[code] OTScanIt logfile created on: 7/25/2008 12:23:52 AM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Lucas Spencer\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.32% Memory free 3.35 Gb Paging File | 2.98 Gb Available in Paging File | 88.92% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.31 Gb Total Space | 59.28 Gb Free Space | 41.08% Space Free | Partition Type: NTFS Drive D: | 6.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF E: Drive not present or media not loaded Drive F: | 298.02 Gb Total Space | 283.46 Gb Free Space | 95.12% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FAMILYONE Current User Name: Lucas Spencer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] lexbces.exe -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 12:42:14 PM | Attr = ] lexpps.exe -> %SystemRoot%\SYSTEM32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 4/17/2006 12:41:24 PM | Attr = ] photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/9/2005 3:24:30 AM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 2/7/2007 11:14:08 AM | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Application Accelerator\IAANTmon.exe -> Intel Corporation [Ver = 4.5.0.6515 | Size = 73852 bytes | Modified Date = 6/29/2004 12:22:56 PM | Attr = ] lxrjd31s.exe -> %SystemRoot%\SYSTEM32\LxrJD31s.exe -> [Ver = | Size = 71168 bytes | Modified Date = 2/17/2007 4:22:47 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] pnkbstra.exe -> %SystemRoot%\SYSTEM32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 9/25/2007 8:50:38 PM | Attr = ] wdbtnmgrsvc.exe -> %ProgramFiles%\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -> WDC [Ver = 2, 0, 67, 0 | Size = 106496 bytes | Modified Date = 2/19/2008 2:15:38 AM | Attr = ] xcommsvr.exe -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 11/27/2007 4:46:32 PM | Attr = ] livesrv.exe -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 1, 87 | Size = 1155072 bytes | Modified Date = 7/2/2008 9:32:45 AM | Attr = ] vsserv.exe -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 444 | Size = 1253376 bytes | Modified Date = 7/2/2008 9:32:44 AM | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Application Accelerator\IAAnotif.exe -> Intel Corporation [Ver = 4.5.0.6515 | Size = 135168 bytes | Modified Date = 6/29/2004 12:23:32 PM | Attr = ] smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 1:42:54 PM | Attr = ] cpf.exe -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 2/7/2007 11:15:21 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] bdagent.exe -> %ProgramFiles%\BitDefender\BitDefender 2008\bdagent.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 179 | Size = 368640 bytes | Modified Date = 7/2/2008 9:32:43 AM | Attr = ] wdbtnmgrui.exe -> %ProgramFiles%\Western Digital\WD Drive Manager\WDBtnMgrUI.exe -> WDC [Ver = 2, 0, 55, 0 | Size = 438272 bytes | Modified Date = 2/19/2008 2:13:28 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] cpfupdat.exe -> %ProgramFiles%\Comodo\Firewall\cpfupdat.exe -> COMODO [Ver = 2.4.0.4 | Size = 1266256 bytes | Modified Date = 2/7/2007 11:16:58 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 9/1/2006 9:23:09 AM | Attr = ] (AdobeActiveFileMonitor4.0) Adobe Active File Monitor V4 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/9/2005 3:24:30 AM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found (CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 2/7/2007 11:14:08 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] (IAANTMon) IAA Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Application Accelerator\IAANTmon.exe -> Intel Corporation [Ver = 4.5.0.6515 | Size = 73852 bytes | Modified Date = 6/29/2004 12:22:56 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 12:42:14 PM | Attr = ] (LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 1, 87 | Size = 1155072 bytes | Modified Date = 7/2/2008 9:32:45 AM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE -> File not found (LxrJD31s) Lexar JD31 [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LxrJD31s.exe -> [Ver = | Size = 71168 bytes | Modified Date = 2/17/2007 4:22:47 PM | Attr = ] (McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Stopped] -> %ProgramFiles%\mcafee.com\agent\mcdetect.exe -> File not found (McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\mcafee.com\agent\mctskshd.exe -> File not found (mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> File not found (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 9/25/2007 8:50:38 PM | Attr = ] (VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 444 | Size = 1253376 bytes | Modified Date = 7/2/2008 9:32:44 AM | Attr = ] (WDBtnMgrSvc.exe) WD Drive Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -> WDC [Ver = 2, 0, 67, 0 | Size = 106496 bytes | Modified Date = 2/19/2008 2:15:38 AM | Attr = ] (XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 11/27/2007 4:46:32 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BDAgent -> %ProgramFiles%\BitDefender\BitDefender 2008\bdagent.exe ["C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"] -> BitDefender S.R.L. [Ver = 11, 0, 0, 179 | Size = 368640 bytes | Modified Date = 7/2/2008 9:32:43 AM | Attr = ] BitDefender Antiphishing Helper -> %ProgramFiles%\BitDefender\BitDefender 2008\IEShow.exe ["C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"] -> BitDefender [Ver = 11, 0, 0, 5 | Size = 61440 bytes | Modified Date = 10/9/2007 3:46:58 PM | Attr = ] Comodo Firewall -> %ProgramFiles%\Comodo\Firewall\cpf.exe ["C:\Program Files\Comodo\Firewall\CPF.exe" /background] -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 2/7/2007 11:15:21 AM | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Application Accelerator\IAAnotif.exe [C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe] -> Intel Corporation [Ver = 4.5.0.6515 | Size = 135168 bytes | Modified Date = 6/29/2004 12:23:32 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] NvCplDaemon -> %SystemRoot%\SYSTEM32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] NvMediaCenter -> %SystemRoot%\SYSTEM32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] nwiz -> %SystemRoot%\SYSTEM32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1626112 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr = ] SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 1:42:54 PM | Attr = ] WD Drive Manager -> %ProgramFiles%\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe] -> WDC [Ver = 2, 0, 55, 0 | Size = 438272 bytes | Modified Date = 2/19/2008 2:13:28 AM | Attr = ] < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> InstallShieldSetup -> %ProgramFiles%\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe [C:\PROGRA~1\INSTAL~1\{C0698~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{C0698~1\reboot.ini -l0x9] -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 5/24/2006 3:10:42 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 12:43:40 PM | Attr = RHS] < Run [HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\] > -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 12:43:40 PM | Attr = RHS] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Lucas Spencer Startup Folder > -> C:\Documents and Settings\Lucas Spencer\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\SYSTEM32\USERINIT.