califlefty
2007-07-14, 00:26
Hi folks - Just ran SD and can upon these. Most seem like legit Microsoft Windows entries that will be safe to exclude - the only thing worrisome is "Zip Genius". Please let me know if you think it is safe to exclude these from further searches. Thanks very much!!!
*********************************
--- Search result list ---
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
MS Media Player: Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
MS Media Player: Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch
MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0
MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=
MS Office 11.0 (Picture Manager): Last selected folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Office\11.0\OIS\Options\LastTreeSelection
MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Search Assistant\ACMru
Windows.OpenWith: Open with list - .BMP extension (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: Open with list - .CSH extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSH\OpenWithList
Windows.OpenWith: Open with list - .CSV extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: Recent wallpaper list (247 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: User Assistant history files (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
ZipGenius 5: Last opened folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\M.Dev Software\ZG5\LastDir!=
ZipGenius 5: Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\M.Dev Software\ZG5\MRU Items
ZipGenius 5: Last extraction folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\M.Dev Software\ZG5\TExtrForm\de1_Text!=
*********************************
--- Search result list ---
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
MS Media Player: Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
MS Media Player: Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch
MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0
MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=
MS Office 11.0 (Picture Manager): Last selected folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Office\11.0\OIS\Options\LastTreeSelection
MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Search Assistant\ACMru
Windows.OpenWith: Open with list - .BMP extension (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: Open with list - .CSH extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSH\OpenWithList
Windows.OpenWith: Open with list - .CSV extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: Recent wallpaper list (247 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: User Assistant history files (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
ZipGenius 5: Last opened folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\M.Dev Software\ZG5\LastDir!=
ZipGenius 5: Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\M.Dev Software\ZG5\MRU Items
ZipGenius 5: Last extraction folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-179605362-1801674531-1004\Software\M.Dev Software\ZG5\TExtrForm\de1_Text!=