[code] OTScanIt logfile created on: 8/24/2008 12:50:16 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Drew Angus.DREWSCOMPUTER\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 447.36 Mb Total Physical Memory | 120.52 Mb Available Physical Memory | 26.94% Memory free 1.35 Gb Paging File | 0.80 Gb Available in Paging File | 58.86% Paging File free Paging file location(s): C:\pagefile.sys 1000 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.78 Gb Total Space | 58.64 Gb Free Space | 52.46% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DREWSCOMPUTER Current User Name: Drew Angus Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.7 | Size = 108904 bytes | Modified Date = 7/17/2007 8:53:26 PM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 3/25/2008 8:01:14 PM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\acs\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:35 AM | Attr = R ] httpd.exe -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\httpd.exe -> Apache Software Foundation [Ver = 2.2.4 | Size = 20539 bytes | Modified Date = 1/9/2007 11:17:24 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] httpd.exe -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\httpd.exe -> Apache Software Foundation [Ver = 2.2.4 | Size = 20539 bytes | Modified Date = 1/9/2007 11:17:24 PM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] dlcfcoms.exe -> %SystemRoot%\system32\dlcfcoms.exe -> [Ver = 99.99.99.99 | Size = 537480 bytes | Modified Date = 12/7/2006 11:27:52 PM | Attr = ] libusbd-nt.exe -> %SystemRoot%\system32\libusbd-nt.exe -> http://libusb-win32.sourceforge.net [Ver = 0.1.10.1 | Size = 18944 bytes | Modified Date = 3/9/2005 8:50:18 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5214 | Size = 81920 bytes | Modified Date = 9/24/2003 5:32:00 PM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ] alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 12:47:52 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] aolsoftware.exe -> %CommonProgramFiles%\AOL\1190234924\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 7:52:48 PM | Attr = ] launchy.exe -> %ProgramFiles%\Launchy\Launchy.exe -> [Ver = | Size = 274432 bytes | Modified Date = 12/18/2007 1:43:34 PM | Attr = ] apachemonitor.exe -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe -> Apache Software Foundation [Ver = 2.2.4 | Size = 41041 bytes | Modified Date = 1/9/2007 11:20:44 PM | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:18 PM | Attr = ] aolsp scheduler.exe -> %CommonProgramFiles%\AOL\1190234924\ee\services\antiSpywareApp\ver0_9_6\AOLSP Scheduler.exe -> [Ver = | Size = 1536 bytes | Modified Date = 8/31/2005 9:23:33 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ] jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 325008 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ] comhost.exe -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 9:40:58 PM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.2.7 | Size = 116072 bytes | Modified Date = 7/17/2007 8:54:00 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] aupdate.exe -> %ProgramFiles%\Symantec\LiveUpdate\AUPDATE.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 623984 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\acs\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:35 AM | Attr = R ] (Apache2) Apache2 [Win32_Own | Auto | Running] -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\httpd.exe -> Apache Software Foundation [Ver = 2.2.4 | Size = 20539 bytes | Modified Date = 1/9/2007 11:17:24 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.7 | Size = 108904 bytes | Modified Date = 7/17/2007 8:53:26 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.7 | Size = 108904 bytes | Modified Date = 7/17/2007 8:53:26 PM | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.7 | Size = 108904 bytes | Modified Date = 7/17/2007 8:53:26 PM | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 9:40:58 PM | Attr = ] (dlcf_device) dlcf_device [Win32_Own | Auto | Running] -> %SystemRoot%\system32\dlcfcoms.exe -> [Ver = 99.99.99.99 | Size = 537480 bytes | Modified Date = 12/7/2006 11:27:52 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 8:40:21 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ] (libusbd) LibUsb-Win32 - Daemon, Version 0.1.10.1 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\libusbd-nt.exe -> http://libusb-win32.sourceforge.net [Ver = 0.1.10.1 | Size = 18944 bytes | Modified Date = 3/9/2005 8:50:18 PM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] (LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.7 | Size = 108904 bytes | Modified Date = 7/17/2007 8:53:26 PM | Attr = ] (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 1/29/2008 5:38:31 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5214 | Size = 81920 