Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Probably With Trojan Dropper Agent Dgo


  • This topic is locked This topic is locked
18 replies to this topic

#1 ZoFf

ZoFf

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 23 January 2008 - 03:02 AM

Eset scan found what seems to be trojan dropper agent dgo, and then stopped responding.
I've made all preparation procedures you suggested.

And here's HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5118DC72-BFD4-44AC-A0A9-421C191DBE39} - C:\WINDOWS\system32\xxyvsss.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944DB8FE-3108-4BF4-8225-35DAD4A3E953} - (no file)
O2 - BHO: (no name) - {A14CFCC4-4CEA-408E-95E2-D312B6CB65A8} - C:\WINDOWS\system32\vtsqp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPWOTOOLBOX] C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe "-i"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Vistadrv] D:\Downloads\VisualStyles\Vista Drive Status\vsdrv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [WinRoll] "C:\Program Files\WinRoll\winroll.exe"
O4 - HKCU\..\Run: [VisualTaskTips] D:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: xxyvsss - C:\WINDOWS\SYSTEM32\xxyvsss.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ArchVision Content Manager Service - ArchVision - C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Flexlm Service 1 - Macrovision Corporation - D:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\lmgrd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 15347 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:59 PM

Posted 28 January 2008 - 12:17 PM

Hello ZoFf and welcome to the BC HijackThis forum. Let's see what else we can find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 ZoFf

ZoFf
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 29 January 2008 - 07:09 AM

Hello OT, thanks.

First, this is what Kaspersky found and cleared before I've read your post....(couldn't wait....)

found:

detected: virus Heur.Invader (modification) File: C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\U1AR73P3\SDFix[1].exe//data.rar/SDFix\catchme.exe
detected: virus Heur.Invader (modification) File: C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\XPPMAJVS\SDFix[1].exe//data.rar/SDFix\catchme.exe
detected: Trojan program Trojan-Downloader.Win32.Small.hqx File: C:\WINDOWS\system32\MLJGEFC.0LL
detected: virus Heur.Invader (modification) File: D:\Downloads\SDFix.exe//data.rar/SDFix\catchme.exe
detected: Trojan program Trojan.Win32.Autoit.bg File: D:\Torrents_Downloaded\ESET Smart Security 3.0.563.rar/ESET Smart Security\setup.exe

and neutralized:

not found: virus Heur.Invader (modification) File: C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\U1AR73P3\SDFix[1].exe//data.rar/SDFix\catchme.exe
not found: virus Heur.Invader (modification) File: C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\XPPMAJVS\SDFix[1].exe//data.rar/SDFix\catchme.exe
deleted: Trojan program Trojan-Downloader.Win32.Small.hqx File: C:\WINDOWS\system32\MLJGEFC.0LL
not found: virus Heur.Invader (modification) File: D:\Downloads\SDFix.exe//data.rar/SDFix\catchme.exe
deleted: Trojan program Trojan.Win32.Autoit.bg File: D:\Torrents_Downloaded\ESET Smart Security 3.0.563.rar/ESET Smart Security\setup.exe
.
.
.

And here's WinPFind35u report:

