All Users\Application Data\TEMP:6B15C5BC 136 bytes C:\Documents and Settings\All Users\Application Data\TEMP:6B45C8DB 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:6BF9AD0C 121 bytes C:\Documents and Settings\All Users\Application Data\TEMP:6CCBA03D 100 bytes C:\Documents and Settings\All Users\Application Data\TEMP:6D6C4572 135 bytes C:\Documents and Settings\All Users\Application Data\TEMP:6E1AAABB 129 bytes C:\Documents and Settings\All Users\Application Data\TEMP:701AFF06 140 bytes C:\Documents and Settings\All Users\Application Data\TEMP:7025E8E7 102 bytes C:\Documents and Settings\All Users\Application Data\TEMP:728F5B7E 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:74699137 98 bytes C:\Documents and Settings\All Users\Application Data\TEMP:756C8543 98 bytes C:\Documents and Settings\All Users\Application Data\TEMP:75714345 127 bytes C:\Documents and Settings\All Users\Application Data\TEMP:78881DAD 133 bytes C:\Documents and Settings\All Users\Application Data\TEMP:798A3728 116 bytes C:\Documents and Settings\All Users\Application Data\TEMP:7C8950EF 121 bytes C:\Documents and Settings\All Users\Application Data\TEMP:7FC64998 120 bytes C:\Documents and Settings\All Users\Application Data\TEMP:814402E6 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:814B9485 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:81ED9272 101 bytes C:\Documents and Settings\All Users\Application Data\TEMP:857F3067 124 bytes C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823 118 bytes C:\Documents and Settings\All Users\Application Data\TEMP:861A898F 111 bytes C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE 127 bytes C:\Documents and Settings\All Users\Application Data\TEMP:86A8CE8D 98 bytes C:\Documents and Settings\All Users\Application Data\TEMP:86EBCA53 106 bytes C:\Documents and Settings\All Users\Application Data\TEMP:86F3B593 106 bytes C:\Documents and Settings\All Users\Application Data\TEMP:8A2AAEB5 121 bytes C:\Documents and Settings\All Users\Application Data\TEMP:8D0C3F21 160 bytes C:\Documents and Settings\All Users\Application Data\TEMP:8EE28671 100 bytes C:\Documents and Settings\All Users\Application Data\TEMP:90D818C0 127 bytes C:\Documents and Settings\All Users\Application Data\TEMP:912389B7 98 bytes C:\Documents and Settings\All Users\Application Data\TEMP:92766455 159 bytes C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4 128 bytes C:\Documents and Settings\All Users\Application Data\TEMP:95B8F7F6 112 bytes C:\Documents and Settings\All Users\Application Data\TEMP:96FAC731 163 bytes C:\Documents and Settings\All Users\Application Data\TEMP:975EFF04 117 bytes C:\Documents and Settings\All Users\Application Data\TEMP:981349EA 116 bytes C:\Documents and Settings\All Users\Application Data\TEMP:981884E7 108 bytes C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176 107 bytes C:\Documents and Settings\All Users\Application Data\TEMP:9DAC67BE 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:9E7FF26C 99 bytes C:\Documents and Settings\All Users\Application Data\TEMP:9F683177 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2 103 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A000534D 107 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39 125 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A696643D 121 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A69F57F3 112 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A6C692C1 118 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB 124 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A74C1F67 119 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD 118 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A88A1788 108 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A916C041 123 bytes C:\Documents and Settings\All Users\Application Data\TEMP:A9CF7CB5 129 bytes C:\Documents and Settings\All Users\Application Data\TEMP:ABE30DDB 128 bytes C:\Documents and Settings\All Users\Application Data\TEMP:AC9ECE7B 113 bytes C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379 119 bytes C:\Documents and Settings\All Users\Application Data\TEMP:AE9A3E83 117 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B1109A4B 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B12FF3F2 121 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B19C38E3 117 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B27FD665 128 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B4DCBA8B 154 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8 125 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B6EBE404 118 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B745EBA5 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B894C266 118 bytes C:\Documents and Settings\All Users\Application Data\TEMP:BA33ABBC 104 bytes C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F 113 bytes C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701 109 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C1CCF2C1 103 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C24B973A 123 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C307893D 116 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C382CA7D 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C40E212B 117 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA 113 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C4F37A10 100 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C5A35877 108 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C604AFF4 129 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C6A8681A 101 bytes C:\Documents and Settings\All Users\Application Data\TEMP:C90E8309 114 bytes C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 110 bytes C:\Documents and Settings\All Users\Application Data\TEMP:CBCF563D 143 bytes C:\Documents and Settings\All Users\Application Data\TEMP:CE113E16 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:D0A1C3C1 107 bytes C:\Documents and Settings\All Users\Application Data\TEMP:D1361E51 121 bytes C:\Documents and Settings\All Users\Application Data\TEMP:D390F9AE 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:D7E875F8 108 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DA723860 121 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DAB3B23A 126 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DD874E14 114 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DDFA7E90 112 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DE064DDA 127 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DE6768B6 123 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DEE7A5E5 114 