bytes | Modified Date = 9/24/2003 5:32:00 PM | Attr = ] (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 4.0.0.755 | Size = 93048 bytes | Modified Date = 1/25/2007 12:31:34 PM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 3/25/2008 8:01:14 PM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ["C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] AlcxMonitor -> %SystemRoot%\ALCXMNTR.EXE [ALCXMNTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 12:47:52 PM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.3.2.7 | Size = 116072 bytes | Modified Date = 7/17/2007 8:54:00 PM | Attr = ] DLCFCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlcftime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 10/20/2006 5:48:56 PM | Attr = ] HostManager -> %CommonProgramFiles%\AOL\1190234924\ee\AOLHostManager.exe [C:\Program Files\Common Files\AOL\1190234924\ee\AOLHostManager.exe] -> America Online, Inc. [Ver = 1.5.6.1 | Size = 14384 bytes | Modified Date = 9/25/2006 7:52:50 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5214 | Size = 5033984 bytes | Modified Date = 9/24/2003 5:32:00 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> NVIDIA Corporation [Ver = 6.14.10.5214 | Size = 741376 bytes | Modified Date = 9/24/2003 5:32:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ] Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 1/29/2008 5:38:31 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:02 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:02 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AOL Fast Start -> %ProgramFiles%\AOL 9.0\aol.exe ["C:\Program Files\AOL 9.0\AOL.EXE" -b] -> AOL, LLC. [Ver = 9.05.001 | Size = 50736 bytes | Modified Date = 4/18/2007 1:49:00 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Launchy.lnk -> %ProgramFiles%\Launchy\Launchy.exe -> [Ver = | Size = 274432 bytes | Modified Date = 12/18/2007 1:43:34 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Monitor Apache Servers.lnk -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe -> Apache Software Foundation [Ver = 2.2.4 | Size = 41041 bytes | Modified Date = 1/9/2007 11:20:44 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe -> [Ver = | Size = 1134592 bytes | Modified Date = 7/9/2007 10:24:38 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Drew Angus Startup Folder > -> C:\Documents and Settings\Drew Angus\Start Menu\Programs\Startup -> < Drew Angus.DREWSCOMPUTER Startup Folder > -> C:\Documents and Settings\Drew Angus.DREWSCOMPUTER\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> Hello There -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> This is my copmuter -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarsOnTaskbar -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetTaskbar -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMovingBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCloseDragDropBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarsOnTaskbar -> 0 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetTaskbar -> 0 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMovingBands -> 0 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCloseDragDropBands -> 0 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 12:59:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomIDE-DVD_ROM_16x_________________________HD08____\5&59b5e6c&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomLITE-ON_DVDRW_LDW-411S__________________FS05____\5&59b5e6c&0&0.1.0 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 5/11/2006 7:33:35 PM | Attr = ] < HOSTS File > (774 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_CURRENT_USER\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\] > -> -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\] > -> -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr = ] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.7\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.7.20 | Size = 97696 bytes | Modified Date = 7/11/2007 8:49:20 PM | Attr = R ] {69A87B7D-DE56-4136-9655-716BA50C19C7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] -> [Ver = | Size = 303104 bytes | Modified Date = 5/18/2007 11:00:10 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.7\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.7.20 | Size = 608656 bytes | Modified Date = 7/11/2007 8:49:32 PM | Attr = R ] {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 303104 bytes | Modified Date = 5/18/2007 11:00:10 AM | Attr = ] {DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] {3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 9/7/2006 3:59:50 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 9/7/2006 3:59:50 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\] > -> HKEY_USERS\S-1-5-21-790525478-1897051121-725345543-501\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 