Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32 Green Screen - Otscan


  • Please log in to reply
1 reply to this topic

#1 trostan

trostan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 14 September 2008 - 10:41 AM

>
> OTScanIt logfile created on: 9/14/2008 9:24:09 AM

> OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\DOWNLOADS\OTScanIt

> Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

> Internet Explorer (Version = 7.0.5730.13)

> Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

>

> 1013.90 Mb Total Physical Memory | 556.81 Mb Available Physical Memory | 54.92% Memory free

> 2.39 Gb Paging File | 2.10 Gb Available in Paging File | 87.98% Paging File free

> Paging file location(s): C:\pagefile.sys 1524 3048;

>

> %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

> Drive C: | 74.53 Gb Total Space | 29.52 Gb Free Space | 39.61% Space Free | Partition Type: NTFS

> D: Drive not present or media not loaded

> E: Drive not present or media not loaded

> F: Drive not present or media not loaded

> G: Drive not present or media not loaded

> H: Drive not present or media not loaded

> I: Drive not present or media not loaded

>

> Computer Name: TLR

> Current User Name: trostan

> Logged in as Administrator.

> Current Boot Mode: SafeMode with Networking

> Scan Mode: Current user

> Whitelist: On

>

> [Processes - Non-Microsoft Only]

> fpavserver.exe -> %ProgramFiles%\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -> FRISK Software International [Ver = 1.3.9.39 | Size = 45960 bytes | Modified Date = 4/21/2008 9:26:48 PM | Attr =	]

> superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 21, 0, 1004 | Size = 1576176 bytes | Modified Date = 9/3/2008 2:07:12 PM | Attr =	]

>

> [Win32 Services - Non-Microsoft Only]

> (Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 5/4/2008 5:30:51 PM | Attr =	]

> (FCWnx API Service) FCWnx API Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\GE\FCWnx\SPAPIService.exe -> GE Security [Ver = 7.0.2.0 | Size = 577536 bytes | Modified Date = 9/24/2007 2:08:00 PM | Attr =	]

> (FCWnx Diagnostics) FCWnx Diagnostics [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\GE\FCWnx\SPDiagnosticService.exe -> GE Security [Ver = 7.0.2.0 | Size = 249856 bytes | Modified Date = 8/29/2007 9:03:06 AM | Attr =	]

> (FCWnx Manager) FCWnx Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\GE\FCWnx\SPManagersService.exe -> GE Security [Ver = 7.0.2.0 | Size = 2138112 bytes | Modified Date = 9/24/2007 2:45:26 PM | Attr =	]

> (FCWnx Media Server) FCWnx Media Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\GE\FCWnx\FCWnxMS.exe -> GE Security [Ver = 1.0.0.0 | Size = 276992 bytes | Modified Date = 3/1/2007 2:09:06 PM | Attr =	]

> (FCWnx System Manager) FCWnx System Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\GE\FCWnx\SPSystemServ.exe -> GE Security [Ver = 7.0.1.0 | Size = 802816 bytes | Modified Date = 8/30/2007 12:57:30 PM | Attr =	]

> (FCWnxWebService) FCWnx WebService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\GE\FCWnx\FCWnxWS.exe -> GE Security [Ver = 7.0.2795.27957 | Size = 20480 bytes | Modified Date = 8/27/2007 5:02:04 PM | Attr =	]

> (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 4/28/2008 7:29:30 AM | Attr =	]

> (FPAVServer) F-PROT Antivirus for Windows system [Win32_Own | Auto | Running] -> %ProgramFiles%\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -> FRISK Software International [Ver = 1.3.9.39 | Size = 45960 bytes | Modified Date = 4/21/2008 9:26:48 PM | Attr =	]

> (LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 121360 bytes | Modified Date = 5/2/2008 2:42:06 AM | Attr =	]

> (Maxtor Sync Service) Maxtor Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 156976 bytes | Modified Date = 9/28/2007 12:24:36 PM | Attr =	]

> (stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 7/20/2006 7:25:04 PM | Attr =	]

> (wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\WLTRYSVC.EXE ->  [Ver =  | Size = 20480 bytes | Modified Date = 3/16/2007 6:10:54 PM | Attr =	]

>

> [Driver Services - Non-Microsoft Only]

> (APPDRV) APPDRV [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 8/12/2005 4:50:46 PM | Attr =	]

> (cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\drivers\cercsr6.sys -> Adaptec, Inc. [Ver = 4.1.0.7405 | Size = 39904 bytes | Modified Date = 12/13/2004 5:14:00 PM | Attr =	]

> (CyUsb) Notifier USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CyUsb.sys -> Cypress Semiconductor [Ver = 1.06.0527.0 Release built by: WinDDK | Size = 31104 bytes | Modified Date = 8/10/2005 9:50:48 AM | Attr = R  ]

> (FPAV_RTP) FPAV_RTP [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\FStopW.sys -> FRISK Software International [Ver = 4.4.4.4202 | Size = 592224 bytes | Modified Date = 3/28/2008 2:06:28 PM | Attr =	]

> (guardian2) guardian2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\oz776.sys -> O2Micro [Ver = 1.1.3.9 (+EMV1.3.7.3) | Size = 56576 bytes | Modified Date = 2/23/2007 3:47:34 PM | Attr =	]

> (LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidFilt.Sys -> Logitech, Inc. [Ver = 4.60.42.00 | Size = 35344 bytes | Modified Date = 2/29/2008 3:13:16 AM | Attr =	]

> (LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LMouFilt.Sys -> Logitech, Inc. [Ver = 4.60.42.00 | Size = 36880 bytes | Modified Date = 2/29/2008 3:13:24 AM | Attr =	]

> (LUsbFilt) Logitech SetPoint KMDF USB Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LUsbFilt.sys -> Logitech, Inc. [Ver = 4.60.42.00 | Size = 28944 bytes | Modified Date = 2/29/2008 3:13:46 AM | Attr =	]

> (MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mxopswd.sys -> Maxtor Corp. [Ver = 1,0,8,0 | Size = 22152 bytes | Modified Date = 5/3/2007 1:37:08 PM | Attr =	]

> (n558) N558 Bluetooth USB Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\n558.sys ->  [Ver = 1.00.02.0.0 built by: WinDDK | Size = 9600 bytes | Modified Date = 8/15/2007 7:27:18 AM | Attr   ]

> (OMCI) OMCI [Kernel | System | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\OMCI.SYS -> File not found

> (PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\PalmUSBD.sys -> File not found

> (SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 9/3/2008 2:07:14 PM | Attr =	]

> (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS ->  SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 9/3/2008 2:07:16 PM | Attr = R  ]

> (SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 9/3/2008 2:07:12 PM | Attr =	]

> (UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\UIUSYS.SYS -> File not found

> (WaveFDE) Wave System Power Monitor Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\WaveFDE.sys -> File not found

> (XPAD910) XPADFilter Service 910 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\xpad910.sys -> File not found

>

> [Registry - Non-Microsoft Only]

> < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

> ->  [] -> File not found

> Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/11/2008 7:54:31 PM | Attr =	]

> Apoint -> %ProgramFiles%\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 7.0.101.199 | Size = 159744 bytes | Modified Date = 1/25/2007 5:34:22 PM | Attr =	]

> AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr =	]

> Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 3/16/2007 6:10:54 PM | Attr =	]

> ChangeTPMAuth -> %ProgramFiles%\Wave Systems Corp\Common\ChangeTPMAuth.exe [C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12] -> File not found

> Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> Dell Inc [Ver = 8, 1, 10, 0 | Size = 1191936 bytes | Modified Date = 2/20/2007 12:29:08 PM | Attr =	]

> DMXLauncher -> %ProgramFiles%\Roxio\Media Experience\DMXLauncher.exe ["C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"] ->  [Ver =  | Size = 102400 bytes | Modified Date = 8/14/2006 1:07:00 AM | Attr =	]

> EPSON Stylus CX5000 Series -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S122.tmp" /EF "HKLM"] -> File not found