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DF53BA0A 119 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E06AC882 99 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23 114 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E342738F 110 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E36991C0 109 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E37F3E40 123 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E4BCEC7A 134 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E6EA2A3B 128 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2 101 bytes C:\Documents and Settings\All Users\Application Data\TEMP:E736CE6B 117 bytes C:\Documents and Settings\All Users\Application Data\TEMP:EB603FE4 101 bytes C:\Documents and Settings\All Users\Application Data\TEMP:EBF86BD6 113 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B 100 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F0DB1AD1 115 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F3600258 128 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F369DF24 105 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F43628AB 103 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F4921BC9 110 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F4C58FEF 122 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1 118 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F8DFFF5E 106 bytes C:\Documents and Settings\All Users\Application Data\TEMP:F9C6DE8B 144 bytes C:\Documents and Settings\All Users\Application Data\TEMP:FA42DF8E 131 bytes C:\Documents and Settings\All Users\Application Data\TEMP:FAF1F444 121 bytes C:\Documents and Settings\All Users\Application Data\TEMP:FB384C06 132 bytes C:\Documents and Settings\All Users\Application Data\TEMP:FE5F00D0 113 bytes C:\Documents and Settings\All Users\Application Data\TEMP:FE78C5D0 123 bytes C:\Documents and Settings\All Users\Application Data\TEMP:FF25EC96 123 bytes C:\Documents and Settings\All Users\Application Data\TEMP:FFC63BDF 110 bytes C:\Documents and Settings\All Users\Documents\Ali Ooop\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Impressionism - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Videos\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\.limewire\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\Favorites\Frederick County Public Library - Meeting Rooms - Urbana.url:favicon 198 bytes C:\Documents and Settings\HP_Administrator\Favorites\FrederickFreecycle Frederick Freecycle(TM).url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Freekibble.url:favicon 11062 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\A Christmas Story House.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\DCRTV - Washington DC-Baltimore Area Radio-TV-Media.url:favicon 1494 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\Desktop\FreeRice.url:favicon 2550 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\Desktop\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\Riley Anne.url:favicon 3638 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\Wedding\John Q's Steakhouse - About Us.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\Wedding\Cleveland Wedding Minister, Cleveland Ohio Civil Ceremony, Licensed Officiant Service, Marriage Minister Cleveland OH.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\Wedding\Renaissance Cleveland Hotel Distinctive and stylish accommodations in Cleveland.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\Heart tickets, concerts and tour dates. Official Ticketmaster site..url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fun\Marriott Rewards programs information at Marriott.com.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Google.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Computer Stuff\Anti-Trojan Guide.url:favicon 198 bytes C:\Documents and Settings\HP_Administrator\Favorites\Computer Stuff\CastleCops .url:favicon 3638 bytes C:\Documents and Settings\HP_Administrator\Favorites\Computer Stuff\MajorGeeks.com - Download Shareware and Freeware Computer Utilities..url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\Computer Stuff\MessageSubtract.url:favicon 3750 bytes C:\Documents and Settings\HP_Administrator\Favorites\Desktop\Yahoo Mail.url:favicon 6598 bytes C:\Documents and Settings\HP_Administrator\Favorites\Desktop\Google.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\EITMfans Elliot In The Morning Fans.url:favicon 3638 bytes C:\Documents and Settings\HP_Administrator\Favorites\Fone Finder query form.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Food Network.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.url:favicon 766 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\Dictionary.com.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\Disney Channel - Lizzie McGuire.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\Explore the whole of Neopia!!!.url:favicon 3638 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\Fathers Day Activities.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\FreeRice.url:favicon 2550 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\Jan Brett's Home Page - A Great Place for Ideas.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\Origami Folding Instructions - Simple Origami - Easy Origami Diagrams.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\River Valley Ranch.url:favicon 3638 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\Welcome to Webkinz® - a Ganz website.url:favicon 2550 bytes C:\Documents and Settings\HP_Administrator\Favorites\Ali\Yahoo! Finance.url:favicon 6598 bytes C:\Documents and Settings\HP_Administrator\Favorites\Amending Child Visitation Court Order - FreeAdvice Forums.url:favicon 10134 bytes C:\Documents and Settings\HP_Administrator\Favorites\Banking\Comstar.url:favicon 2238 bytes C:\Documents and Settings\HP_Administrator\Favorites\Banking\ING DIRECT.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Banking\Navy Federal Credit Union.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Banking\TreasuryDirect.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Bills\Home Depot.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Bills\ChevronTexacoCards.com Credit Services.url:favicon 3574 bytes C:\Documents and Settings\HP_Administrator\Favorites\Bills\Citi® Credit Cards, Citibank, Travel Reward Credit Cards, Small Business Credit Cards, Student Credit Cards.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Bills\Comcast Bill Pay.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Bills\Lowe's Visa Credit Card.url:favicon 3574 bytes C:\Documents and Settings\HP_Administrator\Favorites\Bills\QCard Account.