[code] OTScanIt logfile created on: 8/30/2008 8:12:04 AM OTScanIt by OldTimer - Version 1.0.17.0 Folder = C:\Program Files\OTScanit\OTScanIt Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.48 Mb Total Physical Memory | 398.28 Mb Available Physical Memory | 39.22% Memory free 1.88 Gb Paging File | 1.08 Gb Available in Paging File | 57.31% Paging File free Paging file location(s): C:\pagefile.sys 1000 2000; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 115.04 Gb Total Space | 39.75 Gb Free Space | 34.56% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 350.72 Gb Total Space | 282.70 Gb Free Space | 80.60% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 115.04 Gb Total Space | 39.75 Gb Free Space | 34.56% Space Free | Partition Type: NTFS Computer Name: FOSTERFAMILY Current User Name: Charlie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 878592 bytes | Modified Date = 1/16/2006 8:46:12 AM | Attr = R ] vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 75304 bytes | Modified Date = 4/2/2008 9:07:54 PM | Attr = ] scanningprocess.exe -> %SystemRoot%\system32\ZoneLabs\avsys\ScanningProcess.exe -> [Ver = | Size = 139264 bytes | Modified Date = 12/3/2007 3:53:58 PM | Attr = ] aawservice.exe -> E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] dkservice.exe -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 7/26/2005 6:51:22 PM | Attr = ] logmein.exe -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 8/3/2007 3:09:34 PM | Attr = ] lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:28 PM | Attr = ] pdhelper.exe -> e:\Program Files\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe -> [Ver = | Size = 1539470 bytes | Modified Date = 8/29/2007 11:22:02 AM | Attr = ] richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 2.0.0929 | Size = 266343 bytes | Modified Date = 9/28/2006 5:18:00 PM | Attr = ] wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:27:44 AM | Attr = ] shwiconem.exe -> %ProgramFiles%\eMachines Bay Reader\shwiconEM.exe -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 3/11/2004 3:18:54 PM | Attr = ] acrotray.exe -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.1.0.2008042300 | Size = 483328 bytes | Modified Date = 4/23/2008 2:08:13 AM | Attr = ] incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 1398272 bytes | Modified Date = 1/16/2006 8:46:28 AM | Attr = R ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 8/3/2007 3:09:34 PM | Attr = ] zlclient.exe -> E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 919016 bytes | Modified Date = 4/2/2008 9:07:54 PM | Attr = ] lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:28 PM | Attr = ] usbtip.exe -> %ProgramFiles%\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe -> Pinnacle Systems GmbH [Ver = 1.0.14.00 | Size = 196608 bytes | Modified Date = 1/23/2006 4:42:58 PM | Attr = ] pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ] ituneshelper.exe -> E:\Program Files\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 2:42:04 PM | Attr = ] aolsoftware.exe -> %CommonProgramFiles%\AOL\1100906604\EE\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 4:52:48 PM | Attr = ] everioservice.exe -> E:\Program Files\CyberLink\PCM4Everio\EverioService.exe -> CyberLink Corp. [Ver = 1.00.1122 | Size = 151552 bytes | Modified Date = 11/22/2006 10:10:06 PM | Attr = ] aolsp scheduler.exe -> %SystemDrive%\found.000\dir0007.chk\ver2_0_7\AOLSP Scheduler.exe -> [Ver = | Size = 1536 bytes | Modified Date = 10/7/2005 12:57:03 PM | Attr = ] anydvdtray.exe -> E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe -> SlySoft, Inc. [Ver = 6.4.3.2 | Size = 2120640 bytes | Modified Date = 5/28/2008 3:10:09 AM | Attr = ] yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ] mantispm.exe -> e:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [Ver = 5, 0, 6, 8903 | Size = 804376 bytes | Modified Date = 5/11/2007 7:50:24 AM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 4:50:35 AM | Attr = R ] redswoosh.exe -> %ProgramFiles%\RSSoft\RedSwoosh.exe -> [Ver = | Size = 62436 bytes | Modified Date = 2/26/2007 5:30:38 PM | Attr = ] mssysmgr.exe -> %ProgramFiles%\Nero\data\Xtras\mssysmgr.exe -> Ahead Software [Ver = 1.0.1.0 | Size = 212992 bytes | Modified Date = 2/25/2005 4:28:03 PM | Attr = ] googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 1:22:02 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 2:41:56 PM | Attr = ] jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 329104 bytes | Modified Date = 2/22/2008 4:25:20 AM | Attr = ] shwiconem.exe -> %ProgramFiles%\eMachines Bay Reader\shwiconEM.exe -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 3/11/2004 3:18:54 PM | Attr = ] acrotray.exe -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.1.0.2008042300 | Size = 483328 bytes | Modified Date = 4/23/2008 2:08:13 AM | Attr = ] incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 1398272 bytes | Modified Date = 1/16/2006 8:46:28 AM | Attr = R ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 8/3/2007 3:09:34 PM | Attr = ] lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:28 PM | Attr = ] zlclient.exe -> E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 919016 bytes | Modified Date = 4/2/2008 9:07:54 PM | Attr = ] usbtip.exe -> %ProgramFiles%\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe -> Pinnacle Systems GmbH [Ver = 1.0.14.00 | Size = 196608 bytes | Modified Date = 1/23/2006 4:42:58 PM | Attr = ] pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ] ituneshelper.exe -> E:\Program Files\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 2:42:04 PM | Attr = ] aolsoftware.exe -> %CommonProgramFiles%\AOL\1100906604\EE\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 4:52:48 PM | Attr = ] everioservice.exe -> E:\Program Files\CyberLink\PCM4Everio\EverioService.exe -> CyberLink Corp. [Ver = 1.00.1122 | Size = 151552 bytes | Modified Date = 11/22/2006 10:10:06 PM | Attr = ] aolsp scheduler.exe -> %SystemDrive%\found.000\dir0007.chk\ver2_0_7\AOLSP Scheduler.exe -> [Ver = | Size = 1536 bytes | Modified Date = 10/7/2005 12:57:03 PM | Attr = ] versioncuecs2tray.exe -> E:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe -> Adobe Sytems Incorporated [Ver = 2, 0, 0, 0 | Size = 856064 bytes | Modified Date = 4/4/2005 6:58:30 PM | Attr = ] mssysmgr.exe -> %ProgramFiles%\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe -> [Ver = | Size = 196608 bytes | Modified Date = 5/12/2004 12:04:54 PM | Attr = ] myspaceim.exe -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.739.0 | Size = 8720384 bytes | Modified Date = 12/6/2007 11:33:26 PM | Attr = ] picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 10/23/2007 1:18:15 PM | Attr = ] mantispm.exe -> e:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [Ver = 5, 0, 6, 8903 | Size = 804376 bytes | Modified Date = 5/11/2007 7:50:24 AM | Attr = ] myspaceim.exe -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.739.0 | Size = 8720384 bytes | Modified Date = 12/6/2007 11:33:26 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 11/20/2007 11:44:57 PM | Attr = ] avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 1235736 bytes | Modified Date = 8/29/2008 8:04:28 AM | Attr = ] avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 1235736 bytes | Modified Date = 8/29/2008 8:04:28 AM | Attr = ] avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 231704 bytes | Modified Date = 8/29/2008 8:04:19 AM | Attr = ] avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 7/3/2008 6:14:58 PM | Attr = ] avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 875288 bytes | Modified Date = 8/29/2008 8:04:23 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 11/20/2007 11:44:57 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 8/28/2008 7:37:08 AM | Attr = ] otscanit.exe -> %ProgramFiles%\OTScanit\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 402944 bytes | Modified Date = 8/26/2008 8:26:02 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 1/8/2006 7:01:24 PM | Attr = ] (Adobe Version Cue CS2) Adobe Version Cue CS2 [Win32_Own | On_Demand | Stopped] -> E:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -> Adobe Systems Incorporated [Ver = 2, 0, 0, 0 | Size = 163840 bytes | Modified Date = 4/4/2005 6:58:28 PM | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 4:50:35 AM | Attr = R ] (AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 12:54:14 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] (avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 875288 bytes | Modified Date = 8/29/2008 8:04:23 AM | Attr = ] (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 231704 bytes | Modified Date = 8/29/2008 8:04:19 AM | Attr = ] (ColdFusion MX 7 Application Server) ColdFusion MX 7 Application Server [Win32_Own | Disabled | Stopped] -> %SystemDrive%\CFusionMX7\runtime\bin\jrunsvc.exe -> Macromedia Inc. [Ver = 4,0,3,89225 | Size = 61440 bytes | Modified Date = 1/24/2005 8:59:39 AM | Attr = ] (ColdFusion MX 7 Search Server) ColdFusion MX 7 Search Server [Win32_Own | Disabled | Stopped] -> %SystemDrive%\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe -> Verity, Inc. [Ver = Build 20040208 | Size = 2711312 bytes | Modified Date = 9/23/2004 2:30:58 PM | Attr = ] (Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 7/26/2005 6:51:22 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 4:12:17 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 11/20/2007 11:12:17 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 2:06:04 AM | Attr = ] (InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 878592 bytes | Modified Date = 1/16/2006 8:46:12 AM | Attr = R ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 2:41:56 PM | Attr = ] (LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 8/3/2007 3:09:34 PM | Attr = ] (Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 6/9/2006 6:12:14 PM | Attr = ] (McShield) McAfee.com McShield [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 3/13/2002 8:50:34 AM | Attr = ] (mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 8 | Size = 245760 bytes | Modified Date = 8/21/2003 7:06:56 PM | Attr = ] (MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 106496 bytes | Modified Date = 8/8/2003 7:04:38 PM | Attr = ] (MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.7.00.12140 | Size = 45056 bytes | Modified Date = 12/14/2006 3:21:20 AM | Attr = ] (PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> [Ver = 4.7.00.12140 | Size = 57344 bytes | Modified Date = 12/14/2006 2:46:16 AM | Attr = ] (PDHelper.exe) PDHelper.exe [Win32_Own | Auto | Running] -> e:\Program Files\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe -> [Ver = | Size = 1539470 bytes | Modified Date = 8/29/2007 11:22:02 AM | Attr = ] (RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 2.0.0929 | Size = 266343 bytes | Modified Date = 9/28/2006 5:18:00 PM | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 10/2/2007 5:27:06 PM | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 10/2/2007 5:27:12 PM | Attr = ] (SonicStage Back-End Service) SonicStage Back-End Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SsBeSvc.exe -> Sony Corporation [Ver = 4.3.01.14020 | Size = 112184 bytes | Modified Date = 2/5/2007 11:11:16 AM | Attr = ] (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.7.00.12140 | Size = 69632 bytes | Modified Date = 12/14/2006 3:02:08 AM | Attr = ] (SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 4.3.01.14020 | Size = 75320 bytes | Modified Date = 2/5/2007 11:11:18 AM | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 75304 bytes | Modified Date = 4/2/2008 9:07:54 PM | Attr = ] (WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:27:44 AM | Attr = ] (WinVNC4) VNC Server Version 4 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 3/11/2005 3:40:26 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Acrobat Assistant 7.0 -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe ["E:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 7.1.0.2008042300 | Size = 483328 bytes | Modified Date = 4/23/2008 2:08:13 AM | Attr = ] Adobe Version Cue CS2 -> E:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [E:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe] -> Adobe Sytems Incorporated [Ver = 2, 0, 0, 0 | Size = 856064 bytes | Modified Date = 4/4/2005 6:58:30 PM | Attr = ] AOL Spyware Protection -> %SystemDrive%\found.000\dir0007.chk\ver2_0_7\AOLSP Scheduler.exe [C:\found.000\dir0007.chk\ver2_0_7\AOLSP Scheduler.exe] -> [Ver = | Size = 1536 bytes | Modified Date = 10/7/2005 12:57:03 PM | Attr = ] AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 4:50:37 AM | Attr = R ] AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 1235736 bytes | Modified Date = 8/29/2008 8:04:28 AM | Attr = ] DiskeeperSystray -> %ProgramFiles%\Executive Software\Diskeeper\DkIcon.exe ["C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"] -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 184408 bytes | Modified Date = 7/26/2005 6:52:24 PM | Attr = ] EverioService -> e:\Program Files\CyberLink\PCM4Everio\EverioService.exe ["e:\Program Files\CyberLink\PCM4Everio\EverioService.exe"] -> CyberLink Corp. [Ver = 1.00.1122 | Size = 151552 bytes | Modified Date = 11/22/2006 10:10:06 PM | Attr = ] HostManager -> %CommonProgramFiles%\AOL\1100906604\EE\aolsoftware.exe [C:\Program Files\Common Files\AOL\1100906604\ee\AOLSoftware.exe] -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 4:52:48 PM | Attr = ] InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe [C:\Program Files\Ahead\InCD\InCD.exe] -> Nero AG [Ver = 4, 3, 23, 0 | Size = 1398272 bytes | Modified Date = 1/16/2006 8:46:28 AM | Attr = R ] iTunesHelper -> E:\Program Files\iTunes\iTunesHelper.exe ["E:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 2:42:04 PM | Attr = ] LogMeIn GUI -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 8/3/2007 3:09:34 PM | Attr = ] MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [c:\PROGRA~1\mcafee.com\agent\mcagent.exe] -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 10 | Size = 245760 bytes | Modified Date = 8/27/2003 12:00:12 PM | Attr = ] MCUpdateExe -> %SystemDrive%\PROGRA~1\mcafee.com\agent\McUpdate.exe [c:\PROGRA~1\mcafee.com\agent\McUpdate.exe] -> File not found NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 12:50:42 PM | Attr = ] PCLEUSBTip -> %ProgramFiles%\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe] -> Pinnacle Systems GmbH [Ver = 1.0.14.00 | Size = 196608 bytes | Modified Date = 1/23/2006 4:42:58 PM | Attr = ] PinnacleDriverCheck -> %SystemRoot%\system32\PSDrvCheck.exe [C:\WINDOWS\system32\PSDrvCheck.exe] -> [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 11/10/2003 5:06:08 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ] RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] SunKistEM -> %ProgramFiles%\eMachines Bay Reader\shwiconEM.exe [C:\Program Files\eMachines Bay Reader\shwiconem.exe] -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 3/11/2004 3:18:54 PM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 11/20/2007 11:44:57 PM | Attr = ] USB2Check -> %SystemRoot%\system32\PCLECoInst.dll [RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController] -> Pinnacle Systems [Ver = 1, 1, 1, 18 | Size = 73728 bytes | Modified Date = 12/21/2005 11:14:52 AM | Attr = ] USBToolTip -> %ProgramFiles%\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe ["C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"] -> Pinnacle Systems GmbH [Ver = 1.0.14.00 | Size = 196608 bytes | Modified Date = 1/23/2006 4:42:58 PM | Attr = ] VirusScan Online -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe [c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled] -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 15 | Size = 163840 bytes | Modified Date = 8/17/2003 10:50:34 PM | Attr = ] VSOCheckTask -> %ProgramFiles%\McAfee.com\VSO\mcmnhdlr.exe ["c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask] -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 122880 bytes | Modified Date = 8/8/2003 7:02:10 PM | Attr = ] ZoneAlarm Client -> e:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["e:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 919016 bytes | Modified Date = 4/2/2008 9:07:54 PM | Attr = ] < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> srePostpone -> %SystemRoot%\system32\ZoneLabs\srescan.dll [rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction] -> Zone Labs, LLC [Ver = 5, 0, 189, 0 | Size = 1504736 bytes | Modified Date = 2/27/2008 4:10:32 AM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AnyDVD -> E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe] -> SlySoft, Inc. [Ver = 6.4.3.2 | Size = 2120640 bytes | Modified Date = 5/28/2008 3:10:09 AM | Attr = ] googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe ["C:\Program Files\Google\Google Talk\googletalk.exe" /autostart] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 1:22:02 PM | Attr = ] MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.739.0 | Size = 8720384 bytes | Modified Date = 12/6/2007 11:33:26 PM | Attr = ] PhotoShow Deluxe Media Manager -> %ProgramFiles%\Nero\data\Xtras\mssysmgr.exe [C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe] -> Ahead Software [Ver = 1.0.1.0 | Size = 212992 bytes | Modified Date = 2/25/2005 4:28:03 PM | Attr = ] Red Swoosh -> %ProgramFiles%\RSSoft\RedSwoosh.exe [C:\Program Files\RSSoft\RedSwoosh.exe /S] -> [Ver = | Size = 62436 bytes | Modified Date = 2/26/2007 5:30:38 PM | Attr = ] Veoh -> E:\Program Files\Veoh Networks\Veoh\VeohClient.exe ["E:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide] -> Veoh Networks [Ver = 3.8.1.1011 | Size = 3497984 bytes | Modified Date = 1/30/2008 2:11:10 PM | Attr = ] Windows Registry Repair Pro -> %ProgramFiles%\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe [C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4] -> 3B Software, Inc. [Ver = 2.0.0.1 | Size = 1285632 bytes | Modified Date = 2/4/2005 1:00:00 AM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.739.0 | Size = 8720384 bytes | Modified Date = 12/6/2007 11:33:26 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.739.0 | Size = 8720384 bytes | Modified Date = 12/6/2007 11:33:26 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AnyDVD -> E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe] -> SlySoft, Inc. [Ver = 6.4.3.2 | Size = 2120640 bytes | Modified Date = 5/28/2008 3:10:09 AM | Attr = ] googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe ["C:\Program Files\Google\Google Talk\googletalk.exe" /autostart] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 1:22:02 PM | Attr = ] MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.739.0 | Size = 8720384 bytes | Modified Date = 12/6/2007 11:33:26 PM | Attr = ] PhotoShow Deluxe Media Manager -> %ProgramFiles%\Nero\data\Xtras\mssysmgr.exe [C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe] -> Ahead Software [Ver = 1.0.1.0 | Size = 212992 bytes | Modified Date = 2/25/2005 4:28:03 PM | Attr = ] Red Swoosh -> %ProgramFiles%\RSSoft\RedSwoosh.exe [C:\Program Files\RSSoft\RedSwoosh.exe /S] -> [Ver = | Size = 62436 bytes | Modified Date = 2/26/2007 5:30:38 PM | Attr = ] Veoh -> E:\Program Files\Veoh Networks\Veoh\VeohClient.exe ["E:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide] -> Veoh Networks [Ver = 3.8.1.1011 | Size = 3497984 bytes | Modified Date = 1/30/2008 2:11:10 PM | Attr = ] Windows Registry Repair Pro -> %ProgramFiles%\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe [C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4] -> 3B Software, Inc. [Ver = 2.0.0.1 | Size = 1285632 bytes | Modified Date = 2/4/2005 1:00:00 AM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.739.0 | Size = 8720384 bytes | Modified Date = 12/6/2007 11:33:26 PM | Attr = ] PhotoShow Deluxe Media Manager -> %ProgramFiles%\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe [C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe] -> [Ver = | Size = 196608 bytes | Modified Date = 5/12/2004 12:04:54 PM | Attr = ] Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 10/23/2007 1:18:15 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 5/18/2008 6:04:27 PM | Attr = R ] < Charlie Startup Folder > -> C:\Documents and Settings\Charlie\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Marcella Startup Folder > -> C:\Documents and Settings\Marcella\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrsstx.dll -> -> File not found *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKEY_LOCAL_MACHINE] -> [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> -> File not found *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 4:12:38 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> -> File not found *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 4:12:05 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> crypt32chain -> -> File not found cryptnet -> -> File not found cscdll -> -> File not found igfxcui -> -> File not found LMIinit -> -> File not found ScCertProp -> -> File not found Schedule -> -> File not found sclgntfy -> -> File not found SensLogn -> -> File not found termsrv -> -> File not found WgaLogon -> -> File not found wlballoon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> System32\DRIVERS\cdrom.sys -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 95 bytes | Modified Date = 2/1/2007 4:05:42 PM | Attr = ] AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ] -> Z:\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 95 bytes | Modified Date = 2/1/2007 4:05:42 PM | Attr = ] < HOSTS File > (2798 bytes and 97 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> First 25 entries... 127.0.0.1 localhost 127.0.0.1 websearch.com 127.0.0.1 www.websearch.com 127.0.0.1 advnt01.com 127.0.0.1 www.advnt01.com 127.0.0.1 www.xzoomy.com 127.0.0.1 xzoomy.com 127.0.0.1 www.adwave.com 127.0.0.1 adwave.com 127.0.0.1 topconverting.com 127.0.0.1 www.topconverting.com 127.0.0.1 www.ntsearch.com 127.0.0.1 ntsearch.com 127.0.0.1 www.incredifind.com 127.0.0.1 incredifind.com 127.0.0.1 www.popaware.com 127.0.0.1 popaware.com 127.0.0.1 www.revenue.net 127.0.0.1 revenue.net 127.0.0.1 www.smileycentral.com 127.0.0.1 smileycentral.com 127.0.0.1 www.cafreedom.com 127.0.0.1 cafreedom.com 127.0.0.1 www.revenue.net 127.0.0.1 revenue.net < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com/ -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[yaho] -> HKEY_CURRENT_USER\: URLSearchHooks\\ [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.emachines.com -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.emachines.com -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://www.emachines.com -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://www.emachines.com -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\] > -> -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[yaho] -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: URLSearchHooks\\ [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ] HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\] > -> -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: Main\\Start Page -> http://webmail.aol.com/ -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ] HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> .[msn] -> My Computer -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> turbotax.com .[https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> .[msn] -> My Computer -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> turbotax.com .[https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> E:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:41 AM | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.152 | Size = 455960 bytes | Modified Date = 8/29/2008 8:04:22 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 10, 18, 1 | Size = 321088 bytes | Modified Date = 10/27/2005 10:04:28 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 10, 18, 1 | Size = 321088 bytes | Modified Date = 10/27/2005 10:04:28 PM | Attr = ] < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 10, 18, 1 | Size = 321088 bytes | Modified Date = 10/27/2005 10:04:28 PM | Attr = ] < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {40D41A8B-D79B-43d7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 10/24/2004 2:42:00 PM | Attr = ] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] {4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] {921AB47C-6AAC-4E7D-8CCF-E574BA0FEBEE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [McAfee VirusScan] -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 15 | Size = 114743 bytes | Modified Date = 8/18/2003 12:19:32 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 10/24/2004 2:42:00 PM | Attr = ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 10/24/2004 2:42:00 PM | Attr = ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] WebBrowser\\{921AB47C-6AAC-4E7D-8CCF-E574BA0FEBEE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {4982D40A-C53B-4615-B15B-B5B5E98D167C}:{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 8:26:48 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 8:26:48 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 10/24/2004 2:42:00 PM | Attr = ] &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] &Yahoo! Search -> -> File not found Convert link target to Adobe PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert link target to existing PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert selected links to Adobe PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert selected links to existing PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert selection to Adobe PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert selection to existing PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert to Adobe PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert to existing PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Yahoo! &Dictionary -> -> File not found Yahoo! &Maps -> -> File not found Yahoo! &SMS -> -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 8:26:48 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm -> File not found Download &all with DAP -> D:\PROGRA~1\DAP\dapextie2.htm -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 8:26:48 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm -> File not found Download &all with DAP -> D:\PROGRA~1\DAP\dapextie2.htm -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 8:26:48 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 10/24/2004 2:42:00 PM | Attr = ] &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] &Yahoo! Search -> -> File not found Convert link target to Adobe PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert link target to existing PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert selected links to Adobe PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert selected links to existing PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert selection to Adobe PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert selection to existing PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert to Adobe PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Convert to existing PDF -> E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ] Yahoo! &Dictionary -> -> File not found Yahoo! &Maps -> -> File not found Yahoo! &SMS -> -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 10, 18, 1 | Size = 321088 bytes | Modified Date = 10/27/2005 10:04:28 PM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 459968 bytes | Modified Date = 10/21/2004 3:32:48 PM | Attr = ] CmdMapping\\{4B30061A-5B39-11D3-80F8-0090276F843F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ] CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 8:26:48 AM | Attr = ] CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\] > -> HKEY_USERS\S-1-5-21-1148227839-984344415-3844818930-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm -> File not found Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> File not found Convert link target to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> File not found Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> File not found Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> File not found Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> File not found Convert selection to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> File not found Convert to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> File not found Convert to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {180740C2-80F4-4BF6-A3C4-316802910B86} -> () -> {4B9A3C67-911A-4FF9-8A1D-E7A387C028E7} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {849769C0-C38F-4717-964B-A5D11A2AAC4B} -> (Windows Mobile-based Device) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 7/3/2008 6:15:08 PM | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> [Cor MIME Filter, CorFltr, CorFltr 1] -> File not found application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> [Cor MIME Filter, CorFltr, CorFltr 1] -> File not found application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> [Cor MIME Filter, CorFltr, CorFltr 1] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {00000055-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB[Reg Error: Key does not exist or could not be opened.] -> {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}[HKEY_LOCAL_MACHINE] -> http://www.musicnotes.com/download/mnviewer.cab[Musicnotes Viewer] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}[HKEY_LOCAL_MACHINE] -> http://aolcc.aol.com/computercheckup/qdiagcc.cab[QDiagAOLCCUpdateObj Class] -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[McAfee.com Operating System Class] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097474518479[WUWebControl Class] -> {72770C4F-967D-4517-982B-92D6B9015649}[HKEY_LOCAL_MACHINE] -> http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0[DigWebHelper Class] -> {77E32299-629F-43C6-AB77-6A1E6D7663F6}[HKEY_LOCAL_MACHINE] -> http://www.nick.com/common/groove/gx/GrooveAX27.cab[Groove Control] -> {87056D28-9730-4A47-B9F9-7E890B62C58A}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab[WildfireActiveXHost Class] -> {8714912E-380D-11D5-B8AA-00D0B78F3D48}[HKEY_LOCAL_MACHINE] -> http://chat.yahoo.com/cab/yuplapp.cab[Yahoo! Webcam Upload Wrapper] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613}[HKEY_LOCAL_MACHINE] -> http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab[NMInstall Control] -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[DwnldGroupMgr Class] -> {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe[Virtools WebPlayer Class] -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axhost.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axhost.dll\\.Owner -> {87056D28-9730-4A47-B9F9-7E890B62C58A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axhost.dll\\{87056D28-9730-4A47-B9F9-7E890B62C58A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigWebX.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigWebX.dll\\.Owner -> {72770C4F-967D-4517-982B-92D6B9015649} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigWebX.dll\\{72770C4F-967D-4517-982B-92D6B9015649} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\.Owner -> {77E32299-629F-43C6-AB77-6A1E6D7663F6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\{77E32299-629F-43C6-AB77-6A1E6D7663F6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/kdu_v32r.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/kdu_v32r.dll\\.Owner -> {8714912E-380D-11D5-B8AA-00D0B78F3D48} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/kdu_v32r.dll\\{8714912E-380D-11D5-B8AA-00D0B78F3D48} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mnviewer.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mnviewer.dll\\.Owner -> {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mnviewer.dll\\{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mp3.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mp3.ocx\\.Owner -> {79849612-A98F-45B8-95E9-4D13C7B6B35C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mp3.ocx\\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Preloader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Preloader.dll\\.Owner -> {084F552D-19EB-4668-9788-984CBC781A8F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Preloader.dll\\{084F552D-19EB-4668-9788-984CBC781A8F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yuplapp.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yuplapp.dll\\.Owner -> {8714912E-380D-11D5-B8AA-00D0B78F3D48} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yuplapp.dll\\{8714912E-380D-11D5-B8AA-00D0B78F3D48} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ywcupl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ywcupl.dll\\.Owner -> {8714912E-380D-11D5-B8AA-00D0B78F3D48} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ywcupl.dll\\{8714912E-380D-11D5-B8AA-00D0B78F3D48} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DAntivirus.cfg\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DAntivirus.cfg\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DAntivirus.cfg\\{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\.Owner -> {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\\{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.sys\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.sys\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.sys\\{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.VXD\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.VXD\\.Owner -> {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.VXD\\{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DProg.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DProg.ini\\.Owner -> {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DProg.ini\\{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DView.cfg\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DView.cfg\\.Owner -> {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DView.cfg\\{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/nminstall.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/nminstall.dll\\.Owner -> {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/nminstall.dll\\{92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagcc.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagcc.ocx\\.Owner -> {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagcc.ocx\\{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 4:12:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 4:11:56 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 4:12:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 4:12:05 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 4:12:08 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 828 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 4:12:05 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 4:12:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 30 44 18 50 24 36 ED 26 56 9F ED 99 C3 68 D9 77 30 32 62 61 33 38 61 39 00 00 00 00 01 00 00 00 C8 01 00 00 CC 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 B8 6D 04 DC [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 08 6F FA 26 E2 E5 EF FF 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 30 B6 9B 42 55 30 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 0B 7E 11 22 32 48 14 65 55 89 68 6A B8 24 20 B6 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> B8 5E E6 D7 A0 05 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 4:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 409072 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 4:11:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 4:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\aim\aim.exe -> %ProgramFiles%\aim\aim.exe [C:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 8:26:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> %ProgramFiles%\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 199464 bytes | Modified Date = 11/13/2006 1:39:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 1289000 bytes | Modified Date = 11/13/2006 1:39:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 4270888 bytes | Modified Date = 11/13/2006 1:39:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 10:53:32 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1723:TCP -> 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1701:UDP -> 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\500:UDP -> 500:UDP:*:Enabled:@xpsp2res.dll,-22017 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 4:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\aim\aim.exe -> %ProgramFiles%\aim\aim.exe [C:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 8:26:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/13/2008 4:12:28 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 93184 bytes | Modified Date = 4/13/2008 4:12:22 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> America Online, Inc. [Ver = 9.2.0.1 | Size = 11352 bytes | Modified Date = 7/11/2005 1:35:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 4:50:37 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 4:50:35 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1100906604\EE\AOLServiceHost.exe -> %CommonProgramFiles%\AOL\1100906604\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1100906604\EE\AOLServiceHost.