> EPSON Stylus CX5000 Series (Copy 1) -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S162.tmp" /EF "HKLM"] -> File not found

> F-PROT Antivirus Tray application -> %ProgramFiles%\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe] -> FRISK Software International [Ver = 1.1.2.25 | Size = 1597832 bytes | Modified Date = 4/21/2008 3:25:46 PM | Attr =	]

> HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 6.14.10.4831 | Size = 162584 bytes | Modified Date = 5/16/2007 4:50:52 PM | Attr =	]

> IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 6.14.10.4831 | Size = 138008 bytes | Modified Date = 5/16/2007 4:50:44 PM | Attr =	]

> inrhc1ncj0en5t -> %UserProfile%\Local Settings\Temp\.tt35.tmp.exe [C:\Documents and Settings\trostan\Local Settings\Temp\.tt35.tmp.exe /CR=EDFEFA16693FA460B3E7DBDC3F7A1EA891B2134A8F63BA6A92275B5D98FD7BCD9F927F95573B1C8B65B3781B86F574C455AEB44129B20C605035CC7DC7DFAC9D7BE4F0BD2B5894ADE28857D81CF6F88CE7]  ->  [Ver =  | Size = 1588944 bytes | Modified Date = 9/13/2008 7:15:17 PM | Attr =	]

> ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 4:50:42 PM | Attr =	]

> ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 4:50:18 PM | Attr =	]

> iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr =	]

> Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech, Inc. [Ver = 4.60.42 | Size = 76304 bytes | Modified Date = 2/29/2008 3:12:38 AM | Attr =	]

> lphc5ncj0en5t -> %SystemRoot%\system32\lphc5ncj0en5t.exe [C:\WINDOWS\system32\lphc5ncj0en5t.exe] -> File not found

> mxomssmenu -> %ProgramFiles%\Maxtor\OneTouch Status\MaxMenuMgr.exe ["C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"] -> Maxtor Corporation [Ver = 2, 2, 0, 4 | Size = 169264 bytes | Modified Date = 9/6/2007 2:53:40 PM | Attr =	]

> PDVDDXSrv -> %ProgramFiles%\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 118784 bytes | Modified Date = 10/20/2006 5:23:38 PM | Attr =	]

> Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 6.14.10.4831 | Size = 138008 bytes | Modified Date = 5/16/2007 4:50:22 PM | Attr =	]

> QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr =	]

> REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE [C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN] -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 10:32:10 PM | Attr =	]

> RoxioDragToDisc -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe ["c:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"] -> Sonic Solutions [Ver = 9.0.0.50 | Size = 1116920 bytes | Modified Date = 7/31/2006 9:00:00 AM | Attr =	]

> RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> Sonic Solutions [Ver = 9.0.1.31 | Size = 221184 bytes | Modified Date = 8/10/2006 12:10:14 PM | Attr =	]

> SigmatelSysTrayApp -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> SigmaTel, Inc. [Ver = 1.0.5515.0  nd596 cp1 | Size = 405504 bytes | Modified Date = 5/10/2007 10:22:32 AM | Attr =	]

> SNM -> %ProgramFiles%\SpyNoMore\SNM.exe [C:\Program Files\SpyNoMore\SNM.exe /startup] -> File not found

> SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]

> UIUCU -> %SystemDrive%\DOCUME~1\TriTek\LOCALS~1\Temp\UIUCU.EXE [C:\DOCUME~1\TriTek\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S] -> File not found

> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

> AdmMntCmd -> %SystemRoot%\system32\mvihifyn.exe [C:\WINDOWS\system32\mvihifyn.exe] ->  [Ver =  | Size = 94208 bytes | Modified Date = 9/13/2008 9:25:59 PM | Attr =	]

> BPS Spyware Remover -> %ProgramFiles%\BPS Remover\BPSRem.exe [C:\Program Files\BPS Remover\BPSRem.exe /STARTUP] -> File not found

> ccleaner -> %ProgramFiles%\CCleaner\CCleaner.exe ["C:\Program Files\CCleaner\CCleaner.exe" /AUTO] -> Piriform Ltd [Ver = 2, 11, 0, 636 | Size = 1234160 bytes | Modified Date = 8/22/2008 1:26:02 PM | Attr =	]

> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 21, 0, 1004 | Size = 1576176 bytes | Modified Date = 9/3/2008 2:07:12 PM | Attr =	]

> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/11/2008 9:49:47 AM | Attr =	]

> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->

> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 805392 bytes | Modified Date = 5/2/2008 2:44:08 AM | Attr =	]

> < trostan Startup Folder > -> C:\Documents and Settings\trostan\Start Menu\Programs\Startup ->

> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks  ->

> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr =	]

> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders  ->

> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->

> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr =	]

> *MultiFile Done* -> ->

> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->

> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr =	]

> *MultiFile Done* -> ->

> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->

> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr =	]

> *MultiFile Done* -> ->

> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->

> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =	]

> Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr =	]

> *MultiFile Done* -> ->

> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->

> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1048 | Size = 352256 bytes | Modified Date = 7/23/2008 4:28:18 PM | Attr =	]

> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4831 | Size = 204800 bytes | Modified Date = 5/16/2007 4:49:52 PM | Attr =	]

> LBTWlgn -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTWLgn.dll -> Logitech, Inc. [Ver = 4.60.122 | Size = 72208 bytes | Modified Date = 5/2/2008 2:42:30 AM | Attr =	]

> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning  -> 0 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\UVvUazw8CS  -> %AllUsersProfile%\Application Data\obynahuf\qzgfevuz.exe [C:\Documents and Settings\All Users\Application Data\obynahuf\qzgfevuz.exe] -> File not found

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername  -> 0 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption  ->  ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext  ->  ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon  -> 1 ->

> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\  -> ->

> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun  -> 157 ->

> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\  -> ->

> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr  -> 0 ->

> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage  -> 1 ->

> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage  -> 1 ->

> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup  ->

> SCSI miniport ->  -> File not found

> *MultiFile Done* -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->

> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable  ->

> NEC	 MBR-7	->  -> File not found

> NEC	 MBR-7.4  ->  -> File not found

> PIONEER CHANGR DRM-1804X ->  -> File not found

> PIONEER CD-ROM DRM-6324X ->  -> File not found

> PIONEER CD-ROM DRM-624X  ->  -> File not found

> TORiSAN CD-ROM CDR_C36 ->  -> File not found

> *MultiFile Done* -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->

> < Drives with AutoRun files > ->  ->

> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 4/25/2008 3:32:04 PM | Attr =	]

> < HOSTS File > (732 bytes and 18 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->

> 127.0.0.1	   localhost

> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->

> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->

> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->

> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->

> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->

> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->

> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.rr.com/ ->

> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =	]

> HKEY_CURRENT_USER\: ProxyEnable -> 0 ->

> HKEY_CURRENT_USER\: ProxyOverride -> *.local ->

> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->

> 1 domain(s) and sub-domain(s) not assigned to a zone.

> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =	]

> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr   ]

> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]

> {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/11/2008 7:15:06 AM | Attr = R  ]

> {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 1, 807, 1746 | Size = 737776 bytes | Modified Date = 9/2/2008 6:48:51 PM | Attr =	]

> < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->

> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/11/2008 7:15:06 AM | Attr = R  ]

> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =	]

> < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->

> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/11/2008 7:15:06 AM | Attr = R  ]

> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]

> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]

> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found

> < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->

> CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found

> < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->

> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr =	]

> Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ->  [Ver =  | Size = 2773 bytes | Modified Date = 8/16/2006 8:16:32 AM | Attr =	]

> Send To Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm ->  [Ver =  | Size = 5589 bytes | Modified Date = 8/16/2006 8:16:32 AM | Attr =	]

> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->

> PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->

> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->

> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\  ->

> {16D1052F-AA9A-4E8A-86B3-166FE13C9159} ->	() ->

> {5C244376-BA24-4F30-B6F2-327DC07B2201} ->	(Broadcom NetXtreme 57xx Gigabit Controller) ->

> {6FDBF17D-4D5B-413B-8113-4713F2F8A929} ->	(1394 Net Adapter) ->

> {77C7863A-3D84-4007-B3CB-49A81BA97480} ->	() ->

> {A361CE0B-6C8F-439C-BC8B-26245A99152D} ->	(Dell Wireless 1390 WLAN Mini-Card) ->

> {CE9E7A48-F848-4B85-AA8D-DF2B183B10AB} ->	() ->

> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\  ->

> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

> msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[Office Genuine Advantage Validation Tool] ->

> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] ->

> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209179675140[MUWebControl Class] ->

> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->

> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->

> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] ->

> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->

> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->

> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\  ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner  -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}  ->  ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner  -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}  ->  ->

>

>

> [Registry - Additional Scans - Non-Microsoft Only]

> < BotCheck > -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyAuthenticationLevel -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyImpersonationLevel -> 2 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultAccessPermission -> [Binary data over 100 bytes] ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD}  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843}  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69}  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll  ->  ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\\Enabled  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\\AllowUserPrefMerge  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance -> %SystemRoot%\system32\sessmgr.exe [%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance -> %SystemRoot%\pchealth\helpctr\binaries\helpsvc.exe [%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 744448 bytes | Modified Date = 4/13/2008 8:12:21 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -> %SystemRoot%\pchealth\helpctr\binaries\helpctr.exe [%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 769024 bytes | Modified Date = 4/13/2008 8:12:21 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\\Enabled  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\\AllowUserPrefMerge  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\135:TCP:*:Enabled:Offer Remote Assistance - Port -> 135:TCP:*:Enabled:Offer Remote Assistance - Port ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\\Enabled  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\\RemoteAddresses  -> LocalSubnet ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\  -> ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\\Enabled  -> 1 ->

> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\\RemoteAddresses  -> * ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->

> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr =	]

> *MultiFile Done* -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->

> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->

> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr =	]

> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr =	]

> schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =	]

> wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr =	]

> *MultiFile Done* -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 840 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing  ->  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam  -> 1 ->

> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->

> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =	]

> *MultiFile Done* -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ ->  ->

> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder  ->

> Windows NT Access Provider ->  -> File not found

> *MultiFile Done* -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 8:12:02 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> FE CC D7 3E 4B 99 71 AB 00 26 8D C1 68 7C D4 AD 39 61 30 61 33 38 66 34 00 FD 07 00 FF 22 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 FE 8C E6 05 96 5A 0A 31 5A 9B 7F 9A  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup  -> BC FD 55 4A A0 50 52 CA D9  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> CF 63 61 92 99 23  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix  -> BD 53 29 17 E4 69 F2 C5 3A 40 7F 6F 89 9A 2C E9  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ ->  ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL  -> http://www.passport.com ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> CC F9 2B 66 18 B6 C8 01  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name  -> Digest ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment  -> Digest SSPI Authentication Package ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities  -> 16464 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId  -> 65535 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize  -> 65535 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time  -> 00 54 CF 23 C4 9D C8 01  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type  -> 49 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name  -> DPA ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment  -> DPA Security Package ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities  -> 55 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId  -> 17 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize  -> 768 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time  -> 00 DB 62 27 C4 9D C8 01  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type  -> 49 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name  -> MSN ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment  -> MSN Security Package ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities  -> 55 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId  -> 18 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize  -> 768 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time  -> 00 08 94 28 C4 9D C8 01  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type  -> 49 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup  ->  ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService  -> Netman;WinMgmt; ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description  -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName  -> Windows Firewall/Internet Connection Sharing (ICS) ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath  -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName  -> LocalSystem ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ ->  ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch  -> 2031 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll  -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe  -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 12844576 bytes | Modified Date = 5/21/2008 4:37:24 AM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Notifier\NFN Gateway\NFNGateway.exe -> %SystemDrive%\Notifier\NFN Gateway\NFNGateway.exe [C:\Notifier\NFN Gateway\NFNGateway.exe:*:Enabled:NFN Gateway] -> Notifier [Ver = 2.01 | Size = 872530 bytes | Modified Date = 10/11/2006 11:17:00 AM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\GE\FCWnx\FCWnx.exe -> %ProgramFiles%\GE\FCWnx\FCWnx.exe [C:\Program Files\GE\FCWnx\FCWnx.exe:LocalSubNet:Enabled:FCWnx (App)] -> GE Security [Ver = 7.0.3.0 | Size = 630784 bytes | Modified Date = 9/24/2007 2:02:22 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\GE\FCWnx\diagview.exe -> %ProgramFiles%\GE\FCWnx\diagview.exe [C:\Program Files\GE\FCWnx\diagview.exe:LocalSubNet:Enabled:FCWnx Diagnostic Viewer (App)] -> GE Security [Ver = 7.0.0.0 | Size = 212992 bytes | Modified Date = 8/29/2007 9:05:28 AM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\GE\FCWnx\SPDiagnosticService.exe -> %ProgramFiles%\GE\FCWnx\SPDiagnosticService.exe [C:\Program Files\GE\FCWnx\SPDiagnosticService.exe:LocalSubNet:Enabled:FCWnx Diagnostic Service (App)] -> GE Security [Ver = 7.0.2.0 | Size = 249856 bytes | Modified Date = 8/29/2007 9:03:06 AM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\GE\FCWnx\SPManagersService.exe -> %ProgramFiles%\GE\FCWnx\SPManagersService.exe [C:\Program Files\GE\FCWnx\SPManagersService.exe:LocalSubNet:Enabled:FCWnx Manager Service (App)] -> GE Security [Ver = 7.0.2.0 | Size = 2138112 bytes | Modified Date = 9/24/2007 2:45:26 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\GE\FCWnx\SPSystemServ.exe -> %ProgramFiles%\GE\FCWnx\SPSystemServ.exe [C:\Program Files\GE\FCWnx\SPSystemServ.exe:LocalSubNet:Enabled:FCWnx System Service (App)] -> GE Security [Ver = 7.0.1.0 | Size = 802816 bytes | Modified Date = 8/30/2007 12:57:30 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\GE\FCWnx\FCWnxWS.exe -> %ProgramFiles%\GE\FCWnx\FCWnxWS.exe [C:\Program Files\GE\FCWnx\FCWnxWS.exe:LocalSubNet:Enabled:FCWnx Web Service (App)] -> GE Security [Ver = 7.0.2795.27957 | Size = 20480 bytes | Modified Date = 8/27/2007 5:02:04 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\GE\FCWnx\SPAPIService.exe -> %ProgramFiles%\GE\FCWnx\SPAPIService.exe [C:\Program Files\GE\FCWnx\SPAPIService.exe:LocalSubNet:Enabled:FCWnx API Service (App)] -> GE Security [Ver = 7.0.2.0 | Size = 577536 bytes | Modified Date = 9/24/2007 2:08:00 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft SQL Server\MSSQL$SPSQL\Binn\sqlservr.exe -> %ProgramFiles%\Microsoft SQL Server\MSSQL$SPSQL\Binn\sqlservr.exe [C:\Program Files\Microsoft SQL Server\MSSQL$SPSQL\Binn\sqlservr.exe:LocalSubNet:Enabled:sqlservr.exe (MSDE App)] -> Microsoft Corporation [Ver = 2000.080.2050.00 Hotfix 2273 | Size = 9154560 bytes | Modified Date = 5/25/2008 5:44:16 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Encore CX\jre\bin\javaw.exe -> %ProgramFiles%\Encore CX\jre\bin\javaw.exe [C:\Program Files\Encore CX\jre\bin\javaw.exe:*:Disabled:javaw] ->  [Ver =  | Size = 28779 bytes | Modified Date = 4/28/2008 11:13:44 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.0.43 | Size = 20246824 bytes | Modified Date = 7/10/2008 10:51:26 AM | Attr   ]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP  -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP  -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP  -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP  -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP  -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP  -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1397:TCP  -> 1397:TCP:LocalSubNet:Enabled:SQLServer (dynamic port 1397) ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1433:TCP  -> 1433:TCP:LocalSubNet:Enabled:SQLServer Client Port (TCP 1433) ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\135:TCP  -> 135:TCP:LocalSubNet:Enabled:FCWnx TCP 135 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6700:TCP  -> 6700:TCP:LocalSubNet:Enabled:FCWnx TCP 6700 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6700:UDP  -> 6700:UDP:LocalSubNet:Enabled:FCWnx UDP 6700 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6701:TCP  -> 6701:TCP:LocalSubNet:Enabled:FCWnx TCP 6701 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6701:UDP  -> 6701:UDP:LocalSubNet:Enabled:FCWnx UDP 6701 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6702:TCP  -> 6702:TCP:LocalSubNet:Enabled:FCWnx TCP 6702 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6702:UDP  -> 6702:UDP:LocalSubNet:Enabled:FCWnx UDP 6702 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6703:TCP  -> 6703:TCP:LocalSubNet:Enabled:FCWnx TCP 6703 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6703:UDP  -> 6703:UDP:LocalSubNet:Enabled:FCWnx UDP 6703 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6704:TCP  -> 6704:TCP:LocalSubNet:Enabled:FCWnx TCP 6704 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6704:UDP  -> 6704:UDP:LocalSubNet:Enabled:FCWnx UDP 6704 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6705:TCP  -> 6705:TCP:LocalSubNet:Enabled:FCWnx TCP 6705 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6705:UDP  -> 6705:UDP:LocalSubNet:Enabled:FCWnx UDP 6705 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6706:TCP  -> 6706:TCP:LocalSubNet:Enabled:FCWnx TCP 6706 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6706:UDP  -> 6706:UDP:LocalSubNet:Enabled:FCWnx UDP 6706 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6707:TCP  -> 6707:TCP:LocalSubNet:Enabled:FCWnx TCP 6707 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6707:UDP  -> 6707:UDP:LocalSubNet:Enabled:FCWnx UDP 6707 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6708:TCP  -> 6708:TCP:LocalSubNet:Enabled:FCWnx TCP 6708 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6708:UDP  -> 6708:UDP:LocalSubNet:Enabled:FCWnx UDP 6708 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6709:TCP  -> 6709:TCP:LocalSubNet:Enabled:FCWnx TCP 6709 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\6709:UDP  -> 6709:UDP:LocalSubNet:Enabled:FCWnx UDP 6709 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8089:TCP  -> 8089:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8089 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8090:TCP  -> 8090:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8090 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8091:TCP  -> 8091:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8091 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8092:TCP  -> 8092:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8092 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8093:TCP  -> 8093:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8093 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8094:TCP  -> 8094:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8094 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8095:TCP  -> 8095:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8095 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8096:TCP  -> 8096:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8096 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8097:TCP  -> 8097:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8097 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8098:TCP  -> 8098:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8098 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8099:TCP  -> 8099:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8099 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8100:TCP  -> 8100:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8100 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8101:TCP  -> 8101:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8101 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8102:TCP  -> 8102:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8102 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8103:TCP  -> 8103:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8103 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8104:TCP  -> 8104:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8104 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8105:TCP  -> 8105:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8105 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8106:TCP  -> 8106:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8106 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8107:TCP  -> 8107:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8107 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8108:TCP  -> 8108:TCP:LocalSubNet:Enabled:FCWnx VMC Client TCP 8108 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8088:TCP  -> 8088:TCP:LocalSubNet:Enabled:FCWnx Video TCP 8088 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8085:TCP  -> 8085:TCP:LocalSubNet:Enabled:FCWnx Media Server TCP 8085 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8086:TCP  -> 8086:TCP:LocalSubNet:Enabled:FCWnx Axis TCP 8086 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8087:TCP  -> 8087:TCP:LocalSubNet:Enabled:FCWnx Web Service TCP 8087 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1  -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2  -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1  -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2  -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications  -> 0 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe  -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 12844576 bytes | Modified Date = 5/21/2008 4:37:24 AM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EXI\RoamAlert\RoamAlert.exe -> %ProgramFiles%\EXI\RoamAlert\RoamAlert.exe [C:\Program Files\EXI\RoamAlert\RoamAlert.exe:*:Enabled:RoamAlert Application] -> VeriChip Corporation [Ver = 1, 2, 10, 0 | Size = 1617920 bytes | Modified Date = 6/21/2006 11:00:00 AM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 4/18/2008 3:21:09 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Notifier\NFN Gateway\NFNGateway.exe -> %SystemDrive%\Notifier\NFN Gateway\NFNGateway.exe [C:\Notifier\NFN Gateway\NFNGateway.exe:*:Enabled:NFN Gateway] -> Notifier [Ver = 2.01 | Size = 872530 bytes | Modified Date = 10/11/2006 11:17:00 AM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.0.43 | Size = 20246824 bytes | Modified Date = 7/10/2008 10:51:26 AM | Attr   ]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mmc.exe  -> %SystemRoot%\system32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console] -> Microsoft Corporation [Ver = 5.2.3790.4136 (srv03_sp2_qfe.070821-1204) | Size = 1414656 bytes | Modified Date = 4/13/2008 8:12:25 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GE\FCWnx\jre\bin\javaw.exe -> %ProgramFiles%\GE\FCWnx\jre\bin\javaw.exe [C:\Program Files\GE\FCWnx\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 53346 bytes | Modified Date = 3/1/2007 11:11:26 AM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP  -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP  -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP  -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP  -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP  -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP  -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ ->  ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ ->  ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0  -> Root\LEGACY_SHAREDACCESS\0000 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName  -> Automatic Updates ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName  -> LocalSystem ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description  -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll  -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 8:12:11 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ ->  ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security  -> [Binary data over 100 bytes] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description  -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->

> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService  ->

> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =	]

> *MultiFile Done* -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName  -> Remote Registry ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath  -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName  -> NT AUTHORITY\LocalService ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group  ->  ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start  -> 2 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type  -> 32 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions  -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll  -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security  -> [Binary data over 100 bytes] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\  -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0  -> Root\LEGACY_REMOTEREGISTRY\0000 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl  -> 1 ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr =	]

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName  -> Telnet ->

> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService  ->

> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =	]

> TCPIP ->  -> File not found

> NTLMSSP ->  -> File not found

> *MultiFile Done* -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup  ->  ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description  -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ ->  ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security  -> [Binary data over 100 bytes] ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

>

>

> [Files/Folders - Created Within 30 days]

> AFC600 -> %SystemDrive%\AFC600 ->  [Folder | Created Date = 8/17/2008 2:14:27 PM | Attr =	]

> 2 C:\*.tmp files -> C:\*.tmp ->

> AFP400 -> %SystemDrive%\AFP400 ->  [Folder | Created Date = 8/17/2008 2:11:58 PM | Attr =	]

> DCD -> %SystemDrive%\DCD ->  [Folder | Created Date = 8/18/2008 6:20:37 PM | Attr =	]

> drmHeader.bin -> %SystemDrive%\drmHeader.bin ->  [Ver =  | Size = 38 bytes | Created Date = 8/23/2008 5:37:05 PM | Attr =	]

> HID -> %SystemDrive%\HID ->  [Folder | Created Date = 8/18/2008 6:20:33 PM | Attr =	]

> VFIRE100 -> %SystemDrive%\VFIRE100 ->  [Folder | Created Date = 8/17/2008 2:11:26 PM | Attr =	]

> apph_sp.sdb -> %SystemRoot%\System32\dllcache\apph_sp.sdb ->  [Ver =  | Size = 790846 bytes | Created Date = 8/27/2008 6:49:07 PM | Attr =	]

> drvmain.sdb -> %SystemRoot%\System32\dllcache\drvmain.sdb ->  [Ver =  | Size = 9696 bytes | Created Date = 8/27/2008 6:49:08 PM | Attr =	]

> sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb ->  [Ver =  | Size = 1214526 bytes | Created Date = 8/27/2008 6:49:08 PM | Attr =	]