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\Bills\Verizon Cell.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Bills\Wolf.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Binders 11 X 14 ACC59273.url:favicon 24902 bytes C:\Documents and Settings\HP_Administrator\Favorites\Buffalo Wings & Beer.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Car Stuff\Ultimate Subaru Message Board.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Caucus Log In.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Las Vegas Motor Speedway Tickets 2009 NASCAR Weekend.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Light T-Shirt - CafePress.url:favicon 1730 bytes C:\Documents and Settings\HP_Administrator\Favorites\Louisville Slugger Personalized E-bat.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\mail2web.com - Pick Up Your Email.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\ClubMom.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\Historical - New Market Maryland Official Site.url:favicon 109502 bytes C:\Documents and Settings\HP_Administrator\Favorites\HowStuffWorks .url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\Mattel Consumer Relations Answer Center - Recall Information.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Michael\Big E Antique Service.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Michael\NASCAR.COM.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Michael\http--www.batterydepot.com-cart.phpBDSESS=0803027333e7efa845665d99a8428a8c.url:favicon 2238 bytes C:\Documents and Settings\HP_Administrator\Favorites\MVA Home Page.url:favicon 5430 bytes C:\Documents and Settings\HP_Administrator\Favorites\National Sex Offender Registry.url:favicon 3638 bytes C:\Documents and Settings\HP_Administrator\Favorites\News\CNN .url:favicon 1078 bytes C:\Documents and Settings\HP_Administrator\Favorites\News\http--www.tmz.com-.url:favicon 2862 bytes C:\Documents and Settings\HP_Administrator\Favorites\News\MyFox Washington DC Fox 5 News WTTG.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\News\NBC4.url:favicon 822 bytes C:\Documents and Settings\HP_Administrator\Favorites\News\Washingtonpost.com - News Front.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\News\Your4state.com Home.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\Pets\1800PetMeds.com - America's Pet Medication and Pet Health Resource.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Rachael Ray Show .url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Randy Pausch's Home Page.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\RandyPauschInformation.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\Bargain Chaser — The insider’s guide to saving time and money in Frederick, Maryland..url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\McCutcheon's Preserves, Jams Jellies, Apple Butter and Much More!.url:favicon 3638 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\gift wrap Target Target Search Results.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\Gift Wrapping Organizers stores gift wrapping utilities.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\Hallmark Magazine Home.url:favicon 318 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\House Stuff\AllergyZone Furnace Filters - Filters America.com.url:favicon 894 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\House Stuff\Bemis Whole-House Evaporative Humidifier 11-Gallon Output 696-400.url:favicon 3638 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\House Stuff\Char-Broil Inviting Everybody Outside Since 1948.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\House Stuff\Kenmore Parts for Models one.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\T-Shirts & Clothing from CafePress.url:favicon 1730 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\Coupons\http--www.onlycoupons.com-.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\Coupons\Promotion Codes - Discount Codes - Online Coupons - Discounts Promotional Codes.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Shopping\Coupons\»Coupons for Amazon, Dell, Eastbay, eBags, Expedia, Macys, Office Depot, Orbitz, Old Navy....url:favicon 1078 bytes C:\Documents and Settings\HP_Administrator\Favorites\Who's Alive and Who's Dead.url:favicon 18670 bytes C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\ehome\Image.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\ehome\Video.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Ali\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Ali School\Ali 7th Grade\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Jacobs ladder\MVP\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Jacobs ladder\Divorce and Kids\Summons\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Jacobs ladder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\LUYAA BOD\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2003 Pictures\2003-08 (Aug)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2003 Pictures\2003-09 (Sep)\2003-10 (Oct)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2003 Pictures\2003-09 (Sep)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2003 Pictures\2003-11 (Nov)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2003 Pictures\2003-12 (Dec)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2003 Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\2004-05 (May)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Ali 8th birthday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Ali 9th Birthday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Ali Swimming\Ali pool\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Ali Swimming\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Bubby Bday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Christmas 04\Christmas 04 Part 2\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Christmas 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Emerils Restaurant\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Band Disney Parade April 2004\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Band pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Band Pre-Parade April 2004\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Breakfast with Mickey and Friends\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Disney Quest\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Downtown Disney\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Hoo Dee Doo Revue\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Kennedy Space Center and Cinderella