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 1.3.6.0 | Size = 151128 bytes | Modified Date = 7/29/2005 8:53:51 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> %CommonProgramFiles%\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> America Online Inc. [Ver = 1, 0, 0, 0 | Size = 140888 bytes | Modified Date = 11/7/2004 1:10:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> %CommonProgramFiles%\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> Gteko Ltd. [Ver = 1, 0, 0, 35 | Size = 59992 bytes | Modified Date = 10/14/2004 5:34:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charlie\My Documents\My eBooks\utorrent.exe -> %UserProfile%\My Documents\My eBooks\utorrent.exe [C:\Documents and Settings\Charlie\My Documents\My eBooks\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 158147 bytes | Modified Date = 3/12/2006 6:27:15 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 1:22:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avginet.exe -> %ProgramFiles%\Grisoft\AVG Free\avginet.exe [C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe [C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe [C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -> E:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [E:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2] -> Adobe Systems Incorporated [Ver = 2, 0, 0, 0 | Size = 163840 bytes | Modified Date = 4/4/2005 6:58:28 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\iTunes\iTunes.exe -> E:\Program Files\iTunes\iTunes.exe [E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.4.3.1 | Size = 15997240 bytes | Modified Date = 9/26/2007 2:41:58 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe -> E:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe [E:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio] -> CyberLink Corp. [Ver = 1.00.1122 | Size = 53248 bytes | Modified Date = 11/22/2006 10:10:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\CyberLink\PCM4Everio\EverioService.exe -> E:\Program Files\CyberLink\PCM4Everio\EverioService.exe [E:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program] -> CyberLink Corp. [Ver = 1.00.1122 | Size = 151552 bytes | Modified Date = 11/22/2006 10:10:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> %ProgramFiles%\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 199464 bytes | Modified Date = 11/13/2006 1:39:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 1289000 bytes | Modified Date = 11/13/2006 1:39:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 4270888 bytes | Modified Date = 11/13/2006 1:39:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe -> E:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe [E:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> Intuit, Inc. [Ver = wPer.2007.09.09.85 | Size = 10343712 bytes | Modified Date = 3/5/2008 11:29:49 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe -> E:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe [E:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> Intuit, Inc. [Ver = wPer.2007.09.00.58 | Size = 3597600 bytes | Modified Date = 10/22/2007 6:56:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 10:53:32 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 641304 bytes | Modified Date = 8/28/2008 8:39:29 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 875288 bytes | Modified Date = 8/29/2008 8:04:23 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MySpace\IM\MySpaceIM.exe -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM] -> [Ver = 1.0.739.0 | Size = 8720384 bytes | Modified Date = 12/6/2007 11:33:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9420:TCP -> 9420:TCP:*:Enabled:Red Swoosh -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5000:UDP -> 5000:UDP:*:Enabled:Red Swoosh -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1723:TCP -> 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1701:UDP -> 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\500:UDP -> 500:UDP:*:Enabled:@xpsp2res.dll,-22017 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{180740C2-80F4-4BF6-A3C4-316802910B86} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2C73E699-3C8C-4B28-B019-17385FF9EC1C} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{AD244B8A-DCEC-4CE2-803D-FD406AADA00D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8B96E581-B261-4889-9535-AF0A42F25A94} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 4:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 4:12:11 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] MxDownload -> %SystemDrive%\MxDownload -> [Folder | Created Date = 8/11/2008 7:37:54 PM | Attr = ] rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 959 bytes | Created Date = 6/7/2008 1:28:09 AM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 38979616 bytes | Created Date = 6/7/2008 1:13:52 AM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 483176 bytes | Created Date = 6/7/2008 1:13:52 AM | Attr = HS] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 6/7/2008 1:07:57 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/23/2008 8:06:58 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/23/2008 8:06:57 PM | Attr = ] cid_store.dat -> %SystemRoot%\System32\cid_store.dat -> [Ver = | Size = 0 bytes | Created Date = 8/11/2008 7:37:54 PM | Attr = ] libeay32_0.9.6l.dll -> %SystemRoot%\System32\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 6/7/2008 1:07:32 AM | Attr = ] vghd.scr -> %SystemRoot%\System32\vghd.scr -> [Ver = | Size = 152920 bytes | Created Date = 7/23/2008 12:48:47 AM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 355091 bytes | Created Date = 6/7/2008 1:07:10 AM | Attr = ] vsinit.dll -> %SystemRoot%\System32\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 157160 bytes | Created Date = 6/7/2008 1:04:01 AM | Attr = ] vsregexp.dll -> %SystemRoot%\System32\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 71144 bytes | Created Date = 6/7/2008 1:07:31 AM | Attr = ] vswmi.dll -> %SystemRoot%\System32\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 46568 bytes | Created Date = 6/7/2008 1:07:13 AM | Attr = ] zlcomm.dll -> %SystemRoot%\System32\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 83432 bytes | Created Date = 6/7/2008 1:07:18 AM | Attr = ] zlcommdb.dll -> %SystemRoot%\System32\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 71144 bytes | Created Date = 6/7/2008 1:07:19 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 8/23/2008 8:03:01 PM | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 8/28/2008 3:50:20 PM | Attr = ] zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 75248 bytes | Created Date = 6/7/2008 1:08:08 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] LogMeIn -> %AllUsersProfile%\Application Data\LogMeIn -> [Folder | Created Date = 7/11/2008 8:08:45 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 8/23/2008 8:06:56 PM | Attr = ] MailFrontier -> %AppData%\MailFrontier -> [Folder | Created Date = 6/7/2008 1:08:34 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 8/23/2008 8:07:12 PM | Attr = ] MxBoost -> %AppData%\MxBoost -> [Folder | Created Date = 8/11/2008 7:37:30 PM | Attr = ] vghd -> %AppData%\vghd -> [Folder | Created Date = 7/23/2008 1:27:25 AM | Attr = ] LogMeIn -> %UserProfile%\Local Settings\Application Data\LogMeIn -> [Folder | Created Date = 7/11/2008 8:08:48 AM | Attr = ] Unity -> %UserProfile%\Local Settings\Application Data\Unity -> [Folder | Created Date = 8/7/2008 8:51:25 PM | Attr = ] ANCCS_Student_%20Application_%202008.pdf -> %UserProfile%\My Documents\ANCCS_Student_%20Application_%202008.pdf -> [Ver = | Size = 32371 bytes | Created Date = 6/15/2008 3:44:28 PM | Attr = ] ASD_Lottery_Application.pdf -> %UserProfile%\My Documents\ASD_Lottery_Application.pdf -> [Ver = | Size = 429137 bytes | Created Date = 6/15/2008 3:44:45 PM | Attr = ] ATF_Cleaner.exe -> %UserProfile%\My Documents\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 8/23/2008 7:46:56 PM | Attr = ] coreplayer -> %UserProfile%\My Documents\coreplayer -> [Folder | Created Date = 7/15/2008 11:27:09 PM | Attr = ] 1 C:\Documents and Settings\Charlie\My Documents\*.tmp files -> C:\Documents and Settings\Charlie\My Documents\*.tmp -> CorePlayer (TCPMP) pocket pc [mininova].torrent -> %UserProfile%\My Documents\CorePlayer (TCPMP) pocket pc [mininova].torrent -> [Ver = | Size = 1432 bytes | Created Date = 7/15/2008 11:15:47 PM | Attr = ] CorePlayer (TCPMP) pocket pc.torrent -> %UserProfile%\My Documents\CorePlayer (TCPMP) pocket pc.torrent -> [Ver = | Size = 1432 bytes | Created Date = 7/15/2008 11:24:13 PM | Attr = ] Dear Grandma.doc -> %UserProfile%\My Documents\Dear Grandma.doc -> [Ver = | Size = 27648 bytes | Created Date = 6/14/2008 2:18:56 PM | Attr = ] Diana_Roediger_5-20-08_Internet.doc -> %UserProfile%\My Documents\Diana_Roediger_5-20-08_Internet.doc -> [Ver = | Size = 89600 bytes | Created Date = 6/27/2008 10:06:39 AM | Attr = ] Download_mbam-setup.exe -> %UserProfile%\My Documents\Download_mbam-setup.exe -> Digital River [Ver = 1.0.0.1 | Size = 128368 bytes | Created Date = 8/23/2008 8:05:26 PM | Attr = ] erunt_setup.exe -> %UserProfile%\My Documents\erunt_setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Created Date = 8/23/2008 8:00:57 PM | Attr = ] Extratorrent com Cyberchase.torrent -> %UserProfile%\My Documents\Extratorrent com Cyberchase.torrent -> [Ver = | Size = 173568 bytes | Created Date = 8/7/2008 10:49:22 AM | Attr = ] HIBZ8325--MBR--400.wmv -> %UserProfile%\My Documents\HIBZ8325--MBR--400.wmv -> [Ver = | Size = 627384 bytes | Created Date = 8/13/2008 7:32:52 AM | Attr = ] HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 8/23/2008 8:40:45 PM | Attr = ] Hydrogen_Generator_eBook.pdf -> %UserProfile%\My Documents\Hydrogen_Generator_eBook.pdf -> [Ver = | Size = 1833301 bytes | Created Date = 7/5/2008 11:14:22 PM | Attr = ] Lydia application NSCS.pdf -> %UserProfile%\My Documents\Lydia application NSCS.pdf -> [Ver = | Size = 116017 bytes | Created Date = 6/15/2008 4:11:34 PM | Attr = ] Lydia Lottery Application.pdf -> %UserProfile%\My Documents\Lydia Lottery Application.pdf -> [Ver = | Size = 429783 bytes | Created Date = 6/15/2008 4:16:27 PM | Attr = ] mft.pdf -> %UserProfile%\My Documents\mft.pdf -> [Ver = | Size = 14905 bytes | Created Date = 6/26/2008 9:37:50 PM | Attr = ] mft2.pdf -> %UserProfile%\My Documents\mft2.pdf -> [Ver = | Size = 18161 bytes | Created Date = 6/26/2008 9:54:20 PM | Attr = ] mx_2.1.2.649 -> %UserProfile%\My Documents\mx_2.1.2.649 -> [Folder | Created Date = 8/11/2008 7:34:51 PM | Attr = ] mx_2.1.2.649.zip -> %UserProfile%\My Documents\mx_2.1.2.649.zip -> [Ver = | Size = 4930915 bytes | Created Date = 8/11/2008 7:31:32 PM | Attr = ] mx_2.1.3.2430.exe -> %UserProfile%\My Documents\mx_2.1.3.2430.exe -> [Ver = | Size = 1308 bytes | Created Date = 8/11/2008 7:30:45 PM | Attr = ] NBCOlympics_com_-_2008_Beijing_Summer_Olympic_Games_Free_.ms-wmv -> %UserProfile%\My Documents\NBCOlympics_com_-_2008_Beijing_Summer_Olympic_Games_Free_.ms-wmv -> [Ver = | Size = 86331 bytes | Created Date = 8/13/2008 7:32:38 AM | Attr = ] OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe -> [Ver = | Size = 573647 bytes | Created Date = 8/30/2008 8:08:18 AM | Attr = ] setup-vghd_GMFxWRR2uhqCcX.exe -> %UserProfile%\My Documents\setup-vghd_GMFxWRR2uhqCcX.exe -> Totem Entertainement [Ver = 1, 0, 0, 2 | Size = 2239064 bytes | Created Date = 7/23/2008 12:44:22 AM | Attr = ] TCPMP-v0.72RC1.exe -> %UserProfile%\My Documents\TCPMP-v0.72RC1.exe -> [Ver = 1, 0, 0, 1 | Size = 1694208 bytes | Created Date = 7/15/2008 10:41:07 PM | Attr = ] UnityWebPlayer.exe -> %UserProfile%\My Documents\UnityWebPlayer.exe -> Unity Technologies ApS [Ver = 2.1.0.16147 | Size = 3292936 bytes | Created Date = 8/7/2008 8:50:25 PM | Attr = ] zaSuiteSetup_70_483_000_en.exe -> %UserProfile%\My Documents\zaSuiteSetup_70_483_000_en.exe -> [Ver = | Size = 46033808 bytes | Created Date = 7/24/2008 9:50:44 PM | Attr = ] InterActual Player.lnk -> %AllUsersProfile%\Desktop\InterActual Player.lnk -> [Ver = | Size = 819 bytes | Created Date = 7/22/2008 10:17:12 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 736 bytes | Created Date = 8/23/2008 8:06:59 PM | Attr = ] ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 632 bytes | Created Date = 8/23/2008 8:02:06 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1774 bytes | Created Date = 8/23/2008 8:41:39 PM | Attr = ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 651 bytes | Created Date = 8/23/2008 8:02:06 PM | Attr = ] Adobe Acrobat Speed Launcher.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [Ver = | Size = 2207 bytes | Created Date = 8/23/2008 8:05:10 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 6/3/2008 9:41:12 AM | Attr = ] ERUNT -> %ProgramFiles%\ERUNT -> [Folder | Created Date = 8/23/2008 8:01:58 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 8/23/2008 8:06:55 PM | Attr = ] Maxthon2 -> %ProgramFiles%\Maxthon2 -> [Folder | Created Date = 8/11/2008 7:35:13 PM | Attr = ] Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [Folder | Created Date = 8/6/2008 8:46:21 PM | Attr = ] OTScanit -> %ProgramFiles%\OTScanit -> [Folder | Created Date = 8/30/2008 8:08:58 AM | Attr = ] RSSoft -> %ProgramFiles%\RSSoft -> [Folder | Created Date = 7/15/2008 11:19:22 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 8/23/2008 8:41:36 PM | Attr = ] Unity -> %ProgramFiles%\Unity -> [Folder | Created Date = 8/7/2008 8:51:15 PM | Attr = ] [Files/Folders - Modified Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 8/25/2008 1:13:06 PM | Attr = H ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 8/23/2008 8:04:58 PM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/6/2008 8:46:29 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064882176 bytes | Modified Date = 8/23/2008 8:21:04 PM | Attr = HS] MxDownload -> %SystemDrive%\MxDownload -> [Folder | Modified Date = 8/11/2008 7:37:54 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/30/2008 8:08:58 AM | Attr = R ] rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 959 bytes | Modified Date = 8/30/2008 7:34:19 AM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/23/2008 7:58:13 PM | Attr = HS] VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 50303 bytes | Modified Date = 8/23/2008 8:28:42 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/28/2008 3:50:20 PM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 8/29/2008 5:29:29 PM | Attr = ] 1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Modified Date = 6/4/2008 5:28:03 PM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 26707765 bytes | Modified Date = 8/29/2008 5:29:28 PM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 79159 bytes | Modified Date = 8/29/2008 8:04:48 AM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 211986 bytes | Modified Date = 8/8/2008 8:58:33 AM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 97928 bytes | Modified Date = 8/29/2008 8:04:17 AM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 7/3/2008 6:14:57 PM | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Modified Date = 7/3/2008 6:15:14 PM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 38981408 bytes | Modified Date = 8/30/2008 8:16:22 AM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 483176 bytes | Modified Date = 8/21/2008 9:50:49 AM | Attr = HS] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:01:14 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:01:18 PM | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 7/3/2008 6:14:58 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 6/7/2008 1:08:02 AM | Attr = ] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/24/2008 2:33:06 AM | Attr = ] cid_store.dat -> %SystemRoot%\System32\cid_store.dat -> [Ver = | Size = 0 bytes | Modified Date = 8/11/2008 7:37:54 PM | Attr = ] d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Modified Date = 8/27/2008 11:18:36 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/28/2008 3:50:37 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/29/2008 8:04:58 AM | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 8/23/2008 8:22:31 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 80306 bytes | Modified Date = 8/23/2008 8:26:38 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 464962 bytes | Modified Date = 8/23/2008 8:26:39 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 556138 bytes | Modified Date = 8/23/2008 8:26:37 PM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 7/5/2008 11:16:01 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/23/2008 7:58:13 PM | Attr = ] vghd.scr -> %SystemRoot%\System32\vghd.scr -> [Ver = | Size = 152920 bytes | Modified Date = 7/23/2008 1:28:14 AM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 355091 bytes | Modified Date = 8/23/2008 8:22:29 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/23/2008 8:36:54 PM | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 8/8/2008 8:13:58 AM | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 8/29/2008 7:34:49 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/14/2008 