[code] OTScanIt logfile created on: 8/25/2008 2:15:34 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.85% Memory free 2.58 Gb Paging File | 2.27 Gb Available in Paging File | 87.85% Paging File free Paging file location(s): C:\pagefile.sys 756 1512; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.52 Gb Total Space | 39.01 Gb Free Space | 56.94% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MONICACOMPUTER Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 86016 bytes | Modified Date = 6/3/2005 1:47:44 AM | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 372809 bytes | Modified Date = 6/3/2005 1:49:40 AM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4333 | Size = 77824 bytes | Modified Date = 6/29/2005 2:33:40 PM | Attr = ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4333 | Size = 114688 bytes | Modified Date = 6/29/2005 2:33:42 PM | Attr = ] apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.7.136 | Size = 114688 bytes | Modified Date = 11/7/2003 5:21:28 PM | Attr = ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 1.1.2.1 | Size = 14720000 bytes | Modified Date = 6/29/2005 1:25:30 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] spmgr.exe -> %ProgramFiles%\Sony\VAIO Power Management\SPMgr.exe -> Sony Corporation [Ver = 1.7.00.05130 | Size = 184320 bytes | Modified Date = 5/15/2005 5:51:24 AM | Attr = ] isbmgr.exe -> %ProgramFiles%\Sony\ISB Utility\ISBMgr.exe -> Sony Corporation [Ver = 1, 0, 0, 2180 | Size = 32768 bytes | Modified Date = 2/20/2004 2:12:34 PM | Attr = ] avrmtctr.exe -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> Sony Corporation [Ver = 1.3.00.01310 | Size = 192512 bytes | Modified Date = 1/31/2005 10:10:44 AM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 9:38:42 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ] ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.2.00.06030 | Size = 81920 bytes | Modified Date = 6/3/2005 7:16:00 AM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 8/9/2004 6:03:38 AM | Attr = ] apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 11:08:42 AM | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 139264 bytes | Modified Date = 6/3/2005 1:46:28 AM | Attr = ] vesmgr.exe -> %ProgramFiles%\Sony\VAIO Event Service\VESMgr.exe -> Sony Corporation [Ver = 2.3.00.04130 | Size = 176128 bytes | Modified Date = 8/11/2006 7:09:18 PM | Attr = ] vcsw.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -> Sony Corporation [Ver = 1.3.01.06130 | Size = 270336 bytes | Modified Date = 6/15/2005 11:17:38 AM | Attr = ] wdfsvc.exe -> %ProgramFiles%\Webroot\Webroot Desktop Firewall\wdfsvc.exe -> Webroot Software Inc (www.webroot.com) [Ver = 5.8.0.24 | Size = 353672 bytes | Modified Date = 7/2/2008 1:26:32 PM | Attr = ] spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 3577192 bytes | Modified Date = 7/28/2008 4:43:50 PM | Attr = ] igfxext.exe -> %SystemRoot%\system32\igfxext.exe -> Intel Corporation [Ver = 3.0.0.4333 | Size = 86016 bytes | Modified Date = 6/29/2005 2:33:42 PM | Attr = ] igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4333 | Size = 155648 bytes | Modified Date = 6/29/2005 2:33:46 PM | Attr = ] vzcdbsvc.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -> Sony Corporation [Ver = 1.3.01.04220 | Size = 167936 bytes | Modified Date = 6/15/2005 11:17:44 AM | Attr = ] vzfw.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.3.01.04220 | Size = 135168 bytes | Modified Date = 6/15/2005 11:17:44 AM | Attr = ] vzrs.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.4.00.14090 | Size = 143360 bytes | Modified Date = 2/9/2005 5:43:58 AM | Attr = ] ssscsisv.exe -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.2.00.06030 | Size = 69632 bytes | Modified Date = 6/3/2005 5:21:00 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 86016 bytes | Modified Date = 6/3/2005 1:47:44 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 10:49:03 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (Image Converter video recording monitor for VAIO Entertainment) Image Converter video recording monitor for VAIO Entertainment [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\Image Converter 2\IcVzMon.exe -> Sony Corporation [Ver = 1, 0, 0, 12270 | Size = 32768 bytes | Modified Date = 4/5/2005 1:06:36 PM | Attr = ] (MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.2.00.06070 | Size = 53337 bytes | Modified Date = 6/7/2005 1:32:54 AM | Attr = ] (NNServ) NNServ [Win32_Own | Auto | Stopped] -> %ProgramFiles%\NewDotNet\nnrun.exe C:\Program Files\NewDotNet\nncore.dll -> File not found (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7743 | Size = 127044 bytes | Modified Date = 6/9/2005 4:56:00 PM | Attr = ] (PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.2.00.06070 | Size = 53337 bytes | Modified Date = 6/7/2005 1:28:04 AM | Attr = ] (RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 139264 bytes | Modified Date = 6/3/2005 1:46:28 AM | Attr = ] (S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 372809 bytes | Modified Date = 6/3/2005 1:49:40 AM | Attr = ] (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.2.00.06070 | Size = 69718 bytes | Modified Date = 6/7/2005 1:22:34 AM | Attr = ] (SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.2.00.06030 | Size = 69632 bytes | Modified Date = 6/3/2005 5:21:00 AM | Attr = ] (VAIO Entertainment Aggregation and Control Service) VAIO Entertainment Aggregation and Control Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.4.00.14090 | Size = 143360 bytes | Modified Date = 2/9/2005 5:43:58 AM | Attr = ] (VAIO Entertainment Task Scheduler) VAIO Entertainment Task Scheduler [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\vaio entertainment\VzTaskScheduler.exe -> Sony Corporation [Ver = 1.4.00.14100 | Size = 397312 bytes | Modified Date = 2/10/2005 12:44:04 PM | Attr = ] (VAIO Entertainment TV Device Arbitration Service) VAIO Entertainment TV Device Arbitration Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 1.5.00.05271 | Size = 73728 bytes | Modified Date = 6/15/2005 11:17:46 AM | Attr = ] (VAIO Event Service) VAIO Event Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\VAIO Event Service\VESMgr.exe -> Sony Corporation [Ver = 2.3.00.04130 | Size = 176128 bytes | Modified Date = 8/11/2006 7:09:18 PM | Attr = ] (VAIOMediaPlatform-IntegratedServer-AppServer) VAIO Media Integrated Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\VMISrv.exe -> Sony Corporation [Ver = 4.2.03.06120 | Size = 1957888 bytes | Modified Date = 6/12/2006 2:03:34 PM | Attr = ] (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 3.0.00.18070 | Size = 57344 bytes | Modified Date = 6/7/2005 3:38:26 AM | Attr = ] (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 6.0.01.41190 | Size = 770048 bytes | Modified Date = 5/22/2006 12:34:12 PM | Attr = ] (VAIOMediaPlatform-Mobile-Gateway) VAIO Media Gateway Server [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -> Sony Corporation [Ver = 5.1.01.05170 | Size = 155648 bytes | Modified Date = 5/17/2006 5:19:26 PM | Attr = ] (Vcsw) VAIO Entertainment UPnP Client Adapter [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -> Sony Corporation [Ver = 1.3.01.06130 | Size = 270336 bytes | Modified Date = 6/15/2005 11:17:38 AM | Attr = ] (VzCdbSvc) VAIO Entertainment Database Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -> Sony Corporation [Ver = 1.3.01.04220 | Size = 167936 bytes | Modified Date = 6/15/2005 11:17:44 AM | Attr = ] (VzFw) VAIO Entertainment File Import Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.3.01.04220 | Size = 135168 bytes | Modified Date = 6/15/2005 11:17:44 AM | Attr = ] (WDFNet) Webroot Desktop Firewall network service [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Webroot Desktop Firewall\wdfsvc.exe -> Webroot Software Inc (www.webroot.com) [Ver = 5.8.0.24 | Size = 353672 bytes | Modified Date = 7/2/2008 1:26:32 PM | Attr = ] (WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 3577192 bytes | Modified Date = 7/28/2008 4:43:50 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found Alcmtr -> %SystemRoot%\ALCMTR.EXE ["C:\WINDOWS\ALCMTR.EXE"] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 6:43:28 PM | Attr = ] Apoint -> %ProgramFiles%\Apoint\Apoint.exe ["C:\Program Files\Apoint\Apoint.exe"] -> Alps Electric Co., Ltd. [Ver = 5.5.7.136 | Size = 114688 bytes | Modified Date = 11/7/2003 5:21:28 PM | Attr = ] AzMixerSel -> %ProgramFiles%\Realtek\InstallShield\AzMixerSel.exe ["C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"] -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 5 | Size = 45056 bytes | Modified Date = 4/29/2005 2:56:44 PM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe ["C:\WINDOWS\system32\hkcmd.exe"] -> Intel Corporation [Ver = 3.0.0.4333 | Size = 77824 bytes | Modified Date = 6/29/2005 2:33:40 PM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 9:38:42 AM | Attr = ] HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe ["C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb10.exe ["C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"] -> HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 3/4/2004 8:46:24 AM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe ["C:\WINDOWS\system32\igfxtray.exe"] -> Intel Corporation [Ver = 3.0.0.4333 | Size = 94208 bytes | Modified Date = 6/29/2005 2:33:46 PM | Attr = ] ISBMgr.exe -> %ProgramFiles%\Sony\ISB Utility\ISBMgr.exe ["C:\Program Files\Sony\ISB