WinPFind35 logfile created on: 2008-01-29 12:54:10
WinPFind35U Version Beta40	 Folder = C:\Documents and Settings\n\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.54% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.65 Gb Total Space | 13.91 Gb Free Space | 35.09% Space Free | Partition Type: NTFS
Drive D: | 258.43 Gb Total Space | 173.19 Gb Free Space | 67.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ZOFF
Current User Name: n
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 12:28:18 | Attr =	]
atkkbservice.exe -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 241152 bytes | Modified Date = 2005-10-18 15:00:10 | Attr =	]
adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 2007-03-07 09:27:39 | Attr =	]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 11:42:38 | Attr =	]
mvraidsvc.exe -> %ProgramFiles%\Marvell\61xx\svc\mvraidsvc.exe ->  [Ver = 1.0.0.7 | Size = 114688 bytes | Modified Date = 2006-07-26 00:39:06 | Attr =	]
apache.exe -> %ProgramFiles%\Marvell\61xx\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 2006-06-26 22:16:10 | Attr =	]
nbservice.exe -> D:\Program Files\Nero 8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 836904 bytes | Modified Date = 2007-08-08 08:25:08 | Attr =	]
apache.exe -> %ProgramFiles%\Marvell\61xx\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 2006-06-26 22:16:10 | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
pdagent.exe -> D:\Program Files\RAXCO\PerfectDisk\PDAgent.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 414984 bytes | Modified Date = 2007-11-06 08:37:48 | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 2007-01-04 22:38:08 | Attr =	]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 2006-03-30 09:15:44 | Attr =	]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
visualtasktips.exe -> D:\Program Files\VisualTaskTips\VisualTaskTips.exe -> VisualTaskTips.com [Ver = 2, 3, 0, 0 | Size = 36352 bytes | Modified Date = 2007-09-05 18:20:12 | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2008-01-15 03:22:44 | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 2008-01-29 03:05:50 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr =	]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2006-12-18 14:34:46 | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 12:28:18 | Attr =	]
(ArchVision Content Manager Service) ArchVision Content Manager Service [Win32_Own | On_Demand | Stopped] ->  -> File not found
(ATKKeyboardService) ATK Keyboard Service [Win32_Own | Auto | Running] -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 241152 bytes | Modified Date = 2005-10-18 15:00:10 | Attr =	]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 2007-03-07 09:27:39 | Attr =	]
(AVP) Kaspersky Anti-Virus 7.0 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 11:42:38 | Attr =	]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 2006-03-30 09:15:44 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(EhttpSrv) Eset HTTP Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET Smart Security\EHttpSrv.exe ->  [Ver =  | Size = 18176 bytes | Modified Date = 2007-11-14 15:07:52 | Attr =	]
(ekrn) Eset Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET Smart Security\ekrn.exe -> ESET [Ver = 3.0.566  | Size = 455936 bytes | Modified Date = 2007-11-14 15:05:50 | Attr =	]
(Flexlm Service 1) Flexlm Service 1 [Win32_Own | Auto | Stopped] -> D:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\lmgrd.exe -> Macrovision Corporation [Ver = 10, 8, 0, 0 | Size = 962560 bytes | Modified Date = 2006-05-30 02:22:38 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2006-12-18 10:14:12 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2008-01-15 03:22:44 | Attr =	]
(Marvell RAID) Marvell RAID Event Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Marvell\61xx\svc\mvraidsvc.exe ->  [Ver = 1.0.0.7 | Size = 114688 bytes | Modified Date = 2006-07-26 00:39:06 | Attr =	]
(MRUWebService) MRU Web Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Marvell\61xx\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 2006-06-26 22:16:10 | Attr =	]
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> D:\Program Files\Nero 8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 836904 bytes | Modified Date = 2007-08-08 08:25:08 | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.0.4.0 | Size = 382248 bytes | Modified Date = 2007-08-03 11:51:18 | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
(PDAgent) PDAgent [Win32_Own | Auto | Running] -> D:\Program Files\RAXCO\PerfectDisk\PDAgent.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 414984 bytes | Modified Date = 2007-11-06 08:37:48 | Attr =	]
(PDEngine) PDEngine [Win32_Own | On_Demand | Stopped] -> D:\Program Files\RAXCO\PerfectDisk\PDEngine.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 734472 bytes | Modified Date = 2007-11-06 08:37:56 | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 2007-01-04 22:38:08 | Attr =	]
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe ->  [Ver = 12.0.1320.0823 | Size = 261120 bytes | Modified Date = 2007-08-23 14:32:00 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %System32%\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.4560 built by: WinDDK | Size = 245760 bytes | Modified Date = 2006-06-27 06:43:58 | Attr = R  ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AEAudio) AE Audio Service [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.2.32.3 | Size = 93824 bytes | Modified Date = 2006-04-26 23:42:40 | Attr = R  ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(asuskbnt) Enhanced Display Driver Helper Service [Kernel | System | Running] -> %System32%\drivers\atkkbnt.sys -> ASUSTeK COMPUTER INC. [Ver = 1.0.0.1 | Size = 11008 bytes | Modified Date = 2005-10-18 15:01:38 | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\n\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(DefragFS) DefragFS [File_System | Boot | Running] -> %System32%\drivers\DefragFs.sys -> Raxco Software, Inc. [Ver = 8.0013 built by: WinDDK | Size = 68624 bytes | Modified Date = 2007-10-22 05:33:40 | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(eamon) eamon [Kernel | Auto | Running] -> %System32%\drivers\eamon.sys -> Eset  [Ver = 3,0,0,0 D built by: WinDDK | Size = 33800 bytes | Modified Date = 2007-11-14 15:03:52 | Attr =	]
(easdrv) easdrv [Kernel | System | Running] -> %System32%\drivers\easdrv.sys -> ESET [Ver = 3.0.566  | Size = 27656 bytes | Modified Date = 2007-11-14 15:04:14 | Attr =	]
(EIO) EIO [Kernel | Auto | Running] -> %System32%\drivers\EIO.sys -> ASUSTeK Computer Inc. [Ver = 1.91 | Size = 11264 bytes | Modified Date = 2006-02-08 09:26:00 | Attr = R  ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 1 | Size = 15440 bytes | Modified Date = 2006-12-26 13:54:34 | Attr =	]
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %System32%\drivers\ElbyDelay.sys -> Elaborate Bytes [Ver = 4, 3, 0, 0 | Size = 3840 bytes | Modified Date = 2003-03-28 16:25:51 | Attr =	]
(epfw) epfw [Kernel | Auto | Running] -> %System32%\drivers\epfw.sys -> ESET [Ver = 3.0.566  | Size = 50696 bytes | Modified Date = 2007-11-14 15:06:30 | Attr =	]
(Epfwndis) Eset Personal Firewall [Kernel | On_Demand | Running] -> %System32%\drivers\epfwndis.sys -> ESET [Ver = 3.0.566  | Size = 30728 bytes | Modified Date = 2007-11-14 15:06:34 | Attr =	]
(epfwtdi) epfwtdi [Kernel | System | Running] -> %System32%\drivers\epfwtdi.sys -> ESET [Ver = 3.0.566  | Size = 53768 bytes | Modified Date = 2007-11-14 15:06:36 | Attr =	]
(FNETDEVI) FNETDEVI [Kernel | System | Running] -> %System32%\drivers\FNETDEVI.SYS -> FNet Co., Ltd. [Ver = 1.01.000 | Size = 19572 bytes | Modified Date = 2008-01-15 11:49:18 | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 2006-09-19 15:44:04 | Attr =	]
(ggsemc) Sony Ericsson USB Flash Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ggsemc.sys -> Sony Ericsson Mobile Communications [Ver = 1.0.0.5 | Size = 8704 bytes | Modified Date = 2007-03-22 09:16:00 | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 138240 bytes | Modified Date = 2004-10-27 15:21:36 | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(k750bus) Sony Ericsson 750 driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750bus.sys -> MCCI [Ver = V4.28 | Size = 55216 bytes | Modified Date = 2005-02-11 11:19:20 | Attr =	]
(k750mdfl) Sony Ericsson 750 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdfl.sys -> MCCI [Ver = V4.28 | Size = 6576 bytes | Modified Date = 2005-02-11 11:21:02 | Attr =	]
(k750mdm) Sony Ericsson 750 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdm.sys -> MCCI [Ver = V4.28 | Size = 89872 bytes | Modified Date = 2005-02-11 11:21:10 | Attr =	]
(k750mgmt) Sony Ericsson 750 USB WMC Device Management Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mgmt.sys -> MCCI [Ver = V4.28 | Size = 81728 bytes | Modified Date = 2005-02-11 11:22:48 | Attr =	]
(k750obex) Sony Ericsson 750 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750obex.sys -> MCCI [Ver = V4.28 | Size = 79488 bytes | Modified Date = 2005-02-11 11:24:24 | Attr =	]
(kl1) kl1 [Kernel | Boot | Running] -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 110096 bytes | Modified Date = 2007-10-31 13:41:16 | Attr =	]
(klif) klif [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.375 | Size = 194832 bytes | Modified Date = 2007-12-19 14:49:38 | Attr =	]
(klim5) Kaspersky Anti-Virus NDIS Filter [Kernel | On_Demand | Running] -> %System32%\drivers\klim5.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 24592 bytes | Modified Date = 2007-12-13 13:28:40 | Attr =	]
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042Kbd.SYS -> Logitech, Inc. [Ver = 2.40.840.00 | Size = 13056 bytes | Modified Date = 2005-05-20 15:00:36 | Attr =	]
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042MOU.SYS -> Logitech, Inc. [Ver = 2.40.840.00 | Size = 54528 bytes | Modified Date = 2005-05-20 15:00:48 | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidKE.Sys -> Logitech, Inc. [Ver = 2.40.840.00 | Size = 25600 bytes | Modified Date = 2005-05-20 15:01:32 | Attr =	]
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouKE.Sys -> Logitech, Inc. [Ver = 2.40.840.00 | Size = 68352 bytes | Modified Date = 2005-05-20 15:01:26 | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %System32%\drivers\ASACPI.sys ->  [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 2004-08-13 03:56:20 | Attr = R  ]
(mv61xx) mv61xx [Kernel | Boot | Running] -> %System32%\drivers\mv61xx.sys -> Marvell Semiconductor, Inc. [Ver =  1.1.0.38  built by: WinDDK | Size = 68736 bytes | Modified Date = 2006-07-28 07:59:42 | Attr = R  ]
(NTGDT) NTGDT [Kernel | System | Running] -> %System32%\drivers\NTGDT.SYS ->  [Ver =  | Size = 18112 bytes | Modified Date = 2007-09-07 13:04:10 | Attr = R  ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 3994624 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\MOZILL~1\SABProcEnum.sys -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 2006-10-10 13:53:48 | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2006-02-16 17:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2007-02-27 12:39:26 | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 11:25:53 | Attr =	]
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %System32%\drivers\senfilt.sys -> Sensaura [Ver = 5.10.00.3524 | Size = 392960 bytes | Modified Date = 2006-03-17 11:18:58 | Attr = R  ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SkLaggProtocol) SysKonnect Link Aggregation Protocol (LAGG) Support [Kernel | On_Demand | Stopped] -> system32\DRIVERS\yk51lagg.sys -> File not found
(SkVlanProtocol) SysKonnect Virtual LAN (VLAN) Support [Kernel | On_Demand | Stopped] -> %System32%\drivers\skvlan.sys -> SysKonnect [Ver = 2.15.1.3 built by: WinDDK | Size = 19328 bytes | Modified Date = 2005-11-30 02:15:00 | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 2001-08-17 13:56:16 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(sptd) sptd [Kernel | Boot | Running] -> %System32%\drivers\sptd.sys ->  [Ver =  | Size = 715248 bytes | Modified Date = 2008-01-17 12:57:04 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2008-01-22 16:06:33 | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 2007-10-31 14:09:14 | Attr =	]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Running] -> %System32%\drivers\WibuKey.sys -> WIBU-SYSTEMS AG [Ver = Version 5.00 of 2005-Apr-15 | Size = 70144 bytes | Modified Date = 2006-05-11 09:00:00 | Attr =	]
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %System32%\drivers\yk51x86.sys -> Marvell [Ver = 8.51.2.3 built by: WinDDK | Size = 244608 bytes | Modified Date = 2006-03-24 08:51:00 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:59:02 | Attr =	]
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
egui -> %ProgramFiles%\ESET\ESET Smart Security\egui.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:57:26 | Attr =	]
FineReader7NewsReaderPro -> D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe -> ABBYY (BIT Software) [Ver = 7.0.0.509 | Size = 278528 bytes | Modified Date = 2003-08-05 15:16:27 | Attr =	]
GrooveMonitor -> %ProgramFiles%\Microsoft Office\Office12\GrooveMonitor.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:49 | Attr =	]
HPWOTOOLBOX -> %ProgramFiles%\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:46 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:29 | Attr =	]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.40.840 | Size = 28160 bytes | Modified Date = 2005-05-20 14:46:56 | Attr =	]
NBKeyScan -> D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 1828136 bytes | Modified Date = 2007-08-08 08:25:06 | Attr =	]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:13 | Attr =	]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1622016 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:00 | Attr =	]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\Smax4.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:57:59 | Attr =	]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:57:52 | Attr =	]
Vistadrv -> D:\Downloads\VisualStyles\Vista Drive Status\vsdrv.exe ->  [Ver = 3, 1, 0, 15 | Size = 121089 bytes | Modified Date = 2006-07-30 02:37:14 | Attr =	]
Windows Defender -> %ProgramFiles%\Windows Defender\MSASCui.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:57:39 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-22 09:45:54 | Attr =	]
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 2007-06-21 14:06:28 | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 11:31:23 | Attr =	]
UberIcon -> %ProgramFiles%\UberIcon\UberIcon Manager.exe -> File not found
ViOrb -> %ProgramFiles%\ViOrb\ViOrb.exe -> File not found
ViStart -> %ProgramFiles%\ViStart\ViStart.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 11:20:03 | Attr =	]
VisualTaskTips -> D:\Program Files\VisualTaskTips\VisualTaskTips.exe -> VisualTaskTips.com [Ver = 2, 3, 0, 0 | Size = 36352 bytes | Modified Date = 2007-09-05 18:20:12 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> File not found
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.40.849 | Size = 450560 bytes | Modified Date = 2005-05-25 02:40:00 | Attr =	]
< n Startup Folder > -> C:\Documents and Settings\n\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 13:55:48 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2007-04-19 13:41:36 | Attr =	]
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 219664 bytes | Modified Date = 2007-12-18 00:44:54 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.windowsxlive.net -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4158 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4156 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 2006-06-07 10:09:22 | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{944DB8FE-3108-4BF4-8225-35DAD4A3E953} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-08-27 09:27:11 | Attr =	]
{DBC23C3D-DDCA-48C3-844B-E8F53E50D705} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Styler\TB\StylerTB.dll [StylerToolBar] -> StyleFantasist [Ver = 1, 1, 8, 0 | Size = 102400 bytes | Modified Date = 2006-05-02 04:31:26 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 2006-06-07 10:09:22 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 223760 bytes | Modified Date = 2007-12-18 00:45:00 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Windows &Live Favorites ->  -> File not found
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
I&zvoz u Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{42F2B900-686D-4A19-B2A2-11631FEFA1F4} ->	(Marvell Yukon 88E8052 PCI-E ASF Gigabit Ethernet Controller) -> 
{955B59F4-1E3F-4439-8845-5E2C03C9F671} ->	(1394 Net Adapter) -> 
{BCDB6B11-5ECB-4A9C-B620-A0C7B98C1668} ->	(Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) -> 
{EAEF1E75-9433-4575-9652-BE28C37B8C58} ->	() -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2006-02-28 11:42:30 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 2007-03-01 12:34:48 | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[OnlineScanner Control] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
