BleepingComputer.com > Ads Served By Dcads

compukill

Feb 17 2008, 04:32 PM

Hi i was hoping you could help me out. I keep getting random popups that say ads served by Dcads. I have followed all the instruction in the preparation guide and was hoping you could assist it getting rid of this nuissance. Other steps that i have done that i tought i should mention. I rebooted into safe mode and ran avg Ani0spyware 7.5 and removed infection that way as well.

Here is my hicjackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:28 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\System tools\A-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\System tools\AVG Anti-Spyware 7.5\guard.exe
D:\SYSTEM~2\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
D:\System tools\COGECO Security Services\Anti-Virus\fsgk32st.exe
D:\System tools\COGECO Security Services\Anti-Virus\FSGK32.EXE
D:\System tools\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe
D:\System tools\COGECO Security Services\Common\FSMA32.EXE
D:\System tools\COGECO Security Services\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
D:\System tools\COGECO Security Services\Anti-Virus\fssm32.exe
D:\System tools\COGECO Security Services\Common\FCH32.EXE
D:\System tools\COGECO Security Services\Common\FAMEH32.EXE
D:\System tools\COGECO Security Services\Anti-Virus\fsrw.exe
D:\System tools\COGECO Security Services\FSPC\fspc.exe
D:\System tools\COGECO Security Services\FWES\Program\fsdfwd.exe
D:\System tools\COGECO Security Services\Common\FSM32.EXE
D:\System tools\COGECO Security Services\FSGUI\ispnews.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
D:\System tools\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
D:\System tools\COGECO Security Services\Anti-Virus\fsav32.exe
D:\SYSTEM~2\COGECO~1\ANTI-S~1\fsaw.exe
D:\System tools\COGECO Security Services\FSGUI\fsguidll.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\SYSTEM~2\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [F-Secure Manager] "D:\System tools\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\System tools\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\System tools\COGECO Security Services\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "D:\System tools\COGECO Security Services\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\System tools\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\System tools\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Apps\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Apps\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: COGECO Security Services.lnk = D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - D:\System tools\COGECO Security Services\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\System tools\COGECO Security Services\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\System tools\COGECO Security Services\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169318900198
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{A84B2F47-CD3B-488F-8470-C001B792512D}: NameServer = 24.226.10.193,24.226.1.93
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\System tools\A-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\System tools\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - BackWeb Technologies Inc. - D:\SYSTEM~2\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - D:\System tools\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - D:\System tools\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\System tools\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\System tools\COGECO Security Services\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\System tools\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8875 bytes

OldTimer

Feb 23 2008, 05:14 PM

Hello compukill and welcome to the BC HijackThis forum. There is nothing showing in the HJT log. Let's try something else.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.
Under Additional Scans click the checkboxes in front of the following items to select them:
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT