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\SYSTEM32\LOGONUI.EXE -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\SYSDM.CPL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005] > -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005] > -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\CDROM.SYS [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_DVD-ROM_DDU1615____________________FDS3____\5&112e410&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomPHILIPS_DVD+-RW_DVD8801_________________AD21____\5&112e410&0&0.1.0 -> < Drives - Autoruns > -> -> Autorun.inf [[autorun] | open=Launch.exe | icon=setup.ico | ] -> D:\Autorun.inf [ UDF ] -> [Ver = | Size = 44 bytes | Modified Date = 7/16/2007 5:07:53 AM | Attr = R ] autorun.inf [[autorun] | open=WDSetup.exe | ICON=AUTORUN\WDLOGO.ICO | ] -> F:\autorun.inf [ FAT32 ] -> [Ver = | Size = 54 bytes | Modified Date = 2/25/2008 10:30:42 AM | Attr = H ] < HOSTS File > (237599 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.dell4me.com/myway -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-19\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-20\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\] > -> -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4391 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4416 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4416 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4416 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4186 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4186 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\] > -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4416 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\] > -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {103C8C3E-AC7D-48A1-80B5-36A59D5D1FB0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {959EA647-A61C-4B67-A119-CEC6E12B1478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\] > -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\NPJPI150_09.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 4:25:43 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ] {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\NPJPI150_09.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 4:25:43 AM | Attr = ] CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\NPJPI150_09.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 4:25:43 AM | Attr = ] CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\NPJPI150_09.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 4:25:43 AM | Attr = ] CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\] > -> HKEY_USERS\S-1-5-21-3935541741-1166680662-2107391726-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\NPJPI150_09.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 4:25:43 AM | Attr = ] CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {05E4D3FF-4DB1-4499-99D0-515719F2BE41} -> () -> {A85F4184-A5C0-4EEE-AE6A-F9D0301D18C3} -> (Broadcom NetXtreme 57xx Gigabit Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 2/1/2008 5:22:12 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[StagingUI Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {27527D31-447B-11D5-A46E-0001023B4289}[HKEY_LOCAL_MACHINE] -> http://gamingzone.ubisoft.com/dev/packages/GSManager.cab[CoGSManager Class] -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[MSN Games – Buddy Invite] -> {406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www.costcophotocenter.com/CostcoActivia.cab[Snapfish Activia] -> {5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[ZonePAChat Object] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {6E5E167B-1566-4316-B27F-0DDAB3484CF7}[HKEY_LOCAL_MACHINE] -> http://www.winkflash.com/photo/loaders/ImageUploader4.cab[Image Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> {BCF9A64D-1440-4404-863C-F5DF2B99F798}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/zpa_catan.cab55579.cab[MSN Games - Catan Online] -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://active.macromedia.com/flash2/cabs/swflash.cab[Shockwave Flash Object] -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[MSN Games – Game Communicator] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/catan.dat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/catan.dat\\.Owner -> {BCF9A64D-1440-4404-863C-F5DF2B99F798} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/catan.dat\\{BCF9A64D-1440-4404-863C-F5DF2B99F798} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/GSManager.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/GSManager.dll\\.Owner -> {27527D31-447B-11D5-A46E-0001023B4289} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/GSManager.dll\\{27527D31-447B-11D5-A46E-0001023B4289} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\.Owner -> {6E5E167B-1566-4316-B27F-0DDAB3484CF7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\{6E5E167B-1566-4316-B27F-0DDAB3484CF7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\.Owner -> {05D44720-58E3-49E6-BDF6-D00330E511D3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\{05D44720-58E3-49E6-BDF6-D00330E511D3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\.Owner -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll\\.Owner -> {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\.Owner -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\.Owner -> {5736C456-EA94-4AAC-BB08-917ABDD035B3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Catan.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Catan.dll\\.Owner -> {BCF9A64D-1440-4404-863C-F5DF2B99F798} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Catan.dll\\{BCF9A64D-1440-4404-863C-F5DF2B99F798} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{6E5E167B-1566-4316-B27F-0DDAB3484CF7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] C:\WINDOWS\system32\awtssrsR -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 752 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\SCECLI.