C:\WINDOWS\system32\vtsqp -> %System32%\vtsqp.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-17 13:15:55 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 18:49:30 | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 15:21:15 | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-24 05:37:50 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1908 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2246 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 13:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1288.0816 | Size = 5728112 bytes | Modified Date = 2007-08-16 15:19:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-07-16 17:14:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 13:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9\Programs\hub.exe -> C:\Program Files\NewTek\LightWave 3D 9\Programs\hub.exe [C:\Program Files\NewTek\LightWave 3D 9\Programs\hub.exe:*:Enabled:hub] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9\Programs\modeler.exe -> C:\Program Files\NewTek\LightWave 3D 9\Programs\modeler.exe [C:\Program Files\NewTek\LightWave 3D 9\Programs\modeler.exe:*:Enabled:modeler] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9\Programs\lightwav.exe -> C:\Program Files\NewTek\LightWave 3D 9\Programs\lightwav.exe [C:\Program Files\NewTek\LightWave 3D 9\Programs\lightwav.exe:*:Enabled:lightwav] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe -> C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server] -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 2006-06-26 22:16:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe -> C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Sidebar\sidebar.exe -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:sidebar.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\eMule\eMule.exe -> D:\Program Files\eMule\eMule.exe [D:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus] -> http://emuleplus.info [Ver = 1.2b | Size = 5738496 bytes | Modified Date = 2007-02-07 19:39:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Sony Ericsson\Update Service\ma3platform.exe -> D:\Program Files\Sony Ericsson\Update Service\ma3platform.exe [D:\Program Files\Sony Ericsson\Update Service\ma3platform.exe:*:Enabled:ma3platform] ->  [Ver =  | Size = 3891200 bytes | Modified Date = 2007-03-22 09:15:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\hub.exe -> D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\hub.exe [D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\hub.exe:*:Enabled:hub] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\modeler.exe -> D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\modeler.exe [D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\modeler.exe:*:Enabled:modeler] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\lightwav.exe -> D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\lightwav.exe [D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\lightwav.exe:*:Enabled:lightwav] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\uTorrent\utorrent.exe -> D:\Program Files\uTorrent\utorrent.exe [D:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 2007-09-17 09:47:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe -> C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe [C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe:*:Enabled:rpcACMapp] -> ArchVision [Ver = 1, 5, 0, 0 | Size = 880640 bytes | Modified Date = 2006-12-15 16:57:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe -> D:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe [D:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe:*:Enabled:ArchiCAD 10.0.0 Component] -> Graphisoft R&D [Ver = 10.0.0 R1 (2276 / 817) | Size = 9518233 bytes | Modified Date = 2006-05-19 11:04:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.2\Programs\hub.exe -> C:\Program Files\NewTek\LightWave 3D 9.2\Programs\hub.exe [C:\Program Files\NewTek\LightWave 3D 9.2\Programs\hub.exe:*:Enabled:hub] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.2\Programs\modeler.exe -> C:\Program Files\NewTek\LightWave 3D 9.2\Programs\modeler.exe [C:\Program Files\NewTek\LightWave 3D 9.2\Programs\modeler.exe:*:Enabled:modeler] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.2\Programs\lightwav.exe -> C:\Program Files\NewTek\LightWave 3D 9.2\Programs\lightwav.exe [C:\Program Files\NewTek\LightWave 3D 9.2\Programs\lightwav.exe:*:Enabled:lightwav] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 11:42:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.3\Programs\hub.exe -> C:\Program Files\NewTek\LightWave 3D 9.3\Programs\hub.exe [C:\Program Files\NewTek\LightWave 3D 9.3\Programs\hub.exe:*:Enabled:hub] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.3\Programs\lightwav.exe -> C:\Program Files\NewTek\LightWave 3D 9.3\Programs\lightwav.exe [C:\Program Files\NewTek\LightWave 3D 9.3\Programs\lightwav.exe:*:Enabled:lightwav] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.3\Programs\modeler.exe -> C:\Program Files\NewTek\LightWave 3D 9.3\Programs\modeler.exe [C:\Program Files\NewTek\LightWave 3D 9.3\Programs\modeler.exe:*:Enabled:modeler] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\vrlserver.exe -> C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\vrlserver.exe [C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\vrlserver.exe:*:Enabled:VRLServer] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1288.0816 | Size = 5728112 bytes | Modified Date = 2007-08-16 15:19:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-07-16 17:14:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Google\Google SketchUp 6\SketchUp.exe -> D:\Program Files\Google\Google SketchUp 6\SketchUp.exe [D:\Program Files\Google\Google SketchUp 6\SketchUp.exe:*:Enabled:SketchUp Application] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe -> D:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe [D:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe:*:Enabled:LayOut] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Luxology\modo 301\modo.exe -> D:\Program Files\Luxology\modo 301\modo.exe [D:\Program Files\Luxology\modo 301\modo.exe:*:Enabled:Luxology modo 301] ->  [Ver =  | Size = 303104 bytes | Modified Date = 2007-09-05 15:15:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe -> C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe [C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter] -> Nero AG [Ver = 1, 7, 17, 0 | Size = 2475304 bytes | Modified Date = 2007-08-08 08:34:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Nero 8\Nero Home\NeroHome.exe -> D:\Program Files\Nero 8\Nero Home\NeroHome.exe [D:\Program Files\Nero 8\Nero Home\NeroHome.exe:*:Enabled:Nero Home] -> Nero AG [Ver = 3.0.4.0 | Size = 767272 bytes | Modified Date = 2007-08-03 11:50:14 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Joost\xulrunner\tvprunner.exe -> D:\Program Files\Joost\xulrunner\tvprunner.exe [D:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ViStart\ViStart.exe -> C:\Program Files\ViStart\ViStart.exe [C:\Program Files\ViStart\ViStart.exe:*:Enabled:ViStart.exe] ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 11:20:03 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6212.1000 | Size = 12836728 bytes | Modified Date = 2007-09-06 18:01:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 340856 bytes | Modified Date = 2007-08-29 00:23:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 1022840 bytes | Modified Date = 2007-08-28 23:43:30 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\n\Local Settings\Temp\OnlineUpdate8\SetupXu.exe -> C:\Documents and Settings\n\Local Settings\Temp\OnlineUpdate8\SetupXu.exe [C:\Documents and Settings\n\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe -> C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe [C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows] ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 2008-01-15 03:22:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 05:39:49 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 05:39:49 | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 211 bytes | Created Date = 2008-01-23 11:35:43 | Attr =  HS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 2008-01-23 11:35:17 | Attr = RHS]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 2008-01-23 11:35:38 | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-01-21 12:35:43 | Attr =	]
FixVundo.exe -> %SystemDrive%\FixVundo.exe -> Symantec Corporation [Ver = 1.5.0 | Size = 166064 bytes | Created Date = 2008-01-21 10:29:56 | Attr =	]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\FixVundo.exe:Zone.Identifier
Garmin -> %SystemDrive%\Garmin ->  [Folder | Created Date = 2008-01-16 10:43:44 | Attr =	]
kav -> %SystemDrive%\kav ->  [Folder | Created Date = 2008-01-29 09:10:12 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2008-01-25 09:20:15 | Attr =	]
WUTemp -> %SystemDrive%\WUTemp ->  [Folder | Created Date = 2008-01-24 11:24:06 | Attr =	]
fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 6666272 bytes | Created Date = 2008-01-29 09:11:02 | Attr =  HS]
fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 1172 bytes | Created Date = 2008-01-29 09:11:02 | Attr =  HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat ->  [Ver =  | Size = 6688 bytes | Created Date = 2008-01-29 09:11:02 | Attr =  HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx ->  [Ver =  | Size = 1148 bytes | Created Date = 2008-01-29 09:11:02 | Attr =  HS]
FNETDEVI.SYS -> %System32%\drivers\FNETDEVI.SYS -> FNet Co., Ltd. [Ver = 1.01.000 | Size = 19572 bytes | Created Date = 2008-01-15 11:49:18 | Attr =	]
klick.dat -> %System32%\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Created Date = 2008-01-29 09:11:33 | Attr =	]
klin.dat -> %System32%\drivers\klin.dat ->  [Ver =  | Size = 91492 bytes | Created Date = 2008-01-29 09:11:33 | Attr =	]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 2008-01-22 12:44:41 | Attr =	]
78cdbd8c -> %System32%\78cdbd8c ->  [Ver =  | Size = 9 bytes | Created Date = 2008-01-22 09:15:04 | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Created Date = 2008-01-25 11:24:17 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
nrhwtjow.ini -> %System32%\nrhwtjow.ini ->  [Ver =  | Size = 1074724 bytes | Created Date = 2008-01-21 08:21:52 | Attr =  HS]
pqstv.ini -> %System32%\pqstv.ini ->  [Ver =  | Size = 7969 bytes | Created Date = 2008-01-17 13:06:20 | Attr =  HS]
pqstv.ini2 -> %System32%\pqstv.ini2 ->  [Ver =  | Size = 7969 bytes | Created Date = 2008-01-17 13:06:21 | Attr =  HS]
pthreadVC.dll -> %System32%\pthreadVC.dll ->  [Ver =  | Size = 53299 bytes | Created Date = 2008-01-08 11:26:30 | Attr =	]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Created Date = 2008-01-10 15:27:44 | Attr =	]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Created Date = 2008-01-10 15:27:46 | Attr =	]
SuperAdBlocker.com -> %System32%\SuperAdBlocker.com ->  [Folder | Created Date = 2008-01-25 08:55:11 | Attr =	]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 2008-01-21 12:35:52 | Attr =	]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-01-21 12:35:52 | Attr =	]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-01-21 12:35:52 | Attr =	]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2008-01-21 12:35:52 | Attr =	]
vtsqp.exe -> %System32%\vtsqp.exe ->  [Ver =  | Size = 1 bytes | Created Date = 2008-01-17 13:15:55 | Attr =	]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 101 bytes | Created Date = 2008-01-21 10:22:05 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2008-01-24 12:40:11 | Attr =	]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2008-01-29 08:09:23 | Attr =	]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2008-01-21 12:35:53 | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Created Date = 2008-01-23 11:35:13 | Attr =	]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Created Date = 2008-01-23 11:31:46 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Created Date = 2008-01-25 11:24:18 | Attr =	]
3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> 
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 2008-01-22 09:00:48 | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 2008-01-21 14:23:22 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-01-25 08:24:40 | Attr =	]
FNET -> %UserAppData%\FNET ->  [Folder | Created Date = 2008-01-15 11:49:16 | Attr =	]
GARMIN -> %UserAppData%\GARMIN ->  [Folder | Created Date = 2008-01-16 12:02:37 | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-01-25 08:24:17 | Attr =	]
ESET -> %LocalAppData%\ESET ->  [Folder | Created Date = 2008-01-17 12:56:22 | Attr =	]
cc_20080118_1148.reg -> %UserDocuments%\cc_20080118_1148.reg ->  [Ver =  | Size = 97920 bytes | Created Date = 2008-01-18 11:48:21 | Attr =	]
FixVundo.exe -> %UserDocuments%\FixVundo.exe -> Symantec Corporation [Ver = 1.5.0 | Size = 166064 bytes | Created Date = 2008-01-21 10:21:05 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\FixVundo.exe:Zone.Identifier
Garmin_Id.rtf -> %UserDocuments%\Garmin_Id.rtf ->  [Ver =  | Size = 213 bytes | Created Date = 2008-01-16 10:49:17 | Attr =	]
IZVJESCE_01-08.doc -> %UserDocuments%\IZVJESCE_01-08.doc ->  [Ver =  | Size = 44544 bytes | Created Date = 2008-01-15 08:22:42 | Attr =	]
kletka.mpeg -> %UserDocuments%\kletka.mpeg ->  [Ver =  | Size = 2043908 bytes | Created Date = 2008-01-29 12:11:00 | Attr =	]
My Garmin -> %UserDocuments%\My Garmin ->  [Folder | Created Date = 2008-01-16 10:47:40 | Attr =	]
Stanari u Zrinsko-Ugovor-dodatak.doc -> %UserDocuments%\Stanari u Zrinsko-Ugovor-dodatak.doc ->  [Ver =  | Size = 35328 bytes | Created Date = 2008-01-29 12:14:11 | Attr =	]
Stanari u Zrinsko-Ugovor-Ispravak.doc -> %UserDocuments%\Stanari u Zrinsko-Ugovor-Ispravak.doc ->  [Ver =  | Size = 35328 bytes | Created Date = 2008-01-29 12:15:50 | Attr =	]
Suvlasnici zgrade.docx -> %UserDocuments%\Suvlasnici zgrade.docx ->  [Ver =  | Size = 12793 bytes | Created Date = 2008-01-25 09:54:25 | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 2008-01-22 09:01:02 | Attr =	]
Alcohol 120%.lnk -> %AllUsersDesktop%\Alcohol 120%.lnk ->  [Ver =  | Size = 833 bytes | Created Date = 2008-01-17 13:06:00 | Attr =	]
Ship Simulator 2008.lnk -> %AllUsersDesktop%\Ship Simulator 2008.lnk ->  [Ver =  | Size = 672 bytes | Created Date = 2008-01-09 09:45:33 | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 2008-01-25 08:24:21 | Attr =	]
Blender.lnk -> %UserDesktop%\Blender.lnk ->  [Ver =  | Size = 817 bytes | Created Date = 2008-01-08 11:22:54 | Attr =	]
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1550759 bytes | Created Date = 2008-01-21 12:32:07 | Attr =	]
ess_nt32_enu.msi -> %UserDesktop%\ess_nt32_enu.msi ->  [Ver =  | Size = 18995712 bytes | Created Date = 2008-01-25 11:17:28 | Attr =	]
HBCZ-TENDER_Ograda_standard.pdf -> %UserDesktop%\HBCZ-TENDER_Ograda_standard.pdf ->  [Ver =  | Size = 494533 bytes | Created Date = 2008-01-11 13:09:43 | Attr =	]
HBCZADAR_TL-S20-3KAT.pdf -> %UserDesktop%\HBCZADAR_TL-S20-3KAT.pdf ->  [Ver =  | Size = 117980 bytes | Created Date = 2008-01-29 12:05:14 | Attr =	]
HBCZADAR_TL-S20-4KAT.pdf -> %UserDesktop%\HBCZADAR_TL-S20-4KAT.pdf ->  [Ver =  | Size = 145906 bytes | Created Date = 2008-01-29 12:06:53 | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 2008-01-22 10:21:59 | Attr =	]
razanac_za_projektanta.dwg -> %UserDesktop%\razanac_za_projektanta.dwg ->  [Ver =  | Size = 105381 bytes | Created Date = 2008-01-23 11:05:02 | Attr =	]
RenV.exe -> %UserDesktop%\RenV.exe ->																							  [Ver =  0. 0. 0. 0 | Size = 132366 bytes | Created Date = 2008-01-21 14:04:22 | Attr =	]
SDFix -> %UserDesktop%\SDFix ->  [Folder | Created Date = 2008-01-29 08:03:54 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 2008-01-21 14:23:26 | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 2008-01-22 10:34:51 | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 12 bytes | Created Date = 2008-01-22 16:05:52 | Attr =	]
Tro_kovnici B5-B6-C-D.rar -> %UserDesktop%\Tro_kovnici B5-B6-C-D.rar ->  [Ver =  | Size = 1142861 bytes | Created Date = 2008-01-23 10:03:00 | Attr =	]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 2008-01-21 13:56:27 | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2008-01-29 12:34:46 | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478109 bytes | Created Date = 2008-01-29 12:27:47 | Attr =	]
Logitech Desktop Messenger.lnk -> %AllUsersStartup%\Logitech Desktop Messenger.lnk ->  [Ver =  | Size = 2076 bytes | Created Date = 2008-01-24 09:10:20 | Attr =	]
Logitech SetPoint.lnk -> %AllUsersStartup%\Logitech SetPoint.lnk ->  [Ver =  | Size = 1687 bytes | Created Date = 2008-01-24 09:10:20 | Attr =	]
Windows Desktop Search.lnk -> %AllUsersStartup%\Windows Desktop Search.lnk ->  [Ver =  | Size = 1787 bytes | Created Date = 2008-01-24 09:10:20 | Attr =	]
OneNote 2007 Screen Clipper and Launcher.lnk -> %UserStartup%\OneNote 2007 Screen Clipper and Launcher.lnk ->  [Ver =  | Size = 947 bytes | Created Date = 2008-01-24 09:10:20 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2008-01-22 08:59:37 | Attr =	]