compukill

Feb 24 2008, 09:20 PM

CODE

WinPFind35 logfile created on: 2/24/2008 9:17:57 PM
WinPFind35U Version 1.0.0.1     Folder = C:\Documents and Settings\Luc and Francine\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 156.98 Mb Available Physical Memory | 30.69% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 69.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.69 Gb Total Space | 6.36 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
Drive D: | 101.79 Gb Total Space | 48.78 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Luc and Francine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> D:\System tools\A-Aware\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/17/2008 6:41:14 PM | Attr =    ]
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 10:37:10 AM | Attr =    ]
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 8/18/2003 10:32:56 AM | Attr =    ]
guard.exe -> D:\System tools\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
servic~1.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\ServiceWrapper-9867844.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
fsgk32st.exe -> D:\System tools\COGECO Security Services\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 9/4/2001 4:15:22 AM | Attr =    ]
fsgk32.exe -> D:\System tools\COGECO Security Services\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 6.10.12200 | Size = 290304 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
fsbwsys.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.82.819 | Size = 270389 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
fspex.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
fsma32.exe -> D:\System tools\COGECO Security Services\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 61490 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fsmb32.exe -> D:\System tools\COGECO Security Services\Common\FSMB32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 180274 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fssm32.exe -> D:\System tools\COGECO Security Services\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 6.10.12200 | Size = 248320 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
fch32.exe -> D:\System tools\COGECO Security Services\Common\FCH32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 65585 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fameh32.exe -> D:\System tools\COGECO Security Services\Common\FAMEH32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 270387 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fsrw.exe -> D:\System tools\COGECO Security Services\Anti-Virus\FSRW.exe -> F-Secure Corporation [Ver = 1.1.217  | Size = 159792 bytes | Modified Date = 6/7/2005 2:39:32 AM | Attr =    ]
fspc.exe -> D:\System tools\COGECO Security Services\FSPC\fspc.exe -> F-Secure Corporation [Ver = 4.00.290  | Size = 114743 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
devldr32.exe -> %SystemRoot%\system32\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Modified Date = 8/17/2001 5:36:42 PM | Attr =    ]
fshttps.exe -> D:\System tools\COGECO Security Services\FSPC\fshttps\fshttps.exe -> F-Secure Corporation [Ver = 4.00.290  | Size = 53306 bytes | Modified Date = 10/31/2005 9:10:36 PM | Attr =    ]
fsdfwd.exe -> D:\System tools\COGECO Security Services\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 5.90.400 | Size = 200767 bytes | Modified Date = 8/22/2005 8:04:52 AM | Attr =    ]
fsm32.exe -> D:\System tools\COGECO Security Services\Common\FSM32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 118833 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
ispnews.exe -> D:\System tools\COGECO Security Services\FSGUI\ispnews.exe -> F-Secure Corporation [Ver = 1, 0, 0, 14 | Size = 356352 bytes | Modified Date = 5/31/2005 7:45:06 AM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 2:43:44 AM | Attr =    ]
fsav32.exe -> D:\System tools\COGECO Security Services\Anti-Virus\FSAV32.exe -> F-Secure Corporation [Ver = 5.55.11370 | Size = 177664 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
fsaw.exe -> D:\System tools\COGECO Security Services\Anti-Spyware\FSAW.exe -> F-Secure Corporation [Ver = 1.1.194  | Size = 86064 bytes | Modified Date = 6/30/2005 12:34:52 AM | Attr =    ]
fsguidll.exe -> D:\System tools\COGECO Security Services\FSGUI\fsguidll.exe -> F-Secure Corporation [Ver = 6, 20, 330, 0 | Size = 233537 bytes | Modified Date = 11/18/2005 7:55:00 AM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/7/2008 10:49:47 PM | Attr =    ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> D:\System tools\A-Aware\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/17/2008 6:41:14 PM | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> D:\System tools\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
(BackWeb Plug-in - 9867844) COGECO Security Services [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\backweb\9867844\Program\ServiceWrapper-9867844.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =    ]
(F-Secure Gatekeeper Handler Starter) FSGKHS [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 9/4/2001 4:15:22 AM | Attr =    ]
(fsbwsys) fsbwsys [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.82.819 | Size = 270389 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
(FSDFWD) F-Secure Anti-Virus Firewall Daemon [Win32_Own | On_Demand | Running] -> D:\System tools\COGECO Security Services\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 5.90.400 | Size = 200767 bytes | Modified Date = 8/22/2005 8:04:52 AM | Attr =    ]
(fshttps) F-Secure HTTP Server [Win32_Own | On_Demand | Running] -> D:\System tools\COGECO Security Services\FSPC\fshttps\fshttps.exe -> F-Secure Corporation [Ver = 4.00.290  | Size = 53306 bytes | Modified Date = 10/31/2005 9:10:36 PM | Attr =    ]
(FSMA) F-Secure Management Agent [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 61490 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 8:40:21 PM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =    ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 10:37:10 AM | Attr =    ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 1/15/2007 3:01:56 PM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> D:\System tools\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(Cinemsup) Cinemsup [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cinemsup.sys -> Sonic Solutions [Ver = 1.0.01.0014 | Size = 6656 bytes | Modified Date = 12/19/2003 2:00:00 AM | Attr =    ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctljystk.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3712 bytes | Modified Date = 8/17/2001 7:19:20 AM | Attr =    ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(emu10k) Creative SB Live! (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emu10k1m.sys -> Creative Technology Ltd. [Ver = 5.12.01.3300 built by: WinDDK | Size = 283904 bytes | Modified Date = 8/17/2001 7:19:26 AM | Attr =    ]
(emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctlfacem.sys -> Creative Technology Ltd. [Ver = 5.12.01.2108 built by: WinDDK | Size = 6912 bytes | Modified Date = 8/17/2001 7:19:28 AM | Attr =    ]
(F-Secure Filter) F-Secure File System Filter [Kernel | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\win2k\FSfilter.sys ->  [Ver =  | Size = 48720 bytes | Modified Date = 9/10/2004 10:14:32 AM | Attr =    ]
(F-Secure Gatekeeper) F-Secure Gatekeeper [Kernel | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\win2k\fsgk.sys ->  [Ver =  | Size = 55424 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
(F-Secure Recognizer) F-Secure File System Recognizer [Kernel | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\win2k\FSrec.sys ->  [Ver =  | Size = 16848 bytes | Modified Date = 12/17/2004 4:34:58 AM | Attr =    ]
(FSFW) F-Secure Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\fsdfw.sys -> F-Secure Corporation [Ver = 5.90.400 | Size = 70224 bytes | Modified Date = 8/22/2005 8:05:02 AM | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(motccgp) Motorola USB Composite Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgp.sys -> Motorola [Ver = 2.3.0.0 built by: WinDDK | Size = 18176 bytes | Modified Date = 11/2/2007 2:36:10 PM | Attr =    ]
(motccgpfl) MotCcgpFlService [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgpfl.sys -> Motorola [Ver = 1.4.0.0 built by: WinDDK | Size = 7680 bytes | Modified Date = 1/22/2007 6:33:00 PM | Attr =    ]
(MotDev) Motorola Inc. USB Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motodrv.sys -> Motorola Inc [Ver = 3.0 | Size = 42112 bytes | Modified Date = 10/10/2007 4:41:50 PM | Attr =    ]
(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motmodem.sys -> Motorola [Ver = 4.1.0.0 built by: WinDDK | Size = 23680 bytes | Modified Date = 6/18/2007 2:18:26 PM | Attr =    ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:54 AM | Attr =    ]
(nv4) nv4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4.sys -> NVIDIA Corporation [Ver = 5.01.2001.1240 (ReleasedBinaries.010717-0141)            | Size = 731648 bytes | Modified Date = 8/17/2001 7:50:26 AM | Attr =    ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\system32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 6, 0, 0 | Size = 31644 bytes | Modified Date = 1/20/2007 2:11:07 AM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =    ]
(sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sfmanm.sys -> Creative Technology Ltd. [Ver = 4.10.3300 | Size = 36480 bytes | Modified Date = 8/17/2001 7:19:34 AM | Attr =    ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr =    ]
(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.05 built by: WinDDK | Size = 32768 bytes | Modified Date = 8/4/2004 12:31:34 AM | Attr =    ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 715248 bytes | Modified Date = 1/11/2008 4:41:05 PM | Attr =    ]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> D:\System tools\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =    ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 2:06:32 AM | Attr =    ]
F-Secure Manager -> D:\System tools\COGECO Security Services\Common\FSM32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 118833 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
F-Secure Startup Wizard -> D:\System tools\COGECO Security Services\FSGUI\fssw.exe -> F-Secure Corporation [Ver = 1, 0, 37, 1 | Size = 372736 bytes | Modified Date = 11/18/2005 7:57:26 AM | Attr =    ]
F-Secure TNB -> D:\System tools\COGECO Security Services\TNB\tnbutil.exe -> F-Secure Corporation [Ver = 1.09.5050 | Size = 700416 bytes | Modified Date = 6/2/2005 8:05:22 AM | Attr =    ]
iRiver Updater ->  -> File not found
ISUSPM Startup -> %SystemDrive%\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -> File not found
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> File not found
KernelFaultCheck ->  -> File not found
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 10:43:48 AM | Attr =    ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 2:40:44 PM | Attr =    ]
News Service -> D:\System tools\COGECO Security Services\FSGUI\ispnews.exe -> F-Secure Corporation [Ver = 1, 0, 0, 14 | Size = 356352 bytes | Modified Date = 5/31/2005 7:45:06 AM | Attr =    ]
QuickTime Task -> D:\System tools\quicktime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 3:57:48 PM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 2:43:44 AM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
P2kAutostart ->  -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\COGECO Security Services.lnk -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
< Luc and Francine Startup Folder > -> C:\Documents and Settings\Luc and Francine\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> D:\System tools\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
WgaLogon ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (224708 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4190 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4189 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 2:43:40 AM | Attr =    ]
{E5A1691B-D188-4419-AD02-90002030B8EE} [HKEY_LOCAL_MACHINE] -> D:\System tools\FlashFXP\IEFlash.dll [FlashFXP Helper for Internet Explorer] -> IniCom Networks, Inc. [Ver = 3.0.0.1015 | Size = 191096 bytes | Modified Date = 5/4/2005 11:46:46 AM | Attr =    ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 2:43:41 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 2:43:40 AM | Attr =    ]
{200DB664-75B5-47c0-8B45-A44ACCF73C00}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
{200DB664-75B5-47c0-8B45-A44ACCF73F01}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
{300DB664-75B5-47c0-8B45-A44ACCF73C00}:{0928F506-07E8-470c-979D-147C296D4879} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\Anti-Spyware\ieshield.dll [IE Shield] -> F-Secure Corporation [Ver = 6.20.1525  | Size = 49204 bytes | Modified Date = 5/4/2005 2:10:34 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 2:43:41 AM | Attr =    ]
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\Anti-Spyware\ieshield.dll [IE Shield] -> F-Secure Corporation [Ver = 6.20.1525  | Size = 49204 bytes | Modified Date = 5/4/2005 2:10:34 AM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Block this popup -> D:\System tools\COGECO Security Services\Anti-Spyware\blockpopups.htm ->  [Ver =  | Size = 380 bytes | Modified Date = 11/18/2004 7:51:56 AM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1F396429-5D13-4ADC-9B6D-785E1C3B49F4} ->    (1394 Net Adapter) ->
{A84B2F47-CD3B-488F-8470-C001B792512D} -> 24.226.10.193,24.226.1.93   (SiS 900 PCI Fast Ethernet Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -> wwinsflt.dll -> File not found
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] ->
