[code] OTScanIt logfile created on: 5/21/2008 7:35:50 PM OTScanIt by OldTimer - Version 1.0.14.1 Folder = C:\Documents and Settings\Dima\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.37 Mb Total Physical Memory | 349.04 Mb Available Physical Memory | 34.41% Memory free 2.38 Gb Paging File | 1.84 Gb Available in Paging File | 77.26% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 87.06 Gb Total Space | 49.11 Gb Free Space | 56.41% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DIMS Current User Name: Dima Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 169632 bytes | Modified Date = 3/7/2006 1:03:02 PM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 192160 bytes | Modified Date = 3/7/2006 1:02:34 PM | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.5 | Size = 1160848 bytes | Modified Date = 2/6/2006 12:50:24 PM | Attr = ] wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr = ] bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1200128 bytes | Modified Date = 12/19/2005 5:08:40 PM | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 3/19/2008 5:08:58 PM | Attr = ] lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 7:00:02 PM | Attr = ] lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 174592 bytes | Modified Date = 1/13/2004 6:55:51 PM | Attr = ] lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 109344 bytes | Modified Date = 2/6/2007 5:45:26 PM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 30448 bytes | Modified Date = 3/17/2006 6:34:12 AM | Attr = ] nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Modified Date = 12/6/2005 12:45:26 PM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 1799408 bytes | Modified Date = 3/17/2006 6:34:20 AM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/14/2005 1:41:08 AM | Attr = ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/14/2005 1:45:00 AM | Attr = ] igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Modified Date = 12/14/2005 1:41:00 AM | Attr = ] wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Modified Date = 11/16/2005 11:35:16 PM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Modified Date = 11/29/2005 8:56:30 PM | Attr = ] dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 10:29:52 PM | Attr = ] realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 3/19/2006 11:08:16 PM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 12:44:02 PM | Attr = ] aolsoftware.exe -> %CommonProgramFiles%\AOL\1143772224\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 53408 bytes | Modified Date = 3/7/2006 1:02:14 PM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 124656 bytes | Modified Date = 3/17/2006 6:34:30 AM | Attr = ] communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> Logitech Inc. [Ver = 1.4.7.2031 | Size = 488984 bytes | Modified Date = 2/8/2007 1:12:48 AM | Attr = ] quickcam10.exe -> %ProgramFiles%\Logitech\QuickCam10\QuickCam10.exe -> [Ver = | Size = 774168 bytes | Modified Date = 2/8/2007 1:13:48 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ] lxbmbmgr.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 6:04:08 AM | Attr = ] logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 6/24/2007 10:07:33 AM | Attr = ] lxbmbmon.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmon.exe -> Lexmark International, Inc. [Ver = 2, 0, 0, 1 | Size = 94208 bytes | Modified Date = 1/16/2004 6:27:30 AM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ] lvcomsx.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\LVComSX.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 252704 bytes | Modified Date = 2/6/2007 5:43:26 PM | Attr = ] nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 1, 0, 3000 | Size = 118784 bytes | Modified Date = 9/24/2004 1:32:48 PM | Attr = ] cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 10.5.1.2029 | Size = 230936 bytes | Modified Date = 2/8/2007 1:12:20 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.1 | Size = 372224 bytes | Modified Date = 5/18/2008 8:29:48 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 3/19/2008 5:08:58 PM | Attr = ] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 7/16/2006 1:30:34 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 192160 bytes | Modified Date = 3/7/2006 1:02:34 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 169632 bytes | Modified Date = 3/7/2006 1:03:02 PM | Attr = ] (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 30448 bytes | Modified Date = 3/17/2006 6:34:12 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 9:40:21 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 7:00:02 PM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] (LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 109344 bytes | Modified Date = 2/6/2007 5:45:26 PM | Attr = ] (LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 105248 bytes | Modified Date = 2/6/2007 5:47:12 PM | Attr = ] (NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Modified Date = 12/6/2005 12:45:26 PM | Attr = ] (SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.0.394 | Size = 115952 bytes | Modified Date = 3/17/2006 6:34:24 AM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.2.211 | Size = 214720 bytes | Modified Date = 1/24/2006 8:06:58 PM | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.5 | Size = 1160848 bytes | Modified Date = 2/6/2006 12:50:24 PM | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 1799408 bytes | Modified Date = 3/17/2006 6:34:20 