[Files/Folders - Modified Within 30 days]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 211 bytes | Modified Date = 2008-01-22 12:10:46 | Attr =  HS]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 282 bytes | Modified Date = 2008-01-24 09:10:19 | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 2008-01-23 11:35:43 | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-01-25 08:16:11 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2008-01-29 09:11:35 | Attr =  H ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2008-01-24 09:43:32 | Attr =	]
FixVundo.exe -> %SystemDrive%\FixVundo.exe -> Symantec Corporation [Ver = 1.5.0 | Size = 166064 bytes | Modified Date = 2008-01-21 10:21:06 | Attr =	]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\FixVundo.exe:Zone.Identifier
Garmin -> %SystemDrive%\Garmin ->  [Folder | Modified Date = 2008-01-16 10:46:52 | Attr =	]
kav -> %SystemDrive%\kav ->  [Folder | Modified Date = 2008-01-29 09:10:12 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-01-29 09:11:02 | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2008-01-29 10:43:46 | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 2008-01-14 14:00:43 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2008-01-25 09:20:15 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-01-29 12:04:37 | Attr =	]
WUTemp -> %SystemDrive%\WUTemp ->  [Folder | Modified Date = 2008-01-24 11:24:06 | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2008-01-29 08:15:39 | Attr =	]
HOSTS -> %System32%\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 2008-01-29 08:15:39 | Attr =	]
hosts.20080122-080846.backup -> %System32%\drivers\etc\hosts.20080122-080846.backup ->  [Ver =  | Size = 222979 bytes | Modified Date = 2008-01-22 08:00:45 | Attr = R  ]
fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 6666272 bytes | Modified Date = 2008-01-29 12:47:32 | Attr =  HS]
fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 1172 bytes | Modified Date = 2008-01-29 09:15:42 | Attr =  HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat ->  [Ver =  | Size = 6688 bytes | Modified Date = 2008-01-29 12:34:47 | Attr =  HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx ->  [Ver =  | Size = 1148 bytes | Modified Date = 2008-01-29 09:15:42 | Attr =  HS]
FNETDEVI.SYS -> %System32%\drivers\FNETDEVI.SYS -> FNet Co., Ltd. [Ver = 1.01.000 | Size = 19572 bytes | Modified Date = 2008-01-15 11:49:18 | Attr =	]
klick.dat -> %System32%\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Modified Date = 2008-01-29 09:11:33 | Attr =	]
klin.dat -> %System32%\drivers\klin.dat ->  [Ver =  | Size = 91492 bytes | Modified Date = 2008-01-29 09:11:33 | Attr =	]
sptd.sys -> %System32%\drivers\sptd.sys ->  [Ver =  | Size = 715248 bytes | Modified Date = 2008-01-17 12:57:04 | Attr =	]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2008-01-22 16:06:33 | Attr =	]
78cdbd8c -> %System32%\78cdbd8c ->  [Ver =  | Size = 9 bytes | Modified Date = 2008-01-22 09:15:04 | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 2008-01-24 09:45:06 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2008-01-29 09:18:30 | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 2008-01-18 11:33:34 | Attr =	]
d3d9caps.dat -> %System32%\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 2008-01-09 16:05:15 | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2008-01-24 11:14:49 | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2008-01-29 09:11:33 | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Modified Date = 2008-01-25 11:24:17 | Attr =	]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 2008-01-17 13:00:17 | Attr =	]
nrhwtjow.ini -> %System32%\nrhwtjow.ini ->  [Ver =  | Size = 1074724 bytes | Modified Date = 2008-01-21 12:36:04 | Attr =  HS]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 87808 bytes | Modified Date = 2008-01-29 09:17:10 | Attr =	]
pqstv.ini -> %System32%\pqstv.ini ->  [Ver =  | Size = 7969 bytes | Modified Date = 2008-01-24 11:36:26 | Attr =  HS]
pqstv.ini2 -> %System32%\pqstv.ini2 ->  [Ver =  | Size = 7969 bytes | Modified Date = 2008-01-24 11:36:33 | Attr =  HS]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 2008-01-10 15:27:44 | Attr =	]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 2008-01-10 15:27:46 | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 2008-01-29 10:43:46 | Attr =	]
SuperAdBlocker.com -> %System32%\SuperAdBlocker.com ->  [Folder | Modified Date = 2008-01-25 08:55:11 | Attr =	]
VIRepair -> %System32%\VIRepair ->  [Folder | Modified Date = 2008-01-18 11:41:16 | Attr =	]
vtsqp.exe -> %System32%\vtsqp.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-17 13:15:55 | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 2008-01-18 11:33:04 | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 2008-01-29 09:17:41 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-01-09 03:53:22 | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-01-29 09:16:58 | Attr =   S]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 101 bytes | Modified Date = 2008-01-21 10:22:05 | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2008-01-18 11:53:07 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-01-25 11:24:18 | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-01-24 12:40:11 | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2008-01-29 08:09:23 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2008-01-29 09:11:20 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-01-29 09:11:33 | Attr =  HS]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 2225 bytes | Modified Date = 2008-01-25 08:55:12 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 182 bytes | Modified Date = 2008-01-14 14:00:08 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-01-29 10:57:58 | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2008-01-24 08:56:17 | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2008-01-18 11:33:03 | Attr =	]
render.ini -> %SystemRoot%\render.ini ->  [Ver =  | Size = 33 bytes | Modified Date = 2008-01-25 12:00:25 | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 2008-01-23 11:35:13 | Attr =	]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Modified Date = 2008-01-23 11:34:17 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2008-01-24 09:10:18 | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2008-01-29 12:48:23 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2008-01-29 09:20:00 | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-01-29 11:33:01 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 668 bytes | Modified Date = 2008-01-24 09:10:18 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-01-25 21:58:03 | Attr =	]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job ->  [Ver =  | Size = 246 bytes | Modified Date = 2008-01-29 11:59:17 | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 2008-01-29 09:20:01 | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-01-29 09:17:01 | Attr =  H ]
User_Feed_Synchronization-{3A4CD6F7-D173-434C-9774-E19C5E04964C}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{3A4CD6F7-D173-434C-9774-E19C5E04964C}.job ->  [Ver =  | Size = 410 bytes | Modified Date = 2008-01-29 12:50:00 | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 24802 bytes | Modified Date = 2008-01-29 09:18:25 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 24802 bytes | Modified Date = 2008-01-29 09:18:25 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11080 bytes | Modified Date = 2006-12-14 14:50:55 | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2007-09-27 11:03:44 | Attr =	]
Perflib_Perfdata_c84.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_c84.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-01-29 09:17:28 | Attr =	]
2 C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp -> 
SSUPDATE.EXE -> C:\Documents and Settings\n\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 2007-06-21 14:07:10 | Attr =	]
4 C:\Documents and Settings\n\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\n\Local Settings\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Eset -> %AllUsersAppData%\Eset ->  [Folder | Modified Date = 2008-01-28 09:02:38 | Attr =	]
3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> 
Google -> %AllUsersAppData%\Google ->  [Folder | Modified Date = 2008-01-24 10:11:13 | Attr =	]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Modified Date = 2008-01-29 09:18:30 | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 2008-01-22 09:02:04 | Attr =	]
QTSBandwidthCache -> %AllUsersAppData%\QTSBandwidthCache ->  [Ver =  | Size = 2137 bytes | Modified Date = 2008-01-11 14:13:07 | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2008-01-22 08:59:17 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-01-25 08:24:40 | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 2008-01-10 10:26:32 | Attr =	]
FNET -> %UserAppData%\FNET ->  [Folder | Modified Date = 2008-01-15 11:49:16 | Attr =	]
GARMIN -> %UserAppData%\GARMIN ->  [Folder | Modified Date = 2008-01-16 12:02:37 | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-01-25 08:24:17 | Attr =	]
uTorrent -> %UserAppData%\uTorrent ->  [Folder | Modified Date = 2008-01-18 11:32:46 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 29184 bytes | Modified Date = 2008-01-14 14:04:32 | Attr =	]
ESET -> %LocalAppData%\ESET ->  [Folder | Modified Date = 2008-01-17 12:56:22 | Attr =	]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-18 11:40:12 | Attr =	]
Alcohol 120% -> %UserDocuments%\Alcohol 120% ->  [Folder | Modified Date = 2008-01-18 12:43:41 | Attr =	]
Autodesk -> %UserDocuments%\Autodesk ->  [Folder | Modified Date = 2008-01-29 09:03:42 | Attr =	]
cc_20080118_1148.reg -> %UserDocuments%\cc_20080118_1148.reg ->  [Ver =  | Size = 97920 bytes | Modified Date = 2008-01-18 11:48:25 | Attr =	]
Converted Videos -> %UserDocuments%\Converted Videos ->  [Folder | Modified Date = 2008-01-14 14:17:52 | Attr =	]
FixVundo.exe -> %UserDocuments%\FixVundo.exe -> Symantec Corporation [Ver = 1.5.0 | Size = 166064 bytes | Modified Date = 2008-01-21 10:21:06 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\FixVundo.exe:Zone.Identifier
Garmin_Id.rtf -> %UserDocuments%\Garmin_Id.rtf ->  [Ver =  | Size = 213 bytes | Modified Date = 2008-01-16 10:49:17 | Attr =	]
IZVJESCE_01-08.doc -> %UserDocuments%\IZVJESCE_01-08.doc ->  [Ver =  | Size = 44544 bytes | Modified Date = 2008-01-15 08:40:28 | Attr =	]
kletka.mpeg -> %UserDocuments%\kletka.mpeg ->  [Ver =  | Size = 2043908 bytes | Modified Date = 2008-01-29 12:11:00 | Attr =	]
My Garmin -> %UserDocuments%\My Garmin ->  [Folder | Modified Date = 2008-01-16 10:47:40 | Attr =	]
Stanari u Zrinsko-Ugovor-dodatak.doc -> %UserDocuments%\Stanari u Zrinsko-Ugovor-dodatak.doc ->  [Ver =  | Size = 35328 bytes | Modified Date = 2008-01-29 12:15:38 | Attr =	]
Stanari u Zrinsko-Ugovor-Ispravak.doc -> %UserDocuments%\Stanari u Zrinsko-Ugovor-Ispravak.doc ->  [Ver =  | Size = 35328 bytes | Modified Date = 2008-01-29 12:15:50 | Attr =	]
Suvlasnici zgrade.docx -> %UserDocuments%\Suvlasnici zgrade.docx ->  [Ver =  | Size = 12793 bytes | Modified Date = 2008-01-25 09:54:26 | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 2008-01-22 09:01:02 | Attr =	]
Alcohol 120%.lnk -> %AllUsersDesktop%\Alcohol 120%.lnk ->  [Ver =  | Size = 833 bytes | Modified Date = 2008-01-17 13:06:00 | Attr =	]
Ship Simulator 2008.lnk -> %AllUsersDesktop%\Ship Simulator 2008.lnk ->  [Ver =  | Size = 672 bytes | Modified Date = 2008-01-09 09:45:33 | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 2008-01-25 08:24:21 | Attr =	]
Blender.lnk -> %UserDesktop%\Blender.lnk ->  [Ver =  | Size = 817 bytes | Modified Date = 2008-01-08 11:22:54 | Attr =	]
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1550759 bytes | Modified Date = 2008-01-21 12:32:37 | Attr =	]
ess_nt32_enu.msi -> %UserDesktop%\ess_nt32_enu.msi ->  [Ver =  | Size = 18995712 bytes | Modified Date = 2008-01-25 11:20:09 | Attr =	]
HBCZ-TENDER_Ograda_standard.pdf -> %UserDesktop%\HBCZ-TENDER_Ograda_standard.pdf ->  [Ver =  | Size = 494533 bytes | Modified Date = 2008-01-11 13:09:43 | Attr =	]
HBCZADAR_TL-S20-3KAT.pdf -> %UserDesktop%\HBCZADAR_TL-S20-3KAT.pdf ->  [Ver =  | Size = 117980 bytes | Modified Date = 2008-01-29 12:05:14 | Attr =	]
HBCZADAR_TL-S20-4KAT.pdf -> %UserDesktop%\HBCZADAR_TL-S20-4KAT.pdf ->  [Ver =  | Size = 145906 bytes | Modified Date = 2008-01-29 12:07:08 | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2008-01-22 10:22:00 | Attr =	]
razanac_za_projektanta.dwg -> %UserDesktop%\razanac_za_projektanta.dwg ->  [Ver =  | Size = 105381 bytes | Modified Date = 2008-01-16 10:43:43 | Attr =	]
RenV.exe -> %UserDesktop%\RenV.exe ->																							  [Ver =  0. 0. 0. 0 | Size = 132366 bytes | Modified Date = 2008-01-21 14:04:19 | Attr =	]
SDFix -> %UserDesktop%\SDFix ->  [Folder | Modified Date = 2008-01-29 08:33:24 | Attr =	]
Shortcut to lightwav.exe.lnk -> %UserDesktop%\Shortcut to lightwav.exe.lnk ->  [Ver =  | Size = 956 bytes | Modified Date = 2008-01-08 11:02:14 | Attr =	]
Shortcut to LightWave 3D 9.lnk -> %UserDesktop%\Shortcut to LightWave 3D 9.lnk ->  [Ver =  | Size = 646 bytes | Modified Date = 2008-01-08 11:41:53 | Attr =	]
Shortcut to modeler.exe.lnk -> %UserDesktop%\Shortcut to modeler.exe.lnk ->  [Ver =  | Size = 1865 bytes | Modified Date = 2008-01-08 11:01:55 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 2008-01-21 14:23:26 | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2008-01-22 10:35:38 | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 12 bytes | Modified Date = 2008-01-25 08:13:37 | Attr =	]
Tro_kovnici B5-B6-C-D.rar -> %UserDesktop%\Tro_kovnici B5-B6-C-D.rar ->  [Ver =  | Size = 1142861 bytes | Modified Date = 2008-01-23 10:03:00 | Attr =	]
Troškovnici PS2 -> %UserDesktop%\Troškovnici PS2 ->  [Folder | Modified Date = 2008-01-21 11:59:02 | Attr =	]
VideoEdit -> %UserDesktop%\VideoEdit ->  [Folder | Modified Date = 2008-01-14 13:32:20 | Attr = R  ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2008-01-21 13:56:23 | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2008-01-29 12:34:46 | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478109 bytes | Modified Date = 2008-01-29 12:27:31 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2008-01-25 08:23:10 | Attr =	]