{1C11B948-582A-433F-A98D-A8C4D5CC64F2}[HKEY_LOCAL_MACHINE] -> http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab[20-20 3D Viewer] ->
{31435657-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169318900198[WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe[Virtools WebPlayer Class] ->
{F137B9BA-89EA-4B04-9C67-2074A9DF61FD}[HKEY_LOCAL_MACHINE] -> http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?[Photo Upload Plugin Class] ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =    ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =    ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =    ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 648 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 10916 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe [D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe:*:Enabled:COGECO Security Services] -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\System tools\FlashFXP\flashfxp.exe -> D:\System tools\FlashFXP\flashfxp.exe [D:\System tools\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3] -> IniCom Networks, Inc. [Ver = 3.2.0.1080 | Size = 2380896 bytes | Modified Date = 5/5/2005 1:59:20 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe [D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe:*:Enabled:COGECO Security Services] -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Apps\utorrent\utorrent.exe -> D:\Apps\utorrent\utorrent.exe [D:\Apps\utorrent\utorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 2/9/2008 2:27:46 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Games\PSP\RSS Streaming Tools\wizard.exe -> D:\Games\PSP\RSS Streaming Tools\wizard.exe [D:\Games\PSP\RSS Streaming Tools\wizard.exe:*:Enabled:PSP RSS Streaming Tools Setup] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Luc and Francine\Desktop\utorrent.exe -> C:\Documents and Settings\Luc and Francine\Desktop\utorrent.exe [C:\Documents and Settings\Luc and Francine\Desktop\utorrent.exe:*:Enabled:µTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Games\PSP\RSS Streaming Tools\apache2\bin\Apache.exe -> D:\Games\PSP\RSS Streaming Tools\wizard.exe\apache2\bin\Apache.exe [D:\Games\PSP\RSS Streaming Tools\wizard.exe\apache2\bin\Apache.exe:*:Enabled:PSP RSS Streaming Tools] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Apps\LimeWire\LimeWire.exe -> D:\Apps\LimeWire\LimeWire.exe [D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 12/3/2007 4:35:53 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\System tools\FlashFXP\flashfxp.exe -> D:\System tools\FlashFXP\flashfxp.exe [D:\System tools\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3] -> IniCom Networks, Inc. [Ver = 3.2.0.1080 | Size = 2380896 bytes | Modified Date = 5/5/2005 1:59:20 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 536399872 bytes | Modified Date = 2/22/2008 9:59:26 AM | Attr =  HS]
AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]
motccgp.sys -> %SystemRoot%\System32\drivers\motccgp.sys -> Motorola [Ver = 2.3.0.0 built by: WinDDK | Size = 18176 bytes | Modified Date = 11/2/2007 2:36:10 PM | Attr =    ]
motccgpfl.sys -> %SystemRoot%\System32\drivers\motccgpfl.sys -> Motorola [Ver = 1.4.0.0 built by: WinDDK | Size = 7680 bytes | Modified Date = 1/22/2007 6:33:00 PM | Attr =    ]
motmodem.sys -> %SystemRoot%\System32\drivers\motmodem.sys -> Motorola [Ver = 4.1.0.0 built by: WinDDK | Size = 23680 bytes | Modified Date = 6/18/2007 2:18:26 PM | Attr =    ]
motodrv.sys -> %SystemRoot%\System32\drivers\motodrv.sys -> Motorola Inc [Ver = 3.0 | Size = 42112 bytes | Modified Date = 10/10/2007 4:41:50 PM | Attr =    ]
motswch.sys -> %SystemRoot%\System32\drivers\motswch.sys -> Motorola [Ver = 6.1.0.0 | Size = 6400 bytes | Modified Date = 11/2/2007 2:51:28 PM | Attr =    ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:33 PM | Attr =  H ]
Msft_Kernel_motccgpfl_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motccgp_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgp_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motmodem_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motmodem_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:35 PM | Attr =  H ]
dcads-remove.exe -> %SystemRoot%\System32\dcads-remove.exe ->  [Ver =  | Size = 80112 bytes | Modified Date = 2/10/2008 6:26:16 PM | Attr =    ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Created Date = 2/6/2008 9:00:16 PM | Attr =    ]
ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll ->  [Ver =  | Size = 7680 bytes | Modified Date = 12/24/2007 1:49:52 PM | Attr =    ]
ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest ->  [Ver =  | Size = 547 bytes | Modified Date = 7/10/2007 5:10:12 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3874 bytes | Modified Date = 2/15/2008 9:33:44 PM | Attr =    ]
unrar.dll -> %SystemRoot%\System32\unrar.dll ->  [Ver =  | Size = 164352 bytes | Modified Date = 9/4/2007 5:56:10 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/6/2008 10:59:14 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/10/2008 11:35:49 AM | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Created Date = 2/11/2008 1:52:47 PM | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/9/2008 2:55:10 PM | Attr =    ]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/15/2008 8:56:33 PM | Attr =    ]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Grisoft -> %AppData%\Grisoft ->  [Folder | Created Date = 2/11/2008 1:53:09 PM | Attr =    ]
urlredir.cfg -> %AppData%\urlredir.cfg ->  [Ver =  | Size = 209 bytes | Modified Date = 2/14/2008 8:49:05 PM | Attr =    ]
bacup reg.reg -> %UserProfile%\My Documents\bacup reg.reg ->  [Ver =  | Size = 7384 bytes | Modified Date = 2/15/2008 9:11:54 PM | Attr =    ]
AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 620 bytes | Modified Date = 2/11/2008 1:53:01 PM | Attr =    ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/24/2008 9:07:53 PM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/17/2008 4:27:09 PM | Attr =    ]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/17/2008 4:25:52 PM | Attr =    ]
hup_rebate_coupon_fr.pdf -> %UserProfile%\Desktop\hup_rebate_coupon_fr.pdf ->  [Ver =  | Size = 1420468 bytes | Modified Date = 2/19/2008 10:04:45 AM | Attr =    ]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 4:02:21 PM | Attr =    ]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 4:25:37 PM | Attr =    ]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/24/2008 9:10:25 PM | Attr =    ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/24/2008 9:09:33 PM | Attr =    ]
COGECO Security Services.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\COGECO Security Services.lnk ->  [Ver =  | Size = 828 bytes | Modified Date = 2/22/2008 9:59:45 AM | Attr =    ]
Motorola Shared -> %CommonProgramFiles%\Motorola Shared ->  [Folder | Created Date = 2/6/2008 8:59:34 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 536399872 bytes | Modified Date = 2/22/2008 9:59:26 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/17/2008 4:27:08 PM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/15/2008 9:30:49 PM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/9/2008 2:57:39 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 224708 bytes | Modified Date = 2/15/2008 9:33:40 PM | Attr =    ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:33 PM | Attr =  H ]
Msft_Kernel_motccgpfl_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motccgp_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgp_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motmodem_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motmodem_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:35 PM | Attr =  H ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/13/2008 10:00:28 PM | Attr =    ]
dcads-remove.exe -> %SystemRoot%\System32\dcads-remove.exe ->  [Ver =  | Size = 80112 bytes | Modified Date = 2/10/2008 6:26:16 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 10:01:43 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/17/2008 1:38:40 PM | Attr =    ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2/6/2008 10:55:05 PM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 62344 bytes | Modified Date = 2/15/2008 8:57:34 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 401064 bytes | Modified Date = 2/15/2008 8:57:34 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 471326 bytes | Modified Date = 2/15/2008 8:57:34 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3874 bytes | Modified Date = 2/15/2008 9:33:44 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13002 bytes | Modified Date = 2/22/2008 9:59:29 AM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 8:14:53 PM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/22/2008 9:59:28 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/11/2008 12:32:55 PM | Attr =   S]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/13/2008 10:00:20 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 10:01:17 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 10:02:10 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/11/2008 3:25:31 PM | Attr =  HS]
lexstat.ini -> %SystemRoot%\lexstat.ini ->  [Ver =  | Size = 327 bytes | Modified Date = 2/24/2008 9:15:50 PM | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2/10/2008 11:55:44 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/24/2008 9:12:10 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/6/2008 10:59:14 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/10/2008 11:35:49 AM | Attr =  H ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/15/2008 9:38:48 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/15/2008 9:55:29 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/9/2008 4:14:02 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/24/2008 9:18:25 PM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 689 bytes | Modified Date = 2/10/2008 11:41:23 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2/11/2008 3:25:29 PM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/18/2008 9:54:02 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/22/2008 9:59:37 AM | Attr =  H ]
Scheduled scanning task.job -> %SystemRoot%\tasks\Scheduled scanning task.job ->  [Ver =  | Size = 544 bytes | Modified Date = 2/24/2008 7:01:49 PM | Attr =    ]
SDMsgUpdate (SD).job -> %SystemRoot%\tasks\SDMsgUpdate (SD).job ->  [Ver =  | Size = 476 bytes | Modified Date = 2/23/2008 2:46:07 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 2/22/2008 10:01:48 AM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 2/22/2008 10:01:48 AM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 1/21/2007 9:00:55 PM | Attr =    ]
rtdrvmon.exe -> C:\Documents and Settings\Luc and Francine\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2/24/2008 9:10:29 PM | Attr =    ]
Perflib_Perfdata_510.dat -> C:\Documents and Settings\Luc and Francine\Local Settings\Temp\Perflib_Perfdata_510.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/22/2008 4:11:19 PM | Attr =    ]
ctl3d32.dll -> C:\WINDOWS\Temp\_ISTMP0.DIR\ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 5/23/2004 1:12:56 PM | Attr = R  ]
corecomp.ini -> C:\WINDOWS\Temp\_ISTMP0.DIR\corecomp.ini ->  [Ver =  | Size = 24950 bytes | Modified Date = 5/23/2004 1:12:56 PM | Attr = R  ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 2/11/2008 1:52:47 PM | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/9/2008 4:14:21 PM | Attr =    ]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/15/2008 9:02:47 PM | Attr =    ]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Grisoft -> %AppData%\Grisoft ->  [Folder | Modified Date = 2/11/2008 1:53:09 PM | Attr =    ]
LimeWire -> %AppData%\LimeWire ->  [Folder | Modified Date = 2/10/2008 8:06:04 PM | Attr =    ]
urlredir.cfg -> %AppData%\urlredir.cfg ->  [Ver =  | Size = 209 bytes | Modified Date = 2/14/2008 8:49:05 PM | Attr =    ]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 2/23/2008 11:10:24 AM | Attr =    ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 96256 bytes | Modified Date = 2/22/2008 4:16:58 PM | Attr =    ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4837540 bytes | Modified Date = 2/22/2008 9:12:35 AM | Attr =  H ]
bacup reg.reg -> %UserProfile%\My Documents\bacup reg.reg ->  [Ver =  | Size = 7384 bytes | Modified Date = 2/15/2008 9:11:54 PM | Attr =    ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/19/2008 11:07:51 AM | Attr = R  ]
AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 620 bytes | Modified Date = 2/11/2008 1:53:01 PM | Attr =    ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/24/2008 9:07:53 PM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/17/2008 4:27:09 PM | Attr =    ]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/17/2008 4:25:52 PM | Attr =    ]
Home Budget 2004.xls -> %UserProfile%\Desktop\Home Budget 2004.xls ->  [Ver =  | Size = 47616 bytes | Modified Date = 2/1/2008 9:32:28 PM | Attr =    ]
hup_rebate_coupon_fr.pdf -> %UserProfile%\Desktop\hup_rebate_coupon_fr.pdf ->  [Ver =  | Size = 1420468 bytes | Modified Date = 2/19/2008 10:04:45 AM | Attr =    ]
pics -> %UserProfile%\Desktop\pics ->  [Folder | Modified Date = 2/6/2008 9:09:01 PM | Attr =    ]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 4:02:21 PM | Attr =    ]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 4:25:37 PM | Attr =    ]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/24/2008 9:10:25 PM | Attr =    ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/24/2008 9:09:33 PM | Attr =    ]
COGECO Security Services.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\COGECO Security Services.lnk ->  [Ver =  | Size = 828 bytes | Modified Date = 2/22/2008 9:59:45 AM | Attr =    ]
Motorola Shared -> %CommonProgramFiles%\Motorola Shared ->  [Folder | Modified Date = 2/6/2008 8:59:34 PM | Attr =    ]