Utility\ISBMgr.exe"] -> Sony Corporation [Ver = 1, 0, 0, 2180 | Size = 32768 bytes | Modified Date = 2/20/2004 2:12:34 PM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup] -> InstallShield Software Corporation [Ver = 3, 20, 100, 1123 | Size = 221184 bytes | Modified Date = 8/9/2004 6:03:58 AM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 8/9/2004 6:03:38 AM | Attr = ] NapsterShell -> %ProgramFiles%\Napster\napster.exe ["C:\Program Files\Napster\napster.exe" /systray] -> Napster [Ver = 4.1.0.4 | Size = 323216 bytes | Modified Date = 12/10/2007 2:35:52 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll ["C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7743 | Size = 6746112 bytes | Modified Date = 6/9/2005 4:56:00 PM | Attr = ] Persistence -> %SystemRoot%\system32\igfxpers.exe ["C:\WINDOWS\system32\igfxpers.exe"] -> Intel Corporation [Ver = 3.0.0.4333 | Size = 114688 bytes | Modified Date = 6/29/2005 2:33:42 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 1/21/2006 8:34:24 PM | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.EXE ["C:\WINDOWS\RTHDCPL.EXE"] -> Realtek Semiconductor Corp. [Ver = 1.1.2.1 | Size = 14720000 bytes | Modified Date = 6/29/2005 1:25:30 PM | Attr = ] SonyPowerCfg -> %ProgramFiles%\Sony\VAIO Power Management\SPMgr.exe ["C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"] -> Sony Corporation [Ver = 1.7.00.05130 | Size = 184320 bytes | Modified Date = 5/15/2005 5:51:24 AM | Attr = ] SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe ["C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray] -> Webroot Software, Inc. [Ver = 5,8,1,51 | Size = 5418864 bytes | Modified Date = 7/28/2008 6:15:16 PM | Attr = ] SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe ["C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe"] -> [Ver = 3.2.00.06030 | Size = 81920 bytes | Modified Date = 6/3/2005 7:16:00 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] TVTunerLib -> %CommonProgramFiles%\Sony Shared\TVTunerLib\TVTLInstTool.exe ["C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe"] -> Sony Corporation [Ver = 1.0.00.14150 | Size = 245760 bytes | Modified Date = 2/16/2005 6:41:14 PM | Attr = ] VAIO Recovery -> %SystemRoot%\SONYSYS\VAIO Recovery\Partseal.exe ["C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"] -> Sony Electronics Inc [Ver = 1.0.2 | Size = 28672 bytes | Modified Date = 4/19/2003 9:08:44 PM | Attr = ] VAIO Update 3 -> %ProgramFiles%\Sony\VAIO Update 3\VAIOUpdt.exe ["C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary] -> Sony Corporation [Ver = 3.0.02.04240 | Size = 551032 bytes | Modified Date = 5/15/2007 8:46:28 PM | Attr = ] VZRemoteCommander -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe ["C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe"] -> Sony Corporation [Ver = 1.3.00.01310 | Size = 192512 bytes | Modified Date = 1/31/2005 10:10:44 AM | Attr = ] Webroot Desktop Firewall -> %ProgramFiles%\Webroot\Webroot Desktop Firewall\WDF.exe ["C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"] -> Webroot Software Inc (www.webroot.com) [Ver = 5.8.0.24 | Size = 2401672 bytes | Modified Date = 7/2/2008 1:26:30 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe ["C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"] -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 7/7/2008 9:42:06 AM | Attr = RHS] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/21/2007 6:51:29 AM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] < Run [HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\] > -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe ["C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"] -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 7/7/2008 9:42:06 AM | Attr = RHS] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/21/2007 6:51:29 AM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Image Transfer.lnk -> %ProgramFiles%\Sony Corporation\Image Transfer\SonyTray.exe -> [Ver = | Size = 73728 bytes | Modified Date = 5/16/2003 4:21:16 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\TrueAssistant.lnk -> %ProgramFiles%\TrueAssistant\TrueAssistant.exe -> Esaya, Inc. [Ver = 2, 1, 3, 5 | Size = 468992 bytes | Modified Date = 1/23/2006 11:30:56 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 8:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003] > -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4333 | Size = 131072 bytes | Modified Date = 6/29/2005 2:33:42 PM | Attr = ] VESWinlogon -> %SystemRoot%\system32\VESWinlogon.dll -> Sony Corporation [Ver = 2.1.00.13200 | Size = 73728 bytes | Modified Date = 8/11/2006 7:09:20 