< End of report >



Regards,
ZoFf

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:59 PM

Posted 29 January 2008 - 12:22 PM

Hi ZoFf. Ok, let's get started. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
YN -> UberIcon -> %ProgramFiles%\UberIcon\UberIcon Manager.exe
YN -> ViOrb -> %ProgramFiles%\ViOrb\ViOrb.exe
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YN -> %AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {944DB8FE-3108-4BF4-8225-35DAD4A3E953} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
YN -> {DBC23C3D-DDCA-48C3-844B-E8F53E50D705} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\vtsqp -> %System32%\vtsqp.exe
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9\Programs\hub.exe -> C:\Program Files\NewTek\LightWave 3D 9\Programs\hub.exe [C:\Program Files\NewTek\LightWave 3D 9\Programs\hub.exe:*:Enabled:hub]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9\Programs\modeler.exe -> C:\Program Files\NewTek\LightWave 3D 9\Programs\modeler.exe [C:\Program Files\NewTek\LightWave 3D 9\Programs\modeler.exe:*:Enabled:modeler]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9\Programs\lightwav.exe -> C:\Program Files\NewTek\LightWave 3D 9\Programs\lightwav.exe [C:\Program Files\NewTek\LightWave 3D 9\Programs\lightwav.exe:*:Enabled:lightwav]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe -> C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Sidebar\sidebar.exe -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:sidebar.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\hub.exe -> D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\hub.exe [D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\hub.exe:*:Enabled:hub]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\modeler.exe -> D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\modeler.exe [D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\modeler.exe:*:Enabled:modeler]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\lightwav.exe -> D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\lightwav.exe [D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\lightwav.exe:*:Enabled:lightwav]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.2\Programs\hub.exe -> C:\Program Files\NewTek\LightWave 3D 9.2\Programs\hub.exe [C:\Program Files\NewTek\LightWave 3D 9.2\Programs\hub.exe:*:Enabled:hub]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.2\Programs\modeler.exe -> C:\Program Files\NewTek\LightWave 3D 9.2\Programs\modeler.exe [C:\Program Files\NewTek\LightWave 3D 9.2\Programs\modeler.exe:*:Enabled:modeler]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.2\Programs\lightwav.exe -> C:\Program Files\NewTek\LightWave 3D 9.2\Programs\lightwav.exe [C:\Program Files\NewTek\LightWave 3D 9.2\Programs\lightwav.exe:*:Enabled:lightwav]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.3\Programs\hub.exe -> C:\Program Files\NewTek\LightWave 3D 9.3\Programs\hub.exe [C:\Program Files\NewTek\LightWave 3D 9.3\Programs\hub.exe:*:Enabled:hub]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.3\Programs\lightwav.exe -> C:\Program Files\NewTek\LightWave 3D 9.3\Programs\lightwav.exe [C:\Program Files\NewTek\LightWave 3D 9.3\Programs\lightwav.exe:*:Enabled:lightwav]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.3\Programs\modeler.exe -> C:\Program Files\NewTek\LightWave 3D 9.3\Programs\modeler.exe [C:\Program Files\NewTek\LightWave 3D 9.3\Programs\modeler.exe:*:Enabled:modeler]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\vrlserver.exe -> C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\vrlserver.exe [C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\vrlserver.exe:*:Enabled:VRLServer]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Google\Google SketchUp 6\SketchUp.exe -> D:\Program Files\Google\Google SketchUp 6\SketchUp.exe [D:\Program Files\Google\Google SketchUp 6\SketchUp.exe:*:Enabled:SketchUp Application]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe -> D:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe [D:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe:*:Enabled:LayOut]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Joost\xulrunner\tvprunner.exe -> D:\Program Files\Joost\xulrunner\tvprunner.exe [D:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\n\Local Settings\Temp\OnlineUpdate8\SetupXu.exe -> C:\Documents and Settings\n\Local Settings\Temp\OnlineUpdate8\SetupXu.exe [C:\Documents and Settings\n\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter]
[Files/Folders - Created Within 30 days]
YN -> nrhwtjow.ini -> %System32%\nrhwtjow.ini
YN -> pqstv.ini -> %System32%\pqstv.ini
YN -> pqstv.ini2 -> %System32%\pqstv.ini2
[Files/Folders - Modified Within 30 days]
NY -> nrhwtjow.ini -> %System32%\nrhwtjow.ini
NY -> pqstv.ini -> %System32%\pqstv.ini
NY -> pqstv.ini2 -> %System32%\pqstv.ini2
NY -> vtsqp.exe -> %System32%\vtsqp.exe
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 ZoFf

ZoFf
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 30 January 2008 - 05:01 AM

Hello OT,
here's everything....