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\SYSTEM32\NTMARTA.DLL [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> F3 45 C7 AB 6F 28 C4 23 21 A3 DC E2 FE A4 BE 14 39 31 31 66 36 39 38 38 00 00 00 00 07 5B 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 A8 6C 15 A8 36 F2 1F 26 1B C8 19 91 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 43 91 5B 48 85 A5 BD 49 DA [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 55 94 C4 7A 49 99 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\SYSTEM32\IISSUBA.DLL [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 37 46 31 B6 B7 51 E9 C9 3E 11 F5 FB 94 CB CC 20 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 90 69 BF 57 08 E4 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 68 B1 78 FB 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 F8 16 2E C9 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 68 B1 78 FB 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 23733 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\IPNATHLP.DLL [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Call of Duty\CoDMP.exe -> %ProgramFiles%\Call of Duty\CoDMP.exe [C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubi Soft\IL2 Sturmovik\il2.exe -> %ProgramFiles%\Ubi Soft\IL2 Sturmovik\il2.exe [C:\Program Files\Ubi Soft\IL2 Sturmovik\il2.exe:*:Enabled:IL-2 Sturmovik] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\Pacific Fighters\pf.exe -> %ProgramFiles%\Ubisoft\Pacific Fighters\pf.exe [C:\Program Files\Ubisoft\Pacific Fighters\pf.exe:*:Enabled:Pacific Fighters] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ubi.com\Core\GS4.exe -> %ProgramFiles%\ubi.com\Core\GS4.exe [C:\Program Files\ubi.com\Core\GS4.exe:*:Enabled:Play Online!] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\SilentHunterIII\sh3.exe -> %ProgramFiles%\Ubisoft\SilentHunterIII\sh3.exe [C:\Program Files\Ubisoft\SilentHunterIII\sh3.exe:*:Enabled:Silent Hunter III] -> Ubisoft [Ver = 1, 4, 0, 1 | Size = 991149 bytes | Modified Date = 6/14/2005 8:05:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\SilentHunterIII\Support\detectiontool\SH3DetectionTool\sh3_detection.exe -> %ProgramFiles%\Ubisoft\SilentHunterIII\Support\detectiontool\SH3DetectionTool\sh3_detection.exe [C:\Program Files\Ubisoft\SilentHunterIII\Support\detectiontool\SH3DetectionTool\sh3_detection.exe:*:Enabled:Detection Tool] -> [Ver = | Size = 131072 bytes | Modified Date = 2/14/2005 3:43:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Dell\Network Guide\netguide.exe -> %ProgramFiles%\Dell\Network Guide\netguide.exe [C:\Program Files\Dell\Network Guide\netguide.exe:*:Enabled:Dell Networking Guide] -> [Ver = 1.0.1205.0 | Size = 1231424 bytes | Modified Date = 2/13/2003 9:31:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe -> %ProgramFiles%\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe [C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:PF+FB+AEP] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\InvokeSvc2.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\InvokeSvc2.exe [C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\InvokeSvc2.exe:*:Enabled:Wireless Network Monitor] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Linksys Wireless-G Wireless Network Monitor\InvokeSvc2.exe -> %ProgramFiles%\Linksys Wireless-G Wireless Network Monitor\InvokeSvc2.exe [C:\Program Files\Linksys Wireless-G Wireless Network Monitor\InvokeSvc2.exe:*:Enabled:Wireless Network Monitor] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Belkin\Belkin Wireless Utility\wcu.exe -> %ProgramFiles%\Belkin\Belkin Wireless Utility\wcu.exe [C:\Program Files\Belkin\Belkin Wireless Utility\wcu.exe:*:Enabled:Belkin Wireless Client Utility] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\LEXPPS.EXE -> %SystemRoot%\SYSTEM32\LEXPPS.EXE [C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 4/17/2006 12:41:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\Demo\Gearbox Software\BrothersInArmsEiB\System\EiB.exe -> %ProgramFiles%\Ubisoft\Demo\Gearbox Software\BrothersInArmsEiB\System\EiB.exe [C:\Program Files\Ubisoft\Demo\Gearbox Software\BrothersInArmsEiB\System\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe -> %ProgramFiles%\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe [C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server] -> [Ver = | Size = 4296704 bytes | Modified Date = 9/9/2005 4:51:30 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\1701 A.D. Demo\1701_Demo.exe -> %ProgramFiles%\1701 A.D. Demo\1701_Demo.exe [C:\Program Files\1701 A.D. Demo\1701_Demo.exe:*:Enabled:1701 A.D. Demo] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 2\BattleField2.exe -> %ProgramFiles%\EA GAMES\Battlefield 2\BattleField2.exe [C:\Program Files\EA GAMES\Battlefield 2\BattleField2.exe:*:Enabled:BattleField2] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\steam.exe -> %ProgramFiles%\Steam\steam.exe [C:\Program Files\Steam\steam.exe:*:Enabled:Steam] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 4/26/2008 10:54:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\tisoy505\team fortress 2\hl2.exe -> %ProgramFiles%\Steam\SteamApps\tisoy505\team fortress 2\hl2.exe [C:\Program Files\Steam\SteamApps\tisoy505\team fortress 2\hl2.exe:*:Enabled:hl2] -> [Ver = | Size = 98304 bytes | Modified Date = 7/4/2008 10:59:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe -> %ProgramFiles%\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe:*:Enabled:il2fb] -> [Ver = | Size = 159744 bytes | Modified Date = 8/16/2007 1:09:07 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft LifeCam\LifeExp.exe -> %ProgramFiles%\Microsoft LifeCam\LifeExp.exe [C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe] -> Microsoft Corporation [Ver = 1.21.113.0 | Size = 277296 bytes | Modified Date = 10/13/2006 6:01:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft LifeCam\LifeCam.exe -> %ProgramFiles%\Microsoft LifeCam\LifeCam.exe [C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe] -> Microsoft Corporation [Ver = 1.21.113.0 | Size = 4201264 bytes | Modified Date = 10/13/2006 6:04:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe -> %ProgramFiles%\Activision\Call of Duty 2\CoD2MP_s.exe [C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 3/30/2008 10:36:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.248 | Size = 21898024 bytes | Modified Date = 2/1/2008 5:22:12 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\tisoy505\day of defeat source\hl2.exe -> %ProgramFiles%\Steam\SteamApps\tisoy505\day of defeat source\hl2.exe [C:\Program Files\Steam\SteamApps\tisoy505\day of defeat source\hl2.exe:*:Enabled:hl2] -> [Ver = | Size = 98304 bytes | Modified Date = 7/23/2008 2:03:10 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\21000:TCP -> 21000:TCP:*:Enabled:Pacific Fighters -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 272 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\SYSTEM32\SVCHOST.EXE [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\WUAUSERV.DLL [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\REGSVC.DLL [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\SYSTEM32\TLNTSVR.EXE [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> [binary data] -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^Alicia Spencer^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr = ] C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %SystemDrive%\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE -> File not found C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk -> %SystemDrive%\PROGRA~1\DIGITA~1\DLG.exe -> File not found < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> Adobe Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Photoshop Elements 4.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.53237 | Size = 57344 bytes | Modified Date = 9/9/2005 1:18:10 AM | Attr = ] Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] ddoctorv2 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Comcast\Desktop Doctor\bin\sprtcmd.exe -> File not found DellSupport hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\DellSupport\DSAgnt.exe -> File not found DellSupportCenter hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> File not found dscactivate hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe -> File not found DVDLauncher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 57344 bytes | Modified Date = 10/12/2004 5:54:30 PM | Attr = ] EA Core hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Electronic Arts\EADM\Core.exe -> Electronic Arts [Ver = 4.0.0.168 | Size = 2494464 bytes | Modified Date = 12/4/2007 5:57:56 AM | Attr = ] [Files/Folders - Created Within 90 days] B0000000.JPG -> %SystemDrive%\B0000000.JPG -> [Ver = | Size = 567406 bytes | Created Date = 4/29/2008 9:08:53 AM | Attr = ] B0000001.JPG -> %SystemDrive%\B0000001.JPG -> [Ver = | Size = 551273 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000002.JPG -> %SystemDrive%\B0000002.JPG -> [Ver = | Size = 614021 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000003.JPG -> %SystemDrive%\B0000003.JPG -> [Ver = | Size = 574801 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000004.JPG -> %SystemDrive%\B0000004.JPG -> [Ver = | Size = 584153 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000005.JPG -> %SystemDrive%\B0000005.JPG -> [Ver = | Size = 606329 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000006.JPG -> %SystemDrive%\B0000006.JPG -> [Ver = | Size = 599389 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000007.JPG -> %SystemDrive%\B0000007.JPG -> [Ver = | Size = 593704 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000008.JPG -> %SystemDrive%\B0000008.JPG -> [Ver = | Size = 604228 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000009.JPG -> %SystemDrive%\B0000009.JPG -> [Ver = | Size = 592393 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000010.JPG -> %SystemDrive%\B0000010.JPG -> [Ver = | Size = 606609 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000011.JPG -> %SystemDrive%\B0000011.JPG -> [Ver = | Size = 574186 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000012.JPG -> %SystemDrive%\B0000012.JPG -> [Ver = | Size = 593424 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000013.JPG -> %SystemDrive%\B0000013.JPG -> [Ver = | Size = 613639 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000014.JPG -> %SystemDrive%\B0000014.JPG -> [Ver = | Size = 570623 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000015.JPG -> %SystemDrive%\B0000015.JPG -> [Ver = | Size = 589128 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000016.JPG -> %SystemDrive%\B0000016.JPG -> [Ver = | Size = 593660 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000017.JPG -> %SystemDrive%\B0000017.JPG -> [Ver = | Size = 572877 bytes | Created Date = 4/29/2008 9:08:54 AM | Attr = ] B0000018.JPG -> %SystemDrive%\B0000018.JPG -> [Ver = | Size = 568430 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000019.JPG -> %SystemDrive%\B0000019.JPG -> [Ver = | Size = 583741 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000020.JPG -> %SystemDrive%\B0000020.JPG -> [Ver = | Size = 587488 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000021.JPG -> %SystemDrive%\B0000021.JPG -> [Ver = | Size = 593759 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000022.JPG -> %SystemDrive%\B0000022.JPG -> [Ver = | Size = 599369 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000023.JPG -> %SystemDrive%\B0000023.JPG -> [Ver = | Size = 610426 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000024.JPG -> %SystemDrive%\B0000024.JPG -> [Ver = | Size = 597877 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000025.JPG -> %SystemDrive%\B0000025.JPG -> [Ver = | Size = 597796 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000026.JPG -> %SystemDrive%\B0000026.JPG -> [Ver = | Size = 607625 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000027.JPG -> %SystemDrive%\B0000027.JPG -> [Ver = | Size = 591016 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000028.JPG -> %SystemDrive%\B0000028.JPG -> [Ver = | Size = 574518 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000029.MPG -> %SystemDrive%\B0000029.MPG -> [Ver = | Size = 15026384 bytes | Created Date = 4/29/2008 9:08:55 AM | Attr = ] B0000030.MPG -> %SystemDrive%\B0000030.MPG -> [Ver = | Size = 58582418 bytes | Created Date = 4/29/2008 9:08:56 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145554432 bytes | Created Date = 4/27/2008 9:20:56 AM | Attr = HS] My Catalog.buc -> %SystemDrive%\My Catalog.buc -> [Ver = | Size = 12587008 bytes | Created Date = 4/29/2008 9:08:53 AM | Attr = ] My Pictures -> %SystemDrive%\My Pictures -> [Folder | Created Date = 4/27/2008 11:23:43 AM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 5/14/2008 10:44:15 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 5/14/2008 10:44:22 PM | Attr = H ] bdod.bin -> %SystemRoot%\System32\bdod.bin -> [Ver = | Size = 81984 bytes | Created Date = 7/3/2008 3:28:02 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2958 bytes | Created Date = 