AM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] (wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 104.0.7.3 | Size = 53408 bytes | Modified Date = 3/7/2006 1:02:14 PM | Attr = ] DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 10:29:52 PM | Attr = ] FaxCenterServer4_in_1 -> %ProgramFiles%\Lexmark 4200 Series\Fax\fm3032.exe ["C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s] -> [Ver = | Size = 151552 bytes | Modified Date = 1/22/2004 10:59:10 AM | Attr = ] HostManager -> %CommonProgramFiles%\AOL\1143772224\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1143772224\ee\AOLSoftware.exe] -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ] igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/14/2005 1:41:08 AM | Attr = ] igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/14/2005 1:45:00 AM | Attr = ] igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Modified Date = 12/14/2005 1:44:18 AM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> File not found ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 12:44:02 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ] Lexmark 4200 Series -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe ["C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"] -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 6:04:08 AM | Attr = ] Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech Inc. [Ver = 2.40.840 | Size = 28160 bytes | Modified Date = 5/20/2005 2:46:56 PM | Attr = ] LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> Logitech Inc. [Ver = 1.4.7.2031 | Size = 488984 bytes | Modified Date = 2/8/2007 1:12:48 AM | Attr = ] LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam10\QuickCam10.exe ["C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide] -> [Ver = | Size = 774168 bytes | Modified Date = 2/8/2007 1:13:48 AM | Attr = ] MSKDetectorExe -> [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> File not found QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ] RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 3/19/2006 11:08:16 PM | Attr = ] ShowLOMControl -> [] -> File not found SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe [stsystra.exe] -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Modified Date = 11/16/2005 11:35:16 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Modified Date = 11/29/2005 8:56:30 PM | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.1.0.394 | Size = 124656 bytes | Modified Date = 3/17/2006 6:34:30 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe ["C:\Program Files\Google\Google Talk\googletalk.exe" /autostart] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 5:22:02 PM | Attr = ] LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 6/24/2007 10:07:33 AM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 5/16/2008 8:20:06 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.32 | Size = 443968 bytes | Modified Date = 9/27/2007 9:17:36 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.32 | Size = 443968 bytes | Modified Date = 9/27/2007 9:17:36 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\] > -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe ["C:\Program Files\Google\Google Talk\googletalk.exe" /autostart] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 5:22:02 PM | Attr = ] LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 6/24/2007 10:07:33 AM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 5/16/2008 8:20:06 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk -> %ProgramFiles%\America Online 9.0\aoltray.exe -> America Online, Inc. [Ver = 9.00.001 | Size = 156784 bytes | Modified Date = 9/1/2004 1:56:34 PM | Attr = H ] %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 6/24/2007 10:07:33 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.40.849 | Size = 450560 bytes | Modified Date = 5/25/2005 2:40:00 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\NkbMonitor.exe.lnk -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 1, 0, 3000 | Size = 118784 bytes | Modified Date = 9/24/2004 1:32:48 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Dima Startup Folder > -> C:\Documents and Settings\Dima\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006] > -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 5/16/2008 8:19:41 PM | Attr = ] igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 12/14/2005 1:40:12 AM | Attr = ] NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.1.0.394 | Size = 43760 bytes | Modified Date = 3/17/2006 6:34:36 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006] > -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_DVD+-RW_TS-L532B_______________DE03____\3030303039333031353020202020202020202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/16/2005 6:43:04 AM | Attr = ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\] > -> -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\: Main\\Search Bar -> http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\: Main\\Search Page -> http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\: Main\\Start Page -> http://www.msn.com/ -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6512 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4414 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4414 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4414 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4414 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\] > -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6512 