> ACTSKN43.OCX -> %SystemRoot%\System32\ACTSKN43.OCX ->  [Ver = 4, 3, 0, 0 | Size = 389120 bytes | Created Date = 9/13/2008 9:41:22 PM | Attr =	]

> d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Created Date = 8/28/2008 1:32:58 PM | Attr =	]

> dao2535.tlb -> %SystemRoot%\System32\dao2535.tlb ->  [Ver =  | Size = 73184 bytes | Created Date = 8/17/2008 2:15:40 PM | Attr =	]

> Flash.ocx -> %SystemRoot%\System32\Flash.ocx -> Adobe Systems, Inc. [Ver = 9,0,47,0 | Size = 2267368 bytes | Created Date = 9/13/2008 9:41:22 PM | Attr =	]

> GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 8/27/2008 6:50:51 PM | Attr =	]

> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

> mvihifyn.exe -> %SystemRoot%\System32\mvihifyn.exe ->  [Ver =  | Size = 94208 bytes | Created Date = 9/13/2008 9:25:59 PM | Attr =	]

> ProgressBar4.ocx -> %SystemRoot%\System32\ProgressBar4.ocx -> Ariad Software [Ver = 4.01.0007 | Size = 89088 bytes | Created Date = 9/13/2008 9:41:22 PM | Attr =	]

> PW4FAX.DRV -> %SystemRoot%\System32\PW4FAX.DRV -> DATASTORMŽ Technologies, Inc., a subsidiary of Quarterdeck Corporation [Ver = 4.0 | Size = 89136 bytes | Created Date = 8/17/2008 7:16:16 PM | Attr =	]

> PW4NTFAX.DLL -> %SystemRoot%\System32\PW4NTFAX.DLL -> DATASTORMŽ Technologies, Inc., a subsidiary of Quarterdeck Corporation [Ver = 4.5 | Size = 11264 bytes | Created Date = 8/17/2008 7:16:16 PM | Attr =	]

> PW4NTMON.DLL -> %SystemRoot%\System32\PW4NTMON.DLL -> DATASTORMŽ Technologies, Inc., a subsidiary of Quarterdeck Corporation [Ver = 4.5 | Size = 17920 bytes | Created Date = 8/17/2008 7:16:16 PM | Attr =	]

> PW4NTPD.DLL -> %SystemRoot%\System32\PW4NTPD.DLL -> DATASTORMŽ Technologies, Inc., a subsidiary of Quarterdeck Corporation [Ver = 4.5 | Size = 159232 bytes | Created Date = 8/17/2008 7:16:16 PM | Attr =	]

> threadapi.tlb -> %SystemRoot%\System32\threadapi.tlb ->  [Ver =  | Size = 11012 bytes | Created Date = 9/13/2008 9:41:22 PM | Attr =	]

> WEMU387.386 -> %SystemRoot%\System32\WEMU387.386 ->  [Ver =  | Size = 29354 bytes | Created Date = 8/17/2008 7:16:12 PM | Attr =	]

> windrv.sys -> %SystemRoot%\System32\windrv.sys ->  [Ver =  | Size = 1152 bytes | Created Date = 9/13/2008 1:47:51 PM | Attr =	]

> XceedBkp.dll -> %SystemRoot%\System32\XceedBkp.dll -> Xceed Software Inc (450) 442-2626		support@xceedsoft.com		www.xceedsoft.com [Ver = 1.0.108.0 | Size = 423784 bytes | Created Date = 9/13/2008 9:41:23 PM | Attr =	]

> XceedCry.dll -> %SystemRoot%\System32\XceedCry.dll -> Xceed Software Inc (450) 442-2626		support@xceedsoft.com		www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Created Date = 9/13/2008 9:41:23 PM | Attr =	]

> _delpw.pif -> %SystemRoot%\System32\_delpw.pif ->  [Ver =  | Size = 995 bytes | Created Date = 8/17/2008 8:24:09 PM | Attr =	]

> AFC600.DLL -> %SystemRoot%\System\AFC600.DLL ->  [Ver =  | Size = 7645 bytes | Created Date = 8/17/2008 2:14:30 PM | Attr =	]

> AFP400.DLL -> %SystemRoot%\System\AFP400.DLL ->  [Ver =  | Size = 7645 bytes | Created Date = 8/15/2008 9:48:54 AM | Attr =	]

> CRYSTL16.OCA -> %SystemRoot%\System\CRYSTL16.OCA ->  [Ver =  | Size = 13760 bytes | Created Date = 8/15/2008 9:48:53 AM | Attr =	]

> MSCOMM16.OCX -> %SystemRoot%\System\MSCOMM16.OCX -> Crescent Division of Progress Software Corporation [Ver = 1.0.018 | Size = 71104 bytes | Created Date = 8/15/2008 9:48:52 AM | Attr =	]

> SPIN16.OCX -> %SystemRoot%\System\SPIN16.OCX -> Outrider Systems, Inc. [Ver = 1.00.0044 | Size = 47936 bytes | Created Date = 8/17/2008 2:11:18 PM | Attr =	]

> SSBC.LIC -> %SystemRoot%\System\SSBC.LIC ->  [Ver =  | Size = 398 bytes | Created Date = 8/17/2008 2:14:30 PM | Attr =	]

> SSBC.VBX -> %SystemRoot%\System\SSBC.VBX ->  [Ver =  | Size = 301552 bytes | Created Date = 8/15/2008 9:48:53 AM | Attr =	]

> TDBGS16.OCX -> %SystemRoot%\System\TDBGS16.OCX -> Apex Software Corporation [Ver = 1.0.0130 | Size = 499712 bytes | Created Date = 8/17/2008 2:11:18 PM | Attr =	]

> VSHARE.386 -> %SystemRoot%\System\VSHARE.386 ->  [Ver =  | Size = 14933 bytes | Created Date = 8/15/2008 9:48:54 AM | Attr =	]

> VSOCX16.OCX -> %SystemRoot%\System\VSOCX16.OCX -> VideoSoft [Ver = 5.0.000 | Size = 173344 bytes | Created Date = 8/15/2008 9:48:52 AM | Attr =	]

> AFP200.Ini -> %SystemRoot%\AFP200.Ini ->  [Ver =  | Size = 224 bytes | Created Date = 8/26/2008 11:19:33 PM | Attr =	]

> FCWnxLogTHURSDAY.spl -> %SystemRoot%\FCWnxLogTHURSDAY.spl ->  [Ver =  | Size = 1595 bytes | Created Date = 9/11/2008 12:15:35 PM | Attr =	]

> PalmDevC.dll -> %SystemRoot%\PalmDevC.dll -> PalmSource, Inc [Ver = 6.0.1 | Size = 53248 bytes | Created Date = 8/18/2008 6:06:32 PM | Attr =	]

> QuickInstall.INI -> %SystemRoot%\QuickInstall.INI ->  [Ver =  | Size = 0 bytes | Created Date = 8/19/2008 7:34:06 AM | Attr =	]

> UNINST16.EXE -> %SystemRoot%\UNINST16.EXE -> InstallShield Corporation, Inc. [Ver = 2.20.924.0 | Size = 248064 bytes | Created Date = 8/15/2008 9:48:25 AM | Attr =	]

> [Files Created - Additional Folder Scans - Non-Microsoft Only]

> HotSync -> %AllUsersProfile%\Application Data\HotSync ->  [Folder | Created Date = 8/18/2008 6:07:00 PM | Attr =	]

> SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 9/13/2008 2:02:38 PM | Attr =	]

> E555B6 -> %AppData%\E555B6 ->  [Ver =  | Size = 4 bytes | Created Date = 8/16/2008 12:41:46 PM | Attr =	]

> FRISK Software -> %AppData%\FRISK Software ->  [Folder | Created Date = 9/13/2008 12:58:22 PM | Attr =	]

> HotSync -> %AppData%\HotSync ->  [Folder | Created Date = 8/18/2008 6:05:12 PM | Attr =	]