3:05:15 AM | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/23/2008 8:21:12 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 8/23/2008 8:03:01 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/28/2008 3:50:33 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/14/2008 3:05:24 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/28/2008 3:50:33 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/6/2008 8:46:29 PM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 8/30/2008 8:32:45 AM | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 8/28/2008 3:50:30 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 8/23/2008 8:21:13 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 7/22/2008 10:17:49 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/30/2008 8:10:47 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 8/23/2008 8:05:10 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 8/25/2008 7:46:37 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/7/2008 12:31:14 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/23/2008 8:04:58 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/28/2008 3:50:33 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/30/2008 8:33:20 AM | Attr = ] Temporary Internet Files -> %SystemRoot%\Temporary Internet Files -> [Folder | Modified Date = 6/21/2008 4:32:26 PM | Attr = S] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1042 bytes | Modified Date = 8/23/2008 8:27:46 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/26/2008 7:49:00 AM | Attr = ] McAfee.com Update Check (FOSTERFAMILY-Andrew).job -> %SystemRoot%\tasks\McAfee.com Update Check (FOSTERFAMILY-Andrew).job -> [Ver = | Size = 496 bytes | Modified Date = 8/30/2008 8:34:07 AM | Attr = ] McAfee.com Update Check (FOSTERFAMILY-Charlie).job -> %SystemRoot%\tasks\McAfee.com Update Check (FOSTERFAMILY-Charlie).job -> [Ver = | Size = 498 bytes | Modified Date = 8/30/2008 8:35:04 AM | Attr = ] McAfee.com Update Check (FOSTERFAMILY-Erik).job -> %SystemRoot%\tasks\McAfee.com Update Check (FOSTERFAMILY-Erik).job -> [Ver = | Size = 492 bytes | Modified Date = 8/30/2008 8:33:12 AM | Attr = ] McAfee.com Update Check (FOSTERFAMILY-Marcella).job -> %SystemRoot%\tasks\McAfee.com Update Check (FOSTERFAMILY-Marcella).job -> [Ver = | Size = 500 bytes | Modified Date = 8/30/2008 8:37:07 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/23/2008 8:21:45 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 10/15/2006 12:40:54 PM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 9161 bytes | Modified Date = 6/26/2008 10:16:29 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/3/2004 7:00:52 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/28/2008 3:51:48 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5495 bytes | Modified Date = 8/28/2008 3:51:48 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 11/30/2004 12:12:52 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11074 bytes | Modified Date = 11/30/2004 12:13:09 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 10/13/2005 12:00:14 AM | Attr = ] CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 12 bytes | Modified Date = 11/6/2004 8:00:49 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/25/2004 12:20:13 PM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 548968 bytes | Modified Date = 3/17/2006 12:14:14 PM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 548968 bytes | Modified Date = 3/17/2006 12:14:14 PM | Attr = ] C:\Documents and Settings\Charlie\Local Settings\Temp\ -> C:\Documents and Settings\Charlie\Local Settings\Temp -> [Folder | Modified Date = 8/30/2008 8:41:53 AM | Attr = ] setup.exe -> C:\Documents and Settings\Charlie\Local Settings\Temp\setup.exe -> [Ver = | Size = 41638288 bytes | Modified Date = 6/6/2008 11:22:42 PM | Attr = ] 53 C:\Documents and Settings\Charlie\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Charlie\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Charlie\Local Settings\Temp\DRDld\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\DRDld -> [Folder | Modified Date = 8/23/2008 8:05:56 PM | Attr = ] mbam-setup.exe -> C:\Documents and Settings\Charlie\Local Settings\Temp\DRDld\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.25 | Size = 2134446 bytes | Modified Date = 8/23/2008 8:06:33 PM | Attr = ] C:\Documents and Settings\Charlie\Local Settings\Temp\Rar$EX02.266\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\Rar$EX02.266\ -> [Folder | Modified Date = 7/22/2008 9:15:14 PM | Attr = ] CARDS.exe -> C:\Documents and Settings\Charlie\Local Settings\Temp\Rar$EX02.266\CARDS.exe -> BVS Development Corporation [Ver = 6.0.0.0 | Size = 6843392 bytes | Modified Date = 4/28/2006 2:18:04 PM | Attr = ] C:\Documents and Settings\Charlie\Local Settings\Temp\UnityWebPlayer\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\UnityWebPlayer -> [Folder | Modified Date = 8/10/2008 7:28:43 PM | Attr = ] UnityWebPlayerUpdate.exe -> C:\Documents and Settings\Charlie\Local Settings\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe -> Unity Technologies ApS [Ver = 2.1.0.16147 | Size = 90848 bytes | Modified Date = 7/17/2008 5:51:52 PM | Attr = ] C:\Documents and Settings\Charlie\Local Settings\Temp\ -> C:\Documents and Settings\Charlie\Local Settings\Temp -> [Folder | Modified Date = 8/30/2008 8:41:53 AM | Attr = ] SpyData.dll -> C:\Documents and Settings\Charlie\Local Settings\Temp\SpyData.dll -> iolo technologies, LLC [Ver = 5.1.135.175 | Size = 692224 bytes | Modified Date = 6/6/2008 7:56:48 PM | Attr = ] 53 C:\Documents and Settings\Charlie\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Charlie\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Charlie\Local Settings\Temp\{AC76BA86-1033-0000-7760-000000000002}\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\{AC76BA86-1033-0000-7760-000000000002} -> [Folder | Modified Date = 5/18/2008 6:01:52 PM | Attr = ] asneu.dll -> C:\Documents and Settings\Charlie\Local Settings\Temp\{AC76BA86-1033-0000-7760-000000000002}\asneu.dll -> [Ver = | Size = 212992 bytes | Modified Date = 5/18/2008 6:01:52 PM | Attr = ] C:\Documents and Settings\Charlie\Local Settings\Temp\nsbE.tmp\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\nsbE.tmp\ -> [Folder | Modified Date = 8/28/2008 3:01:25 AM | Attr = ] NSISdl.dll -> C:\Documents and Settings\Charlie\Local Settings\Temp\nsbE.tmp\NSISdl.dll -> [Ver = | Size = 12800 bytes | Modified Date = 8/26/2008 2:32:54 PM | Attr = ] System.dll -> C:\Documents and Settings\Charlie\Local Settings\Temp\nsbE.tmp\System.dll -> [Ver = | Size = 10240 bytes | Modified Date = 8/28/2008 3:01:25 AM | Attr = ] C:\Documents and Settings\Charlie\Local Settings\Temp\nsy25.tmp\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\nsy25.tmp\ -> [Folder | Modified Date = 7/17/2008 10:21:51 AM | Attr = ] NSISdl.dll -> C:\Documents and Settings\Charlie\Local Settings\Temp\nsy25.tmp\NSISdl.dll -> [Ver = | Size = 12800 bytes | Modified Date = 7/15/2008 11:19:29 PM | Attr = ] C:\Documents and Settings\Charlie\Local Settings\Temp\nsz411.tmp\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\nsz411.tmp\ -> [Folder | Modified Date = 8/21/2008 8:28:51 AM | Attr = ] System.dll -> C:\Documents and Settings\Charlie\Local Settings\Temp\nsz411.tmp\System.dll -> [Ver = | Size = 10240 bytes | Modified Date = 8/21/2008 8:28:51 AM | Attr = ] C:\Documents and Settings\Charlie\Local Settings\Temp\ -> C:\Documents and Settings\Charlie\Local Settings\Temp -> [Folder | Modified Date = 8/30/2008 8:41:53 AM | Attr = ] Perflib_Perfdata_3f8.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_3f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/16/2008 8:31:59 PM | Attr = ] Perflib_Perfdata_578.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_578.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/23/2008 8:28:23 PM | Attr = ] Perflib_Perfdata_624.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_624.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2008 11:34:04 PM | Attr = ] Perflib_Perfdata_8ac.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_8ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/11/2008 8:32:04 PM | Attr = ] Perflib_Perfdata_be8.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_be8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/17/2008 12:55:57 PM | Attr = ] Perflib_Perfdata_dac.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_dac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/22/2008 12:49:33 PM | Attr = ] Perflib_Perfdata_e28.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_e28.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/7/2008 10:26:05 AM | Attr = ] Perflib_Perfdata_e7c.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_e7c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/23/2008 8:27:19 PM | Attr = ] Perflib_Perfdata_fd0.