9/7/2006 3:59:50 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7A30F4A2-2B62-4A2B-809F-FBA1768C98E3} -> (Instant Wireless PCI Card V2.7) -> {E8F6653D-CCA4-4F12-8B98-1A9722EB6254} -> (1394 Net Adapter) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 9/13/2007 1:31:38 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {85D1F3B2-2A21-11D7-97B9-0010DC2A6243}[HKEY_LOCAL_MACHINE] -> http://secure2.comned.com/signuptemplates/securelogin-devel.cab[SecureLogin class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {9600F64D-755F-11D4-A47F-0001023E6D5A}[HKEY_LOCAL_MACHINE] -> http://web1.shutterfly.com/downloads/Uploader.cab[Shutterfly Picture Upload Plugin] -> {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}[HKEY_LOCAL_MACHINE] -> http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_18-windows-i586.cab[Java Plug-in 1.3.1_18] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/securelogin.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/securelogin.ocx\\.Owner -> {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/securelogin.ocx\\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\.Owner -> {9600F64D-755F-11D4-A47F-0001023E6D5A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\{9600F64D-755F-11D4-A47F-0001023E6D5A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymDlBrg.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymDlBrg.dll\\.Owner -> {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymDlBrg.dll\\{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/unicows.dll\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 788 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 18 67 5D 3B EE 1B C6 C9 E0 10 B0 FC DF 76 F9 7E 31 38 62 63 30 36 37 30 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 6B 69 81 48 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> A3 58 13 67 80 23 CD 84 1C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> EE AA 3F 09 F9 24 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 95 C0 CA C3 49 AF FA DF 8D 5C D4 7B 26 09 5A 6A [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> D4 53 09 3C F4 FC C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2698 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 12/11/2007 12:10:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FolderShare\FolderShare.exe -> %ProgramFiles%\FolderShare\FolderShare.exe [C:\Program Files\FolderShare\FolderShare.exe:*:Enabled:FolderShare] -> [Ver = | Size = 851968 bytes | Modified Date = 10/30/2005 10:12:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pidgin\pidgin.exe -> %ProgramFiles%\Pidgin\pidgin.exe [C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> The Pidgin developer community [Ver = 2.2.2 | Size = 44655 bytes | Modified Date = 10/23/2007 7:14:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe -> %ProgramFiles%\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> Azureus Inc [Ver = 3.0.0.0 | Size = 254976 bytes | Modified Date = 8/31/2007 8:52:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Digsby\digsby.exe -> %ProgramFiles%\Digsby\Digsby.exe [C:\Program Files\Digsby\digsby.exe:*:Enabled:Digsby IM] -> [Ver = | Size = 6144 bytes | Modified Date = 2/27/2008 10:42:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 9/13/2007 1:31:38 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ftp.exe -> %SystemRoot%\system32\ftp.exe [C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:49 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 6/27/2008 11:53:51 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Digsby_working\digsby.exe -> %ProgramFiles%\Digsby_working\digsby.exe [C:\Program Files\Digsby_working\digsby.exe:*:Enabled:Digsby IM] -> dotSyntax, LLC [Ver = 1.0.0.0 | Size = 115200 bytes | Modified Date = 5/30/2008 5:08:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E8F6653D-CCA4-4F12-8B98-1A9722EB6254} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{7A30F4A2-2B62-4A2B-809F-FBA1768C98E3} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> iSyncTunes hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iSyncTunes\ISyncTunes.exe -> [Ver = | Size = 339131 bytes | Modified Date = 11/1/2006 9:08:51 PM | Attr = ] [Files/Folders - Created Within 90 days] cdr4_xp.sys -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 7/12/2008 3:32:17 PM | Attr = ] cdralw2k.sys -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 7/12/2008 3:32:17 PM | Attr = ] sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Created Date = 6/29/2008 10:49:57 PM | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Created Date = 8/18/2008 7:37:01 PM | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 7/12/2008 11:04:47 AM | Attr = ] lfcmp13n.dll -> %SystemRoot%\System32\lfcmp13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 