< End of report >

OldTimer

Feb 24 2008, 10:14 PM

Hi compukill. Ok, let's get started. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Click the "Close" button to leave the control center screen.
Minimize SUPERAntiSpyware, we will come back to it later on.

Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

CODE

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> iRiver Updater ->
YN -> ISUSPM Startup -> %SystemDrive%\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
YN -> ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe
YN -> KernelFaultCheck ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> P2kAutostart ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> WgaLogon ->
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Games\PSP\RSS Streaming Tools\wizard.exe -> D:\Games\PSP\RSS Streaming Tools\wizard.exe [D:\Games\PSP\RSS Streaming Tools\wizard.exe:*:Enabled:PSP RSS Streaming Tools Setup]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Luc and Francine\Desktop\utorrent.exe -> C:\Documents and Settings\Luc and Francine\Desktop\utorrent.exe [C:\Documents and Settings\Luc and Francine\Desktop\utorrent.exe:*:Enabled:µTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Games\PSP\RSS Streaming Tools\apache2\bin\Apache.exe -> D:\Games\PSP\RSS Streaming Tools\wizard.exe\apache2\bin\Apache.exe [D:\Games\PSP\RSS Streaming Tools\wizard.exe\apache2\bin\Apache.exe:*:Enabled:PSP RSS Streaming Tools]
[Files/Folders - Created Within 30 days]
NY -> dcads-remove.exe -> %SystemRoot%\System32\dcads-remove.exe
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> urlredir.cfg -> %AppData%\urlredir.cfg
NY -> bacup reg.reg -> %UserProfile%\My Documents\bacup reg.reg
[Files/Folders - Modified Within 30 days]
NY -> dcads-remove.exe -> %SystemRoot%\System32\dcads-remove.exe
NY -> rtdrvmon.exe -> C:\Documents and Settings\Luc and Francine\Local Settings\Temp\rtdrvmon.exe
NY -> corecomp.ini -> C:\WINDOWS\Temp\_ISTMP0.DIR\corecomp.ini
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> urlredir.cfg -> %AppData%\urlredir.cfg
NY -> bacup reg.reg -> %UserProfile%\My Documents\bacup reg.reg
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:

On the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Close to exit the program.

Step #4

Post the following back here:

a new WinPFind35U report
the SUPERAntiSpyware report
the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