4/27/2008 9:12:51 AM | Attr = ] bdagent.INI -> %SystemRoot%\bdagent.INI -> [Ver = | Size = 121 bytes | Created Date = 4/26/2008 2:45:43 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] BitDefender -> %AllUsersProfile%\Application Data\BitDefender -> [Folder | Created Date = 4/26/2008 12:35:40 PM | Attr = ] MemeoCommon -> %AllUsersProfile%\Application Data\MemeoCommon -> [Folder | Created Date = 6/9/2008 2:41:08 PM | Attr = ] Bitdefender -> %AppData%\Bitdefender -> [Folder | Created Date = 4/26/2008 12:36:09 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Created Date = 7/23/2008 6:45:42 PM | Attr = ] Skype -> %AppData%\Skype -> [Folder | Created Date = 5/9/2008 5:15:42 PM | Attr = ] WD -> %AppData%\WD -> [Folder | Created Date = 6/9/2008 2:39:33 PM | Attr = ] american-flag-2a.jpg -> %UserProfile%\Desktop\american-flag-2a.jpg -> [Ver = | Size = 55896 bytes | Created Date = 7/4/2008 8:58:21 AM | Attr = ] HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 7/24/2008 3:27:11 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 7/25/2008 12:20:31 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 7/24/2008 11:17:52 PM | Attr = ] Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk -> [Ver = | Size = 782 bytes | Created Date = 5/18/2008 8:25:41 AM | Attr = ] Work -> %UserProfile%\Desktop\Work -> [Folder | Created Date = 6/21/2008 6:40:14 PM | Attr = ] BitDefender -> %CommonProgramFiles%\BitDefender -> [Folder | Created Date = 4/26/2008 12:34:54 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 6/8/2008 6:13:28 PM | Attr = ] BitDefender -> %ProgramFiles%\BitDefender -> [Folder | Created Date = 4/26/2008 12:35:40 PM | Attr = ] Coupons -> %ProgramFiles%\Coupons -> [Folder | Created Date = 6/2/2008 11:49:50 AM | Attr = ] Cragun.Net -> %ProgramFiles%\Cragun.Net -> [Folder | Created Date = 6/21/2008 6:52:49 PM | Attr = ] Eclipse Marketing Inc -> %ProgramFiles%\Eclipse Marketing Inc -> [Folder | Created Date = 6/21/2008 6:40:51 PM | Attr = ] Microsoft ActiveSync -> %ProgramFiles%\Microsoft ActiveSync -> [Folder | Created Date = 6/8/2008 6:13:30 PM | Attr = ] Microsoft IntelliPoint -> %ProgramFiles%\Microsoft IntelliPoint -> [Folder | Created Date = 7/16/2008 10:03:07 PM | Attr = ] Microsoft Visual Studio -> %ProgramFiles%\Microsoft Visual Studio -> [Folder | Created Date = 6/8/2008 6:13:15 PM | Attr = ] Netflix -> %ProgramFiles%\Netflix -> [Folder | Created Date = 5/14/2008 10:06:12 PM | Attr = ] New Folder -> %ProgramFiles%\New Folder -> [Folder | Created Date = 4/27/2008 11:23:00 AM | Attr = ] SEGA -> %ProgramFiles%\SEGA -> [Folder | Created Date = 7/23/2008 6:48:13 PM | Attr = ] Western Digital -> %ProgramFiles%\Western Digital -> [Folder | Created Date = 6/9/2008 1:47:28 PM | Attr = ] Western Digital Technologies -> %ProgramFiles%\Western Digital Technologies -> [Folder | Created Date = 6/9/2008 1:47:51 PM | Attr = ] Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 -> [Folder | Created Date = 5/14/2008 10:46:06 PM | Attr = ] [Files/Folders - Modified Within 90 days] BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 209 bytes | Modified Date = 7/23/2008 10:25:01 AM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 7/23/2008 7:05:32 PM | Attr = ] DC6810xp-001.raw -> %SystemDrive%\DC6810xp-001.raw -> [Ver = | Size = 230424 bytes | Modified Date = 6/22/2008 5:54:49 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145554432 bytes | Modified Date = 7/24/2008 3:20:34 PM | Attr = HS] My Catalog.buc -> %SystemDrive%\My Catalog.buc -> [Ver = | Size = 12587008 bytes | Modified Date = 4/29/2008 9:06:20 AM | Attr = ] My Pictures -> %SystemDrive%\My Pictures -> [Folder | Modified Date = 6/9/2008 2:41:43 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/23/2008 6:48:13 PM | Attr = R ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 7/22/2008 9:59:05 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/24/2008 11:19:31 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 5/6/2008 11:55:40 PM | Attr = ] ETC -> %SystemRoot%\System32\drivers\ETC -> [Folder | Modified Date = 6/27/2008 7:57:30 AM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\ETC\HOSTS -> [Ver = | Size = 237599 bytes | Modified Date = 6/27/2008 7:57:30 AM | Attr = R ] hosts.20080502-185552.backup -> %SystemRoot%\System32\drivers\ETC\hosts.20080502-185552.backup -> [Ver = | Size = 237531 bytes | Modified Date = 4/27/2008 9:16:37 AM | Attr = ] hosts.20080626-203413.backup -> %SystemRoot%\System32\drivers\ETC\hosts.20080626-203413.backup -> [Ver = | Size = 237599 bytes | Modified Date = 5/2/2008 6:55:52 PM | Attr = R ] hosts.20080627-075721.backup -> %SystemRoot%\System32\drivers\ETC\hosts.20080627-075721.backup -> [Ver = | Size = 237599 bytes | Modified Date = 6/26/2008 8:34:13 PM | Attr = R ] hosts.20080627-075730.backup -> %SystemRoot%\System32\drivers\ETC\hosts.20080627-075730.backup -> [Ver = | Size = 237599 bytes | Modified Date = 6/27/2008 7:57:21 AM | Attr = R ] PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 6/9/2008 6:37:56 PM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 5/14/2008 10:45:07 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 5/14/2008 10:44:22 PM | Attr = H ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 5/14/2008 10:46:23 PM | Attr = ] bdod.bin -> %SystemRoot%\System32\bdod.bin -> [Ver = | Size = 81984 bytes | Modified Date = 7/25/2008 12:23:50 AM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 5/15/2008 11:48:38 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/23/2008 1:59:55 PM | Attr = ] CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,1,222,0 | Size = 107888 bytes | Modified Date = 7/23/2008 6:45:09 PM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 4/26/2008 2:54:13 PM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 7/23/2008 7:06:02 PM | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 7/16/2008 7:59:05 PM | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 7/23/2008 10:54:21 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 6/9/2008 1:47:28 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 214320 bytes | Modified Date = 6/9/2008 1:37:56 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 5/14/2008 10:44:15 PM | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 5/14/2008 10:46:23 PM | Attr = ] PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT -> [Ver = | Size = 65044 bytes | Modified Date = 6/12/2008 1:08:14 PM | Attr = ] PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT -> [Ver = | Size = 410574 bytes | Modified Date = 6/12/2008 1:08:14 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 480538 bytes | Modified Date = 6/12/2008 1:08:14 PM | Attr = ] PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Modified Date = 6/9/2008 6:32:59 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 5/6/2008 11:55:40 PM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 7/16/2008 10:01:03 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2958 bytes | Modified Date = 4/27/2008 9:16:40 AM | Attr = ] WBEM -> %SystemRoot%\System32\WBEM -> [Folder | Modified Date = 6/12/2008 1:08:14 PM | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 2206 bytes | Modified Date = 7/24/2008 3:22:20 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 7/8/2008 3:16:56 PM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 5/14/2008 10:49:26 PM | Attr = ] ASSEMBLY -> %SystemRoot%\ASSEMBLY -> [Folder | Modified Date = 7/23/2008 7:06:01 PM | Attr = R S] bdagent.INI -> %SystemRoot%\bdagent.INI -> [Ver = | Size = 121 bytes | Modified Date = 7/24/2008 3:19:40 PM | Attr = ] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 7/24/2008 3:20:38 PM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 7/12/2008 10:30:15 PM | Attr = ] dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 399 bytes | Modified Date = 6/13/2008 7:25:54 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/8/2008 9:06:01 PM | Attr = S] EHOME -> %SystemRoot%\EHOME -> [Folder | Modified Date = 5/15/2008 11:48:39 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/9/2008 9:15:57 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/14/2008 10:46:03 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/11/2008 9:04:30 AM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 7/23/2008 7:06:01 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/23/2008 7:05:32 PM | Attr = HS] lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 307 bytes | Modified Date = 7/21/2008 7:29:38 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 6/18/2008 6:10:41 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/25/2008 12:20:46 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 7/24/2008 3:21:42 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/15/2008 8:15:12 AM | Attr = ] SECURITY -> %SystemRoot%\SECURITY -> [Folder | Modified Date = 4/27/2008 9:20:28 AM | Attr = ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 6/8/2008 6:13:33 PM | Attr = ] SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 7/23/2008 10:25:01 AM | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 7/24/2008 11:51:46 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/25/2008 12:23:52 AM | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 654 bytes | Modified Date = 7/23/2008 10:25:01 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/26/2008 12:35:58 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 7/24/2008 4:57:04 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/24/2008 3:20:48 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS -> [Folder | Modified Date = 5/15/2008 3:22:03 PM | Attr = ] eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-0.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/23/2008 9:39:18 AM | Attr = H ] eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-1.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/24/2008 9:17:38 AM | Attr = H ] eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-10.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/26/2008 2:47:42 PM | Attr = H ] eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-11.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/26/2008 3:28:48 PM | Attr = H ] eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-12.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/26/2008 4:37:06 PM | Attr = H ] eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-13.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/27/2008 9:03:15 AM | Attr = H ] eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-14.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/27/2008 9:22:10 AM | Attr = H ] eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-15.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/27/2008 4:15:31 PM | Attr = H ] eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-16.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/29/2008 9:59:39 PM | Attr = H ] eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-17.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/3/2008 12:12:27 PM | Attr = H ] eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-18.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/3/2008 2:39:52 PM | Attr = H ] eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-19.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/3/2008 4:57:10 PM | Attr = H ] eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-2.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/24/2008 5:20:49 PM | Attr = H ] eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-20.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/3/2008 9:12:46 PM | Attr = H ] eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-21.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/3/2008 10:33:18 PM | Attr = H ] eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-22.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/4/2008 2:42:36 PM | Attr = H ] eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-23.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/4/2008 8:25:49 PM | Attr = H ] eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-24.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/5/2008 12:06:34 PM | Attr = H ] eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-25.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/5/2008 12:36:12 PM | Attr = H ] eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-26.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/5/2008 7:24:11 PM | Attr = H ] eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-27.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/6/2008 8:17:50 AM | Attr = H ] eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-28.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/6/2008 10:11:25 PM | Attr = H ] eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-29.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/7/2008 7:46:29 AM | Attr = H ] eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-3.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/25/2008 8:05:24 AM | Attr = H ] eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-30.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/7/2008 8:17:16 PM | Attr = H ] eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-31.