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003] > -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_DVD_RW_DW-Q58A_____________________UFS1____\5&224947b&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 7/13/2005 11:12:20 AM | Attr = ] < HOSTS File > (258498 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.sony.com/vaiopeople -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.sony.com/vaiopeople -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://www.sony.com/vaiopeople -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://www.sony.com/vaiopeople -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\] > -> -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4743 domain(s) found. -> 44 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4743 domain(s) found. -> free_aol.com [http] -> Trusted sites -> 45 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4742 domain(s) found. -> 43 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4742 domain(s) found. -> 43 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\] > -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4743 domain(s) found. -> free_aol.com [http] -> Trusted sites -> 45 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\] > -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = ] ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = ] WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\] > -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = ] ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = ] WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\] > -> HKEY_USERS\S-1-5-21-98588291-156557429-396801309-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 2:56:24 PM | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {052C0BA6-4675-4095-8CA7-C9FBE96567E5} -> (Intel(R) PRO/Wireless 2200BG Network Connection) -> {0EE94415-3B9D-4C8E-9E21-BB03E129A261} -> (1394 Net Adapter) -> {4E88EE34-D8A9-4056-B921-166CB29B9B5B} -> () -> {57451E48-9539-4185-8102-6E7333122C56} -> (1394 Net Adapter) -> {5F0FCF42-3FD3-44ED-8BFE-E966ECC98F98} -> (LAN-Express AS IEEE 802.11g miniPCI Adapter) -> {9B9AC52F-AF3D-4DE4-A401-17B27481C8F4} -> (Intel(R) PRO/100 VE Network Connection) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 9:38:40 AM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0246ECA8-996F-11D1-BE2F-00A0C9037DFE}[HKEY_LOCAL_MACHINE] -> http://www.anandabazar.com/wfplayer/tdserver.cab[TDServer Control] -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[Reg Error: Key does not exist or could not be opened.] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\common\yinsthelper.dll[YInstStarter Class] -> {3451DEDE-631F-421C-8127-FD793AFC6CC8}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[Reg Error: Key does not exist or could not be opened.] -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> {406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www.costcophotocenter.com/CostcoActivia.cab[Snapfish Activia] -> {427273CC-764E-11D3-823D-006097F90453}[HKEY_LOCAL_MACHINE] -> http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,34[Pixami Image Editor Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {924C1588-90C3-4910-B6CA-D57A1C0418FE}[HKEY_LOCAL_MACHINE] -> http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab[YbUploadFavsCtl Class] -> {9600F64D-755F-11D4-A47F-0001023E6D5A}[HKEY_LOCAL_MACHINE] -> http://web1.shutterfly.com/downloads/Uploader.cab[Shutterfly Picture Upload Plugin] -> {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {E9A7F56F-C40F-4928-8C6F-7A72F2A25222}[HKEY_LOCAL_MACHINE] -> http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37[AxRUploadControl Object] -> {FFFFFFFF-CACE-BABE-BABE-00AA0055595A}[HKEY_LOCAL_MACHINE] -> http://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxRUploadServer.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxRUploadServer.dll\\.Owner -> {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxRUploadServer.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BPImageEditor.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BPImageEditor.ocx\\.Owner -> {427273CC-764E-11D3-823D-006097F90453} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BPImageEditor.ocx\\{427273CC-764E-11D3-823D-006097F90453} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExifParser.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExifParser.dll\\.Owner -> {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExifParser.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FNFotoKioskImg.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FNFotoKioskImg.dll\\.Owner -> {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FNFotoKioskImg.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\\.Owner -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\\{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LtXmlLib3.