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_fd0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/3/2008 7:25:49 AM | Attr = ] Perflib_Perfdata_fe0.dat -> C:\Documents and Settings\Charlie\Local Settings\Temp\Perflib_Perfdata_fe0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/6/2008 8:28:47 PM | Attr = ] 53 C:\Documents and Settings\Charlie\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Charlie\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 2/15/2008 1:28:43 AM | Attr = ] desktop.ini -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/25/2007 11:26:49 AM | Attr = HS] C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\31045PDV\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\31045PDV -> [Folder | Modified Date = 2/15/2008 1:28:43 AM | Attr = ] desktop.ini -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\31045PDV\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/25/2007 11:26:49 AM | Attr = HS] C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX6RW9YV\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX6RW9YV -> [Folder | Modified Date = 2/15/2008 1:28:43 AM | Attr = ] desktop.ini -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX6RW9YV\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/25/2007 11:26:49 AM | Attr = HS] C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\D9G3W0Q2\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\D9G3W0Q2 -> [Folder | Modified Date = 2/15/2008 1:28:44 AM | Attr = ] desktop.ini -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\D9G3W0Q2\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/25/2007 11:26:49 AM | Attr = HS] C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\MPKHA5U7\ -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\MPKHA5U7 -> [Folder | Modified Date = 2/15/2008 1:28:44 AM | Attr = ] desktop.ini -> C:\Documents and Settings\Charlie\Local Settings\Temp\Temporary Internet Files\Content.IE5\MPKHA5U7\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/25/2007 11:26:49 AM | Attr = HS] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/30/2008 8:41:58 AM | Attr = ] Perflib_Perfdata_478.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_478.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/23/2008 8:21:59 PM | Attr = ] 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] LogMeIn -> %AllUsersProfile%\Application Data\LogMeIn -> [Folder | Modified Date = 7/11/2008 8:08:45 AM | Attr = ] MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Modified Date = 6/7/2008 9:29:08 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 8/23/2008 8:06:56 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 6/18/2008 11:38:57 PM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 BVS Solitaire Collection -> %AppData%\BVS Solitaire Collection -> [Folder | Modified Date = 7/20/2008 6:59:42 PM | Attr = ] MailFrontier -> %AppData%\MailFrontier -> [Folder | Modified Date = 6/7/2008 1:18:25 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 8/23/2008 8:07:12 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 8/28/2008 7:37:54 AM | Attr = ] MxBoost -> %AppData%\MxBoost -> [Folder | Modified Date = 8/11/2008 7:43:47 PM | Attr = ] vghd -> %AppData%\vghd -> [Folder | Modified Date = 7/23/2008 1:41:54 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 48640 bytes | Modified Date = 7/16/2008 8:25:32 AM | Attr = ] LogMeIn -> %UserProfile%\Local Settings\Application Data\LogMeIn -> [Folder | Modified Date = 7/11/2008 8:08:48 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 8/23/2008 8:32:27 PM | Attr = ] Unity -> %UserProfile%\Local Settings\Application Data\Unity -> [Folder | Modified Date = 8/7/2008 8:51:25 PM | Attr = ] PCLECHAL.INI -> %AllUsersProfile%\Documents\PCLECHAL.INI -> [Ver = | Size = 349 bytes | Modified Date = 7/22/2008 9:03:02 PM | Attr = ] .DS_Store -> %UserProfile%\My Documents\.DS_Store -> [Ver = | Size = 24580 bytes | Modified Date = 7/15/2008 10:04:08 AM | Attr = H ] ANCCS_Student_%20Application_%202008.pdf -> %UserProfile%\My Documents\ANCCS_Student_%20Application_%202008.pdf -> [Ver = | Size = 32371 bytes | Modified Date = 6/15/2008 3:44:28 PM | Attr = ] ASD_Lottery_Application.pdf -> %UserProfile%\My Documents\ASD_Lottery_Application.pdf -> [Ver = | Size = 429137 bytes | Modified Date = 6/15/2008 3:44:45 PM | Attr = ] ATF_Cleaner.exe -> %UserProfile%\My Documents\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 8/23/2008 7:46:47 PM | Attr = ] coreplayer -> %UserProfile%\My Documents\coreplayer -> [Folder | Modified Date = 7/15/2008 11:27:09 PM | Attr = ] 1 C:\Documents and Settings\Charlie\My Documents\*.tmp files -> C:\Documents and Settings\Charlie\My Documents\*.tmp -> CorePlayer (TCPMP) pocket pc [mininova].torrent -> %UserProfile%\My Documents\CorePlayer (TCPMP) pocket pc [mininova].torrent -> [Ver = | Size = 1432 bytes | Modified Date = 7/15/2008 11:15:41 PM | Attr = ] CorePlayer (TCPMP) pocket pc.torrent -> %UserProfile%\My Documents\CorePlayer (TCPMP) pocket pc.torrent -> [Ver = | Size = 1432 bytes | Modified Date = 7/15/2008 11:24:03 PM | Attr = ] Dear Grandma.doc -> %UserProfile%\My Documents\Dear Grandma.doc -> [Ver = | Size = 27648 bytes | Modified Date = 6/14/2008 2:18:56 PM | Attr = ] Diana_Roediger_5-20-08_Internet.doc -> %UserProfile%\My Documents\Diana_Roediger_5-20-08_Internet.doc -> [Ver = | Size = 89600 bytes | Modified Date = 6/27/2008 10:06:39 AM | Attr = ] Download_mbam-setup.exe -> %UserProfile%\My Documents\Download_mbam-setup.exe -> Digital River [Ver = 1.0.0.1 | Size = 128368 bytes | Modified Date = 8/23/2008 8:05:24 PM | Attr = ] erunt_setup.exe -> %UserProfile%\My Documents\erunt_setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 8/23/2008 8:00:59 PM | Attr = ] Extratorrent com Cyberchase.torrent -> %UserProfile%\My Documents\Extratorrent com Cyberchase.torrent -> [Ver = | Size = 173568 bytes | Modified Date = 8/7/2008 10:49:16 AM | Attr = ] fridge -> %UserProfile%\My Documents\fridge -> [Folder | Modified Date = 8/7/2008 10:48:54 AM | Attr = ] HIBZ8325--MBR--400.wmv -> %UserProfile%\My Documents\HIBZ8325--MBR--400.wmv -> [Ver = | Size = 627384 bytes | Modified Date = 8/13/2008 7:32:56 AM | Attr = ] HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 8/23/2008 8:40:50 PM | Attr = ] Hydrogen_Generator_eBook.pdf -> %UserProfile%\My Documents\Hydrogen_Generator_eBook.pdf -> [Ver = | Size = 1833301 bytes | Modified Date = 7/5/2008 11:14:22 PM | Attr = ] Lydia application NSCS.pdf -> %UserProfile%\My Documents\Lydia application NSCS.pdf -> [Ver = | Size = 116017 bytes | Modified Date = 6/15/2008 4:11:35 PM | Attr = ] Lydia Lottery Application.pdf -> %UserProfile%\My Documents\Lydia Lottery Application.pdf -> [Ver = | Size = 429783 bytes | Modified Date = 6/15/2008 4:16:28 PM | Attr = ] mft.pdf -> %UserProfile%\My Documents\mft.pdf -> [Ver = | Size = 14905 bytes | Modified Date = 6/26/2008 9:37:50 PM | Attr = ] mft2.pdf -> %UserProfile%\My Documents\mft2.pdf -> [Ver = | Size = 18161 bytes | Modified Date = 6/26/2008 9:54:20 PM | Attr = ] mx_2.1.2.649 -> %UserProfile%\My Documents\mx_2.1.2.649 -> [Folder | Modified Date = 8/11/2008 7:34:51 PM | Attr = ] mx_2.1.2.649.zip -> %UserProfile%\My Documents\mx_2.1.2.649.zip -> [Ver = | Size = 4930915 bytes | Modified Date = 8/11/2008 7:32:50 PM | Attr = ] mx_2.1.3.2430.exe -> %UserProfile%\My Documents\mx_2.1.3.2430.exe -> [Ver = | Size = 1308 bytes | Modified Date = 8/11/2008 7:30:46 PM | Attr = ] NBCOlympics_com_-_2008_Beijing_Summer_Olympic_Games_Free_.ms-wmv -> %UserProfile%\My Documents\NBCOlympics_com_-_2008_Beijing_Summer_Olympic_Games_Free_.ms-wmv -> [Ver = | Size = 86331 bytes | Modified Date = 8/13/2008 7:32:39 AM | Attr = ] OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe -> [Ver = | Size = 573647 bytes | Modified Date = 8/30/2008 8:08:38 AM | Attr = ] setup-vghd_GMFxWRR2uhqCcX.exe -> %UserProfile%\My Documents\setup-vghd_GMFxWRR2uhqCcX.exe -> Totem Entertainement [Ver = 1, 0, 0, 2 | Size = 2239064 bytes | Modified Date = 7/23/2008 1:27:12 AM | Attr = ] TCPMP-v0.72RC1.exe -> %UserProfile%\My Documents\TCPMP-v0.72RC1.exe -> [Ver = 1, 0, 0, 1 | Size = 1694208 bytes | Modified Date = 7/15/2008 10:41:10 PM | Attr = ] UnityWebPlayer.exe -> %UserProfile%\My Documents\UnityWebPlayer.exe -> Unity Technologies ApS [Ver = 2.1.0.16147 | Size = 3292936 bytes | Modified Date = 8/7/2008 8:51:05 PM | Attr = ] zaSuiteSetup_70_483_000_en.exe -> %UserProfile%\My Documents\zaSuiteSetup_70_483_000_en.exe -> [Ver = | Size = 46033808 bytes | Modified Date = 7/24/2008 10:04:21 PM | Attr = ] InterActual Player.lnk -> %AllUsersProfile%\Desktop\InterActual Player.lnk -> [Ver = | Size = 819 bytes | Modified Date = 7/22/2008 10:17:12 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 736 bytes | Modified Date = 8/23/2008 8:06:59 PM | Attr = ] ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 632 bytes | Modified Date = 8/23/2008 8:02:06 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1774 bytes | Modified Date = 8/23/2008 8:41:39 PM | Attr = ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 651 bytes | Modified Date = 8/23/2008 8:02:06 PM | Attr = ] Adobe Acrobat Speed Launcher.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [Ver = | Size = 2207 bytes | Modified Date = 8/25/2008 7:46:46 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 8/23/2008 8:06:33 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]