> Leadertech -> %AppData%\Leadertech ->  [Folder | Created Date = 8/18/2008 6:16:01 PM | Attr =	]

> mcs.rma -> %AppData%\mcs.rma ->  [Ver =  | Size = 870128 bytes | Created Date = 8/16/2008 12:41:45 PM | Attr =	]

> Real -> %AppData%\Real ->  [Folder | Created Date = 8/16/2008 12:38:49 PM | Attr =	]

> SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 9/13/2008 2:02:01 PM | Attr =	]

> U3 -> %AppData%\U3 ->  [Folder | Created Date = 9/11/2008 5:45:22 PM | Attr =	]

> Windows Desktop Search -> %AppData%\Windows Desktop Search ->  [Folder | Created Date = 8/27/2008 6:51:36 PM | Attr =	]

> Windows Search -> %AppData%\Windows Search ->  [Folder | Created Date = 9/3/2008 10:26:28 AM | Attr =	]

> - Getting Started Tips -.doc -> %UserProfile%\My Documents\- Getting Started Tips -.doc ->  [Ver =  | Size = 179200 bytes | Created Date = 8/19/2008 7:28:49 AM | Attr =	]

> 9200test.d92 -> %UserProfile%\My Documents\9200test.d92 ->  [Ver =  | Size = 313344 bytes | Created Date = 9/3/2008 4:53:35 PM | Attr =	]

> ADEMCO ACCESS.pdf -> %UserProfile%\My Documents\ADEMCO ACCESS.pdf ->  [Ver =  | Size = 12689247 bytes | Created Date = 8/15/2008 10:07:22 AM | Attr   ]

> BAKERBROS.d92 -> %UserProfile%\My Documents\BAKERBROS.d92 ->  [Ver =  | Size = 315392 bytes | Created Date = 9/10/2008 8:39:16 PM | Attr =	]

> BAKERBROS.u92 -> %UserProfile%\My Documents\BAKERBROS.u92 ->  [Ver =  | Size = 348160 bytes | Created Date = 9/10/2008 8:39:16 PM | Attr =	]

> CONTACT ID CODES.xlsx -> %UserProfile%\My Documents\CONTACT ID CODES.xlsx ->  [Ver =  | Size = 23414 bytes | Created Date = 9/4/2008 9:02:38 AM | Attr =	]

> Entry Prox - Install Guide.pdf -> %UserProfile%\My Documents\Entry Prox - Install Guide.pdf ->  [Ver =  | Size = 510694 bytes | Created Date = 8/21/2008 8:12:49 AM | Attr =	]

> FIRELITE MS-5210UD.pdf -> %UserProfile%\My Documents\FIRELITE MS-5210UD.pdf ->  [Ver =  | Size = 3019776 bytes | Created Date = 8/22/2008 9:26:53 AM | Attr =	]

> FIRELITE MS-9200.pdf -> %UserProfile%\My Documents\FIRELITE MS-9200.pdf -> [Ver =  | Size = 2534041 bytes | Created Date = 8/27/2008 9:02:22 PM | Attr =	]

> HID -> %UserProfile%\My Documents\HID ->  [Folder | Created Date = 8/18/2008 4:42:19 PM | Attr =	]

> LUTHERAN HOMES - ROSECREST DVR.xls -> %UserProfile%\My Documents\LUTHERAN HOMES - ROSECREST DVR.xls ->  [Ver =  | Size = 55296 bytes | Created Date = 8/18/2008 3:14:59 PM | Attr =	]

> MEMORY STICK -> %UserProfile%\My Documents\MEMORY STICK ->  [Folder | Created Date = 8/28/2008 2:09:44 PM | Attr =	]

> NEW BLDG3 - SOM.xlsx -> %UserProfile%\My Documents\NEW BLDG3 - SOM.xlsx -> [Ver =  | Size = 20010 bytes | Created Date = 8/15/2008 9:36:40 AM | Attr =	]

> PALM -> %UserProfile%\My Documents\PALM ->  [Folder | Created Date = 8/19/2008 7:27:37 AM | Attr =	]

> Palmetto Heart Hospital Disable List.docx -> %UserProfile%\My Documents\Palmetto Heart Hospital Disable List.docx ->  [Ver =  | Size = 11190 bytes | Created Date = 9/9/2008 4:58:18 PM | Attr =	]

> PELCO -> %UserProfile%\My Documents\PELCO ->  [Folder | Created Date = 8/28/2008 3:16:25 PM | Attr =	]

> SIGMA PHI EPSILON - CARDS-CODES.xlsx -> %UserProfile%\My Documents\SIGMA PHI EPSILON - CARDS-CODES.xlsx ->  [Ver =  | Size = 15002 bytes | Created Date = 8/19/2008 10:08:47 AM | Attr =	]

> SIGMA PHI EPSILON - CHANGING PIN CODES.docx -> %UserProfile%\My Documents\SIGMA PHI EPSILON - CHANGING PIN CODES.docx ->  [Ver =  | Size = 11301 bytes | Created Date = 8/21/2008 8:27:01 AM | Attr =	]

> SK-5104.pdf -> %UserProfile%\My Documents\SK-5104.pdf ->  [Ver =  | Size = 1988883 bytes | Created Date = 8/27/2008 8:54:30 PM | Attr =	]

> SUPERAntiSpyware.exe -> %UserProfile%\My Documents\SUPERAntiSpyware.exe -> [Ver =  | Size = 6637592 bytes | Created Date = 9/13/2008 1:55:59 PM | Attr =	]

> TEST.d92 -> %UserProfile%\My Documents\TEST.d92 ->  [Ver =  | Size = 313344 bytes | Created Date = 9/10/2008 8:39:16 PM | Attr =	]

> VACATION ADJUST - 081708.docx -> %UserProfile%\My Documents\VACATION ADJUST - 081708.docx ->  [Ver =  | Size = 11488 bytes | Created Date = 8/17/2008 1:57:19 PM | Attr =	]

> Media Converter 2.lnk -> %AllUsersProfile%\Desktop\Media Converter 2.lnk ->  [Ver =  | Size = 1694 bytes | Created Date = 8/23/2008 5:25:35 PM | Attr =	]

> SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 9/13/2008 2:02:05 PM | Attr =	]

> Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk ->  [Ver =  | Size = 1787 bytes | Created Date = 8/27/2008 6:51:12 PM | Attr =	]

> ArcSoft -> %CommonProgramFiles%\ArcSoft ->  [Folder | Created Date = 8/23/2008 5:25:14 PM | Attr =	]

> DataViz -> %CommonProgramFiles%\DataViz ->  [Folder | Created Date = 8/19/2008 7:45:53 AM | Attr =	]

> Download Manager -> %CommonProgramFiles%\Download Manager ->  [Folder | Created Date = 9/13/2008 1:47:28 PM | Attr =	]

> Real -> %CommonProgramFiles%\Real ->  [Folder | Created Date = 8/16/2008 12:39:18 PM | Attr =	]

> Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Created Date = 8/17/2008 7:16:06 PM | Attr =	]

> Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 9/13/2008 2:01:18 PM | Attr =	]

> ArcSoft -> %ProgramFiles%\ArcSoft ->  [Folder | Created Date = 8/23/2008 5:25:12 PM | Attr =	]

> EmNetMan -> %ProgramFiles%\EmNetMan ->  [Folder | Created Date = 9/3/2008 7:48:51 AM | Attr =	]

> palmOne -> %ProgramFiles%\palmOne ->  [Folder | Created Date = 8/18/2008 6:05:56 PM | Attr =	]

> PK-Plus -> %ProgramFiles%\PK-Plus ->  [Folder | Created Date = 9/3/2008 4:53:33 PM | Attr =	]

> Real -> %ProgramFiles%\Real ->  [Folder | Created Date = 8/16/2008 12:38:39 PM | Attr =	]

> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 9/13/2008 2:02:01 PM | Attr =	]

> Symantec -> %ProgramFiles%\Symantec ->  [Folder | Created Date = 8/17/2008 7:15:59 PM | Attr =	]