388608 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] lffax13n.dll -> %SystemRoot%\System32\lffax13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 73728 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] lfj2k13n.dll -> %SystemRoot%\System32\lfj2k13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 246272 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] lfjbg13n.dll -> %SystemRoot%\System32\lfjbg13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 90112 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] lftif13n.dll -> %SystemRoot%\System32\lftif13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 142848 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] ltclr13n.dll -> %SystemRoot%\System32\ltclr13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 1693696 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] ltdis13n.dll -> %SystemRoot%\System32\ltdis13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 265216 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] ltefx13n.dll -> %SystemRoot%\System32\ltefx13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 206848 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] ltfil13n.dll -> %SystemRoot%\System32\ltfil13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 154112 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] ltimg13n.dll -> %SystemRoot%\System32\ltimg13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 445440 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] ltkrn13n.dll -> %SystemRoot%\System32\ltkrn13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.117 | Size = 453120 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] mfimgvwr.ocx -> %SystemRoot%\System32\mfimgvwr.ocx -> MyFamily.com, Inc. [Ver = 2.0.0.1 | Size = 189976 bytes | Created Date = 6/14/2008 10:24:45 AM | Attr = ] px.dll -> %SystemRoot%\System32\px.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 514808 bytes | Created Date = 7/12/2008 3:32:16 PM | Attr = ] pxdrv.dll -> %SystemRoot%\System32\pxdrv.dll -> Sonic Solutions [Ver = 1.01.95a | Size = 477944 bytes | Created Date = 7/12/2008 3:32:17 PM | Attr = ] pxhpinst.exe -> %SystemRoot%\System32\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.41a | Size = 68344 bytes | Created Date = 7/12/2008 3:32:17 PM | Attr = ] pxmas.dll -> %SystemRoot%\System32\pxmas.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 183032 bytes | Created Date = 7/12/2008 3:32:16 PM | Attr = ] pxwave.dll -> %SystemRoot%\System32\pxwave.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 379640 bytes | Created Date = 7/12/2008 3:32:16 PM | Attr = ] structuredqueryschema.bin -> %SystemRoot%\System32\structuredqueryschema.bin -> [Ver = | Size = 106605 bytes | Created Date = 5/26/2008 9:59:40 PM | Attr = ] structuredqueryschematrivial.bin -> %SystemRoot%\System32\structuredqueryschematrivial.bin -> [Ver = | Size = 18904 bytes | Created Date = 5/26/2008 9:59:42 PM | Attr = ] vxblock.dll -> %SystemRoot%\System32\vxblock.dll -> Sonic Solutions [Ver = 1.00.72a | Size = 39672 bytes | Created Date = 7/12/2008 3:32:16 PM | Attr = ] wfxhelp22.dll -> %SystemRoot%\System32\wfxhelp22.dll -> [Ver = | Size = 10 bytes | Created Date = 5/28/2008 9:18:40 PM | Attr = ] windowfx2.ini -> %SystemRoot%\windowfx2.ini -> [Ver = | Size = 0 bytes | Created Date = 5/28/2008 9:20:15 PM | Attr = ] windowfx3.ini -> %SystemRoot%\windowfx3.ini -> [Ver = | Size = 0 bytes | Created Date = 5/28/2008 9:20:43 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] .googlewebacchosts -> %AppData%\.googlewebacchosts -> [Ver = | Size = 2730 bytes | Created Date = 6/4/2008 1:51:42 PM | Attr = ] .purple -> %AppData%\.purple -> [Folder | Created Date = 6/4/2008 8:22:41 PM | Attr = ] acccore -> %AppData%\acccore -> [Folder | Created Date = 6/8/2008 12:35:30 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 6/4/2008 1:49:18 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Created Date = 6/6/2008 5:40:40 PM | Attr = ] AOL -> %AppData%\AOL -> [Folder | Created Date = 7/2/2008 2:05:06 PM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Created Date = 6/4/2008 1:44:31 PM | Attr = ] DAEMON Tools -> %AppData%\DAEMON Tools -> [Folder | Created Date = 6/29/2008 11:42:49 PM | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 6/4/2008 1:44:32 PM | Attr = HS] Digsby -> %AppData%\Digsby -> [Folder | Created Date = 6/29/2008 12:42:20 AM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 6/4/2008 1:45:45 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 6/4/2008 1:45:20 PM | Attr = ] Launchy -> %AppData%\Launchy -> [Folder | Created Date = 6/27/2008 11:59:43 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 6/4/2008 1:49:18 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 6/4/2008 1:44:31 PM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 6/4/2008 