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LtXmlLib3.dll\\.Owner -> {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LtXmlLib3.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\.Owner -> {9600F64D-755F-11D4-A47F-0001023E6D5A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\{9600F64D-755F-11D4-A47F-0001023E6D5A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\.Owner -> {3451DEDE-631F-421C-8127-FD793AFC6CC8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\{3451DEDE-631F-421C-8127-FD793AFC6CC8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tdserver.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tdserver.ocx\\.Owner -> {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tdserver.ocx\\{0246ECA8-996F-11D1-BE2F-00A0C9037DFE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsi.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsi.dll\\.Owner -> {44990200-3C9D-426D-81DF-AAB636FA4345} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsi.dll\\{44990200-3C9D-426D-81DF-AAB636FA4345} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsr.dll\\.Owner -> {44990301-3C9D-426D-81DF-AAB636FA4345} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsr.dll\\{44990301-3C9D-426D-81DF-AAB636FA4345} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YbConvFav030408.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YbConvFav030408.dll\\.Owner -> {924C1588-90C3-4910-B6CA-D57A1C0418FE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YbConvFav030408.dll\\{924C1588-90C3-4910-B6CA-D57A1C0418FE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 9:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 904 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 44 08 BE BF D5 80 E0 88 4B B2 7A 0A FE 1E 40 42 63 39 33 62 66 33 33 61 00 00 00 00 52 14 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 65 D8 32 1C B9 93 3B 5D 7B CE E2 C9 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 0C BB 48 56 52 BE D0 59 67 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> A5 E9 CF 4C C0 C8 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 43 49 E3 2E F5 74 BC 5F D5 DA 7A 05 F1 85 D4 42 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 5E 22 63 5C 1E 8F C5 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 61854 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\Temp\WZSE0.TMP\SymNRT.exe -> %UserProfile%\Local Settings\Temp\WZSE0.TMP\SymNRT.exe [C:\Documents and Settings\Owner\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\135:TCP -> 135:TCP:*:Enabled:DCOM(135) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 8/19/2008 4:27:29 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2137509888 bytes | Created Date = 8/12/2008 4:37:44 PM | Attr = HS] Update -> %SystemDrive%\Update -> [Folder | Created Date = 8/14/2008 2:43:16 PM | Attr = ] pwipf6.sys -> %SystemRoot%\System32\drivers\pwipf6.sys -> Webroot Software Inc (www.webroot.com) [Ver = 6.0.19.2 | Size = 103304 bytes | Created Date = 7/2/2008 1:26:34 PM | Attr = ] ssfs0bbc.sys -> %SystemRoot%\System32\drivers\ssfs0bbc.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 29808 bytes | Created Date = 7/28/2008 4:44:00 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/19/2008 4:26:09 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/19/2008 4:26:09 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 8/19/2008 4:26:09 PM | Attr = ] SsiEfr.exe -> %SystemRoot%\System32\SsiEfr.exe -> [Ver = | Size = 15208 bytes | Created Date = 7/28/2008 4:43:48 PM | Attr = ] wdfproc.dll -> %SystemRoot%\System32\wdfproc.dll -> Webroot Software Inc (www.webroot.com) [Ver = 5.8.0.24 | Size = 173448 bytes | Created Date = 7/2/2008 1:26:30 PM | Attr = ] wrLZMA.dll -> %SystemRoot%\System32\wrLZMA.dll -> [Ver = | Size = 31080 bytes | Created Date = 7/28/2008 4:43:56 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 8/12/2008 5:23:15 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 8/7/2008 3:48:23 PM | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> wrSpySweeperFullSweep.job -> %SystemRoot%\tasks\wrSpySweeperFullSweep.job -> [Ver = | Size = 1478 bytes | Created Date = 8/8/2008 9:41:18 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 8/7/2008 4:00:35 PM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Created Date = 8/8/2008 1:51:34 PM | Attr = ] cc_20080808_1341_RegBackup.reg -> %UserProfile%\My Documents\cc_20080808_1341_RegBackup.reg -> [Ver = | Size = 91124 bytes | Created Date = 8/8/2008 1:41:45 PM | Attr = ] cc_20080812_170637_backup.reg -> %UserProfile%\My Documents\cc_20080812_170637_backup.reg -> [Ver = | Size = 271578 bytes | Created Date = 8/12/2008 5:06:45 PM | Attr = ] Spy Sweeper.lnk -> %AllUsersProfile%\Desktop\Spy Sweeper.lnk -> [Ver = | Size = 1641 bytes | Created Date = 8/8/2008 9:41:08 AM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 8/12/2008 4:58:02 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/25/2008 2:12:50 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/25/2008 2:12:15 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Created Date = 8/14/2008 3:29:55 PM | Attr = ] CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 8/12/2008 4:58:02 PM | Attr = ] MSECACHE -> %ProgramFiles%\MSECACHE -> [Folder | Created Date = 8/12/2008 4:26:43 PM | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 8/7/2008 4:00:35 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 8/11/2008 3:44:00 PM | Attr = ] Uninstall Ask Toolbar.dll -> %ProgramFiles%\Uninstall Ask Toolbar.dll -> Ask.com [Ver = 2, 3, 0, 11 | Size = 267592 bytes | Created Date = 8/8/2008 9:59:10 AM | Attr = ] Windows Installer Clean Up -> %ProgramFiles%\Windows Installer Clean Up -> [Folder | Created Date = 8/12/2008 4:27:11 PM | Attr = ] [Files/Folders - Modified Within 90 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 216 bytes | Modified Date = 8/11/2008 5:52:51 PM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/19/2008 4:27:39 PM | Attr = HS] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 8/12/2008 4:33:48 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2137509888 bytes | Modified Date = 8/25/2008 2:08:27 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/14/2008 1:47:41 PM | Attr = ] Update -> %SystemDrive%\Update -> [Folder | Modified Date = 8/14/2008 3:44:13 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/19/2008 4:03:49 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/14/2008 3:37:03 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 258498 bytes | Modified Date = 8/14/2008 3:37:03 PM | Attr = R ] HOSTS.bak -> %SystemRoot%\System32\drivers\etc\HOSTS.bak -> [Ver = | Size = 257725 bytes | Modified Date = 8/8/2008 3:59:23 PM | Attr = R ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 438 bytes | Modified Date = 8/25/2008 2:09:59 PM | Attr = ] pwipf6.sys -> %SystemRoot%\System32\drivers\pwipf6.sys -> Webroot Software Inc (www.webroot.com) [Ver = 6.0.19.2 | Size = 103304 bytes | Modified Date = 7/2/2008 1:26:34 PM | Attr = ] ssfs0bbc.sys -> %SystemRoot%\System32\drivers\ssfs0bbc.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 29808 bytes | Modified Date = 7/28/2008 4:44:00 PM | Attr = ] sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 23152 bytes | Modified Date = 7/28/2008 4:44:02 PM | Attr = ] ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 166512 bytes | Modified Date = 7/28/2008 4:44:02 PM | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Modified Date = 6/7/2008 11:06:10 PM | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 6/7/2008 11:06:10 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/25/2008 2:09:57 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/14/2008 5:25:14 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/19/2008 4:27:34 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:01 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:04 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] Lang -> %SystemRoot%\System32\Lang -> [Folder | Modified Date = 8/25/2008 2:08:40 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 8/12/2008 5:01:26 PM | Attr = ] SsiEfr.exe -> %SystemRoot%\System32\SsiEfr.exe -> [Ver = | Size = 15208 bytes | Modified Date = 7/28/2008 4:43:48 PM | Attr = ] wdfproc.dll -> %SystemRoot%\System32\wdfproc.dll -> Webroot Software Inc (www.webroot.com) [Ver = 5.8.0.24 | Size = 173448 bytes | Modified Date = 7/2/2008 1:26:30 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/25/2008 2:10:52 PM | Attr = ] wrLZMA.dll -> %SystemRoot%\System32\wrLZMA.dll -> [Ver = | Size = 31080 bytes | Modified Date = 7/28/2008 4:43:56 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/14/2008 5:24:08 PM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/25/2008 2:08:28 PM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 8/12/2008 5:24:27 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/11/2008 6:28:41 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/12/2008 5:26:56 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/14/2008 5:25:25 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/19/2008 4:27:38 PM | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 8/8/2008 1:31:23 PM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 494 bytes | Modified Date = 8/19/2008 4:27:37 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/8/2008 9:45:51 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 8/8/2008 9:38:46 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/11/2008 