Dinner\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Lunch with Cinderella\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Magic Kingdom\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Pool Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Disney 04\Universal Studios\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Easter 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Family Jan 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Feb 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Frederick Fair Sept 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Sarah's Apt\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Thanksgiving 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\to be uploaded\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\july 24 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Kitty pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\LHS Band\Band Banquet and Hoops\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\LHS Band\Graduation\Grad Party\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\LHS Band\Graduation\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\LHS Band\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\May 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Nov Dec 04 uploaded\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Oct 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2004 Pictures\Robyn's Bday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Odds and Ends\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\August 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Choir Party\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Circus and Easter\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Barking Dog Bethesda\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Bridges Sep 10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Buffalo Billiards\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Cantina Marina\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Crystal City Pub\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Dave and Busters\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Dave and Busters May 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\DC 101\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Elliot and Stuff\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Memories\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Memories 24 Jul 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Memories Sep 04 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Memories Sep 17 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Outback 2004\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Party\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Party\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\DC101\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Dec 05\Mark\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Dec 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Halloween 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Jul 05 Block Party\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\July 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Misc June 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Misc May 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Mother's Day\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Ocean City\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Oct 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Sarah's May 05 visit\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Sept 05\Frederick Fair 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Sept 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Snow and Misc\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Softball 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2005 Pictures\Valentine's Day\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\5th Grade Graduation\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Ali's 11th Bday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\April 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Misc\Misc\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Misc\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Nannie's Pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\November 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\NYC Jun 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\October 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Odds N Ends\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Salem\December 2005\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Salem\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah Beach pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah preggo\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah visit Mar 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah's Pictures\2003-09 (Sep)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah's Pictures\2003-10 (Oct)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah's Pictures\2004-05 (May)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah's Pictures\belly\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah's Pictures\Candie\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah's Pictures\Kevy-n-Me\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sarah's Pictures\Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Sept 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\USNS Comfort\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\CP&E Cookout\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\December 2006\Christmas and Misc 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\December 2006\Cub Scout Skating\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\December 2006\NYC\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\December 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\February 2006\DCES Valentine Party\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\February 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\LLA\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\Longaberger Apr 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2006\May 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\April 2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\August 07\Summersville 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\August 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\DC101 March 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\December 2007\Nannie's Pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\December 2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Feb 