compukill

Feb 25 2008, 09:14 AM

CODE

WinPFind35 logfile created on: 2/25/2008 9:12:27 AM
WinPFind35U Version 1.0.0.1     Folder = C:\Documents and Settings\Luc and Francine\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 169.66 Mb Available Physical Memory | 33.17% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.04% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.69 Gb Total Space | 6.33 Gb Free Space | 49.89% Space Free | Partition Type: NTFS
Drive D: | 101.79 Gb Total Space | 48.78 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Luc and Francine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> D:\System tools\A-Aware\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/17/2008 6:41:14 PM | Attr =    ]
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 10:37:10 AM | Attr =    ]
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 8/18/2003 10:32:56 AM | Attr =    ]
fsm32.exe -> D:\System tools\COGECO Security Services\Common\FSM32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 118833 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 2:43:44 AM | Attr =    ]
guard.exe -> D:\System tools\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
servic~1.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\ServiceWrapper-9867844.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
fsgk32st.exe -> D:\System tools\COGECO Security Services\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 9/4/2001 4:15:22 AM | Attr =    ]
fsgk32.exe -> D:\System tools\COGECO Security Services\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 6.10.12200 | Size = 290304 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
fsbwsys.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.82.819 | Size = 270389 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
fsma32.exe -> D:\System tools\COGECO Security Services\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 61490 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fspex.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
fsmb32.exe -> D:\System tools\COGECO Security Services\Common\FSMB32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 180274 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fssm32.exe -> D:\System tools\COGECO Security Services\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 6.10.12200 | Size = 248320 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
fch32.exe -> D:\System tools\COGECO Security Services\Common\FCH32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 65585 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fameh32.exe -> D:\System tools\COGECO Security Services\Common\FAMEH32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 270387 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fsrw.exe -> D:\System tools\COGECO Security Services\Anti-Virus\FSRW.exe -> F-Secure Corporation [Ver = 1.1.217  | Size = 159792 bytes | Modified Date = 6/7/2005 2:39:32 AM | Attr =    ]
fspc.exe -> D:\System tools\COGECO Security Services\FSPC\fspc.exe -> F-Secure Corporation [Ver = 4.00.290  | Size = 114743 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
fshttps.exe -> D:\System tools\COGECO Security Services\FSPC\fshttps\fshttps.exe -> F-Secure Corporation [Ver = 4.00.290  | Size = 53306 bytes | Modified Date = 10/31/2005 9:10:36 PM | Attr =    ]
fsdfwd.exe -> D:\System tools\COGECO Security Services\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 5.90.400 | Size = 200767 bytes | Modified Date = 8/22/2005 8:04:52 AM | Attr =    ]
fsav32.exe -> D:\System tools\COGECO Security Services\Anti-Virus\FSAV32.exe -> F-Secure Corporation [Ver = 5.55.11370 | Size = 177664 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
fsaw.exe -> D:\System tools\COGECO Security Services\Anti-Spyware\FSAW.exe -> F-Secure Corporation [Ver = 1.1.194  | Size = 86064 bytes | Modified Date = 6/30/2005 12:34:52 AM | Attr =    ]
fsguidll.exe -> D:\System tools\COGECO Security Services\FSGUI\fsguidll.exe -> F-Secure Corporation [Ver = 6, 20, 330, 0 | Size = 233537 bytes | Modified Date = 11/18/2005 7:55:00 AM | Attr =    ]
devldr32.exe -> %SystemRoot%\system32\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Modified Date = 8/17/2001 5:36:42 PM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/7/2008 10:49:47 PM | Attr =    ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> D:\System tools\A-Aware\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/17/2008 6:41:14 PM | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> D:\System tools\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
(BackWeb Plug-in - 9867844) COGECO Security Services [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\backweb\9867844\Program\ServiceWrapper-9867844.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =    ]
(F-Secure Gatekeeper Handler Starter) FSGKHS [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 9/4/2001 4:15:22 AM | Attr =    ]
(fsbwsys) fsbwsys [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.82.819 | Size = 270389 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
(FSDFWD) F-Secure Anti-Virus Firewall Daemon [Win32_Own | On_Demand | Running] -> D:\System tools\COGECO Security Services\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 5.90.400 | Size = 200767 bytes | Modified Date = 8/22/2005 8:04:52 AM | Attr =    ]
(fshttps) F-Secure HTTP Server [Win32_Own | On_Demand | Running] -> D:\System tools\COGECO Security Services\FSPC\fshttps\fshttps.exe -> F-Secure Corporation [Ver = 4.00.290  | Size = 53306 bytes | Modified Date = 10/31/2005 9:10:36 PM | Attr =    ]
(FSMA) F-Secure Management Agent [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 61490 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 8:40:21 PM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =    ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 10:37:10 AM | Attr =    ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 1/15/2007 3:01:56 PM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> D:\System tools\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(Cinemsup) Cinemsup [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cinemsup.sys -> Sonic Solutions [Ver = 1.0.01.0014 | Size = 6656 bytes | Modified Date = 12/19/2003 2:00:00 AM | Attr =    ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctljystk.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3712 bytes | Modified Date = 8/17/2001 7:19:20 AM | Attr =    ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(emu10k) Creative SB Live! (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emu10k1m.sys -> Creative Technology Ltd. [Ver = 5.12.01.3300 built by: WinDDK | Size = 283904 bytes | Modified Date = 8/17/2001 7:19:26 AM | Attr =    ]
(emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctlfacem.sys -> Creative Technology Ltd. [Ver = 5.12.01.2108 built by: WinDDK | Size = 6912 bytes | Modified Date = 8/17/2001 7:19:28 AM | Attr =    ]
(F-Secure Filter) F-Secure File System Filter [Kernel | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\win2k\FSfilter.sys ->  [Ver =  | Size = 48720 bytes | Modified Date = 9/10/2004 10:14:32 AM | Attr =    ]
(F-Secure Gatekeeper) F-Secure Gatekeeper [Kernel | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\win2k\fsgk.sys ->  [Ver =  | Size = 55424 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
(F-Secure Recognizer) F-Secure File System Recognizer [Kernel | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\win2k\FSrec.sys ->  [Ver =  | Size = 16848 bytes | Modified Date = 12/17/2004 4:34:58 AM | Attr =    ]
(FSFW) F-Secure Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\fsdfw.sys -> F-Secure Corporation [Ver = 5.90.400 | Size = 70224 bytes | Modified Date = 8/22/2005 8:05:02 AM | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(motccgp) Motorola USB Composite Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgp.sys -> Motorola [Ver = 2.3.0.0 built by: WinDDK | Size = 18176 bytes | Modified Date = 11/2/2007 2:36:10 PM | Attr =    ]
(motccgpfl) MotCcgpFlService [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgpfl.sys -> Motorola [Ver = 1.4.0.0 built by: WinDDK | Size = 7680 bytes | Modified Date = 1/22/2007 6:33:00 PM | Attr =    ]
(MotDev) Motorola Inc. USB Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motodrv.sys -> Motorola Inc [Ver = 3.0 | Size = 42112 bytes | Modified Date = 10/10/2007 4:41:50 PM | Attr =    ]
(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motmodem.sys -> Motorola [Ver = 4.1.0.0 built by: WinDDK | Size = 23680 bytes | Modified Date = 6/18/2007 2:18:26 PM | Attr =    ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:54 AM | Attr =    ]
(nv4) nv4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4.sys -> NVIDIA Corporation [Ver = 5.01.2001.1240 (ReleasedBinaries.010717-0141)            | Size = 731648 bytes | Modified Date = 8/17/2001 7:50:26 AM | Attr =    ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr =    ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr =    ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\system32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 6, 0, 0 | Size = 31644 bytes | Modified Date = 1/20/2007 2:11:07 AM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =    ]
(sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sfmanm.sys -> Creative Technology Ltd. [Ver = 4.10.3300 | Size = 36480 bytes | Modified Date = 8/17/2001 7:19:34 AM | Attr =    ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr =    ]
(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.05 built by: WinDDK | Size = 32768 bytes | Modified Date = 8/4/2004 12:31:34 AM | Attr =    ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 715248 bytes | Modified Date = 1/11/2008 4:41:05 PM | Attr =    ]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> D:\System tools\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =    ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 2:06:32 AM | Attr =    ]
F-Secure Manager -> D:\System tools\COGECO Security Services\Common\FSM32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 118833 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
F-Secure Startup Wizard -> D:\System tools\COGECO Security Services\FSGUI\fssw.exe -> F-Secure Corporation [Ver = 1, 0, 37, 1 | Size = 372736 bytes | Modified Date = 11/18/2005 7:57:26 AM | Attr =    ]
F-Secure TNB -> D:\System tools\COGECO Security Services\TNB\tnbutil.exe -> F-Secure Corporation [Ver = 1.09.5050 | Size = 700416 bytes | Modified Date = 6/2/2005 8:05:22 AM | Attr =    ]
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 10:43:48 AM | Attr =    ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 2:40:44 PM | Attr =    ]
News Service -> D:\System tools\COGECO Security Services\FSGUI\ispnews.exe -> F-Secure Corporation [Ver = 1, 0, 0, 14 | Size = 356352 bytes | Modified Date = 5/31/2005 7:45:06 AM | Attr =    ]
QuickTime Task -> D:\System tools\quicktime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 3:57:48 PM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 2:43:44 AM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\COGECO Security Services.lnk -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
< Luc and Francine Startup Folder > -> C:\Documents and Settings\Luc and Francine\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> D:\System tools\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (224708 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> https://gmail.google.com/?dest=http%3A%2F%2Fgmail.google.com%2Fgmail ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4190 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4189 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 2:43:40 AM | Attr =    ]
{E5A1691B-D188-4419-AD02-90002030B8EE} [HKEY_LOCAL_MACHINE] -> D:\System tools\FlashFXP\IEFlash.dll [FlashFXP Helper for Internet Explorer] -> IniCom Networks, Inc. [Ver = 3.0.0.1015 | Size = 191096 bytes | Modified Date = 5/4/2005 11:46:46 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 2:43:41 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 2:43:40 AM | Attr =    ]
{200DB664-75B5-47c0-8B45-A44ACCF73C00}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
{200DB664-75B5-47c0-8B45-A44ACCF73F01}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
{300DB664-75B5-47c0-8B45-A44ACCF73C00}:{0928F506-07E8-470c-979D-147C296D4879} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\Anti-Spyware\ieshield.dll [IE Shield] -> F-Secure Corporation [Ver = 6.20.1525  | Size = 49204 bytes | Modified Date = 5/4/2005 2:10:34 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 2:43:41 AM | Attr =    ]
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\Anti-Spyware\ieshield.dll [IE Shield] -> F-Secure Corporation [Ver = 6.20.1525  | Size = 49204 bytes | Modified Date = 5/4/2005 2:10:34 AM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Block this popup -> D:\System tools\COGECO Security Services\Anti-Spyware\blockpopups.htm ->  [Ver =  | Size = 380 bytes | Modified Date = 11/18/2004 7:51:56 AM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1F396429-5D13-4ADC-9B6D-785E1C3B49F4} ->    (1394 Net Adapter) ->
{A84B2F47-CD3B-488F-8470-C001B792512D} -> 24.226.10.193,24.226.1.93   (SiS 900 PCI Fast Ethernet Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -> wwinsflt.dll -> File not found
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] ->
{1C11B948-582A-433F-A98D-A8C4D5CC64F2}[HKEY_LOCAL_MACHINE] -> http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab[20-20 3D Viewer] ->
{31435657-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169318900198[WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe[Virtools WebPlayer Class] ->
{F137B9BA-89EA-4B04-9C67-2074A9DF61FD}[HKEY_LOCAL_MACHINE] -> http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?[Photo Upload Plugin Class] ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =    ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =    ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =    ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 648 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 10920 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe [D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe:*:Enabled:COGECO Security Services] -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\System tools\FlashFXP\flashfxp.exe -> D:\System tools\FlashFXP\flashfxp.exe [D:\System tools\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3] -> IniCom Networks, Inc. [Ver = 3.2.0.1080 | Size = 2380896 bytes | Modified Date = 5/5/2005 1:59:20 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe [D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe:*:Enabled:COGECO Security Services] -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Apps\utorrent\utorrent.exe -> D:\Apps\utorrent\utorrent.exe [D:\Apps\utorrent\utorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 2/9/2008 2:27:46 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Apps\LimeWire\LimeWire.exe -> D:\Apps\LimeWire\LimeWire.exe [D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 12/3/2007 4:35:53 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\System tools\FlashFXP\flashfxp.exe -> D:\System tools\FlashFXP\flashfxp.exe [D:\System tools\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3] -> IniCom Networks, Inc. [Ver = 3.2.0.1080 | Size = 2380896 bytes | Modified Date = 5/5/2005 1:59:20 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 536399872 bytes | Modified Date = 2/25/2008 9:01:40 AM | Attr =  HS]
AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]
motccgp.sys -> %SystemRoot%\System32\drivers\motccgp.sys -> Motorola [Ver = 2.3.0.0 built by: WinDDK | Size = 18176 bytes | Modified Date = 11/2/2007 2:36:10 PM | Attr =    ]
motccgpfl.sys -> %SystemRoot%\System32\drivers\motccgpfl.sys -> Motorola [Ver = 1.4.0.0 built by: WinDDK | Size = 7680 bytes | Modified Date = 1/22/2007 6:33:00 PM | Attr =    ]
motmodem.sys -> %SystemRoot%\System32\drivers\motmodem.sys -> Motorola [Ver = 4.1.0.0 built by: WinDDK | Size = 23680 bytes | Modified Date = 6/18/2007 2:18:26 PM | Attr =    ]
motodrv.sys -> %SystemRoot%\System32\drivers\motodrv.sys -> Motorola Inc [Ver = 3.0 | Size = 42112 bytes | Modified Date = 10/10/2007 4:41:50 PM | Attr =    ]
motswch.sys -> %SystemRoot%\System32\drivers\motswch.sys -> Motorola [Ver = 6.1.0.0 | Size = 6400 bytes | Modified Date = 11/2/2007 2:51:28 PM | Attr =    ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:33 PM | Attr =  H ]
Msft_Kernel_motccgpfl_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motccgp_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgp_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motmodem_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motmodem_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:35 PM | Attr =  H ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Created Date = 2/6/2008 9:00:16 PM | Attr =    ]
ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll ->  [Ver =  | Size = 7680 bytes | Modified Date = 12/24/2007 1:49:52 PM | Attr =    ]
ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest ->  [Ver =  | Size = 547 bytes | Modified Date = 7/10/2007 5:10:12 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3874 bytes | Modified Date = 2/15/2008 9:33:44 PM | Attr =    ]
unrar.dll -> %SystemRoot%\System32\unrar.dll ->  [Ver =  | Size = 164352 bytes | Modified Date = 9/4/2007 5:56:10 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/6/2008 10:59:14 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/10/2008 11:35:49 AM | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Created Date = 2/11/2008 1:52:47 PM | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/9/2008 2:55:10 PM | Attr =    ]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/24/2008 10:44:30 PM | Attr =    ]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/15/2008 8:56:33 PM | Attr =    ]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Grisoft -> %AppData%\Grisoft ->  [Folder | Created Date = 2/11/2008 1:53:09 PM | Attr =    ]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/24/2008 10:44:20 PM | Attr =    ]
AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 620 bytes | Modified Date = 2/11/2008 1:53:01 PM | Attr =    ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 2/24/2008 10:44:22 PM | Attr =    ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/24/2008 9:07:53 PM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/17/2008 4:27:09 PM | Attr =    ]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/17/2008 4:25:52 PM | Attr =    ]
hup_rebate_coupon_fr.pdf -> %UserProfile%\Desktop\hup_rebate_coupon_fr.pdf ->  [Ver =  | Size = 1420468 bytes | Modified Date = 2/19/2008 10:04:45 AM | Attr =    ]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 4:02:21 PM | Attr =    ]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 4:25:37 PM | Attr =    ]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Modified Date = 2/24/2008 10:43:38 PM | Attr =    ]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/24/2008 9:10:25 PM | Attr =    ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/24/2008 9:09:33 PM | Attr =    ]
COGECO Security Services.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\COGECO Security Services.lnk ->  [Ver =  | Size = 828 bytes | Modified Date = 2/25/2008 9:02:21 AM | Attr =    ]
Motorola Shared -> %CommonProgramFiles%\Motorola Shared ->  [Folder | Created Date = 2/6/2008 8:59:34 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 536399872 bytes | Modified Date = 2/25/2008 9:01:40 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/24/2008 10:44:20 PM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/15/2008 9:30:49 PM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/9/2008 2:57:39 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 224708 bytes | Modified Date = 2/15/2008 9:33:40 PM | Attr =    ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:33 PM | Attr =  H ]
Msft_Kernel_motccgpfl_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motccgp_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgp_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motmodem_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motmodem_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:35 PM | Attr =  H ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/24/2008 11:32:51 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 10:01:43 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/17/2008 1:38:40 PM | Attr =    ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2/6/2008 10:55:05 PM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 62344 bytes | Modified Date = 2/15/2008 8:57:34 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 401064 bytes | Modified Date = 2/15/2008 8:57:34 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 471326 bytes | Modified Date = 2/15/2008 8:57:34 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3874 bytes | Modified Date = 2/15/2008 9:33:44 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13002 bytes | Modified Date = 2/25/2008 9:01:51 AM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 8:14:53 PM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/25/2008 9:01:46 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/11/2008 12:32:55 PM | Attr =   S]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/13/2008 10:00:20 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 10:01:17 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 10:02:10 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/24/2008 10:44:25 PM | Attr =  HS]
lexstat.ini -> %SystemRoot%\lexstat.ini ->  [Ver =  | Size = 327 bytes | Modified Date = 2/24/2008 10:50:09 PM | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2/10/2008 11:55:44 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/25/2008 9:05:57 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/6/2008 10:59:14 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/10/2008 11:35:49 AM | Attr =  H ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/15/2008 9:38:48 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/24/2008 10:51:29 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/9/2008 4:14:02 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/25/2008 9:12:56 AM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 689 bytes | Modified Date = 2/10/2008 11:41:23 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2/11/2008 3:25:29 PM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/18/2008 9:54:02 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/25/2008 9:02:05 AM | Attr =  H ]
Scheduled scanning task.job -> %SystemRoot%\tasks\Scheduled scanning task.job ->  [Ver =  | Size = 544 bytes | Modified Date = 2/25/2008 3:25:15 AM | Attr =    ]
SDMsgUpdate (SD).job -> %SystemRoot%\tasks\SDMsgUpdate (SD).job ->  [Ver =  | Size = 476 bytes | Modified Date = 2/25/2008 9:03:34 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 2/25/2008 9:04:04 AM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 2/25/2008 9:04:04 AM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 1/21/2007 9:00:55 PM | Attr =    ]
rtdrvmon.exe -> C:\Documents and Settings\Luc and Francine\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2/25/2008 9:08:35 AM | Attr =    ]
SSUPDATE.EXE -> C:\Documents and Settings\Luc and Francine\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr =    ]
rtdrvmon.exe -> C:\WINDOWS\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2/25/2008 9:02:27 AM | Attr =    ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 2/11/2008 1:52:47 PM | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/9/2008 4:14:21 PM | Attr =    ]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/24/2008 10:44:30 PM | Attr =    ]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/15/2008 9:02:47 PM | Attr =    ]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Grisoft -> %AppData%\Grisoft ->  [Folder | Modified Date = 2/11/2008 1:53:09 PM | Attr =    ]
LimeWire -> %AppData%\LimeWire ->  [Folder | Modified Date = 2/10/2008 8:06:04 PM | Attr =    ]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/24/2008 10:44:20 PM | Attr =    ]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 2/23/2008 11:10:24 AM | Attr =    ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 96256 bytes | Modified Date = 2/22/2008 4:16:58 PM | Attr =    ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4840652 bytes | Modified Date = 2/25/2008 9:00:22 AM | Attr =  H ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/19/2008 11:07:51 AM | Attr = R  ]
AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 620 bytes | Modified Date = 2/11/2008 1:53:01 PM | Attr =    ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 2/24/2008 10:44:22 PM | Attr =    ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/24/2008 9:07:53 PM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/17/2008 4:27:09 PM | Attr =    ]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/17/2008 4:25:52 PM | Attr =    ]
Home Budget 2004.xls -> %UserProfile%\Desktop\Home Budget 2004.xls ->  [Ver =  | Size = 47616 bytes | Modified Date = 2/1/2008 9:32:28 PM | Attr =    ]
hup_rebate_coupon_fr.pdf -> %UserProfile%\Desktop\hup_rebate_coupon_fr.pdf ->  [Ver =  | Size = 1420468 bytes | Modified Date = 2/19/2008 10:04:45 AM | Attr =    ]
pics -> %UserProfile%\Desktop\pics ->  [Folder | Modified Date = 2/6/2008 9:09:01 PM | Attr =    ]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 4:02:21 PM | Attr =    ]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 4:25:37 PM | Attr =    ]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Modified Date = 2/24/2008 10:43:38 PM | Attr =    ]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/24/2008 10:51:29 PM | Attr =    ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/24/2008 9:09:33 PM | Attr =    ]
COGECO Security Services.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\COGECO Security Services.lnk ->  [Ver =  | Size = 828 bytes | Modified Date = 2/25/2008 9:02:21 AM | Attr =    ]
Motorola Shared -> %CommonProgramFiles%\Motorola Shared ->  [Folder | Modified Date = 2/6/2008 8:59:34 PM | Attr =    ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/24/2008 10:43:55 PM | Attr =    ]