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\] > -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 4:17:44 PM | Attr = ] {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/22/2006 9:00:30 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\] > -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\] > -> HKEY_USERS\S-1-5-21-3830009710-2013437828-619161613-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {515D0A0B-BA9B-4945-B591-26C9C6771EC8} -> (1394 Net Adapter) -> {A164C72E-A8FA-4091-9339-B6D16FED9A7B} -> (Dell Wireless 1390 WLAN Mini-Card) -> {B0FB79C7-B339-47AA-8DDA-642A22BC7778} -> (Broadcom 440x 10/100 Integrated Controller) -> {B2C03104-97C1-40A2-B406-BCF8329EE99E} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 6/24/2007 10:07:33 AM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {0CCA191D-13A6-4E29-B746-314DEE697D83}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www1.snapfish.com/SnapfishActivia.cab[Snapfish Activia] -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B}[HKEY_LOCAL_MACHINE] -> https://web.aqr.com/dana-cached/setup/JuniperSetupSP1.cab[JuniperSetupSP1 Control] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.1.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.1.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.1.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\.Owner -> {0CCA191D-13A6-4E29-B746-314DEE697D83} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\{0CCA191D-13A6-4E29-B746-314DEE697D83} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/JuniperSetup.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/JuniperSetup.ocx\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/JuniperSetup.ocx\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_de.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_de.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_de.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_en.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_en.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_en.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_es.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_es.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_es.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_fr.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_fr.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_fr.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ja.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ja.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ja.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ko.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ko.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_ko.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh_cn.properties\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh_cn.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/string_zh_cn.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{0CCA191D-13A6-4E29-B746-314DEE697D83} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 948 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 8C 51 ED 64 3A C7 3F BB A0 CD C2 68 BA D8 ED 1C 34 38 31 34 31 32 32 37 00 00 00 00 8C 3A 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 B6 05 37 30 0B 8E 14 55 19 F5 B6 48 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 98 CF 90 27 D0 A8 9D 92 CB [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 29 89 88 34 4E 44 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> D0 85 B5 8E 56 AE D6 83 CA 0D A8 41 35 21 93 76 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> B2 11 FC 09 CD 4B C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 68 B1 78 FB 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 F8 16 2E C9 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 68 B1 78 FB 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18120 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.00.001 | Size = 259184 bytes | Modified Date = 9/1/2004 1:56:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 6/24/2007 10:07:33 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.00.001 | Size = 259184 bytes | Modified Date = 9/1/2004 1:56:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1143772224\ee\aolsoftware.exe -> C:\Program Files\Common Files\AOL\1143772224\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1143772224\ee\aolsoftware.exe:*:Enabled:AOL Services] -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1143772224\ee\aim6.exe -> C:\Program Files\Common Files\AOL\1143772224\ee\aim6.exe [C:\Program Files\Common Files\AOL\1143772224\ee\aim6.exe:*:Enabled:AIM] -> America Online, Inc. [Ver = 1.4.9.1 | Size = 50768 bytes | Modified Date = 8/28/2006 4:22:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 81920 bytes | Modified Date = 2/16/2006 5:55:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rtcshare.exe -> C:\WINDOWS\system32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 1032192 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 3/19/2006 11:08:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 5:22:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 11:20:54 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.2.0.175 | Size = 23237416 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 6/24/2007 10:07:33 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.1.1.5 | Size = 14672448 bytes | Modified Date = 3/14/2007 7:05:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16640 (vista_gdr.080213-1606) | Size = 625664 bytes | Modified Date = 2/29/2008 4:55:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> [Files/Folders - Created Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 5/16/2008 8:24:58 PM | Attr = ] apphelp.sdb -> %SystemRoot%\System32\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 2/29/2008 12:55:04 AM | Attr = ] apph_sp.sdb -> %SystemRoot%\System32\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 2/29/2008 12:55:04 AM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Created Date = 3/25/2008 12:50:40 AM | Attr = ] sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 2/29/2008 12:55:03 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 5/11/2008 11:26:14 AM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 27048 bytes | Created Date = 5/11/2008 11:26:14 AM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 2/29/2008 12:52:35 AM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2/29/2008 12:52:37 AM | Attr = H ] IM31IMG.DIL -> %SystemRoot%\System32\IM31IMG.DIL -> Data Techniques, Inc. [Ver = 7.20 | Size = 49152 bytes | Created Date = 4/12/2008 8:11:27 PM | Attr = R ] IM31XPNG.DEL -> %SystemRoot%\System32\IM31XPNG.DEL -> Data Techniques, Inc. [Ver = 7.20 | Size = 98304 bytes | Created Date = 4/12/2008 8:11:27 PM | Attr = R ] IM31XTIF.DEL -> %SystemRoot%\System32\IM31XTIF.DEL -> Data Techniques, Inc. [Ver = 7.20 | Size = 69632 bytes | Created Date = 4/12/2008 8:11:27 PM | Attr = R ] IMGMAN32.DLL -> %SystemRoot%\System32\IMGMAN32.DLL -> Data Techniques, Inc. [Ver = 7.20 | Size = 339968 bytes | Created Date = 4/12/2008 8:11:27 PM | Attr = R ] IMHOST32.DLL -> %SystemRoot%\System32\IMHOST32.DLL -> Data Techniques, Inc. [Ver = 7.20 | Size = 98345 bytes | Created Date = 4/12/2008 8:11:27 PM | Attr = R ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 5/21/2008 8:38:31 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 5/21/2008 8:38:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 5/21/2008 8:38:31 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 5/21/2008 8:38:31 AM | Attr = ] LXBRPMON.DLL -> %SystemRoot%\System32\LXBRPMON.DLL -> [Ver = | Size = 32768 bytes | Created Date = 4/12/2008 8:11:47 PM | Attr = ] LXBRPMRC.DLL -> %SystemRoot%\System32\LXBRPMRC.DLL -> Lexmark International, Inc. [Ver = 1, 0, 0, 1 | Size = 12288 bytes | Created Date = 4/12/2008 8:11:27 PM | Attr = ] LXBRPMUI.DLL -> %SystemRoot%\System32\LXBRPMUI.DLL -> [Ver = | Size = 20480 bytes | Created Date = 4/12/2008 8:11:47 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 5/16/2008 8:25:30 PM | Attr = ] lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 333 bytes | Created Date = 4/12/2008 8:09:33 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] 4200Series -> %AllUsersProfile%\Application Data\4200Series -> [Folder | Created Date = 4/12/2008 8:11:14 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 5/10/2008 10:46:56 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 5/11/2008 11:26:14 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 5/11/2008 11:35:41 AM | Attr = ] TaxCut -> %AllUsersProfile%\Application Data\TaxCut -> [Folder | Created Date = 3/29/2008 9:43:21 AM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 3/2/2008 12:27:27 PM | Attr = ] 4200Series -> %AppData%\4200Series -> [Folder | Created Date = 4/13/2008 6:47:58 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 5/11/2008 11:26:20 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 5/11/2008 11:35:34 AM | Attr = ] TaxCut -> %AppData%\TaxCut -> [Folder | Created Date = 3/29/2008 10:06:58 AM | Attr = ] Amer's Wedding -> %UserProfile%\My Documents\Amer's Wedding -> [Folder | Created Date = 4/27/2008 8:54:26 PM | Attr = ] DeductionPro -> %UserProfile%\My Documents\DeductionPro -> [Folder | Created Date = 4/2/2008 10:06:36 PM | Attr = ] Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 5/10/2008 10:47:04 PM | Attr = ] Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 5/10/2008 10:47:03 PM | Attr = ] DeductionPro 2007.lnk -> %AllUsersProfile%\Desktop\DeductionPro 2007.lnk -> [Ver = | Size = 1479 bytes | Created Date = 3/29/2008 10:50:56 AM | Attr = ] H&R Block TaxCut 2007.lnk -> %AllUsersProfile%\Desktop\H&R Block TaxCut 2007.lnk -> [Ver = | Size = 1624 bytes | Created Date = 3/29/2008 10:48:28 AM | Attr = ] Lexmark 4200 Series All-In-One Center.lnk -> %AllUsersProfile%\Desktop\Lexmark 4200 Series All-In-One Center.lnk -> [Ver = | Size = 763 bytes | Created Date = 4/12/2008 8:12:18 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 5/11/2008 11:26:15 AM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 5/11/2008 11:35:37 AM | Attr = ] Windows Live Messenger .lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger .lnk -> [Ver = | Size = 1827 bytes | Created Date = 3/2/2008 12:29:36 PM | Attr = ] 1211372440646-integrated.jnlp -> %UserProfile%\Desktop\1211372440646-integrated.jnlp -> [Ver = | Size = 1251 bytes | Created Date = 5/21/2008 8:20:49 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\1211372440646-integrated.jnlp:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 5/12/2008 7:41:42 AM | Attr = ] jre-6u6-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe -> [Ver = | Size = 15951256 bytes | Created Date = 5/21/2008 8:31:44 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 5/21/2008 7:32:08 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 543214 bytes | Created Date = 5/21/2008 7:30:45 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Taxes 