1. New WinPFind35U report:


WinPFind35 logfile created on: 2008-01-30 09:39:22
WinPFind35U Version Beta40	 Folder = C:\Documents and Settings\n\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.00% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.65 Gb Total Space | 13.54 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
Drive D: | 258.43 Gb Total Space | 173.77 Gb Free Space | 67.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ZOFF
Current User Name: n
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 12:28:18 | Attr =	]
atkkbservice.exe -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 241152 bytes | Modified Date = 2005-10-18 15:00:10 | Attr =	]
adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 2007-03-07 09:27:39 | Attr =	]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 11:42:38 | Attr =	]
mvraidsvc.exe -> %ProgramFiles%\Marvell\61xx\svc\mvraidsvc.exe ->  [Ver = 1.0.0.7 | Size = 114688 bytes | Modified Date = 2006-07-26 00:39:06 | Attr =	]
apache.exe -> %ProgramFiles%\Marvell\61xx\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 2006-06-26 22:16:10 | Attr =	]
nbservice.exe -> D:\Program Files\Nero 8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 836904 bytes | Modified Date = 2007-08-08 08:25:08 | Attr =	]
apache.exe -> %ProgramFiles%\Marvell\61xx\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 2006-06-26 22:16:10 | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
pdagent.exe -> D:\Program Files\RAXCO\PerfectDisk\PDAgent.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 414984 bytes | Modified Date = 2007-11-06 08:37:48 | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 2007-01-04 22:38:08 | Attr =	]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 2006-03-30 09:15:44 | Attr =	]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
visualtasktips.exe -> D:\Program Files\VisualTaskTips\VisualTaskTips.exe -> VisualTaskTips.com [Ver = 2, 3, 0, 0 | Size = 36352 bytes | Modified Date = 2007-09-05 18:20:12 | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 2008-01-29 03:05:50 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr =	]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2006-12-18 14:34:46 | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 12:28:18 | Attr =	]
(ArchVision Content Manager Service) ArchVision Content Manager Service [Win32_Own | On_Demand | Stopped] ->  -> File not found
(ATKKeyboardService) ATK Keyboard Service [Win32_Own | Auto | Running] -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 241152 bytes | Modified Date = 2005-10-18 15:00:10 | Attr =	]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 2007-03-07 09:27:39 | Attr =	]
(AVP) Kaspersky Anti-Virus 7.0 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 11:42:38 | Attr =	]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 2006-03-30 09:15:44 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(EhttpSrv) Eset HTTP Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET Smart Security\EHttpSrv.exe ->  [Ver =  | Size = 18176 bytes | Modified Date = 2007-11-14 15:07:52 | Attr =	]
(ekrn) Eset Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET Smart Security\ekrn.exe -> ESET [Ver = 3.0.566  | Size = 455936 bytes | Modified Date = 2007-11-14 15:05:50 | Attr =	]
(Flexlm Service 1) Flexlm Service 1 [Win32_Own | Auto | Stopped] -> D:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\lmgrd.exe -> Macrovision Corporation [Ver = 10, 8, 0, 0 | Size = 962560 bytes | Modified Date = 2006-05-30 02:22:38 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2006-12-18 10:14:12 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2008-01-15 03:22:44 | Attr =	]
(Marvell RAID) Marvell RAID Event Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Marvell\61xx\svc\mvraidsvc.exe ->  [Ver = 1.0.0.7 | Size = 114688 bytes | Modified Date = 2006-07-26 00:39:06 | Attr =	]
(MRUWebService) MRU Web Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Marvell\61xx\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 2006-06-26 22:16:10 | Attr =	]
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> D:\Program Files\Nero 8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 836904 bytes | Modified Date = 2007-08-08 08:25:08 | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.0.4.0 | Size = 382248 bytes | Modified Date = 2007-08-03 11:51:18 | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
(PDAgent) PDAgent [Win32_Own | Auto | Running] -> D:\Program Files\RAXCO\PerfectDisk\PDAgent.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 414984 bytes | Modified Date = 2007-11-06 08:37:48 | Attr =	]
(PDEngine) PDEngine [Win32_Own | On_Demand | Stopped] -> D:\Program Files\RAXCO\PerfectDisk\PDEngine.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 734472 bytes | Modified Date = 2007-11-06 08:37:56 | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 2007-01-04 22:38:08 | Attr =	]
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe ->  [Ver = 12.0.1320.0823 | Size = 261120 bytes | Modified Date = 2007-08-23 14:32:00 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %System32%\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.4560 built by: WinDDK | Size = 245760 bytes | Modified Date = 2006-06-27 06:43:58 | Attr = R  ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AEAudio) AE Audio Service [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.2.32.3 | Size = 93824 bytes | Modified Date = 2006-04-26 23:42:40 | Attr = R  ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(asuskbnt) Enhanced Display Driver Helper Service [Kernel | System | Running] -> %System32%\drivers\atkkbnt.sys -> ASUSTeK COMPUTER INC. [Ver = 1.0.0.1 | Size = 11008 bytes | Modified Date = 2005-10-18 15:01:38 | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\n\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(DefragFS) DefragFS [File_System | Boot | Running] -> %System32%\drivers\DefragFs.sys -> Raxco Software, Inc. [Ver = 8.0013 built by: WinDDK | Size = 68624 bytes | Modified Date = 2007-10-22 05:33:40 | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(eamon) eamon [Kernel | Auto | Running] -> %System32%\drivers\eamon.sys -> Eset  [Ver = 3,0,0,0 D built by: WinDDK | Size = 33800 bytes | Modified Date = 2007-11-14 15:03:52 | Attr =	]
(easdrv) easdrv [Kernel | System | Running] -> %System32%\drivers\easdrv.sys -> ESET [Ver = 3.0.566  | Size = 27656 bytes | Modified Date = 2007-11-14 15:04:14 | Attr =	]
(EIO) EIO [Kernel | Auto | Running] -> %System32%\drivers\EIO.sys -> ASUSTeK Computer Inc. [Ver = 1.91 | Size = 11264 bytes | Modified Date = 2006-02-08 09:26:00 | Attr = R  ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 1 | Size = 15440 bytes | Modified Date = 2006-12-26 13:54:34 | Attr =	]
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %System32%\drivers\ElbyDelay.sys -> Elaborate Bytes [Ver = 4, 3, 0, 0 | Size = 3840 bytes | Modified Date = 2003-03-28 16:25:51 | Attr =	]
(epfw) epfw [Kernel | Auto | Running] -> %System32%\drivers\epfw.sys -> ESET [Ver = 3.0.566  | Size = 50696 bytes | Modified Date = 2007-11-14 15:06:30 | Attr =	]
(Epfwndis) Eset Personal Firewall [Kernel | On_Demand | Running] -> %System32%\drivers\epfwndis.sys -> ESET [Ver = 3.0.566  | Size = 30728 bytes | Modified Date = 2007-11-14 15:06:34 | Attr =	]
(epfwtdi) epfwtdi [Kernel | System | Running] -> %System32%\drivers\epfwtdi.sys -> ESET [Ver = 3.0.566  | Size = 53768 bytes | Modified Date = 2007-11-14 15:06:36 | Attr =	]
(FNETDEVI) FNETDEVI [Kernel | System | Running] -> %System32%\drivers\FNETDEVI.SYS -> FNet Co., Ltd. [Ver = 1.01.000 | Size = 19572 bytes | Modified Date = 2008-01-15 11:49:18 | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 2006-09-19 15:44:04 | Attr =	]
(ggsemc) Sony Ericsson USB Flash Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ggsemc.sys -> Sony Ericsson Mobile Communications [Ver = 1.0.0.5 | Size = 8704 bytes | Modified Date = 2007-03-22 09:16:00 | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 138240 bytes | Modified Date = 2004-10-27 15:21:36 | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(k750bus) Sony Ericsson 750 driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750bus.sys -> MCCI [Ver = V4.28 | Size = 55216 bytes | Modified Date = 2005-02-11 11:19:20 | Attr =	]
(k750mdfl) Sony Ericsson 750 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdfl.sys -> MCCI [Ver = V4.28 | Size = 6576 bytes | Modified Date = 2005-02-11 11:21:02 | Attr =	]
(k750mdm) Sony Ericsson 750 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdm.sys -> MCCI [Ver = V4.28 | Size = 89872 bytes | Modified Date = 2005-02-11 11:21:10 | Attr =	]
(k750mgmt) Sony Ericsson 750 USB WMC Device Management Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mgmt.sys -> MCCI [Ver = V4.28 | Size = 81728 bytes | Modified Date = 2005-02-11 11:22:48 | Attr =	]
(k750obex) Sony Ericsson 750 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750obex.sys -> MCCI [Ver = V4.28 | Size = 79488 bytes | Modified Date = 2005-02-11 11:24:24 | Attr =	]
(kl1) kl1 [Kernel | Boot | Running] -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 110096 bytes | Modified Date = 2007-10-31 13:41:16 | Attr =	]
(klif) klif [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.375 | Size = 194832 bytes | Modified Date = 2007-12-19 14:49:38 | Attr =	]
(klim5) Kaspersky Anti-Virus NDIS Filter [Kernel | On_Demand | Running] -> %System32%\drivers\klim5.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 24592 bytes | Modified Date = 2007-12-13 13:28:40 | Attr =	]
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042Kbd.SYS -> Logitech, Inc. [Ver = 2.40.840.00 | Size = 13056 bytes | Modified Date = 2005-05-20 15:00:36 | Attr =	]
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042MOU.SYS -> Logitech, Inc. [Ver = 2.40.840.00 | Size = 54528 bytes | Modified Date = 2005-05-20 15:00:48 | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidKE.Sys -> Logitech, Inc. [Ver = 2.40.840.00 | Size = 25600 bytes | Modified Date = 2005-05-20 15:01:32 | Attr =	]
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouKE.Sys -> Logitech, Inc. [Ver = 2.40.840.00 | Size = 68352 bytes | Modified Date = 2005-05-20 15:01:26 | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %System32%\drivers\ASACPI.sys ->  [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 2004-08-13 03:56:20 | Attr = R  ]
(mv61xx) mv61xx [Kernel | Boot | Running] -> %System32%\drivers\mv61xx.sys -> Marvell Semiconductor, Inc. [Ver =  1.1.0.38  built by: WinDDK | Size = 68736 bytes | Modified Date = 2006-07-28 07:59:42 | Attr = R  ]
(NTGDT) NTGDT [Kernel | System | Running] -> %System32%\drivers\NTGDT.SYS ->  [Ver =  | Size = 18112 bytes | Modified Date = 2007-09-07 13:04:10 | Attr = R  ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 3994624 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\MOZILL~1\SABProcEnum.sys -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 2006-10-10 13:53:48 | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2006-02-16 17:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2007-02-27 12:39:26 | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 11:25:53 | Attr =	]
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %System32%\drivers\senfilt.sys -> Sensaura [Ver = 5.10.00.3524 | Size = 392960 bytes | Modified Date = 2006-03-17 11:18:58 | Attr = R  ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SkLaggProtocol) SysKonnect Link Aggregation Protocol (LAGG) Support [Kernel | On_Demand | Stopped] -> system32\DRIVERS\yk51lagg.sys -> File not found
(SkVlanProtocol) SysKonnect Virtual LAN (VLAN) Support [Kernel | On_Demand | Stopped] -> %System32%\drivers\skvlan.sys -> SysKonnect [Ver = 2.15.1.3 built by: WinDDK | Size = 19328 bytes | Modified Date = 2005-11-30 02:15:00 | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 2001-08-17 13:56:16 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(sptd) sptd [Kernel | Boot | Running] -> %System32%\drivers\sptd.sys ->  [Ver =  | Size = 715248 bytes | Modified Date = 2008-01-17 12:57:04 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2008-01-22 16:06:33 | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 2007-10-31 14:09:14 | Attr =	]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Running] -> %System32%\drivers\WibuKey.sys -> WIBU-SYSTEMS AG [Ver = Version 5.00 of 2005-Apr-15 | Size = 70144 bytes | Modified Date = 2006-05-11 09:00:00 | Attr =	]
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %System32%\drivers\yk51x86.sys -> Marvell [Ver = 8.51.2.3 built by: WinDDK | Size = 244608 bytes | Modified Date = 2006-03-24 08:51:00 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:59:02 | Attr =	]
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
egui -> %ProgramFiles%\ESET\ESET Smart Security\egui.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:57:26 | Attr =	]
FineReader7NewsReaderPro -> D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe -> ABBYY (BIT Software) [Ver = 7.0.0.509 | Size = 278528 bytes | Modified Date = 2003-08-05 15:16:27 | Attr =	]
GrooveMonitor -> %ProgramFiles%\Microsoft Office\Office12\GrooveMonitor.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:49 | Attr =	]
HPWOTOOLBOX -> %ProgramFiles%\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:46 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:29 | Attr =	]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.40.840 | Size = 28160 bytes | Modified Date = 2005-05-20 14:46:56 | Attr =	]
NBKeyScan -> D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 1828136 bytes | Modified Date = 2007-08-08 08:25:06 | Attr =	]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:13 | Attr =	]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1622016 bytes | Modified Date = 2006-10-22 12:22:00 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:00 | Attr =	]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\Smax4.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:57:59 | Attr =	]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:57:52 | Attr =	]
Vistadrv -> D:\Downloads\VisualStyles\Vista Drive Status\vsdrv.exe ->  [Ver = 3, 1, 0, 15 | Size = 121089 bytes | Modified Date = 2006-07-30 02:37:14 | Attr =	]
Windows Defender -> %ProgramFiles%\Windows Defender\MSASCui.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:57:39 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-22 09:45:54 | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 2007-06-21 14:06:28 | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 11:31:23 | Attr =	]
ViStart -> %ProgramFiles%\ViStart\ViStart.exe ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 11:20:03 | Attr =	]
VisualTaskTips -> D:\Program Files\VisualTaskTips\VisualTaskTips.exe -> VisualTaskTips.com [Ver = 2, 3, 0, 0 | Size = 36352 bytes | Modified Date = 2007-09-05 18:20:12 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.40.849 | Size = 450560 bytes | Modified Date = 2005-05-25 02:40:00 | Attr =	]
< n Startup Folder > -> C:\Documents and Settings\n\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 13:55:48 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2007-04-19 13:41:36 | Attr =	]
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 219664 bytes | Modified Date = 2007-12-18 00:44:54 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.windowsxlive.net -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4158 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4156 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 2006-06-07 10:09:22 | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-08-27 09:27:11 | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Styler\TB\StylerTB.dll [StylerToolBar] -> StyleFantasist [Ver = 1, 1, 8, 0 | Size = 102400 bytes | Modified Date = 2006-05-02 04:31:26 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 2006-06-07 10:09:22 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 223760 bytes | Modified Date = 2007-12-18 00:45:00 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Windows &Live Favorites ->  -> File not found
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-05-10 21:47:03 | Attr =	]
I&zvoz u Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{42F2B900-686D-4A19-B2A2-11631FEFA1F4} ->	(Marvell Yukon 88E8052 PCI-E ASF Gigabit Ethernet Controller) -> 
{955B59F4-1E3F-4439-8845-5E2C03C9F671} ->	(1394 Net Adapter) -> 
{BCDB6B11-5ECB-4A9C-B620-A0C7B98C1668} ->	(Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) -> 
{EAEF1E75-9433-4575-9652-BE28C37B8C58} ->	() -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2006-02-28 11:42:30 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 2007-03-01 12:34:48 | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[OnlineScanner Control] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 18:49:30 | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 15:21:15 | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-24 05:37:50 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1912 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2274 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 13:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1288.0816 | Size = 5728112 bytes | Modified Date = 2007-08-16 15:19:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-07-16 17:14:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 13:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe -> C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server] -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 2006-06-26 22:16:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\eMule\eMule.exe -> D:\Program Files\eMule\eMule.exe [D:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus] -> http://emuleplus.info [Ver = 1.2b | Size = 5738496 bytes | Modified Date = 2007-02-07 19:39:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Sony Ericsson\Update Service\ma3platform.exe -> D:\Program Files\Sony Ericsson\Update Service\ma3platform.exe [D:\Program Files\Sony Ericsson\Update Service\ma3platform.exe:*:Enabled:ma3platform] ->  [Ver =  | Size = 3891200 bytes | Modified Date = 2007-03-22 09:15:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\uTorrent\utorrent.exe -> D:\Program Files\uTorrent\utorrent.exe [D:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 2007-09-17 09:47:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe -> C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe [C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe:*:Enabled:rpcACMapp] -> ArchVision [Ver = 1, 5, 0, 0 | Size = 880640 bytes | Modified Date = 2006-12-15 16:57:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe -> D:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe [D:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe:*:Enabled:ArchiCAD 10.0.0 Component] -> Graphisoft R&D [Ver = 10.0.0 R1 (2276 / 817) | Size = 9518233 bytes | Modified Date = 2006-05-19 11:04:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 11:42:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1288.0816 | Size = 5728112 bytes | Modified Date = 2007-08-16 15:19:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-07-16 17:14:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Luxology\modo 301\modo.exe -> D:\Program Files\Luxology\modo 301\modo.exe [D:\Program Files\Luxology\modo 301\modo.exe:*:Enabled:Luxology modo 301] ->  [Ver =  | Size = 303104 bytes | Modified Date = 2007-09-05 15:15:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe -> C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe [C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter] -> Nero AG [Ver = 1, 7, 17, 0 | Size = 2475304 bytes | Modified Date = 2007-08-08 08:34:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Nero 8\Nero Home\NeroHome.exe -> D:\Program Files\Nero 8\Nero Home\NeroHome.exe [D:\Program Files\Nero 8\Nero Home\NeroHome.exe:*:Enabled:Nero Home] -> Nero AG [Ver = 3.0.4.0 | Size = 767272 bytes | Modified Date = 2007-08-03 11:50:14 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ViStart\ViStart.exe -> C:\Program Files\ViStart\ViStart.exe [C:\Program Files\ViStart\ViStart.exe:*:Enabled:ViStart.exe] ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 11:20:03 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6212.1000 | Size = 12836728 bytes | Modified Date = 2007-09-06 18:01:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 340856 bytes | Modified Date = 2007-08-29 00:23:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 1022840 bytes | Modified Date = 2007-08-28 23:43:30 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe -> C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe [C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows] ->  [Ver =  | Size = 1 bytes | Modified Date = 2008-01-24 09:58:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 2008-01-15 03:22:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 05:39:49 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2006-02-28 13:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 05:39:49 | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 211 bytes | Created Date = 2008-01-23 11:35:43 | Attr =  HS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 2008-01-23 11:35:17 | Attr = RHS]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 2008-01-23 11:35:38 | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-01-21 12:35:43 | Attr =	]
FixVundo.exe -> %SystemDrive%\FixVundo.exe -> Symantec Corporation [Ver = 1.5.0 | Size = 166064 bytes | Created Date = 2008-01-21 10:29:56 | Attr =	]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\FixVundo.exe:Zone.Identifier
Garmin -> %SystemDrive%\Garmin ->  [Folder | Created Date = 2008-01-16 10:43:44 | Attr =	]
kav -> %SystemDrive%\kav ->  [Folder | Created Date = 2008-01-29 09:10:12 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2008-01-25 09:20:15 | Attr =	]
WUTemp -> %SystemDrive%\WUTemp ->  [Folder | Created Date = 2008-01-24 11:24:06 | Attr =	]
fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 6757664 bytes | Created Date = 2008-01-29 09:11:02 | Attr =  HS]
fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 94256 bytes | Created Date = 2008-01-29 09:11:02 | Attr =  HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat ->  [Ver =  | Size = 12576 bytes | Created Date = 2008-01-29 09:11:02 | Attr =  HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx ->  [Ver =  | Size = 3032 bytes | Created Date = 2008-01-29 09:11:02 | Attr =  HS]
FNETDEVI.SYS -> %System32%\drivers\FNETDEVI.SYS -> FNet Co., Ltd. [Ver = 1.01.000 | Size = 19572 bytes | Created Date = 2008-01-15 11:49:18 | Attr =	]
klick.dat -> %System32%\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Created Date = 2008-01-29 09:11:33 | Attr =	]
klin.dat -> %System32%\drivers\klin.dat ->  [Ver =  | Size = 91492 bytes | Created Date = 2008-01-29 09:11:33 | Attr =	]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 2008-01-22 12:44:41 | Attr =	]
78cdbd8c -> %System32%\78cdbd8c ->  [Ver =  | Size = 9 bytes | Created Date = 2008-01-22 09:15:04 | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Created Date = 2008-01-25 11:24:17 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
pthreadVC.dll -> %System32%\pthreadVC.dll ->  [Ver =  | Size = 53299 bytes | Created Date = 2008-01-08 11:26:30 | Attr =	]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Created Date = 2008-01-10 15:27:44 | Attr =	]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Created Date = 2008-01-10 15:27:46 | Attr =	]
SuperAdBlocker.com -> %System32%\SuperAdBlocker.com ->  [Folder | Created Date = 2008-01-25 08:55:11 | Attr =	]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 2008-01-21 12:35:52 | Attr =	]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-01-21 12:35:52 | Attr =	]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-01-21 12:35:52 | Attr =	]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2008-01-21 12:35:52 | Attr =	]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 101 bytes | Created Date = 2008-01-21 10:22:05 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2008-01-24 12:40:11 | Attr =	]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2008-01-29 08:09:23 | Attr =	]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2008-01-21 12:35:53 | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Created Date = 2008-01-23 11:35:13 | Attr =	]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Created Date = 2008-01-23 11:31:46 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Created Date = 2008-01-25 11:24:18 | Attr =	]
3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> 
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 2008-01-22 09:00:48 | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 2008-01-21 14:23:22 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-01-25 08:24:40 | Attr =	]
FNET -> %UserAppData%\FNET ->  [Folder | Created Date = 2008-01-15 11:49:16 | Attr =	]
GARMIN -> %UserAppData%\GARMIN ->  [Folder | Created Date = 2008-01-16 12:02:37 | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-01-25 08:24:17 | Attr =	]
ESET -> %LocalAppData%\ESET ->  [Folder | Created Date = 2008-01-17 12:56:22 | Attr =	]
cc_20080118_1148.reg -> %UserDocuments%\cc_20080118_1148.reg ->  [Ver =  | Size = 97920 bytes | Created Date = 2008-01-18 11:48:21 | Attr =	]
FixVundo.exe -> %UserDocuments%\FixVundo.exe -> Symantec Corporation [Ver = 1.5.0 | Size = 166064 bytes | Created Date = 2008-01-21 10:21:05 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\FixVundo.exe:Zone.Identifier
Garmin_Id.rtf -> %UserDocuments%\Garmin_Id.rtf ->  [Ver =  | Size = 213 bytes | Created Date = 2008-01-16 10:49:17 | Attr =	]
IZVJESCE_01-08.doc -> %UserDocuments%\IZVJESCE_01-08.doc ->  [Ver =  | Size = 44544 bytes | Created Date = 2008-01-15 08:22:42 | Attr =	]
kletka.mpeg -> %UserDocuments%\kletka.mpeg ->  [Ver =  | Size = 2043908 bytes | Created Date = 2008-01-29 12:11:00 | Attr =	]
My Garmin -> %UserDocuments%\My Garmin ->  [Folder | Created Date = 2008-01-16 10:47:40 | Attr =	]
Stanari u Zrinsko-Ugovor-dodatak.doc -> %UserDocuments%\Stanari u Zrinsko-Ugovor-dodatak.doc ->  [Ver =  | Size = 35328 bytes | Created Date = 2008-01-29 12:14:11 | Attr =	]
Stanari u Zrinsko-Ugovor-Ispravak.doc -> %UserDocuments%\Stanari u Zrinsko-Ugovor-Ispravak.doc ->  [Ver =  | Size = 35328 bytes | Created Date = 2008-01-29 12:15:50 | Attr =	]
Suvlasnici zgrade.docx -> %UserDocuments%\Suvlasnici zgrade.docx ->  [Ver =  | Size = 12793 bytes | Created Date = 2008-01-25 09:54:25 | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 2008-01-22 09:01:02 | Attr =	]
Alcohol 120%.lnk -> %AllUsersDesktop%\Alcohol 120%.lnk ->  [Ver =  | Size = 833 bytes | Created Date = 2008-01-17 13:06:00 | Attr =	]
Ship Simulator 2008.lnk -> %AllUsersDesktop%\Ship Simulator 2008.lnk ->  [Ver =  | Size = 672 bytes | Created Date = 2008-01-09 09:45:33 | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 2008-01-25 08:24:21 | Attr =	]
Blender.lnk -> %UserDesktop%\Blender.lnk ->  [Ver =  | Size = 817 bytes | Created Date = 2008-01-08 11:22:54 | Attr =	]
ess_nt32_enu.msi -> %UserDesktop%\ess_nt32_enu.msi ->  [Ver =  | Size = 18995712 bytes | Created Date = 2008-01-25 11:17:28 | Attr =	]
HBCZ-TENDER_Ograda_standard.pdf -> %UserDesktop%\HBCZ-TENDER_Ograda_standard.pdf ->  [Ver =  | Size = 494533 bytes | Created Date = 2008-01-11 13:09:43 | Attr =	]
HBCZADAR_TL-S20-3KAT.pdf -> %UserDesktop%\HBCZADAR_TL-S20-3KAT.pdf ->  [Ver =  | Size = 117980 bytes | Created Date = 2008-01-29 12:05:14 | Attr =	]
HBCZADAR_TL-S20-4KAT.pdf -> %UserDesktop%\HBCZADAR_TL-S20-4KAT.pdf ->  [Ver =  | Size = 145906 bytes | Created Date = 2008-01-29 12:06:53 | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 2008-01-22 10:21:59 | Attr =	]
razanac_za_projektanta.dwg -> %UserDesktop%\razanac_za_projektanta.dwg ->  [Ver =  | Size = 105381 bytes | Created Date = 2008-01-23 11:05:02 | Attr =	]
RenV.exe -> %UserDesktop%\RenV.exe ->																							  [Ver =  0. 0. 0. 0 | Size = 132366 bytes | Created Date = 2008-01-21 14:04:22 | Attr =	]
SDFix -> %UserDesktop%\SDFix ->  [Folder | Created Date = 2008-01-29 08:03:54 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 2008-01-21 14:23:26 | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 2008-01-22 10:34:51 | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 12 bytes | Created Date = 2008-01-22 16:05:52 | Attr =	]
Tro_kovnici B5-B6-C-D.rar -> %UserDesktop%\Tro_kovnici B5-B6-C-D.rar ->  [Ver =  | Size = 1142861 bytes | Created Date = 2008-01-23 10:03:00 | Attr =	]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 2008-01-21 13:56:27 | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2008-01-29 12:34:46 | Attr =	]
Logitech SetPoint.lnk -> %AllUsersStartup%\Logitech SetPoint.lnk ->  [Ver =  | Size = 1687 bytes | Created Date = 2008-01-24 09:10:20 | Attr =	]
Windows Desktop Search.lnk -> %AllUsersStartup%\Windows Desktop Search.lnk ->  [Ver =  | Size = 1787 bytes | Created Date = 2008-01-24 09:10:20 | Attr =	]
OneNote 2007 Screen Clipper and Launcher.lnk -> %UserStartup%\OneNote 2007 Screen Clipper and Launcher.lnk ->  [Ver =  | Size = 947 bytes | Created Date = 2008-01-24 09:10:20 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2008-01-22 08:59:37 | Attr =	]