> V CAST Music with Rhapsody -> %ProgramFiles%\V CAST Music with Rhapsody -> [Folder | Created Date = 8/16/2008 12:37:57 PM | Attr =	]

> vmqbpcd -> %ProgramFiles%\vmqbpcd ->  [Folder | Created Date = 9/13/2008 12:38:16 PM | Attr =	]

>

> [Files/Folders - Modified Within 30 days]

> 2 C:\*.tmp files -> C:\*.tmp ->

> COMPASS.E2 -> %SystemDrive%\COMPASS.E2 ->  [Ver =  | Size = 8192 bytes | Modified Date = 9/9/2008 4:40:08 PM | Attr =	]

> drmHeader.bin -> %SystemDrive%\drmHeader.bin ->  [Ver =  | Size = 38 bytes | Modified Date = 8/23/2008 5:37:05 PM | Attr =	]

> hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 732 bytes | Modified Date = 9/14/2008 8:42:04 AM | Attr =	]

> Msft_User_WpdMtpDr_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver =  | Size = 0 bytes | Modified Date = 8/16/2008 1:35:37 PM | Attr = H ]

> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

> d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 8/28/2008 1:32:58 PM | Attr =	]

> mvihifyn.exe -> %SystemRoot%\System32\mvihifyn.exe ->  [Ver =  | Size = 94208 bytes | Modified Date = 9/13/2008 9:25:59 PM | Attr =	]

> perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 86560 bytes | Modified Date = 9/14/2008 8:58:45 AM | Attr =	]

> perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 482962 bytes | Modified Date = 9/14/2008 8:58:45 AM | Attr =	]

> PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver =  | Size = 581420 bytes | Modified Date = 9/14/2008 8:58:45 AM | Attr =	]

> windrv.sys -> %SystemRoot%\System32\windrv.sys ->  [Ver =  | Size = 1152 bytes | Modified Date = 9/13/2008 1:47:51 PM | Attr =	]

> wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 8/27/2008 6:46:21 PM | Attr =	]

> 12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

> AFP200.Ini -> %SystemRoot%\AFP200.Ini ->  [Ver =  | Size = 224 bytes | Modified Date = 8/26/2008 11:19:33 PM | Attr =	]

> bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 9/14/2008 8:54:24 AM | Attr =   S]

> bthservsdp.dat -> %SystemRoot%\bthservsdp.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 9/14/2008 8:53:34 AM | Attr =	]

> download.ini -> %SystemRoot%\download.ini ->  [Ver =  | Size = 2543 bytes | Modified Date = 9/9/2008 4:41:10 PM | Attr =	]

> FCWnxLogTHURSDAY.spl -> %SystemRoot%\FCWnxLogTHURSDAY.spl ->  [Ver =  | Size = 1595 bytes | Modified Date = 9/11/2008 12:15:36 PM | Attr =	]

> Mhi22.INI -> %SystemRoot%\Mhi22.INI ->  [Ver =  | Size = 628 bytes | Modified Date = 8/25/2008 3:59:55 PM | Attr =	]

> PalmDevC.dll -> %SystemRoot%\PalmDevC.dll -> PalmSource, Inc [Ver = 6.0.1 | Size = 53248 bytes | Modified Date = 8/18/2008 6:05:02 PM | Attr =	]

> QuickInstall.INI -> %SystemRoot%\QuickInstall.INI ->  [Ver =  | Size = 0 bytes | Modified Date = 8/19/2008 7:34:06 AM | Attr =	]

> win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 793 bytes | Modified Date = 8/17/2008 2:14:25 PM | Attr =	]

> wincmd.ini -> %SystemRoot%\wincmd.ini ->  [Ver =  | Size = 4020 bytes | Modified Date = 9/14/2008 9:14:54 AM | Attr =	]

> wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 548 bytes | Modified Date = 8/17/2008 8:24:32 PM | Attr =	]

> SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/14/2008 8:53:36 AM | Attr =  H ]

> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 4/25/2008 4:24:14 PM | Attr =	]

> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 9/10/2008 3:39:15 AM | Attr =	]

> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5543 bytes | Modified Date = 9/10/2008 3:39:15 AM | Attr =	]

> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 4/28/2008 9:31:24 AM | Attr =	]

> opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8388 bytes | Modified Date = 4/28/2008 9:31:24 AM | Attr =	]

> C:\Documents and Settings\trostan\Local Settings\Temp\ -> C:\Documents and Settings\trostan\Local Settings\Temp ->  [Folder | Modified Date = 9/14/2008 9:19:49 AM | Attr =	]

> GLB1A2B.EXE -> C:\Documents and Settings\trostan\Local Settings\Temp\GLB1A2B.EXE ->  [Ver =  | Size = 69120 bytes | Modified Date = 11/5/2001 9:30:50 AM | Attr =	]

> SSUPDATE.EXE -> C:\Documents and Settings\trostan\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1034 | Size = 158960 bytes | Modified Date = 9/3/2008 2:07:10 PM | Attr =	]

> 23 C:\Documents and Settings\trostan\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\trostan\Local Settings\Temp\*.tmp ->

> C:\Documents and Settings\trostan\Local Settings\Temp\ -> C:\Documents and Settings\trostan\Local Settings\Temp ->  [Folder | Modified Date = 9/14/2008 9:19:49 AM | Attr =	]

> 48CEA40.DLL -> C:\Documents and Settings\trostan\Local Settings\Temp\48CEA40.DLL ->  [Ver =  | Size = 126976 bytes | Modified Date = 9/13/2008 9:40:16 PM | Attr =	]

> 72E9ABDE.DLL -> C:\Documents and Settings\trostan\Local Settings\Temp\72E9ABDE.DLL ->  [Ver =  | Size = 113054 bytes | Modified Date = 9/13/2008 9:39:36 PM | Attr =	]

> AC8EEA51.DLL -> C:\Documents and Settings\trostan\Local Settings\Temp\AC8EEA51.DLL ->  [Ver = 1, 0, 0, 1 | Size = 299008 bytes | Modified Date = 9/13/2008 9:39:36 PM | Attr =	]

> 23 C:\Documents and Settings\trostan\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\trostan\Local Settings\Temp\*.tmp ->

> C:\Documents and Settings\trostan\Local Settings\Temp\nse3.tmp\ -> C:\Documents and Settings\trostan\Local Settings\Temp\nse3.tmp\ -> [Folder | Modified Date = 9/13/2008 9:26:00 PM | Attr =	]

> euladlg.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nse3.tmp\euladlg.dll ->  [Ver =  | Size = 69632 bytes | Modified Date = 9/13/2008 9:26:00 PM | Attr =	]

> MachineKey.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nse3.tmp\MachineKey.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/13/2008 9:25:55 PM | Attr =	]

> md5dll.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nse3.tmp\md5dll.dll -> darklogic.org [Ver = 0.4.0-0 | Size = 8192 bytes | Modified Date = 9/13/2008 9:25:58 PM | Attr =	]

> Mutex.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nse3.tmp\Mutex.dll ->  [Ver =  | Size = 3072 bytes | Modified Date = 9/13/2008 9:25:56 PM | Attr =	]

> rc4hex.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nse3.tmp\rc4hex.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/13/2008 9:25:57 PM | Attr =	]

> System.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nse3.tmp\System.dll ->  [Ver =  | Size = 10240 bytes | Modified Date = 9/13/2008 9:25:57 PM | Attr =	]

> C:\Documents and Settings\trostan\Local Settings\Temp\nso39.tmp\ -> C:\Documents and Settings\trostan\Local Settings\Temp\nso39.tmp\ -> [Folder | Modified Date = 9/13/2008 7:15:17 PM | Attr =	]

> MachineKey.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nso39.tmp\MachineKey.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/13/2008 7:15:17 PM | Attr =	]

> md5dll.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nso39.tmp\md5dll.dll -> darklogic.org [Ver = 0.4.0-0 | Size = 8192 bytes | Modified Date = 9/13/2008 7:15:17 PM | Attr =	]