2007.xls -> %UserProfile%\Desktop\Taxes 2007.xls -> [Ver = | Size = 14848 bytes | Created Date = 4/1/2008 7:43:13 AM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 5/21/2008 8:37:36 AM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 3/2/2008 12:28:01 PM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 5/10/2008 10:46:03 PM | Attr = ] ABBYY FineReader 5.0 Sprint -> %ProgramFiles%\ABBYY FineReader 5.0 Sprint -> [Folder | Created Date = 4/12/2008 8:09:50 PM | Attr = ] ABBYY FineReader 6.0 -> %ProgramFiles%\ABBYY FineReader 6.0 -> [Folder | Created Date = 4/12/2008 8:09:50 PM | Attr = ] DeductionPro 2007 -> %ProgramFiles%\DeductionPro 2007 -> [Folder | Created Date = 3/29/2008 10:50:35 AM | Attr = ] Lavasoft -> %ProgramFiles%\Lavasoft -> [Folder | Created Date = 5/10/2008 10:46:57 PM | Attr = ] Lexmark 4200 Series -> %ProgramFiles%\Lexmark 4200 Series -> [Folder | Created Date = 4/12/2008 8:07:49 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 5/11/2008 11:26:14 AM | Attr = ] Microsoft CAPICOM 2.1.0.2 -> %ProgramFiles%\Microsoft CAPICOM 2.1.0.2 -> [Folder | Created Date = 3/3/2008 9:28:41 AM | Attr = ] Netflix -> %ProgramFiles%\Netflix -> [Folder | Created Date = 2/29/2008 12:48:02 AM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 5/11/2008 7:22:13 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 5/11/2008 11:35:34 AM | Attr = ] TaxCut07 -> %ProgramFiles%\TaxCut07 -> [Folder | Created Date = 3/29/2008 10:06:06 AM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 5/12/2008 7:41:41 AM | Attr = ] Windows Live -> %ProgramFiles%\Windows Live -> [Folder | Created Date = 3/2/2008 12:27:40 PM | Attr = ] Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 -> [Folder | Created Date = 2/29/2008 12:54:11 AM | Attr = ] [Files/Folders - Modified Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 5/16/2008 8:24:58 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063714816 bytes | Modified Date = 5/21/2008 8:33:50 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/12/2008 7:41:41 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/21/2008 8:34:10 AM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 5/5/2008 8:46:32 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 27048 bytes | Modified Date = 5/5/2008 8:46:36 PM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 2/29/2008 12:53:18 AM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2/29/2008 12:52:37 AM | Attr = H ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 2/29/2008 12:54:22 AM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 3/1/2008 4:02:29 AM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 5/16/2008 8:26:15 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 5/16/2008 8:39:14 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 5/11/2008 7:26:34 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 3/2/2008 12:29:56 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 143624 bytes | Modified Date = 4/10/2008 7:09:35 AM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 4/12/2008 3:14:13 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 3/25/2008 1:28:39 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Modified Date = 3/25/2008 2:37:01 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 3/25/2008 1:28:43 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Modified Date = 3/25/2008 2:37:01 AM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 2/29/2008 12:52:35 AM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 3/25/2008 9:39:32 PM | Attr = ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 2/29/2008 12:54:22 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 54682 bytes | Modified Date = 3/10/2008 7:53:28 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 385164 bytes | Modified Date = 3/10/2008 7:53:28 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 445630 bytes | Modified Date = 3/10/2008 7:53:28 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/21/2008 8:34:39 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/16/2008 8:07:08 PM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2/29/2008 8:31:29 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/21/2008 8:33:53 AM | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 5/9/2008 10:06:48 PM | Attr = HS] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/16/2008 8:27:03 PM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 2/29/2008 8:31:28 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 5/16/2008 8:25:30 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/29/2008 12:54:05 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 4/9/2008 8:38:51 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/16/2008 8:39:25 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/21/2008 8:38:33 AM | Attr = HS] lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 333 bytes | Modified Date = 4/12/2008 8:36:17 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/21/2008 7:31:46 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/21/2008 8:34:09 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 5/21/2008 8:38:31 AM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/21/2008 7:29:47 PM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 4/12/2008 8:08:06 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 737 bytes | Modified Date = 3/7/2008 9:36:46 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/29/2008 10:06:51 AM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 2/29/2008 12:53:23 