[Files/Folders - Modified Within 30 days]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 211 bytes | Modified Date = 2008-01-22 12:10:46 | Attr =  HS]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 282 bytes | Modified Date = 2008-01-24 09:10:19 | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 2008-01-23 11:35:43 | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-01-25 08:16:11 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2008-01-29 09:11:35 | Attr =  H ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2008-01-24 09:43:32 | Attr =	]
FixVundo.exe -> %SystemDrive%\FixVundo.exe -> Symantec Corporation [Ver = 1.5.0 | Size = 166064 bytes | Modified Date = 2008-01-21 10:21:06 | Attr =	]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\FixVundo.exe:Zone.Identifier
Garmin -> %SystemDrive%\Garmin ->  [Folder | Modified Date = 2008-01-16 10:46:52 | Attr =	]
kav -> %SystemDrive%\kav ->  [Folder | Modified Date = 2008-01-29 09:10:12 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-01-29 09:11:02 | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2008-01-29 10:43:46 | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 2008-01-14 14:00:43 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2008-01-25 09:20:15 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-01-29 12:04:37 | Attr =	]
WUTemp -> %SystemDrive%\WUTemp ->  [Folder | Modified Date = 2008-01-24 11:24:06 | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2008-01-29 08:15:39 | Attr =	]
HOSTS -> %System32%\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 2008-01-29 08:15:39 | Attr =	]
hosts.20080122-080846.backup -> %System32%\drivers\etc\hosts.20080122-080846.backup ->  [Ver =  | Size = 222979 bytes | Modified Date = 2008-01-22 08:00:45 | Attr = R  ]
fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 6757664 bytes | Modified Date = 2008-01-30 08:37:57 | Attr =  HS]
fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 94256 bytes | Modified Date = 2008-01-29 15:04:01 | Attr =  HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat ->  [Ver =  | Size = 12576 bytes | Modified Date = 2008-01-30 08:09:44 | Attr =  HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx ->  [Ver =  | Size = 3032 bytes | Modified Date = 2008-01-29 15:04:01 | Attr =  HS]
FNETDEVI.SYS -> %System32%\drivers\FNETDEVI.SYS -> FNet Co., Ltd. [Ver = 1.01.000 | Size = 19572 bytes | Modified Date = 2008-01-15 11:49:18 | Attr =	]
klick.dat -> %System32%\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Modified Date = 2008-01-29 09:11:33 | Attr =	]
klin.dat -> %System32%\drivers\klin.dat ->  [Ver =  | Size = 91492 bytes | Modified Date = 2008-01-29 09:11:33 | Attr =	]
sptd.sys -> %System32%\drivers\sptd.sys ->  [Ver =  | Size = 715248 bytes | Modified Date = 2008-01-17 12:57:04 | Attr =	]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2008-01-22 16:06:33 | Attr =	]
78cdbd8c -> %System32%\78cdbd8c ->  [Ver =  | Size = 9 bytes | Modified Date = 2008-01-22 09:15:04 | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 2008-01-24 09:45:06 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2008-01-29 23:56:07 | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 2008-01-18 11:33:34 | Attr =	]
d3d9caps.dat -> %System32%\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 2008-01-09 16:05:15 | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2008-01-24 11:14:49 | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2008-01-29 09:11:33 | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Modified Date = 2008-01-25 11:24:17 | Attr =	]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 2008-01-17 13:00:17 | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 87808 bytes | Modified Date = 2008-01-29 15:35:52 | Attr =	]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 2008-01-10 15:27:44 | Attr =	]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 2008-01-10 15:27:46 | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 2008-01-29 10:43:46 | Attr =	]
SuperAdBlocker.com -> %System32%\SuperAdBlocker.com ->  [Folder | Modified Date = 2008-01-25 08:55:11 | Attr =	]
VIRepair -> %System32%\VIRepair ->  [Folder | Modified Date = 2008-01-18 11:41:16 | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 2008-01-18 11:33:04 | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 2008-01-29 15:34:46 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-01-09 03:53:22 | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-01-29 15:34:00 | Attr =   S]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 101 bytes | Modified Date = 2008-01-21 10:22:05 | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2008-01-18 11:53:07 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-01-25 11:24:18 | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-01-24 12:40:11 | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2008-01-29 08:09:23 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2008-01-29 09:11:20 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-01-29 09:11:33 | Attr =  HS]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 2225 bytes | Modified Date = 2008-01-25 08:55:12 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 182 bytes | Modified Date = 2008-01-14 14:00:08 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-01-30 08:11:36 | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2008-01-24 08:56:17 | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2008-01-18 11:33:03 | Attr =	]
render.ini -> %SystemRoot%\render.ini ->  [Ver =  | Size = 33 bytes | Modified Date = 2008-01-25 12:00:25 | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 2008-01-23 11:35:13 | Attr =	]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Modified Date = 2008-01-23 11:34:17 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2008-01-24 09:10:18 | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2008-01-30 08:13:47 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2008-01-29 15:37:11 | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-01-30 08:14:03 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 668 bytes | Modified Date = 2008-01-24 09:10:18 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-01-25 21:58:03 | Attr =	]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job ->  [Ver =  | Size = 246 bytes | Modified Date = 2008-01-30 08:59:02 | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 2008-01-30 02:09:55 | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-01-29 15:34:03 | Attr =  H ]
User_Feed_Synchronization-{3A4CD6F7-D173-434C-9774-E19C5E04964C}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{3A4CD6F7-D173-434C-9774-E19C5E04964C}.job ->  [Ver =  | Size = 410 bytes | Modified Date = 2008-01-30 09:35:00 | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 24802 bytes | Modified Date = 2008-01-29 15:37:56 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 24802 bytes | Modified Date = 2008-01-29 15:37:56 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11080 bytes | Modified Date = 2006-12-14 14:50:55 | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2007-09-27 11:03:44 | Attr =	]
Perflib_Perfdata_cc0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_cc0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-01-29 15:34:22 | Attr =	]
2 C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Eset -> %AllUsersAppData%\Eset ->  [Folder | Modified Date = 2008-01-28 09:02:38 | Attr =	]
3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> 
Google -> %AllUsersAppData%\Google ->  [Folder | Modified Date = 2008-01-24 10:11:13 | Attr =	]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Modified Date = 2008-01-29 15:38:00 | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 2008-01-22 09:02:04 | Attr =	]
QTSBandwidthCache -> %AllUsersAppData%\QTSBandwidthCache ->  [Ver =  | Size = 2137 bytes | Modified Date = 2008-01-11 14:13:07 | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2008-01-22 08:59:17 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-01-25 08:24:40 | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 2008-01-10 10:26:32 | Attr =	]
FNET -> %UserAppData%\FNET ->  [Folder | Modified Date = 2008-01-15 11:49:16 | Attr =	]
GARMIN -> %UserAppData%\GARMIN ->  [Folder | Modified Date = 2008-01-16 12:02:37 | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-01-25 08:24:17 | Attr =	]
uTorrent -> %UserAppData%\uTorrent ->  [Folder | Modified Date = 2008-01-18 11:32:46 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 29184 bytes | Modified Date = 2008-01-14 14:04:32 | Attr =	]
ESET -> %LocalAppData%\ESET ->  [Folder | Modified Date = 2008-01-17 12:56:22 | Attr =	]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-18 11:40:12 | Attr =	]
Alcohol 120% -> %UserDocuments%\Alcohol 120% ->  [Folder | Modified Date = 2008-01-18 12:43:41 | Attr =	]
Autodesk -> %UserDocuments%\Autodesk ->  [Folder | Modified Date = 2008-01-29 09:03:42 | Attr =	]
cc_20080118_1148.reg -> %UserDocuments%\cc_20080118_1148.reg ->  [Ver =  | Size = 97920 bytes | Modified Date = 2008-01-18 11:48:25 | Attr =	]
Converted Videos -> %UserDocuments%\Converted Videos ->  [Folder | Modified Date = 2008-01-14 14:17:52 | Attr =	]
FixVundo.exe -> %UserDocuments%\FixVundo.exe -> Symantec Corporation [Ver = 1.5.0 | Size = 166064 bytes | Modified Date = 2008-01-21 10:21:06 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\FixVundo.exe:Zone.Identifier
Garmin_Id.rtf -> %UserDocuments%\Garmin_Id.rtf ->  [Ver =  | Size = 213 bytes | Modified Date = 2008-01-16 10:49:17 | Attr =	]
IZVJESCE_01-08.doc -> %UserDocuments%\IZVJESCE_01-08.doc ->  [Ver =  | Size = 44544 bytes | Modified Date = 2008-01-15 08:40:28 | Attr =	]
kletka.mpeg -> %UserDocuments%\kletka.mpeg ->  [Ver =  | Size = 2043908 bytes | Modified Date = 2008-01-29 12:11:00 | Attr =	]
My Garmin -> %UserDocuments%\My Garmin ->  [Folder | Modified Date = 2008-01-16 10:47:40 | Attr =	]
Stanari u Zrinsko-Ugovor-dodatak.doc -> %UserDocuments%\Stanari u Zrinsko-Ugovor-dodatak.doc ->  [Ver =  | Size = 35328 bytes | Modified Date = 2008-01-29 12:15:38 | Attr =	]
Stanari u Zrinsko-Ugovor-Ispravak.doc -> %UserDocuments%\Stanari u Zrinsko-Ugovor-Ispravak.doc ->  [Ver =  | Size = 35328 bytes | Modified Date = 2008-01-29 12:15:50 | Attr =	]
Suvlasnici zgrade.docx -> %UserDocuments%\Suvlasnici zgrade.docx ->  [Ver =  | Size = 12793 bytes | Modified Date = 2008-01-25 09:54:26 | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 2008-01-22 09:01:02 | Attr =	]
Alcohol 120%.lnk -> %AllUsersDesktop%\Alcohol 120%.lnk ->  [Ver =  | Size = 833 bytes | Modified Date = 2008-01-17 13:06:00 | Attr =	]
Ship Simulator 2008.lnk -> %AllUsersDesktop%\Ship Simulator 2008.lnk ->  [Ver =  | Size = 672 bytes | Modified Date = 2008-01-09 09:45:33 | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 2008-01-25 08:24:21 | Attr =	]
Blender.lnk -> %UserDesktop%\Blender.lnk ->  [Ver =  | Size = 817 bytes | Modified Date = 2008-01-08 11:22:54 | Attr =	]
ess_nt32_enu.msi -> %UserDesktop%\ess_nt32_enu.msi ->  [Ver =  | Size = 18995712 bytes | Modified Date = 2008-01-25 11:20:09 | Attr =	]
HBCZ-TENDER_Ograda_standard.pdf -> %UserDesktop%\HBCZ-TENDER_Ograda_standard.pdf ->  [Ver =  | Size = 494533 bytes | Modified Date = 2008-01-11 13:09:43 | Attr =	]
HBCZADAR_TL-S20-3KAT.pdf -> %UserDesktop%\HBCZADAR_TL-S20-3KAT.pdf ->  [Ver =  | Size = 117980 bytes | Modified Date = 2008-01-29 12:05:14 | Attr =	]
HBCZADAR_TL-S20-4KAT.pdf -> %UserDesktop%\HBCZADAR_TL-S20-4KAT.pdf ->  [Ver =  | Size = 145906 bytes | Modified Date = 2008-01-29 12:07:08 | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2008-01-22 10:22:00 | Attr =	]
razanac_za_projektanta.dwg -> %UserDesktop%\razanac_za_projektanta.dwg ->  [Ver =  | Size = 105381 bytes | Modified Date = 2008-01-16 10:43:43 | Attr =	]
RenV.exe -> %UserDesktop%\RenV.exe ->																							  [Ver =  0. 0. 0. 0 | Size = 132366 bytes | Modified Date = 2008-01-21 14:04:19 | Attr =	]
SDFix -> %UserDesktop%\SDFix ->  [Folder | Modified Date = 2008-01-29 08:33:24 | Attr =	]
Shortcut to lightwav.exe.lnk -> %UserDesktop%\Shortcut to lightwav.exe.lnk ->  [Ver =  | Size = 956 bytes | Modified Date = 2008-01-08 11:02:14 | Attr =	]
Shortcut to LightWave 3D 9.lnk -> %UserDesktop%\Shortcut to LightWave 3D 9.lnk ->  [Ver =  | Size = 646 bytes | Modified Date = 2008-01-08 11:41:53 | Attr =	]
Shortcut to modeler.exe.lnk -> %UserDesktop%\Shortcut to modeler.exe.lnk ->  [Ver =  | Size = 1865 bytes | Modified Date = 2008-01-08 11:01:55 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 2008-01-21 14:23:26 | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2008-01-22 10:35:38 | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 12 bytes | Modified Date = 2008-01-25 08:13:37 | Attr =	]
Tro_kovnici B5-B6-C-D.rar -> %UserDesktop%\Tro_kovnici B5-B6-C-D.rar ->  [Ver =  | Size = 1142861 bytes | Modified Date = 2008-01-23 10:03:00 | Attr =	]
Troškovnici PS2 -> %UserDesktop%\Troškovnici PS2 ->  [Folder | Modified Date = 2008-01-21 11:59:02 | Attr =	]
VideoEdit -> %UserDesktop%\VideoEdit ->  [Folder | Modified Date = 2008-01-14 13:32:20 | Attr = R  ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2008-01-21 13:56:23 | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2008-01-30 08:13:34 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2008-01-25 08:23:10 | Attr =	]