> Mutex.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nso39.tmp\Mutex.dll ->  [Ver =  | Size = 3072 bytes | Modified Date = 9/13/2008 7:15:17 PM | Attr =	]

> rc4hex.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nso39.tmp\rc4hex.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/13/2008 7:15:17 PM | Attr =	]

> System.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nso39.tmp\System.dll ->  [Ver =  | Size = 10240 bytes | Modified Date = 9/13/2008 7:15:17 PM | Attr =	]

> C:\Documents and Settings\trostan\Local Settings\Temp\nsp3.tmp\ -> C:\Documents and Settings\trostan\Local Settings\Temp\nsp3.tmp\ -> [Folder | Modified Date = 9/14/2008 8:40:19 AM | Attr =	]

> euladlg.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nsp3.tmp\euladlg.dll ->  [Ver =  | Size = 69632 bytes | Modified Date = 9/14/2008 8:40:19 AM | Attr =	]

> MachineKey.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nsp3.tmp\MachineKey.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/14/2008 8:40:14 AM | Attr =	]

> md5dll.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nsp3.tmp\md5dll.dll -> darklogic.org [Ver = 0.4.0-0 | Size = 8192 bytes | Modified Date = 9/14/2008 8:40:17 AM | Attr =	]

> Mutex.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nsp3.tmp\Mutex.dll ->  [Ver =  | Size = 3072 bytes | Modified Date = 9/14/2008 8:40:15 AM | Attr =	]

> rc4hex.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nsp3.tmp\rc4hex.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/14/2008 8:40:16 AM | Attr =	]

> System.dll -> C:\Documents and Settings\trostan\Local Settings\Temp\nsp3.tmp\System.dll ->  [Ver =  | Size = 10240 bytes | Modified Date = 9/14/2008 8:40:15 AM | Attr =	]

> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 9/14/2008 8:52:39 AM | Attr =	]

> Perflib_Perfdata_2f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2f8.dat -> [Ver =  | Size = 16384 bytes | Modified Date = 9/14/2008 8:38:45 AM | Attr =	]

> [Files Modified - Additional Folder Scans - Non-Microsoft Only]

> E555B6 -> %AppData%\E555B6 ->  [Ver =  | Size = 4 bytes | Modified Date = 8/24/2008 8:28:45 AM | Attr =	]

> mcs.rma -> %AppData%\mcs.rma ->  [Ver =  | Size = 870128 bytes | Modified Date = 8/24/2008 8:28:45 AM | Attr =	]

> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver =  | Size = 7680 bytes | Modified Date = 9/11/2008 9:12:33 PM | Attr =	]

> IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 1580866 bytes | Modified Date = 9/13/2008 10:07:51 PM | Attr =  H ]

> 9200test.d92 -> %UserProfile%\My Documents\9200test.d92 ->  [Ver =  | Size = 313344 bytes | Modified Date = 9/3/2008 4:55:42 PM | Attr =	]

> ADAM.docx -> %UserProfile%\My Documents\ADAM.docx ->  [Ver =  | Size = 12513 bytes | Modified Date = 8/18/2008 4:15:59 PM | Attr =	]

> ADEMCO ACCESS.pdf -> %UserProfile%\My Documents\ADEMCO ACCESS.pdf ->  [Ver =  | Size = 12689247 bytes | Modified Date = 8/15/2008 10:07:23 AM | Attr =	]

> BAKERBROS.d92 -> %UserProfile%\My Documents\BAKERBROS.d92 ->  [Ver =  | Size = 315392 bytes | Modified Date = 9/12/2008 9:54:38 AM | Attr =	]

> BAKERBROS.u92 -> %UserProfile%\My Documents\BAKERBROS.u92 ->  [Ver =  | Size = 348160 bytes | Modified Date = 9/12/2008 9:54:38 AM | Attr =	]

> CONTACT ID CODES.xlsx -> %UserProfile%\My Documents\CONTACT ID CODES.xlsx ->  [Ver =  | Size = 23414 bytes | Modified Date = 9/4/2008 9:02:39 AM | Attr =	]

> Entry Prox - Install Guide.pdf -> %UserProfile%\My Documents\Entry Prox - Install Guide.pdf ->  [Ver =  | Size = 510694 bytes | Modified Date = 8/21/2008 8:12:49 AM | Attr =	]

> FIRELITE MS-5210UD.pdf -> %UserProfile%\My Documents\FIRELITE MS-5210UD.pdf ->  [Ver =  | Size = 3019776 bytes | Modified Date = 8/22/2008 9:26:57 AM | Attr =	]

> FIRELITE MS-9200.pdf -> %UserProfile%\My Documents\FIRELITE MS-9200.pdf -> [Ver =  | Size = 2534041 bytes | Modified Date = 8/27/2008 9:02:22 PM | Attr =	]

> LUTHERAN HOMES - ROSECREST DVR.xls -> %UserProfile%\My Documents\LUTHERAN HOMES - ROSECREST DVR.xls ->  [Ver =  | Size = 55296 bytes | Modified Date = 8/18/2008 3:33:51 PM | Attr =	]

> NEW BLDG3 - SOM.xlsx -> %UserProfile%\My Documents\NEW BLDG3 - SOM.xlsx -> [Ver =  | Size = 20010 bytes | Modified Date = 8/15/2008 9:41:58 AM | Attr =	]

> Palmetto Heart Hospital Disable List.docx -> %UserProfile%\My Documents\Palmetto Heart Hospital Disable List.docx ->  [Ver =  | Size = 11190 bytes | Modified Date = 9/9/2008 4:58:18 PM | Attr =	]

> SIGMA PHI EPSILON - CARDS-CODES.xlsx -> %UserProfile%\My Documents\SIGMA PHI EPSILON - CARDS-CODES.xlsx ->  [Ver =  | Size = 15002 bytes | Modified Date = 8/21/2008 8:16:10 AM | Attr =	]

> SIGMA PHI EPSILON - CHANGING PIN CODES.docx -> %UserProfile%\My Documents\SIGMA PHI EPSILON - CHANGING PIN CODES.docx ->  [Ver =  | Size = 11301 bytes | Modified Date = 8/21/2008 8:27:01 AM | Attr =	]

> SK-5104.pdf -> %UserProfile%\My Documents\SK-5104.pdf ->  [Ver =  | Size = 1988883 bytes | Modified Date = 8/27/2008 8:54:30 PM | Attr =	]

> SUPERAntiSpyware.exe -> %UserProfile%\My Documents\SUPERAntiSpyware.exe -> [Ver =  | Size = 6637592 bytes | Modified Date = 9/13/2008 1:55:59 PM | Attr =	]

> TEST.d92 -> %UserProfile%\My Documents\TEST.d92 ->  [Ver =  | Size = 313344 bytes | Modified Date = 9/11/2008 5:50:17 PM | Attr =	]

> VACATION ADJUST - 081708.docx -> %UserProfile%\My Documents\VACATION ADJUST - 081708.docx ->  [Ver =  | Size = 11488 bytes | Modified Date = 8/17/2008 2:27:55 PM | Attr =	]

> Media Converter 2.lnk -> %AllUsersProfile%\Desktop\Media Converter 2.lnk ->  [Ver =  | Size = 1694 bytes | Modified Date = 8/23/2008 5:25:35 PM | Attr =	]

> SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 9/13/2008 2:02:06 PM | Attr =	]

> CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Modified Date = 9/13/2008 1:24:09 PM | Attr =	]

> Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk ->  [Ver =  | Size = 1787 bytes | Modified Date = 8/27/2008 6:51:12 PM | Attr =	]

>

> [CatchMe Rootkit Scan by GMER]

> Rootkit scan error - could not find scan log

> Rootkit scan error - could not find scan log

>

> < End of report >

>


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:47 PM

Posted 14 September 2008 - 12:32 PM

Hello trostan

Welcome to BleepingComputer :thumbsup:
========================
Hi lets try another scan please:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users