1:48:40 PM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Created Date = 6/8/2008 12:50:18 AM | Attr = ] Talkback -> %AppData%\Talkback -> [Folder | Created Date = 6/4/2008 1:48:53 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 6/27/2008 11:53:45 PM | Attr = ] Viewpoint -> %AppData%\Viewpoint -> [Folder | Created Date = 7/2/2008 2:05:23 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Created Date = 6/29/2008 12:54:20 AM | Attr = ] Windows Desktop Search -> %AppData%\Windows Desktop Search -> [Folder | Created Date = 7/12/2008 11:08:51 AM | Attr = ] Windows Search -> %AppData%\Windows Search -> [Folder | Created Date = 7/12/2008 2:09:02 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 6/29/2008 12:56:17 AM | Attr = ] winscp.rnd -> %AppData%\winscp.rnd -> [Ver = | Size = 600 bytes | Created Date = 6/11/2008 10:08:19 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 6/5/2008 4:51:55 PM | Attr = ] AOL -> %UserProfile%\Local Settings\Application Data\AOL -> [Folder | Created Date = 6/4/2008 1:45:52 PM | Attr = ] AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP -> [Folder | Created Date = 6/8/2008 12:35:04 PM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Created Date = 6/4/2008 1:44:31 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 15360 bytes | Created Date = 7/4/2008 7:42:28 PM | Attr = ] Digsby -> %UserProfile%\Local Settings\Application Data\Digsby -> [Folder | Created Date = 6/29/2008 12:42:07 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 77352 bytes | Created Date = 6/4/2008 1:44:53 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Created Date = 7/12/2008 3:32:24 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4316040 bytes | Created Date = 7/9/2008 7:07:12 PM | Attr = H ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Created Date = 7/12/2008 11:09:38 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 6/4/2008 1:44:33 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 6/4/2008 1:48:40 PM | Attr = ] AIMLogger -> %UserProfile%\My Documents\AIMLogger -> [Folder | Created Date = 6/8/2008 12:35:39 PM | Attr = ] Camping.pdf -> %UserProfile%\My Documents\Camping.pdf -> [Ver = | Size = 271265 bytes | Created Date = 7/8/2008 1:04:00 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 81 bytes | Created Date = 6/4/2008 1:44:53 PM | Attr = HS] Digsby Logs -> %UserProfile%\My Documents\Digsby Logs -> [Folder | Created Date = 6/29/2008 12:43:26 AM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Created Date = 6/28/2008 11:37:34 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Created Date = 6/4/2008 1:44:53 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 6/4/2008 1:44:53 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Created Date = 6/12/2008 8:47:04 PM | Attr = R ] Picasa2.lnk -> %AllUsersProfile%\Desktop\Picasa2.lnk -> [Ver = | Size = 666 bytes | Created Date = 7/12/2008 3:32:16 PM | Attr = ] 9th grade -> %UserProfile%\Desktop\9th grade -> [Folder | Created Date = 6/27/2008 11:58:46 PM | Attr = ] ancient nanotechnology article summary.doc -> %UserProfile%\Desktop\ancient nanotechnology article summary.doc -> [Ver = | Size = 35328 bytes | Created Date = 8/23/2008 3:55:56 PM | Attr = ] Contactlens HUD summary article.doc -> %UserProfile%\Desktop\Contactlens HUD summary article.doc -> [Ver = | Size = 35840 bytes | Created Date = 8/21/2008 3:33:07 PM | Attr = ] Dead zones article summary.doc -> %UserProfile%\Desktop\Dead zones article summary.doc -> [Ver = | Size = 35328 bytes | Created Date = 8/15/2008 8:21:29 PM | Attr = ] fixdesktop -> %UserProfile%\Desktop\fixdesktop -> [Folder | Created Date = 7/12/2008 2:51:49 PM | Attr = ] fixdesktop.zip -> %UserProfile%\Desktop\fixdesktop.zip -> [Ver = | Size = 579 bytes | Created Date = 7/12/2008 2:50:24 PM | Attr = ] invisability cloak article summary.doc -> %UserProfile%\Desktop\invisability cloak article summary.doc -> [Ver = | Size = 34816 bytes | Created Date = 8/18/2008 8:42:07 PM | Attr = ] jnes_1_0 -> %UserProfile%\Desktop\jnes_1_0 -> [Folder | Created Date = 8/23/2008 12:52:09 PM | Attr = ] microbatteries article summary.doc -> %UserProfile%\Desktop\microbatteries article summary.doc -> [Ver = | Size = 33792 bytes | Created Date = 8/21/2008 2:34:57 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/24/2008 12:32:23 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/24/2008 12:11:10 PM | Attr = ] picasaweb-current-setup.exe -> %UserProfile%\Desktop\picasaweb-current-setup.exe -> Google Inc. [Ver = 2.7.37.49 | Size = 6104632 bytes | Created Date = 7/12/2008 3:30:33 PM | Attr = ] RFID article summary.doc -> %UserProfile%\Desktop\RFID article summary.doc -> [Ver = | Size = 34816 bytes | Created Date = 8/15/2008 3:05:00 PM | Attr = ] Solar Energy article summary.doc -> %UserProfile%\Desktop\Solar Energy article summary.doc -> [Ver = | Size = 34816 bytes | Created Date = 8/15/2008 5:19:46 PM | Attr = ] Stem-cell blood article summary.doc -> %UserProfile%\Desktop\Stem-cell blood article summary.doc -> [Ver = | Size = 34816 bytes | Created Date = 8/21/2008 2:58:19 PM | Attr = ] worldrecords article summary.doc -> %UserProfile%\Desktop\worldrecords article summary.doc -> [Ver = | Size = 35328 bytes | Created Date = 8/21/2008 4:18:38 PM | Attr = ] ~$cient nanotechnology article summary.doc -> %UserProfile%\Desktop\~$cient nanotechnology article summary.doc -> [Ver = | Size = 162 bytes | Created Date = 8/23/2008 3:55:59 PM | Attr = H ] Launchy.