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 3/21/2008 5:54:00 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/21/2008 8:34:02 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 3/19/2006 10:57:30 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 7932 bytes | Modified Date = 5/21/2008 8:35:30 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 7932 bytes | Modified Date = 5/21/2008 8:35:30 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 3/19/2006 11:03:58 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11074 bytes | Modified Date = 3/30/2006 11:33:30 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] 4200Series -> %AllUsersProfile%\Application Data\4200Series -> [Folder | Modified Date = 4/12/2008 8:11:16 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 5/10/2008 10:47:46 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 5/11/2008 11:26:14 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 5/10/2008 10:39:12 PM | Attr = S] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1778 bytes | Modified Date = 3/17/2008 12:35:57 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 5/11/2008 11:35:41 AM | Attr = ] TaxCut -> %AllUsersProfile%\Application Data\TaxCut -> [Folder | Modified Date = 3/29/2008 9:43:21 AM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 3/2/2008 12:27:27 PM | Attr = ] 4200Series -> %AppData%\4200Series -> [Folder | Modified Date = 4/13/2008 6:48:05 AM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Modified Date = 5/10/2008 10:39:12 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 5/11/2008 11:26:20 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 5/11/2008 11:35:34 AM | Attr = ] TaxCut -> %AppData%\TaxCut -> [Folder | Modified Date = 3/29/2008 10:06:59 AM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 4/6/2008 5:33:22 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 5/10/2008 9:37:20 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 40448 bytes | Modified Date = 4/13/2008 5:49:04 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 3/2/2008 12:31:16 PM | Attr = ] Amer's Wedding -> %UserProfile%\My Documents\Amer's Wedding -> [Folder | Modified Date = 5/11/2008 11:30:23 PM | Attr = ] DeductionPro -> %UserProfile%\My Documents\DeductionPro -> [Folder | Modified Date = 4/2/2008 10:06:55 PM | Attr = ] Incomplete -> %UserProfile%\My Documents\Incomplete -> [Folder | Modified Date = 5/10/2008 8:50:42 PM | Attr = ] My Moviews -> %UserProfile%\My Documents\My Moviews -> [Folder | Modified Date = 3/11/2008 11:17:16 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 5/10/2008 3:53:36 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 5/4/2008 12:53:27 PM | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 2/22/2008 2:58:17 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 570 bytes | Modified Date = 5/21/2008 7:26:32 AM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 3/11/2008 11:17:16 PM | Attr = R ] Resumes -> %UserProfile%\My Documents\Resumes -> [Folder | Modified Date = 5/1/2008 7:53:25 AM | Attr = ] TaxCut -> %UserProfile%\My Documents\TaxCut -> [Folder | Modified Date = 4/10/2008 6:49:57 PM | Attr = ] Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 5/10/2008 10:47:04 PM | Attr = ] Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 5/10/2008 10:47:03 PM | Attr = ] DeductionPro 2007.lnk -> %AllUsersProfile%\Desktop\DeductionPro 2007.lnk -> [Ver = | Size = 1479 bytes | Modified Date = 3/29/2008 10:50:56 AM | Attr = ] H&R Block TaxCut 2007.lnk -> %AllUsersProfile%\Desktop\H&R Block TaxCut 2007.lnk -> [Ver = | Size = 1624 bytes | Modified Date = 3/29/2008 10:48:28 AM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 5/17/2008 8:13:13 PM | Attr = ] Lexmark 4200 Series All-In-One Center.lnk -> %AllUsersProfile%\Desktop\Lexmark 4200 Series All-In-One Center.lnk -> [Ver = | Size = 763 bytes | Modified Date = 4/12/2008 8:12:18 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 5/11/2008 11:26:15 AM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 5/11/2008 11:35:37 AM | Attr = ] Windows Live Messenger .lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger .lnk -> [Ver = | Size = 1827 bytes | Modified Date = 3/2/2008 12:29:36 PM | Attr = ] 1211372440646-integrated.jnlp -> %UserProfile%\Desktop\1211372440646-integrated.jnlp -> [Ver = | Size = 1251 bytes | Modified Date = 5/21/2008 8:20:49 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\1211372440646-integrated.jnlp:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 5/12/2008 7:41:42 AM | Attr = ] jre-6u6-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe -> [Ver = | Size = 15951256 bytes | Modified Date = 5/21/2008 8:31:45 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 5/21/2008 7:32:09 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 543214 bytes | Modified Date = 5/21/2008 7:30:46 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Taxes 2007.xls -> %UserProfile%\Desktop\Taxes 2007.xls -> [Ver = | Size = 14848 bytes | Modified Date = 4/1/2008 7:43:13 AM | Attr = ] Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk -> [Ver = | Size = 782 bytes | Modified Date = 3/7/2008 9:36:54 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 5/21/2008 8:37:36 AM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 3/2/2008 12:28:38 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 3/2/2008 12:28:28 PM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 5/11/2008 11:34:48 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]