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/8/2008 8:53:22 AM | Attr = H ] eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-32.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/8/2008 2:13:29 PM | Attr = H ] eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-33.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/8/2008 6:11:37 PM | Attr = H ] eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-34.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/8/2008 9:50:55 PM | Attr = H ] eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-35.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/8/2008 9:58:50 PM | Attr = H ] eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-36.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/9/2008 9:05:23 AM | Attr = H ] eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-37.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/9/2008 1:14:38 PM | Attr = H ] eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-38.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/9/2008 8:21:33 PM | Attr = H ] eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-39.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/9/2008 8:35:36 PM | Attr = H ] eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-4.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/25/2008 12:42:23 PM | Attr = H ] eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-40.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/9/2008 10:52:40 PM | Attr = H ] eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-41.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/10/2008 4:40:48 PM | Attr = H ] eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-42.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/11/2008 9:00:56 AM | Attr = H ] eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-43.dat -> [Ver = | Size = 268 bytes | Modified Date = 5/14/2008 7:29:04 AM | Attr = H ] eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-44.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/20/2008 10:34:10 PM | Attr = H ] eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-45.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/21/2008 8:59:07 AM | Attr = H ] eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-46.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/22/2008 9:04:53 AM | Attr = H ] eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-47.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/22/2008 9:28:51 PM | Attr = H ] eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-5.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/25/2008 5:18:21 PM | Attr = H ] eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-6.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/25/2008 7:50:21 PM | Attr = H ] eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-7.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/25/2008 10:17:36 PM | Attr = H ] eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-8.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/25/2008 11:28:35 PM | Attr = H ] eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\eHomeLog-9.dat -> [Ver = | Size = 268 bytes | Modified Date = 4/25/2008 11:32:46 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 12/17/2004 2:17:31 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5524 bytes | Modified Date = 7/24/2008 3:22:17 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5524 bytes | Modified Date = 7/24/2008 3:22:17 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/8/2008 6:13:46 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11088 bytes | Modified Date = 11/1/2007 10:23:55 PM | Attr = ] C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp -> [Folder | Modified Date = 7/25/2008 12:23:53 AM | Attr = ] CmdLineExtInstallerExe.exe -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\CmdLineExtInstallerExe.exe -> [Ver = | Size = 375992 bytes | Modified Date = 7/23/2008 6:45:08 PM | Attr = ] _is4B.exe -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\_is4B.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 5/24/2006 3:10:42 PM | Attr = R ] _is4C.exe -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\_is4C.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 5/24/2006 3:10:42 PM | Attr = R ] _isBE.exe -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\_isBE.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 11/19/2007 6:03:38 PM | Attr = R ] _isBF.exe -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\_isBF.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 11/19/2007 6:04:13 PM | Attr = R ] _isC0.exe -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\_isC0.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 11/19/2007 6:04:58 PM | Attr = R ] _isC1.exe -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\_isC1.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 11/19/2007 6:05:39 PM | Attr = R ] 6 C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp -> [Folder | Modified Date = 7/25/2008 12:23:53 AM | Attr = ] drm_dialogs.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\drm_dialogs.dll -> Sony DADC Austria AG [Ver = 1, 2, 0, 1 | Size = 65536 bytes | Modified Date = 7/23/2008 7:30:38 PM | Attr = ] drm_dyndata_7350007.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\drm_dyndata_7350007.dll -> Sony DADC Austria AG [Ver = 1, 0, 0, 3 | Size = 212992 bytes | Modified Date = 7/24/2008 11:19:49 PM | Attr = ] 6 C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{4A481332-427D-4301-8F31-EFD4B61412C3}\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{4A481332-427D-4301-8F31-EFD4B61412C3} -> [Folder | Modified Date = 7/23/2008 7:23:00 PM | Attr = ] ISSetup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{4A481332-427D-4301-8F31-EFD4B61412C3}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 11/19/2007 6:05:39 PM | Attr = R ] _Setup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{4A481332-427D-4301-8F31-EFD4B61412C3}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified Date = 11/19/2007 6:05:39 PM | Attr = R ] C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{4C6856E4-3D69-492D-A30F-25E9BDB3D3C5}\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{4C6856E4-3D69-492D-A30F-25E9BDB3D3C5} -> [Folder | Modified Date = 7/23/2008 7:19:28 PM | Attr = ] ISSetup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{4C6856E4-3D69-492D-A30F-25E9BDB3D3C5}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 11/19/2007 6:04:57 PM | Attr = R ] _Setup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{4C6856E4-3D69-492D-A30F-25E9BDB3D3C5}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified Date = 11/19/2007 6:04:58 PM | Attr = R ] C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{67B5551A-BEA6-4EA8-B440-44F8A3D8413E}\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{67B5551A-BEA6-4EA8-B440-44F8A3D8413E} -> [Folder | Modified Date = 7/23/2008 7:12:12 PM | Attr = ] ISSetup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{67B5551A-BEA6-4EA8-B440-44F8A3D8413E}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 11/19/2007 6:03:38 PM | Attr = R ] _Setup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{67B5551A-BEA6-4EA8-B440-44F8A3D8413E}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified Date = 11/19/2007 6:03:38 PM | Attr = R ] C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{CDBD2960-DA21-4A25-BE2B-FF4333AA55C3}\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{CDBD2960-DA21-4A25-BE2B-FF4333AA55C3} -> [Folder | Modified Date = 7/23/2008 7:23:11 PM | Attr = ] ISSetup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{CDBD2960-DA21-4A25-BE2B-FF4333AA55C3}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 11/19/2007 6:03:38 PM | Attr = R ] _Setup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{CDBD2960-DA21-4A25-BE2B-FF4333AA55C3}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified Date = 5/17/2006 2:21:06 PM | Attr = R ] C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{ED903E24-48F3-4570-83C6-E3983EE308A7}\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{ED903E24-48F3-4570-83C6-E3983EE308A7} -> [Folder | Modified Date = 7/23/2008 7:15:38 PM | Attr = ] ISSetup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{ED903E24-48F3-4570-83C6-E3983EE308A7}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 11/19/2007 6:04:13 PM | Attr = R ] _Setup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{ED903E24-48F3-4570-83C6-E3983EE308A7}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified Date = 11/19/2007 6:04:14 PM | Attr = R ] C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{F7AEA9ED-71DE-4A77-A28F-88D7C91FE34B}\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{F7AEA9ED-71DE-4A77-A28F-88D7C91FE34B} -> [Folder | Modified Date = 7/23/2008 7:06:32 PM | Attr = ] ISSetup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{F7AEA9ED-71DE-4A77-A28F-88D7C91FE34B}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 11/19/2007 5:49:54 PM | Attr = R ] _Setup.dll -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{F7AEA9ED-71DE-4A77-A28F-88D7C91FE34B}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified Date = 5/17/2006 2:21:06 PM | Attr = R ] C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp -> [Folder | Modified Date = 7/25/2008 12:23:53 AM | Attr = ] report.dat -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\report.dat -> [Ver = | Size = 16 bytes | Modified Date = 7/24/2008 3:19:31 PM | Attr = ] 6 C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{CDBD2960-DA21-4A25-BE2B-FF4333AA55C3}\ -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{CDBD2960-DA21-4A25-BE2B-FF4333AA55C3} -> [Folder | Modified Date = 7/23/2008 7:23:11 PM | Attr = ] setup.ini -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{CDBD2960-DA21-4A25-BE2B-FF4333AA55C3}\setup.ini -> [Ver = | Size = 493 bytes | Modified Date = 7/23/2008 6:45:38 PM | Attr = ] _isdel.ini -> C:\Documents and Settings\Lucas Spencer\Local Settings\Temp\{CDBD2960-DA21-4A25-BE2B-FF4333AA55C3}\_isdel.ini -> [Ver = | Size = 285 bytes | Modified Date = 7/23/2008 7:23:11 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 7/25/2008 12:23:52 AM | Attr = ] rtdrvmon.exe -> C:\WINDOWS\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 7/24/2008 3:21:04 PM | Attr = ] 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] BitDefender -> %AllUsersProfile%\Application Data\BitDefender -> [Folder | Modified Date = 4/26/2008 12:36:16 PM | Attr = ] MemeoCommon -> %AllUsersProfile%\Application Data\MemeoCommon -> [Folder | Modified Date = 6/9/2008 2:41:08 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 6/8/2008 6:11:52 PM | Attr = S] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 6/28/2008 2:14:17 PM | Attr = ] Bitdefender -> %AppData%\Bitdefender -> [Folder | Modified Date = 4/26/2008 12:36:09 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Modified Date = 7/23/2008 6:45:42 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 4/29/2008 1:15:50 PM | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 5/9/2008 5:24:03 PM | Attr = ] WD -> %AppData%\WD -> [Folder | Modified Date = 6/9/2008 2:39:33 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 7/24/2008 11:19:48 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4988064 bytes | Modified Date = 7/23/2008 12:44:20 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/1/2008 12:45:59 PM | Attr = ] SupportSoft -> %UserProfile%\Local Settings\Application Data\SupportSoft -> [Folder | Modified Date = 4/26/2008 3:04:18 PM | Attr = ] My Games -> %UserProfile%\My Documents\My Games -> [Folder | Modified Date = 4/26/2008 3:00:58 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 6/9/2008 2:53:20 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 7/23/2008 10:46:44 AM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 7/23/2008 10:45:48 AM | Attr = R ] american-flag-2a.jpg -> %UserProfile%\Desktop\american-flag-2a.jpg -> [Ver = | Size = 55896 bytes | Modified Date = 7/4/2008 8:58:21 AM | Attr = ] Firewall -> %UserProfile%\Desktop\Firewall -> [Folder | Modified Date = 4/27/2008 9:20:06 AM | Attr = ] Gs -> %UserProfile%\Desktop\Gs -> [Folder | Modified Date = 7/23/2008 7:28:58 PM | Attr = ] HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 7/24/2008 3:27:09 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 7/25/2008 12:23:36 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 7/24/2008 11:17:43 PM | Attr = ] Patches -> %UserProfile%\Desktop\Patches -> [Folder | Modified Date = 7/24/2008 7:46:08 AM | Attr = ] Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk -> [Ver = | Size = 782 bytes | Modified Date = 5/18/2008 8:25:41 AM | Attr = ] Work -> %UserProfile%\Desktop\Work -> [Folder | Modified Date = 6/21/2008 7:55:54 PM | Attr = ] BitDefender -> %CommonProgramFiles%\BitDefender -> [Folder | Modified Date = 4/26/2008 12:35:49 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 6/8/2008 6:13:28 PM | Attr = ] L&H -> %CommonProgramFiles%\L&H -> [Folder | Modified Date = 6/8/2008 6:13:40 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 6/8/2008 6:13:58 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]