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Launchy.lnk -> [Ver = | Size = 678 bytes | Created Date = 6/27/2008 11:55:02 PM | Attr = ] Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> [Ver = | Size = 1787 bytes | Created Date = 7/12/2008 11:05:18 AM | Attr = ] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 6/4/2008 1:44:31 PM | Attr = HS] Digsby_working -> %ProgramFiles%\Digsby_working -> [Folder | Created Date = 6/29/2008 12:38:22 AM | Attr = ] Launchy -> %ProgramFiles%\Launchy -> [Folder | Created Date = 6/27/2008 11:54:51 PM | Attr = ] MFInstall -> %ProgramFiles%\MFInstall -> [Folder | Created Date = 6/14/2008 10:24:07 AM | Attr = ] Picasa2 -> %ProgramFiles%\Picasa2 -> [Folder | Created Date = 7/12/2008 3:31:15 PM | Attr = ] Stardock -> %ProgramFiles%\Stardock -> [Folder | Created Date = 5/28/2008 9:18:01 PM | Attr = ] uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 6/27/2008 11:53:51 PM | Attr = ] Windows Desktop Search -> %ProgramFiles%\Windows Desktop Search -> [Folder | Created Date = 7/12/2008 11:04:48 AM | Attr = ] WinSCP -> %ProgramFiles%\WinSCP -> [Folder | Created Date = 6/11/2008 10:08:06 PM | Attr = ] [Files/Folders - Modified Within 90 days] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/4/2008 1:44:30 PM | Attr = ] eChalk Downloads -> %SystemDrive%\eChalk Downloads -> [Folder | Modified Date = 6/5/2008 10:37:11 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/12/2008 3:31:15 PM | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/2/2008 3:21:57 PM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 7/12/2008 10:52:47 AM | Attr = HS] VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 48455 bytes | Modified Date = 7/30/2008 4:21:45 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/14/2008 4:42:15 PM | Attr = ] COH_Mon.cat -> %SystemRoot%\System32\drivers\COH_Mon.cat -> [Ver = | Size = 10537 bytes | Modified Date = 7/30/2008 5:28:04 PM | Attr = ] COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf -> [Ver = | Size = 706 bytes | Modified Date = 7/30/2008 5:28:04 PM | Attr = ] COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23888 bytes | Modified Date = 7/30/2008 5:42:12 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 6/8/2008 12:50:15 AM | Attr = ] Hosts -> %SystemRoot%\System32\drivers\etc\Hosts -> [Ver = | Size = 774 bytes | Modified Date = 6/8/2008 12:50:15 AM | Attr = ] Hosts.bak -> %SystemRoot%\System32\drivers\etc\Hosts.bak -> [Ver = | Size = 2190 bytes | Modified Date = 6/5/2008 4:51:58 PM | Attr = RH ] sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Modified Date = 6/29/2008 11:43:44 PM | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Modified Date = 5/30/2008 7:30:31 PM | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 5/30/2008 7:30:31 PM | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 5/30/2008 7:30:30 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 8/18/2008 8:23:58 PM | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/21/2008 12:36:03 PM | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Modified Date = 8/18/2008 8:23:58 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/14/2008 3:11:21 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7/12/2008 3:32:17 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 7/12/2008 11:04:54 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 269392 bytes | Modified Date = 5/28/2008 3:11:22 AM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 7/12/2008 11:04:47 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 47890 bytes | Modified Date = 7/12/2008 11:05:02 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 335552 bytes | Modified Date = 7/12/2008 11:05:02 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 381472 bytes | Modified Date = 7/12/2008 11:05:02 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 7/9/2008 7:06:34 PM | Attr = ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.4.2 | Size = 60800 bytes | Modified Date = 5/30/2008 7:30:30 PM | Attr = ] structuredqueryschema.bin -> %SystemRoot%\System32\structuredqueryschema.bin -> [Ver = | Size = 106605 bytes | Modified Date = 5/26/2008 9:59:40 PM | Attr = ] structuredqueryschematrivial.bin -> %SystemRoot%\System32\structuredqueryschematrivial.bin -> [Ver = | Size = 18904 bytes | Modified Date = 5/26/2008 9:59:42 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 7/12/2008 11:04:46 AM | Attr = ] wfxhelp22.dll -> %SystemRoot%\System32\wfxhelp22.dll -> [Ver = | Size = 10 bytes | Modified Date = 5/28/2008 9:18:40 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 8/21/2008 12:02:11 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/14/2008 3:10:12 AM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/21/2008 12:01:21 PM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 8/18/2008 7:37:00 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 7/12/2008 8:47:25 AM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 8/14/2008 3:02:38 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/14/2008 3:10:47 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/18/2008 8:23:53 PM | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/29/2008 12:39:27 AM | Attr = HS] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 6061 bytes | Modified Date = 6/14/2008 11:03:54 AM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 6/4/2008 9:30:03 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/24/2008 12:35:58 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 8/21/2008 12:03:55 PM | Attr = H ] security -> %SystemRoot%\security -> [Folder | Modified Date = 7/12/2008 2:55:22 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/18/2008 7:37:01 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 8/24/2008 12:28:31 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 918 bytes | Modified Date = 7/30/2008 4:20:14 PM | Attr = ] windowfx2.ini -> %SystemRoot%\windowfx2.ini -> [Ver = | Size = 0 bytes | Modified Date = 5/28/2008 9:20:15 PM | Attr = ] windowfx3.ini -> %SystemRoot%\windowfx3.ini -> [Ver = | Size = 0 bytes | Modified Date = 5/28/2008 9:20:43 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/21/2008 12:02:05 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/30/2008 4:15:07 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 8/18/2008 8:21:32 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/18/2008 8:21:32 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 9/27/2006 9:50:20 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11096 bytes | Modified Date = 9/27/2006 9:50:35 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc -> [Folder | Modified Date = 8/21/2008 12:05:03 PM | Attr = ] Perflib_Perfdata_d94.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_d94.dat -> [Ver = | Size = 0 bytes | Modified Date = 8/21/2008 12:05:03 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 7/12/2008 11:08:02 AM | Attr = S] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 8/11/2008 1:01:38 PM | Attr = ] .googlewebacchosts -> %AppData%\.googlewebacchosts -> [Ver = | Size = 2730 bytes | Modified Date = 8/21/2008 12:12:56 PM | Attr = ] .purple -> %AppData%\.purple -> [Folder | Modified Date = 6/6/2008 3:24:18 PM | Attr = ] acccore -> %AppData%\acccore -> [Folder | Modified Date = 6/8/2008 12:35:31 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 6/5/2008 4:51:55 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 6/6/2008 5:40:40 PM | Attr = ] AOL -> %AppData%\AOL -> [Folder | Modified Date = 7/2/2008 2:05:06 PM | Attr = ] DAEMON Tools -> %AppData%\DAEMON Tools -> [Folder | Modified Date = 6/29/2008 11:42:49 PM | Attr = ] Digsby -> %AppData%\Digsby -> [Folder | Modified Date = 6/29/2008 12:42:33 AM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 6/4/2008 1:45:45 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Modified Date = 6/4/2008 1:45:20 PM | Attr = ] Launchy -> %AppData%\Launchy -> [Folder | Modified Date = 6/27/2008 11:59:49 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 6/4/2008 1:49:18 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 7/12/2008 11:09:40 AM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 6/4/2008 1:48:40 PM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 6/8/2008 12:50:18 AM | Attr = ] Talkback -> %AppData%\Talkback -> [Folder | Modified Date = 6/4/2008 1:48:53 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 7/9/2008 3:06:39 AM | Attr = ] Viewpoint -> %AppData%\Viewpoint -> [Folder | Modified Date = 7/2/2008 2:05:23 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 6/29/2008 12:54:20 AM | Attr = ] Windows Desktop Search -> %AppData%\Windows Desktop Search -> [Folder | Modified Date = 7/12/2008 11:08:52 AM | Attr = ] Windows Search -> %AppData%\Windows Search -> [Folder | Modified Date = 7/12/2008 2:09:02 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 6/29/2008 12:56:17 AM | Attr = ] winscp.rnd -> %AppData%\winscp.rnd -> [Ver = | Size = 600 bytes | Modified Date = 6/16/2008 1:12:08 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 6/5/2008 4:52:25 