< End of report >

CODE

WinPFind35 logfile created on: 2/25/2008 9:12:27 AM
WinPFind35U Version 1.0.0.1     Folder = C:\Documents and Settings\Luc and Francine\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 169.66 Mb Available Physical Memory | 33.17% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.04% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.69 Gb Total Space | 6.33 Gb Free Space | 49.89% Space Free | Partition Type: NTFS
Drive D: | 101.79 Gb Total Space | 48.78 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Luc and Francine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> D:\System tools\A-Aware\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/17/2008 6:41:14 PM | Attr =    ]
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 10:37:10 AM | Attr =    ]
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 8/18/2003 10:32:56 AM | Attr =    ]
fsm32.exe -> D:\System tools\COGECO Security Services\Common\FSM32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 118833 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 2:43:44 AM | Attr =    ]
guard.exe -> D:\System tools\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
servic~1.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\ServiceWrapper-9867844.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
fsgk32st.exe -> D:\System tools\COGECO Security Services\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 9/4/2001 4:15:22 AM | Attr =    ]
fsgk32.exe -> D:\System tools\COGECO Security Services\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 6.10.12200 | Size = 290304 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
fsbwsys.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.82.819 | Size = 270389 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
fsma32.exe -> D:\System tools\COGECO Security Services\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 61490 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fspex.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
fsmb32.exe -> D:\System tools\COGECO Security Services\Common\FSMB32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 180274 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fssm32.exe -> D:\System tools\COGECO Security Services\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 6.10.12200 | Size = 248320 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
fch32.exe -> D:\System tools\COGECO Security Services\Common\FCH32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 65585 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fameh32.exe -> D:\System tools\COGECO Security Services\Common\FAMEH32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 270387 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
fsrw.exe -> D:\System tools\COGECO Security Services\Anti-Virus\FSRW.exe -> F-Secure Corporation [Ver = 1.1.217  | Size = 159792 bytes | Modified Date = 6/7/2005 2:39:32 AM | Attr =    ]
fspc.exe -> D:\System tools\COGECO Security Services\FSPC\fspc.exe -> F-Secure Corporation [Ver = 4.00.290  | Size = 114743 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
fshttps.exe -> D:\System tools\COGECO Security Services\FSPC\fshttps\fshttps.exe -> F-Secure Corporation [Ver = 4.00.290  | Size = 53306 bytes | Modified Date = 10/31/2005 9:10:36 PM | Attr =    ]
fsdfwd.exe -> D:\System tools\COGECO Security Services\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 5.90.400 | Size = 200767 bytes | Modified Date = 8/22/2005 8:04:52 AM | Attr =    ]
fsav32.exe -> D:\System tools\COGECO Security Services\Anti-Virus\FSAV32.exe -> F-Secure Corporation [Ver = 5.55.11370 | Size = 177664 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
fsaw.exe -> D:\System tools\COGECO Security Services\Anti-Spyware\FSAW.exe -> F-Secure Corporation [Ver = 1.1.194  | Size = 86064 bytes | Modified Date = 6/30/2005 12:34:52 AM | Attr =    ]
fsguidll.exe -> D:\System tools\COGECO Security Services\FSGUI\fsguidll.exe -> F-Secure Corporation [Ver = 6, 20, 330, 0 | Size = 233537 bytes | Modified Date = 11/18/2005 7:55:00 AM | Attr =    ]
devldr32.exe -> %SystemRoot%\system32\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Modified Date = 8/17/2001 5:36:42 PM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/7/2008 10:49:47 PM | Attr =    ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> D:\System tools\A-Aware\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/17/2008 6:41:14 PM | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> D:\System tools\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
(BackWeb Plug-in - 9867844) COGECO Security Services [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\backweb\9867844\Program\ServiceWrapper-9867844.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =    ]
(F-Secure Gatekeeper Handler Starter) FSGKHS [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 9/4/2001 4:15:22 AM | Attr =    ]
(fsbwsys) fsbwsys [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.82.819 | Size = 270389 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
(FSDFWD) F-Secure Anti-Virus Firewall Daemon [Win32_Own | On_Demand | Running] -> D:\System tools\COGECO Security Services\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 5.90.400 | Size = 200767 bytes | Modified Date = 8/22/2005 8:04:52 AM | Attr =    ]
(fshttps) F-Secure HTTP Server [Win32_Own | On_Demand | Running] -> D:\System tools\COGECO Security Services\FSPC\fshttps\fshttps.exe -> F-Secure Corporation [Ver = 4.00.290  | Size = 53306 bytes | Modified Date = 10/31/2005 9:10:36 PM | Attr =    ]
(FSMA) F-Secure Management Agent [Win32_Own | Auto | Running] -> D:\System tools\COGECO Security Services\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 61490 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 8:40:21 PM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =    ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 10:37:10 AM | Attr =    ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 1/15/2007 3:01:56 PM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> D:\System tools\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(Cinemsup) Cinemsup [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cinemsup.sys -> Sonic Solutions [Ver = 1.0.01.0014 | Size = 6656 bytes | Modified Date = 12/19/2003 2:00:00 AM | Attr =    ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctljystk.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3712 bytes | Modified Date = 8/17/2001 7:19:20 AM | Attr =    ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(emu10k) Creative SB Live! (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emu10k1m.sys -> Creative Technology Ltd. [Ver = 5.12.01.3300 built by: WinDDK | Size = 283904 bytes | Modified Date = 8/17/2001 7:19:26 AM | Attr =    ]
(emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctlfacem.sys -> Creative Technology Ltd. [Ver = 5.12.01.2108 built by: WinDDK | Size = 6912 bytes | Modified Date = 8/17/2001 7:19:28 AM | Attr =    ]
(F-Secure Filter) F-Secure File System Filter [Kernel | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\win2k\FSfilter.sys ->  [Ver =  | Size = 48720 bytes | Modified Date = 9/10/2004 10:14:32 AM | Attr =    ]
(F-Secure Gatekeeper) F-Secure Gatekeeper [Kernel | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\win2k\fsgk.sys ->  [Ver =  | Size = 55424 bytes | Modified Date = 5/30/2007 4:25:17 AM | Attr =    ]
(F-Secure Recognizer) F-Secure File System Recognizer [Kernel | Auto | Running] -> D:\System tools\COGECO Security Services\Anti-Virus\win2k\FSrec.sys ->  [Ver =  | Size = 16848 bytes | Modified Date = 12/17/2004 4:34:58 AM | Attr =    ]
(FSFW) F-Secure Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\fsdfw.sys -> F-Secure Corporation [Ver = 5.90.400 | Size = 70224 bytes | Modified Date = 8/22/2005 8:05:02 AM | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(motccgp) Motorola USB Composite Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgp.sys -> Motorola [Ver = 2.3.0.0 built by: WinDDK | Size = 18176 bytes | Modified Date = 11/2/2007 2:36:10 PM | Attr =    ]
(motccgpfl) MotCcgpFlService [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgpfl.sys -> Motorola [Ver = 1.4.0.0 built by: WinDDK | Size = 7680 bytes | Modified Date = 1/22/2007 6:33:00 PM | Attr =    ]
(MotDev) Motorola Inc. USB Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motodrv.sys -> Motorola Inc [Ver = 3.0 | Size = 42112 bytes | Modified Date = 10/10/2007 4:41:50 PM | Attr =    ]
(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motmodem.sys -> Motorola [Ver = 4.1.0.0 built by: WinDDK | Size = 23680 bytes | Modified Date = 6/18/2007 2:18:26 PM | Attr =    ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:54 AM | Attr =    ]
(nv4) nv4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4.sys -> NVIDIA Corporation [Ver = 5.01.2001.1240 (ReleasedBinaries.010717-0141)            | Size = 731648 bytes | Modified Date = 8/17/2001 7:50:26 AM | Attr =    ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr =    ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr =    ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\system32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 6, 0, 0 | Size = 31644 bytes | Modified Date = 1/20/2007 2:11:07 AM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =    ]
(sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sfmanm.sys -> Creative Technology Ltd. [Ver = 4.10.3300 | Size = 36480 bytes | Modified Date = 8/17/2001 7:19:34 AM | Attr =    ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr =    ]
(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.05 built by: WinDDK | Size = 32768 bytes | Modified Date = 8/4/2004 12:31:34 AM | Attr =    ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 715248 bytes | Modified Date = 1/11/2008 4:41:05 PM | Attr =    ]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> D:\System tools\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =    ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 2:06:32 AM | Attr =    ]
F-Secure Manager -> D:\System tools\COGECO Security Services\Common\FSM32.EXE -> F-Secure Corporation [Ver = 5.80.8213  | Size = 118833 bytes | Modified Date = 5/9/2005 2:05:50 AM | Attr =    ]
F-Secure Startup Wizard -> D:\System tools\COGECO Security Services\FSGUI\fssw.exe -> F-Secure Corporation [Ver = 1, 0, 37, 1 | Size = 372736 bytes | Modified Date = 11/18/2005 7:57:26 AM | Attr =    ]
F-Secure TNB -> D:\System tools\COGECO Security Services\TNB\tnbutil.exe -> F-Secure Corporation [Ver = 1.09.5050 | Size = 700416 bytes | Modified Date = 6/2/2005 8:05:22 AM | Attr =    ]
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 10:43:48 AM | Attr =    ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 2:40:44 PM | Attr =    ]
News Service -> D:\System tools\COGECO Security Services\FSGUI\ispnews.exe -> F-Secure Corporation [Ver = 1, 0, 0, 14 | Size = 356352 bytes | Modified Date = 5/31/2005 7:45:06 AM | Attr =    ]
QuickTime Task -> D:\System tools\quicktime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 3:57:48 PM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 2:43:44 AM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\COGECO Security Services.lnk -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
< Luc and Francine Startup Folder > -> C:\Documents and Settings\Luc and Francine\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> D:\System tools\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (224708 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> https://gmail.google.com/?dest=http%3A%2F%2Fgmail.google.com%2Fgmail ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4190 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4189 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 2:43:40 AM | Attr =    ]
{E5A1691B-D188-4419-AD02-90002030B8EE} [HKEY_LOCAL_MACHINE] -> D:\System tools\FlashFXP\IEFlash.dll [FlashFXP Helper for Internet Explorer] -> IniCom Networks, Inc. [Ver = 3.0.0.1015 | Size = 191096 bytes | Modified Date = 5/4/2005 11:46:46 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 2:43:41 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 2:43:40 AM | Attr =    ]
{200DB664-75B5-47c0-8B45-A44ACCF73C00}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
{200DB664-75B5-47c0-8B45-A44ACCF73F01}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
{300DB664-75B5-47c0-8B45-A44ACCF73C00}:{0928F506-07E8-470c-979D-147C296D4879} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\Anti-Spyware\ieshield.dll [IE Shield] -> F-Secure Corporation [Ver = 6.20.1525  | Size = 49204 bytes | Modified Date = 5/4/2005 2:10:34 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 2:43:41 AM | Attr =    ]
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\FSPC\fspcmsie.dll [Web Filter] -> F-Secure Corporation [Ver = 4.00.290  | Size = 53307 bytes | Modified Date = 10/31/2005 9:00:56 PM | Attr =    ]
CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> D:\System tools\COGECO Security Services\Anti-Spyware\ieshield.dll [IE Shield] -> F-Secure Corporation [Ver = 6.20.1525  | Size = 49204 bytes | Modified Date = 5/4/2005 2:10:34 AM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Block this popup -> D:\System tools\COGECO Security Services\Anti-Spyware\blockpopups.htm ->  [Ver =  | Size = 380 bytes | Modified Date = 11/18/2004 7:51:56 AM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1F396429-5D13-4ADC-9B6D-785E1C3B49F4} ->    (1394 Net Adapter) ->
{A84B2F47-CD3B-488F-8470-C001B792512D} -> 24.226.10.193,24.226.1.93   (SiS 900 PCI Fast Ethernet Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -> wwinsflt.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -> wwinsflt.dll -> File not found
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] ->
{1C11B948-582A-433F-A98D-A8C4D5CC64F2}[HKEY_LOCAL_MACHINE] -> http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab[20-20 3D Viewer] ->
{31435657-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169318900198[WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe[Virtools WebPlayer Class] ->
{F137B9BA-89EA-4B04-9C67-2074A9DF61FD}[HKEY_LOCAL_MACHINE] -> http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?[Photo Upload Plugin Class] ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =    ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =    ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =    ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 648 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 10920 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe [D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe:*:Enabled:COGECO Security Services] -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\System tools\FlashFXP\flashfxp.exe -> D:\System tools\FlashFXP\flashfxp.exe [D:\System tools\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3] -> IniCom Networks, Inc. [Ver = 3.2.0.1080 | Size = 2380896 bytes | Modified Date = 5/5/2005 1:59:20 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe -> D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe [D:\System tools\COGECO Security Services\backweb\9867844\Program\fspex.exe:*:Enabled:COGECO Security Services] -> BackWeb Technologies Inc.                          [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 1/20/2007 2:49:32 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Apps\utorrent\utorrent.exe -> D:\Apps\utorrent\utorrent.exe [D:\Apps\utorrent\utorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 2/9/2008 2:27:46 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Apps\LimeWire\LimeWire.exe -> D:\Apps\LimeWire\LimeWire.exe [D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 12/3/2007 4:35:53 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\System tools\FlashFXP\flashfxp.exe -> D:\System tools\FlashFXP\flashfxp.exe [D:\System tools\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3] -> IniCom Networks, Inc. [Ver = 3.2.0.1080 | Size = 2380896 bytes | Modified Date = 5/5/2005 1:59:20 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 536399872 bytes | Modified Date = 2/25/2008 9:01:40 AM | Attr =  HS]
AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]
motccgp.sys -> %SystemRoot%\System32\drivers\motccgp.sys -> Motorola [Ver = 2.3.0.0 built by: WinDDK | Size = 18176 bytes | Modified Date = 11/2/2007 2:36:10 PM | Attr =    ]
motccgpfl.sys -> %SystemRoot%\System32\drivers\motccgpfl.sys -> Motorola [Ver = 1.4.0.0 built by: WinDDK | Size = 7680 bytes | Modified Date = 1/22/2007 6:33:00 PM | Attr =    ]
motmodem.sys -> %SystemRoot%\System32\drivers\motmodem.sys -> Motorola [Ver = 4.1.0.0 built by: WinDDK | Size = 23680 bytes | Modified Date = 6/18/2007 2:18:26 PM | Attr =    ]
motodrv.sys -> %SystemRoot%\System32\drivers\motodrv.sys -> Motorola Inc [Ver = 3.0 | Size = 42112 bytes | Modified Date = 10/10/2007 4:41:50 PM | Attr =    ]
motswch.sys -> %SystemRoot%\System32\drivers\motswch.sys -> Motorola [Ver = 6.1.0.0 | Size = 6400 bytes | Modified Date = 11/2/2007 2:51:28 PM | Attr =    ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:33 PM | Attr =  H ]
Msft_Kernel_motccgpfl_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motccgp_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgp_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motmodem_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motmodem_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:35 PM | Attr =  H ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Created Date = 2/6/2008 9:00:16 PM | Attr =    ]
ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll ->  [Ver =  | Size = 7680 bytes | Modified Date = 12/24/2007 1:49:52 PM | Attr =    ]
ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest ->  [Ver =  | Size = 547 bytes | Modified Date = 7/10/2007 5:10:12 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3874 bytes | Modified Date = 2/15/2008 9:33:44 PM | Attr =    ]
unrar.dll -> %SystemRoot%\System32\unrar.dll ->  [Ver =  | Size = 164352 bytes | Modified Date = 9/4/2007 5:56:10 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/6/2008 10:59:14 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/10/2008 11:35:49 AM | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Created Date = 2/11/2008 1:52:47 PM | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/9/2008 2:55:10 PM | Attr =    ]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/24/2008 10:44:30 PM | Attr =    ]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/15/2008 8:56:33 PM | Attr =    ]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Grisoft -> %AppData%\Grisoft ->  [Folder | Created Date = 2/11/2008 1:53:09 PM | Attr =    ]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/24/2008 10:44:20 PM | Attr =    ]
AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 620 bytes | Modified Date = 2/11/2008 1:53:01 PM | Attr =    ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 2/24/2008 10:44:22 PM | Attr =    ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/24/2008 9:07:53 PM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/17/2008 4:27:09 PM | Attr =    ]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/17/2008 4:25:52 PM | Attr =    ]
hup_rebate_coupon_fr.pdf -> %UserProfile%\Desktop\hup_rebate_coupon_fr.pdf ->  [Ver =  | Size = 1420468 bytes | Modified Date = 2/19/2008 10:04:45 AM | Attr =    ]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 4:02:21 PM | Attr =    ]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 4:25:37 PM | Attr =    ]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Modified Date = 2/24/2008 10:43:38 PM | Attr =    ]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/24/2008 9:10:25 PM | Attr =    ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/24/2008 9:09:33 PM | Attr =    ]
COGECO Security Services.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\COGECO Security Services.lnk ->  [Ver =  | Size = 828 bytes | Modified Date = 2/25/2008 9:02:21 AM | Attr =    ]
Motorola Shared -> %CommonProgramFiles%\Motorola Shared ->  [Folder | Created Date = 2/6/2008 8:59:34 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 536399872 bytes | Modified Date = 2/25/2008 9:01:40 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/24/2008 10:44:20 PM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/15/2008 9:30:49 PM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/9/2008 2:57:39 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 224708 bytes | Modified Date = 2/15/2008 9:33:40 PM | Attr =    ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:33 PM | Attr =  H ]
Msft_Kernel_motccgpfl_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motccgp_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motccgp_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:43 PM | Attr =  H ]
Msft_Kernel_motmodem_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_motmodem_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2/6/2008 9:01:35 PM | Attr =  H ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/24/2008 11:32:51 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 10:01:43 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/17/2008 1:38:40 PM | Attr =    ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2/6/2008 10:55:05 PM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 62344 bytes | Modified Date = 2/15/2008 8:57:34 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 401064 bytes | Modified Date = 2/15/2008 8:57:34 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 471326 bytes | Modified Date = 2/15/2008 8:57:34 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3874 bytes | Modified Date = 2/15/2008 9:33:44 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13002 bytes | Modified Date = 2/25/2008 9:01:51 AM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 8:14:53 PM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/25/2008 9:01:46 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/11/2008 12:32:55 PM | Attr =   S]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/13/2008 10:00:20 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 10:01:17 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 10:02:10 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/24/2008 10:44:25 PM | Attr =  HS]
lexstat.ini -> %SystemRoot%\lexstat.ini ->  [Ver =  | Size = 327 bytes | Modified Date = 2/24/2008 10:50:09 PM | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2/10/2008 11:55:44 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/25/2008 9:05:57 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/6/2008 10:59:14 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/10/2008 11:35:49 AM | Attr =  H ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/15/2008 9:38:48 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/24/2008 10:51:29 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/9/2008 4:14:02 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/25/2008 9:12:56 AM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 689 bytes | Modified Date = 2/10/2008 11:41:23 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2/11/2008 3:25:29 PM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/18/2008 9:54:02 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/25/2008 9:02:05 AM | Attr =  H ]
Scheduled scanning task.job -> %SystemRoot%\tasks\Scheduled scanning task.job ->  [Ver =  | Size = 544 bytes | Modified Date = 2/25/2008 3:25:15 AM | Attr =    ]
SDMsgUpdate (SD).job -> %SystemRoot%\tasks\SDMsgUpdate (SD).job ->  [Ver =  | Size = 476 bytes | Modified Date = 2/25/2008 9:03:34 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 2/25/2008 9:04:04 AM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 2/25/2008 9:04:04 AM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 1/21/2007 9:00:55 PM | Attr =    ]
rtdrvmon.exe -> C:\Documents and Settings\Luc and Francine\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2/25/2008 9:08:35 AM | Attr =    ]
SSUPDATE.EXE -> C:\Documents and Settings\Luc and Francine\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr =    ]
rtdrvmon.exe -> C:\WINDOWS\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2/25/2008 9:02:27 AM | Attr =    ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 2/11/2008 1:52:47 PM | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/9/2008 4:14:21 PM | Attr =    ]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/24/2008 10:44:30 PM | Attr =    ]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/15/2008 9:02:47 PM | Attr =    ]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Grisoft -> %AppData%\Grisoft ->  [Folder | Modified Date = 2/11/2008 1:53:09 PM | Attr =    ]
LimeWire -> %AppData%\LimeWire ->  [Folder | Modified Date = 2/10/2008 8:06:04 PM | Attr =    ]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/24/2008 10:44:20 PM | Attr =    ]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 2/23/2008 11:10:24 AM | Attr =    ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 96256 bytes | Modified Date = 2/22/2008 4:16:58 PM | Attr =    ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4840652 bytes | Modified Date = 2/25/2008 9:00:22 AM | Attr =  H ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/19/2008 11:07:51 AM | Attr = R  ]
AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 620 bytes | Modified Date = 2/11/2008 1:53:01 PM | Attr =    ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 2/24/2008 10:44:22 PM | Attr =    ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/24/2008 9:07:53 PM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/17/2008 4:27:09 PM | Attr =    ]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/17/2008 4:25:52 PM | Attr =    ]
Home Budget 2004.xls -> %UserProfile%\Desktop\Home Budget 2004.xls ->  [Ver =  | Size = 47616 bytes | Modified Date = 2/1/2008 9:32:28 PM | Attr =    ]
hup_rebate_coupon_fr.pdf -> %UserProfile%\Desktop\hup_rebate_coupon_fr.pdf ->  [Ver =  | Size = 1420468 bytes | Modified Date = 2/19/2008 10:04:45 AM | Attr =    ]
pics -> %UserProfile%\Desktop\pics ->  [Folder | Modified Date = 2/6/2008 9:09:01 PM | Attr =    ]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 4:02:21 PM | Attr =    ]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 4:25:37 PM | Attr =    ]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Modified Date = 2/24/2008 10:43:38 PM | Attr =    ]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/24/2008 10:51:29 PM | Attr =    ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/24/2008 9:09:33 PM | Attr =    ]
COGECO Security Services.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\COGECO Security Services.lnk ->  [Ver =  | Size = 828 bytes | Modified Date = 2/25/2008 9:02:21 AM | Attr =    ]
Motorola Shared -> %CommonProgramFiles%\Motorola Shared ->  [Folder | Modified Date = 2/6/2008 8:59:34 PM | Attr =    ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/24/2008 10:43:55 PM | Attr =    ]