5:52:50 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/25/2008 2:08:34 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/14/2008 1:39:54 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/25/2008 2:12:52 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 794 bytes | Modified Date = 8/11/2008 5:52:51 PM | Attr = ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 82 bytes | Modified Date = 8/8/2008 11:40:19 AM | Attr = ] WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,8,1,51 | Size = 1538928 bytes | Modified Date = 7/28/2008 6:15:14 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/25/2008 2:08:32 PM | Attr = H ] wrSpySweeperFullSweep.job -> %SystemRoot%\tasks\wrSpySweeperFullSweep.job -> [Ver = | Size = 1478 bytes | Modified Date = 8/8/2008 9:41:18 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 7/13/2005 1:22:56 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5524 bytes | Modified Date = 8/25/2008 2:10:48 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5524 bytes | Modified Date = 8/25/2008 2:10:51 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 12/22/2005 10:23:07 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11066 bytes | Modified Date = 12/22/2005 10:23:14 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 8/25/2008 2:14:19 PM | Attr = ] AD-AWARE.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\AD-AWARE.EXE -> Lavasoft Sweden [Ver = 6.2.0.236 | Size = 824832 bytes | Modified Date = 5/27/2005 2:22:00 PM | Attr = ] EZPCFix.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\EZPCFix.exe -> http://www.EzPcFix.net [Ver = 1.00.0016 | Size = 806912 bytes | Modified Date = 10/1/2005 12:00:00 PM | Attr = ] GLF17.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF17.EXE -> [Ver = | Size = 151552 bytes | Modified Date = 5/2/2003 2:13:12 PM | Attr = ] GLF24.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF24.EXE -> [Ver = | Size = 151552 bytes | Modified Date = 5/2/2003 4:13:12 PM | Attr = ] GLF45.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF45.EXE -> [Ver = | Size = 151552 bytes | Modified Date = 5/2/2003 2:13:12 PM | Attr = ] GLF55.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF55.EXE -> [Ver = | Size = 151552 bytes | Modified Date = 5/2/2003 3:13:12 PM | Attr = ] GLF64.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF64.EXE -> [Ver = | Size = 151552 bytes | Modified Date = 5/2/2003 2:13:12 PM | Attr = ] GLF7.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF7.EXE -> [Ver = | Size = 151552 bytes | Modified Date = 5/2/2003 2:13:12 PM | Attr = ] 10 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\Drivers\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Drivers -> [Folder | Modified Date = 8/14/2008 3:09:15 PM | Attr = ] SOAVMS-01201602-UN.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Drivers\SOAVMS-01201602-UN.exe -> Sony Corporation [Ver = 1.0.00.42120 | Size = 7312528 bytes | Modified Date = 6/21/2006 6:09:00 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\GLF19\ -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF19 -> [Folder | Modified Date = 8/14/2008 3:25:52 PM | Attr = ] SOAVES-01205105-UN.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF19\SOAVES-01205105-UN.exe -> Sony Corporation [Ver = 2.3.00.08110 | Size = 3837704 bytes | Modified Date = 9/11/2006 10:01:24 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\GLF26\ -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF26 -> [Folder | Modified Date = 8/14/2008 2:37:50 PM | Attr = ] SOAVUD-01451706-UN.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF26\SOAVUD-01451706-UN.exe -> Sony Corporation [Ver = 3.0.02.05090 | Size = 6691992 bytes | Modified Date = 5/24/2007 3:05:00 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\GLF47\ -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF47 -> [Folder | Modified Date = 8/14/2008 2:53:18 PM | Attr = ] SOACTD-00772708-UN.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF47\SOACTD-00772708-UN.exe -> Sony Corporation [Ver = 2.5.32.08000 | Size = 102090168 bytes | Modified Date = 9/1/2006 8:32:48 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\GLF66\ -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF66 -> [Folder | Modified Date = 8/14/2008 3:10:39 PM | Attr = ] PHBSYS-00916215-UN.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF66\PHBSYS-00916215-UN.exe -> Sony Corporation [Ver = R0084J1 | Size = 954294 bytes | Modified Date = 7/6/2006 11:37:24 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\GLF9\ -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF9 -> [Folder | Modified Date = 8/14/2008 3:24:43 PM | Attr = ] SOASNU-00840002-UN.