PM | Attr = ] AOL -> %UserProfile%\Local Settings\Application Data\AOL -> [Folder | Modified Date = 6/4/2008 8:19:50 PM | Attr = ] AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP -> [Folder | Modified Date = 6/8/2008 12:35:04 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 15360 bytes | Modified Date = 8/24/2008 1:26:14 AM | Attr = ] Digsby -> %UserProfile%\Local Settings\Application Data\Digsby -> [Folder | Modified Date = 6/29/2008 12:44:00 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 77352 bytes | Modified Date = 6/4/2008 1:44:53 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 7/12/2008 3:32:38 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4316040 bytes | Modified Date = 7/12/2008 11:06:49 AM | Attr = H ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Modified Date = 7/12/2008 11:09:38 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 7/9/2008 7:08:25 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Modified Date = 6/4/2008 1:48:40 PM | Attr = ] AIMLogger -> %UserProfile%\My Documents\AIMLogger -> [Folder | Modified Date = 6/8/2008 12:35:39 PM | Attr = ] Camping.pdf -> %UserProfile%\My Documents\Camping.pdf -> [Ver = | Size = 271265 bytes | Modified Date = 7/8/2008 1:04:01 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 81 bytes | Modified Date = 6/4/2008 1:45:26 PM | Attr = HS] Digsby Logs -> %UserProfile%\My Documents\Digsby Logs -> [Folder | Modified Date = 6/29/2008 12:43:26 AM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 8/24/2008 12:16:56 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 6/4/2008 1:45:26 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 6/4/2008 1:45:26 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 6/12/2008 8:47:04 PM | Attr = R ] Picasa2.lnk -> %AllUsersProfile%\Desktop\Picasa2.lnk -> [Ver = | Size = 666 bytes | Modified Date = 7/12/2008 3:32:16 PM | Attr = ] 9th grade -> %UserProfile%\Desktop\9th grade -> [Folder | Modified Date = 8/23/2008 12:54:11 PM | Attr = ] ancient nanotechnology article summary.doc -> %UserProfile%\Desktop\ancient nanotechnology article summary.doc -> [Ver = | Size = 35328 bytes | Modified Date = 8/23/2008 3:55:59 PM | Attr = ] Contactlens HUD summary article.doc -> %UserProfile%\Desktop\Contactlens HUD summary article.doc -> [Ver = | Size = 35840 bytes | Modified Date = 8/21/2008 3:33:07 PM | Attr = ] Dead zones article summary.doc -> %UserProfile%\Desktop\Dead zones article summary.doc -> [Ver = | Size = 35328 bytes | Modified Date = 8/15/2008 8:21:31 PM | Attr = ] fixdesktop -> %UserProfile%\Desktop\fixdesktop -> [Folder | Modified Date = 7/12/2008 2:51:49 PM | Attr = ] fixdesktop.zip -> %UserProfile%\Desktop\fixdesktop.zip -> [Ver = | Size = 579 bytes | Modified Date = 7/12/2008 2:49:58 PM | Attr = ] invisability cloak article summary.doc -> %UserProfile%\Desktop\invisability cloak article summary.doc -> [Ver = | Size = 34816 bytes | Modified Date = 8/18/2008 8:42:08 PM | Attr = ] jnes_1_0 -> %UserProfile%\Desktop\jnes_1_0 -> [Folder | Modified Date = 8/23/2008 12:54:30 PM | Attr = ] microbatteries article summary.doc -> %UserProfile%\Desktop\microbatteries article summary.doc -> [Ver = | Size = 33792 bytes | Modified Date = 8/21/2008 2:34:58 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/24/2008 12:35:47 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/24/2008 12:10:44 PM | Attr = ] picasaweb-current-setup.exe -> %UserProfile%\Desktop\picasaweb-current-setup.exe -> Google Inc. [Ver = 2.7.37.49 | Size = 6104632 bytes | Modified Date = 7/12/2008 3:30:43 PM | Attr = ] RFID article summary.doc -> %UserProfile%\Desktop\RFID article summary.doc -> [Ver = | Size = 34816 bytes | Modified Date = 8/15/2008 3:05:14 PM | Attr = ] Solar Energy article summary.doc -> %UserProfile%\Desktop\Solar Energy article summary.doc -> [Ver = | Size = 34816 bytes | Modified Date = 8/15/2008 6:36:06 PM | Attr = ] Stem-cell blood article summary.doc -> %UserProfile%\Desktop\Stem-cell blood article summary.doc -> [Ver = | Size = 34816 bytes | Modified Date = 8/21/2008 2:58:20 PM | Attr = ] worldrecords article summary.doc -> %UserProfile%\Desktop\worldrecords article summary.doc -> [Ver = | Size = 35328 bytes | Modified Date = 8/21/2008 4:18:39 PM | Attr = ] ~$cient nanotechnology article summary.doc -> %UserProfile%\Desktop\~$cient nanotechnology article summary.doc -> [Ver = | Size = 162 bytes | Modified Date = 8/23/2008 3:55:59 PM | Attr = H ] Launchy.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Launchy.lnk -> [Ver = | Size = 678 bytes | Modified Date = 6/27/2008 11:55:02 PM | Attr = ] Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> [Ver = | Size = 1787 bytes | Modified Date = 7/12/2008 11:05:18 AM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 8/24/2008 1:59:52 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]