< End of report >

compukill

Feb 25 2008, 09:19 AM

Sorry i accidendly added the winpfind35u data twice.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/25/2008 at 01:26 AM

Application Version : 3.9.1008

Core Rules Database Version : 3408
Trace Rules Database Version: 1400

Scan type : Complete Scan
Total Scan Time : 02:33:13

Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 5673
Registry threats detected : 0
File items scanned : 61112
File threats detected : 5

Trojan.Downloader-Gen/FotoMoto-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9C17EEAF-5914-4204-9BEB-93394133A245}\RP438\A0033588.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9C17EEAF-5914-4204-9BEB-93394133A245}\RP444\A0034001.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{9C17EEAF-5914-4204-9BEB-93394133A245}\RP446\A0034081.DLL

Adware.SprtAds/AdRotator
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9C17EEAF-5914-4204-9BEB-93394133A245}\RP440\A0033645.DLL

Trojan.Unclassified/IEBROWSERCMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9C17EEAF-5914-4204-9BEB-93394133A245}\RP444\A0033943.DLL

Here is the .log file from the WinPFind3u/MovedFiles folder

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iRiver Updater deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\P2kAutostart deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Games\PSP\RSS Streaming Tools\wizard.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Luc and Francine\Desktop\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Games\PSP\RSS Streaming Tools\apache2\bin\Apache.exe deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\dcads-remove.exe moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\Luc and Francine\Application Data\urlredir.cfg moved successfully.
C:\Documents and Settings\Luc and Francine\My Documents\bacup reg.reg moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\dcads-remove.exe not found!
C:\Documents and Settings\Luc and Francine\Local Settings\Temp\rtdrvmon.exe moved successfully.
C:\WINDOWS\Temp\_ISTMP0.DIR\corecomp.ini moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\Luc and Francine\Application Data\urlredir.cfg not found!
File C:\Documents and Settings\Luc and Francine\My Documents\bacup reg.reg not found!
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.0.1 fix logfile created on 02242008_225129

OldTimer

Feb 25 2008, 11:08 AM

Hi compukill. That all looks good. How are things running? Any more popups? If not, run the system for a couple of days and see if it stays that way. Then we can do a bit of final cleanup.

Cheers.

OT

compukill

Feb 25 2008, 11:00 PM

I will try it for a few days. I will keep you posted

compukill

Feb 26 2008, 10:25 PM

Well unfortunately I'm still getting the pop ups. Any other suggestions ?

OldTimer

Feb 26 2008, 11:26 PM

Hi compukill. I think it's just a registry setting. Run the following scan:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Select None for each group in the Basic Scans area
Copy/paste the text below into the Manual File or Registry Key Scans area:
CODE
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager /s
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT

compukill

Feb 26 2008, 11:51 PM

CODE

WinPFind35 logfile created on: 2/26/2008 11:50:20 PM
WinPFind35U Version 1.0.0.1     Folder = C:\Documents and Settings\Luc and Francine\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 155.29 Mb Available Physical Memory | 30.36% Memory free
1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.17% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.69 Gb Total Space | 6.30 Gb Free Space | 49.59% Space Free | Partition Type: NTFS
Drive D: | 101.79 Gb Total Space | 48.78 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Luc and Francine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Manual Scans]
< HKLM\SYSTEM\CurrentControlSet\Control\Session Manager /s >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ -> ->
*BootExecute* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute ->
autocheck autochk * ->  -> File not found
lsdelete -> %SystemRoot%\system32\lsdelete.exe ->  [Ver =  | Size = 12632 bytes | Modified Date = 1/17/2008 6:42:09 PM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\CriticalSectionTimeout -> 2592000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\EnableMCA -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\EnableMCE -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ExcludeFromKnownDlls ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\GlobalFlag -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\HeapDeCommitFreeBlockThreshold -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\HeapDeCommitTotalFreeThreshold -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\HeapSegmentCommit -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\HeapSegmentReserve -> 0 ->
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories ->
\Windows ->  -> File not found
\RPC Control ->  -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ProtectionMode -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ResourceTimeoutCount -> 648000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ProcessorControl -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\RegisteredProcessors -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\LicensedProcessors -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility\\AppCompatCache -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\CWD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\CWD\ff060102423da0000407108e0500\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\CWD\ff060102423da0000407108e0500\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\CWD\ff060102423da0000407108e0500\1\\Add1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\CWD\ff060102423da0000407108e0500\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI01\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI01\ff06010242935100040720730500\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI01\ff06010242935100040720730500\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI01\ff06010242935100040720730500\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI02\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI02\ff06010242468300040790c80400\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI02\ff06010242468300040790c80400\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBI02\ff06010242468300040790c80400\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBIN\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBIN\ff0601024cab7b000407b0ea0400\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBIN\ff0601024cab7b000407b0ea0400\2\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTBIN\ff0601024cab7b000407b0ea0400\2\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTSCR\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTSCR\ff060102c47b1f00040750db0100\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTSCR\ff060102c47b1f00040750db0100\e\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\INSTSCR\ff060102c47b1f00040750db0100\e\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\LTSPRINT\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\LTSPRINT\ff060102424f3f000306706600\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\LTSPRINT\ff060102424f3f000306706600\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\LTSPRINT\ff060102424f3f000306706600\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\MYST\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\MYST\ff060102423bab000407102e0600\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\MYST\ff060102423bab000407102e0600\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\MYST\ff060102423bab000407102e0600\1\\Add1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\MYST\ff060102423bab000407102e0600\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\OUTPOST\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\OUTPOST\ff06010242410f000306801500\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\OUTPOST\ff06010242410f000306801500\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\OUTPOST\ff06010242410f000306801500\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\PALED40\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\PALED40\ff060102420032000407401b0100\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\PALED40\ff060102420032000407401b0100\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\PALED40\ff060102420032000407401b0100\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024211e100040750e50700\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024211e100040750e50700\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024211e100040750e50700\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024237e6000407d00e0800\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024237e6000407d00e0800\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601024237e6000407d00e0800\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102428203000306401600\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102428203000306401600\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102428203000306401600\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025621ef000407f07a0700\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025621ef000407f07a0700\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025621ef000407f07a0700\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025642ea00040750550700\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025642ea00040750550700\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025642ea00040750550700\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102564ee6000407b0670700\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102564ee6000407b0670700\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102564ee6000407b0670700\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102565ce5000407d0600700\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102565ce5000407d0600700\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff060102565ce5000407d0600700\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025674e6000407704d0700\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025674e6000407704d0700\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff0601025674e6000407704d0700\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256b1dd00040760ef0b00\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256b1dd00040760ef0b00\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256b1dd00040760ef0b00\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256c1ef00040770fb0600\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256c1ef00040770fb0600\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256c1ef00040770fb0600\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256e2e400040750600700\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256e2e400040750600700\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256e2e400040750600700\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256eae500040710640700\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256eae500040710640700\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256eae500040710640700\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256faef00040710c50600\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256faef00040710c50600\3\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP\ff06010256faef00040710c50600\3\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP16\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP16\ff0601024cd875000407a0db0100\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP16\ff0601024cd875000407a0db0100\2\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\SETUP16\ff0601024cd875000407a0db0100\2\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\USA\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\USA\ff06010242059b00040710780600\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\USA\ff06010242059b00040710780600\1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\USA\ff06010242059b00040710780600\1\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\USA\ff06010242059b00040710780600\1\\Change2 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB\ff060102ec353f00040780c81300\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB\ff060102ec353f00040780c81300\12\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB\ff060102ec353f00040780c81300\12\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB40016\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB40016\ff0702021401ee3e000407d0460e00\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB40016\ff0702021401ee3e000407d0460e00\16\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\VB40016\ff0702021401ee3e000407d0460e00\16\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\WISE0001\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\WISE0001\ff0601024cf4ef000407604e0100\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\WISE0001\ff0601024cf4ef000407604e0100\2\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches\WISE0001\ff0601024cf4ef000407604e0100\2\\Change1 -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\\AUX -> C:\WINDOWS\COM1 [\DosDevices\COM1] ->  [Ver =  | Size = 0 bytes | Modified Date = 1/1/1900 12:00:00 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\\MAILSLOT -> \Device\MailSlot ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\\NUL -> \Device\Null ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\\PIPE -> \Device\NamedPipe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\\PRN -> C:\WINDOWS\LPT1 [\DosDevices\LPT1] ->  [Ver =  | Size = 0 bytes | Modified Date = 1/1/1900 12:00:00 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\\UNC -> \Device\Mup ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\ComSpec -> C:\WINDOWS\system32\cmd.exe [%SystemRoot%\system32\cmd.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =    ]
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/24/2008 10:51:29 PM | Attr =    ]
%SystemRoot% -> %SystemRoot% ->  [Folder | Modified Date = 2/15/2008 9:30:49 PM | Attr =    ]
%SystemRoot%\System32\Wbem -> %SystemRoot%\system32\wbem ->  [Folder | Modified Date = 1/20/2007 2:35:52 PM | Attr =    ]
D:\System tools\quicktime\QTSystem\ -> D:\System tools\quicktime\QTSystem ->  [Folder | Modified Date = 2/6/2007 5:40:38 PM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\windir -> C:\WINDOWS [%SystemRoot%] ->  [Folder | Modified Date = 2/15/2008 9:30:49 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\OS -> Windows_NT ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PROCESSOR_ARCHITECTURE -> x86 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PROCESSOR_LEVEL -> 15 ->
*PROCESSOR_IDENTIFIER* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PROCESSOR_IDENTIFIER ->
x86 Family 15 Model 2 Stepping 4 ->  -> File not found
GenuineIntel ->  -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PROCESSOR_REVISION -> 0204 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\NUMBER_OF_PROCESSORS -> 1 ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> .COM -> File not found
.EXE -> .EXE -> File not found
.BAT -> .BAT -> File not found
.CMD -> .CMD -> File not found
.VBS -> .VBS -> File not found
.VBE -> .VBE -> File not found
.JS -> .JS -> File not found
.JSE -> .JSE -> File not found
.WSF -> .WSF -> File not found
.WSH -> .WSH -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\TEMP -> C:\WINDOWS\Temp [%SystemRoot%\TEMP] ->  [Folder | Modified Date = 2/26/2008 11:48:47 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\TMP -> C:\WINDOWS\Temp [%SystemRoot%\TEMP] ->  [Folder | Modified Date = 2/26/2008 11:48:47 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\FP_NO_HOST_CHECK -> NO ->
*CLASSPATH* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\CLASSPATH ->
. -> %SystemRoot%\. ->  [Folder | Modified Date = 2/15/2008 9:30:49 PM | Attr =    ]
C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip -> %ProgramFiles%\Java\jre1.5.0_10\lib\ext\QTJava.zip ->  [Ver =  | Size = 1180476 bytes | Modified Date = 6/12/2006 9:57:52 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\QTJAVA -> C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip [C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip] ->  [Ver =  | Size = 1180476 bytes | Modified Date = 6/12/2006 9:57:52 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive\\AdditionalCriticalWorkerThreads -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive\\AdditionalDelayedWorkerThreads -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive\\PriorityQuantumMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\\obcaseinsensitive -> 1 ->
*ObUnsecureGlobalNames* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\\ObUnsecureGlobalNames ->
netfxcustomperfcounters.1.0 -> netfxcustomperfcounters.1.0 -> File not found
SharedPerfIPCBlock ->  -> File not found
Cor_Private_IPCBlock ->  -> File not found
Cor_Public_IPCBlock_ ->  -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\advapi32 -> C:\WINDOWS\system32\advapi32.dll [advapi32.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 616960 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\comdlg32 -> C:\WINDOWS\system32\comdlg32.dll [comdlg32.dll] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276992 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\DllDirectory -> C:\WINDOWS\system32 [%SystemRoot%\system32] ->  [Folder | Modified Date = 2/24/2008 10:51:29 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\gdi32 -> C:\WINDOWS\system32\gdi32.dll [gdi32.dll] -> Microsoft Corporation [Ver = 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300) | Size = 282112 bytes | Modified Date = 6/19/2007 8:31:19 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\imagehlp -> C:\WINDOWS\system32\imagehlp.dll [imagehlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144384 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\kernel32 -> C:\WINDOWS\system32\kernel32.dll [kernel32.dll] -> Microsoft Corporation [Ver = 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Size = 984576 bytes | Modified Date = 4/16/2007 10:52:53 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\lz32 -> C:\WINDOWS\system32\lz32.dll [lz32.dll] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 2560 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\ole32 -> C:\WINDOWS\system32\ole32.dll [ole32.dll] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 1285120 bytes | Modified Date = 7/25/2005 11:39:48 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\oleaut32 -> C:\WINDOWS\system32\oleaut32.dll [oleaut32.dll] -> Microsoft Corporation [Ver = 5.1.2600.3266 | Size = 550912 bytes | Modified Date = 12/4/2007 1:38:13 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\olecli32 -> C:\WINDOWS\system32\olecli32.dll [olecli32.dll] -> Microsoft Corporation [Ver = 1.07 (xpsp_sp2_gdr.050725-1528) | Size = 74752 bytes | Modified Date = 7/25/2005 11:39:48 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\olecnv32 -> C:\WINDOWS\system32\olecnv32.dll [olecnv32.dll] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 37888 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\olesvr32 -> C:\WINDOWS\system32\olesvr32.dll [olesvr32.dll] -> Microsoft Corporation [Ver = 1.09 (XPClient.010817-1148) | Size = 22016 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\olethk32 -> C:\WINDOWS\system32\olethk32.dll [olethk32.dll] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 69120 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\rpcrt4 -> C:\WINDOWS\system32\rpcrt4.dll [rpcrt4.dll] -> Microsoft Corporation [Ver = 5.1.2600.3173 (xpsp_sp2_gdr.070709-0051) | Size = 584192 bytes | Modified Date = 7/9/2007 8:09:42 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\shell32 -> C:\WINDOWS\system32\shell32.dll [shell32.dll] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 10:36:51 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\url -> C:\WINDOWS\system32\url.dll [url.dll] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 105984 bytes | Modified Date = 12/6/2007 9:21:48 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\urlmon -> C:\WINDOWS\system32\urlmon.dll [urlmon.dll] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/6/2007 9:21:48 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\user32 -> C:\WINDOWS\system32\user32.dll [user32.dll] -> Microsoft Corporation [Ver = 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Size = 577536 bytes | Modified Date = 3/8/2007 10:36:28 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\version -> C:\WINDOWS\system32\version.dll [version.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\wininet -> C:\WINDOWS\system32\wininet.dll [wininet.dll] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 824832 bytes | Modified Date = 12/6/2007 9:21:48 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\\wldap32 -> C:\WINDOWS\system32\wldap32.dll [wldap32.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 172032 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\ClearPageFileAtShutdown -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\DisablePagingExecutive -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\LargeSystemCache -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\NonPagedPoolQuota -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\NonPagedPoolSize -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\PagedPoolQuota -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\PagedPoolSize -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\SecondLevelDataCache -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\SystemPages -> 503808 ->
*PagingFiles* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\PagingFiles ->
C:\pagefile.sys 768 1536 -> %SystemDrive%\pagefile.sys ->  [Ver =  | Size = 805306368 bytes | Modified Date = 2/25/2008 9:01:38 AM | Attr =  HS]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\PhysicalAddressExtension -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\SessionViewSize -> 48 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\SessionPoolSize -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\SessionImageSize -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\WriteWatch -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\VideoInitTime -> 1582 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\EnablePrefetcher -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\AppLaunchMaxNumPages -> 4000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\AppLaunchMaxNumSections -> 170 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\AppLaunchTimerPeriod -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\BootMaxNumPages -> 128000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\BootMaxNumSections -> 4080 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\BootTimerPeriod -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\MaxNumActiveTraces -> 8 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\MaxNumSavedTraces -> 8 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\RootDirPath -> Prefetch ->
*HostingAppList* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\\HostingAppList ->
DLLHOST.EXE -> %SystemRoot%\system32\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =    ]
MMC.EXE -> %SystemRoot%\system32\mmc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 815104 bytes | Modified Date = 8/4/2004 2:56:51 AM | Attr =    ]
RUNDLL32.EXE -> %SystemRoot%\system32\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 2:56:55 AM | Attr =    ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power\\AcProcessorPolicy -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power\\DcProcessorPolicy -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power\\AcPolicy -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power\\DcPolicy -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power\\Heuristics -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC\\ProgramFilesDir -> C:\Program Files ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC\\CommonFilesDir -> C:\Program Files\Common Files ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Debug ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode -> C:\WINDOWS\system32\win32k.sys [%SystemRoot%\system32\win32k.sys] -> Microsoft Corporation [Ver = 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Size = 1843584 bytes | Modified Date = 3/8/2007 8:47:48 AM | Attr =    ]
*Optional* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Optional ->
Posix ->  -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Posix -> C:\WINDOWS\system32\psxss.exe [%SystemRoot%\system32\psxss.exe] -> File not found
*Required* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required ->
Debug -> %SystemRoot%\system32\debug.exe ->  [Ver =  | Size = 20634 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =    ]
Windows ->  -> File not found
*MultiFile Done* -> ->
*Windows* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows ->
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024 ->  -> File not found
3072 ->  -> File not found
512 Windows=On SubSystemType=Windows ServerDll=basesrv ->  -> File not found
1 ServerDll=winsrv:UserServerDllInitialization ->  -> File not found
3 ServerDll=winsrv:ConServerDllInitialization ->  -> File not found
2 ProfileControl=Off MaxRequestThreads=16 ->  -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS\\CsrSrvSharedSectionBase -> 2137980928 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\PnP\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\PnP\\seed -> 2073867258 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\SigningHash-QCCYKBJBDYRHTP\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\SigningHash-QCCYKBJBDYRHTP\\SigningHashData -> (binary data) ->
< End of report >

OldTimer

Feb 27 2008, 10:47 AM

Hi compukill. Try this:

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

CODE

[Unregister Dlls]
[Extra Files]
C:\WINDOWS\system32\gzmrotate.dll
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
[Extra Registry Entries]
HKEY_CLASSES_ROOT\CLSID\{F173E53F-E042-49b6-BD46-983E93DA1B17}  ->
HKEY_CLASSES_ROOT\dc_ads.ads  ->
HKEY_CLASSES_ROOT\Interface\{90A04787-BC44-48B8-9E3A-687E4BA42155}  ->
HKEY_CLASSES_ROOT\TypeLib\{D2077CAF-7028-4449-B9E3-1B361C7E5180}  ->
HKEY_CURRENT_USER\Software\Microsoft\dcads  ->
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F173E53F-E042-49B6-BD46-983E93DA1B17}  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F173E53F-E042-49b6-BD46-983E93DA1B17}  ->
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

compukill

Feb 27 2008, 10:30 PM

i got an error message stating Access violation at address 0048F0C5 in module 'WinPfind35U.exe' Read of address 000000000. I hit ok and it ran and gave me the following LOG

[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version 1.0.0.1 fix logfile created on 02272008_222920

OldTimer

Feb 28 2008, 12:04 AM

Hi compukill. Runt he system for a day or two and see if the popups come back.

Cheers.

OT

compukill

Mar 1 2008, 05:20 PM

Well its been 2 days and no pop ups. Looks like you may have fixed it. Thanks allot.

OldTimer

Mar 2 2008, 02:20 PM

Hi compukill. That sounds great. Let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

My Computer

Properties

System Restore

Turn off System Restore

Apply

OK

2. Restart your computer.

3. Turn ON System Restore.

My Computer

Properties

System Restore

Turn off System Restore

Apply

OK

System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:

WinPFind35

CleanUp

WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.

After that you are good to go.

Cheers.

OT

compukill

Mar 2 2008, 08:03 PM

still no pop ups. Is there anything i should do now to clean up what we did?

compukill

Mar 2 2008, 08:04 PM

sorry i didn't see your other post. Didn't realize there was a second page

OldTimer

Mar 3 2008, 11:40 AM

Hi compukill. You should be all set. I will now close this topic. If you have any new malware related issues in the future please start a new topic.

Cheers and Happy Computing!

OT