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\GLF9\SOASNU-00840002-UN.exe -> Sony Corporation [Ver = 6.4.0.06290 | Size = 2097424 bytes | Modified Date = 7/11/2006 9:35:26 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\pft69.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\pft69.tmp\ -> [Folder | Modified Date = 8/14/2008 3:10:56 PM | Attr = ] WBFLASH.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\pft69.tmp\WBFLASH.exe -> Sony Corporation [Ver = 1.0.01.10181 | Size = 65536 bytes | Modified Date = 10/18/2004 6:05:22 PM | Attr = ] WinPhlash.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\pft69.tmp\WinPhlash.exe -> Phoenix Technologies, Ltd. [Ver = 1.4.00.11100 | Size = 167936 bytes | Modified Date = 11/10/2004 4:26:30 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/25/2008 2:12:53 PM | Attr = ] Perflib_Perfdata_120.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_120.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/14/2008 1:09:41 PM | Attr = ] Perflib_Perfdata_18c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_18c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/12/2008 4:38:47 PM | Attr = ] Perflib_Perfdata_1a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/11/2008 5:36:03 PM | Attr = ] Perflib_Perfdata_334.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_334.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/12/2008 5:13:20 PM | Attr = ] Perflib_Perfdata_340.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_340.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/8/2008 9:44:08 AM | Attr = ] Perflib_Perfdata_448.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_448.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/8/2008 9:28:45 AM | Attr = ] Perflib_Perfdata_4b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/7/2008 3:32:28 PM | Attr = ] Perflib_Perfdata_518.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_518.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/11/2008 3:16:51 PM | Attr = ] Perflib_Perfdata_77c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_77c.dat -> [Ver = | Size = 0 bytes | Modified Date = 8/14/2008 3:19:06 PM | Attr = ] Perflib_Perfdata_798.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_798.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/14/2008 1:48:51 PM | Attr = ] Perflib_Perfdata_838.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_838.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/25/2008 2:09:17 PM | Attr = ] Perflib_Perfdata_ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/12/2008 3:43:19 PM | Attr = ] Perflib_Perfdata_f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/11/2008 5:20:25 PM | Attr = ] 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 8/14/2008 3:43:25 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 6/19/2008 10:42:49 PM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Modified Date = 8/8/2008 1:51:34 PM | Attr = ] Sony Corporation -> %AppData%\Sony Corporation -> [Folder | Modified Date = 8/14/2008 2:41:57 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 95232 bytes | Modified Date = 7/8/2008 10:28:41 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 9116410 bytes | Modified Date = 8/19/2008 5:23:25 PM | Attr = H ] cc_20080808_1341_RegBackup.reg -> %UserProfile%\My Documents\cc_20080808_1341_RegBackup.reg -> [Ver = | Size = 91124 bytes | Modified Date = 8/8/2008 1:42:07 PM | Attr = ] cc_20080812_170637_backup.reg -> %UserProfile%\My Documents\cc_20080812_170637_backup.reg -> [Ver = | Size = 271578 bytes | Modified Date = 8/12/2008 5:06:53 PM | Attr = ] Image Transfer -> %UserProfile%\My Documents\Image Transfer -> [Folder | Modified Date = 7/14/2008 10:37:53 AM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 7/18/2008 8:01:10 PM | Attr = R ] Spy Sweeper.lnk -> %AllUsersProfile%\Desktop\Spy Sweeper.lnk -> [Ver = | Size = 1641 bytes | Modified Date = 8/8/2008 9:41:08 AM | Attr = ] Webroot Desktop Firewall.lnk -> %AllUsersProfile%\Desktop\Webroot Desktop Firewall.lnk -> [Ver = | Size = 853 bytes | Modified Date = 8/19/2008 4:27:35 PM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 8/12/2008 4:58:02 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/25/2008 2:12:51 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/25/2008 2:12:18 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Personal -> %UserProfile%\Desktop\Personal -> [Folder | Modified Date = 6/2/2008 8:54:54 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Modified Date = 8/19/2008 4:42:23 PM | Attr = ] Sony Shared -> %CommonProgramFiles%\Sony Shared -> [Folder | Modified Date = 8/14/2008 3:26:12 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 8/14/2008 1:47:41 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]