2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Hailey Ann\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Hailey Ann\Hailey Ann\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Halloween07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\January 2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\July 2007\DC101 Fuzzy's House\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\July 2007\Everything Else - uploaded to fish\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\July 2007\Hailey - uploaded to Fish\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\July 2007\Middletown Carnival - uploaded to Fish\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\July 2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\June 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\June 07\Andy's Confirmation\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\March 2007\Sarah's Shower\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\March 2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\May 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Nannies Pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\November 07\Christmas 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\November 07\Odds and Ends\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\November 07\Thanksgiving 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\November 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Oct 07\Oct 01 2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Oct 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Sept 07\Sarah's pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Sept 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\April\April 2008-UPLOADED to FISH\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\April\Talledega - Susan uploaded to fish\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\April\Talledega - Uploaded to Fish\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\April\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Cruise\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\February 2008\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\HAILEYS BDAY\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\January 2008\Alis pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\January 2008\Sarah pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\January 2008\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\July 2008\Middletown Carnival\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\July 2008\Nannie's Pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\July 2008\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\June 2008\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\March 2008\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\March 2008\Fink\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\May 2008\Boo Boo\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\May 2008\Hendricks Party\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\May 2008\Mother's Day and Bridal Shower\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\May 2008\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Sarah Baby shower\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Wedding\Reception\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Wedding\Reyna\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Wedding\Susan's pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Wedding\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Wedding\Christmas Story House\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Wedding\Debi Party\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008\Wedding\Fun\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Ali's Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Sarah's pics\Sarah's pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Sarah's pics\Sept 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Sarah's pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Sarah's pics\2003-10 (Oct)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Sarah's pics\Kevy-n-Me\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Scans\2006-12 (Dec)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Scans\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Softball\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Softball\2007 Minutes\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Softball\Budget\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\Wedding\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\The Kids\Desktop\cllaire.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Claire\Flash Hannah Montana game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Claire\High School Musical 2 - Original Movies - Disney Channel.url:favicon 894 bytes C:\Documents and Settings\The Kids\Favorites\Disney.com DxD Home.url:favicon 318 bytes C:\Documents and Settings\The Kids\Favorites\Flash Avatar Fortress fight game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Beach Assault game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Little gold miner game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Los simpsons game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Monkey Mayhem game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Motor Bike game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Mountain Climbing game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Office Love game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\High School Musical - Original Movies - Disney Channel.url:favicon 894 bytes C:\Documents and Settings\The Kids\Favorites\High School Musical 2 - Original Movies - Disney Channel.url:favicon 894 bytes C:\Documents and Settings\The Kids\Favorites\Ryan\Flash Phineas and Ferb game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Ryan\Flash Super Mario Bros game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Bullet Bill game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Bush Shoot out game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Dog cannon game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Fish Money game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Sofa Bash game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Sonic XS game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Favorites\Flash Super Mario Sunshine game.url:favicon 3262 bytes C:\Documents and Settings\The Kids\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes C:\Documents and Settings\The Kids\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 672 < End of report > [/code]