< End of report >


2. SUPERAntiSpyware report:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/30/2008 at 08:46 AM

Application Version : 3.9.1008

Core Rules Database Version : 3391
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 00:29:25

Memory items scanned : 453
Memory threats detected : 0
Registry items scanned : 10468
Registry threats detected : 0
File items scanned : 36684
File threats detected : 0

3. Latest log from EinPFind3u/MovedFiles folder:


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UberIcon deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ViOrb deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk moved successfully.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944DB8FE-3108-4BF4-8225-35DAD4A3E953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{944DB8FE-3108-4BF4-8225-35DAD4A3E953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC23C3D-DDCA-48C3-844B-E8F53E50D705}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC23C3D-DDCA-48C3-844B-E8F53E50D705}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\vtsqp deleted successfully.
C:\WINDOWS\System32\vtsqp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9\Programs\hub.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9\Programs\modeler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9\Programs\lightwav.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Sidebar\sidebar.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\hub.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\modeler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\LightWavev9.2\Intel_OpenBeta\Programs\lightwav.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.2\Programs\hub.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.2\Programs\modeler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.2\Programs\lightwav.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.3\Programs\hub.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.3\Programs\lightwav.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NewTek\LightWave 3D 9.3\Programs\modeler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\vrlserver.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Google\Google SketchUp 6\SketchUp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Joost\xulrunner\tvprunner.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\n\Local Settings\Temp\OnlineUpdate8\SetupXu.exe deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\nrhwtjow.ini moved successfully.
C:\WINDOWS\System32\pqstv.ini moved successfully.
C:\WINDOWS\System32\pqstv.ini2 moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\nrhwtjow.ini not found!
File C:\WINDOWS\System32\pqstv.ini not found!
File C:\WINDOWS\System32\pqstv.ini2 not found!
File C:\WINDOWS\System32\vtsqp.exe not found!
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta40 fix logfile created on 01302008_081334

4. Problems : I still get messages in separate command windows after reboot:
"One or more CON code pages invalid for given keyboard code", for several
startup items, and they start piling on desktop....I have to close them one by one.
>Maybe I have to remove and then reinstall all these applications... one of them is Egui.exe -
- Eset smart security (trial). Anyway, I have Kaspersky installed and working. Who knows which one is better....

Also, when I run command prompt from start menu, I get the same message...is this some kind of DOS problem?

All other programs seem to work fine (Autocad, Photoshop. Office programs)...still I expect some reinstalling...

Thanks,

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:59 PM

Posted 30 January 2008 - 12:14 PM

Hi ZoFf. Everything looks fine in the log.

The CON messages occur when the Language setting and the keyboard setting are not compatible. An example would be using a Greek language on the standard 101 keyboard. The message is informational only. It means that typing certain characters on the chosen keyboard will not necessarily produce the characters of that key.

You can check your language and keyboard selections in the Control Panel. If an application was installed that changed either of them (e.g. in a differnet language than the default) this message will appear.

How are things running? If all is well then we can do some final cleanup and you'll be all set.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 ZoFf

ZoFf
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 31 January 2008 - 05:12 AM

Hi OldTimer.

I've checked Regional and Keyboard settings and didn't find anything strange.
I've even uninstalled Eset Nod32, Logitech SetPoint and Vista Transformation Pack visual style, and
still get those "One or more CON code pages invalid for given keyboard code" windows for startup items
like MSASCui, NeroCheck, QTTask, iTunesHelper, Acrotray etc...
Should I try to remove all these startup items?

Averything else works fine, but this is quite annoying...[I don't like leaving computer in standby mode so every day I have to watch this..]

Thanks in advance,
cheers,
ZoFf

#8 ZoFf

ZoFf
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 31 January 2008 - 09:32 AM

Hello again.

Kaspersky anti-virus proactive defense finds an Keylogger when I start Autocad Architecture 2008.
["Keylogger detected. Process is trying to redirect keyboard input....C:\Program Files\AutoCAD Architecture 2008\acad.exe]

It offers to terminate or allow process.
Autocad works (while Proactive Defense window waits) until I choose to terminate process.


Regards,
ZoFf

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:59 PM

Posted 31 January 2008 - 12:00 PM

Hi ZoFf. Let's see if Kaspersky is correct or just having a bad day.

Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:
C:\Program Files\AutoCAD Architecture 2008\acad.exe
Several scanning engines will be used to check the file for any threats. Please post the results of the scans back here.

I was thinking about AutoCad regarding the CON messages anyway. I am not by any means an AutoCad person but I do know that AutoCad installs a few keyboard drivers. Did these CON messages start shortly after installing or upgrading/updating AutoCad (or any other application)?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 ZoFf

ZoFf
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 01 February 2008 - 06:57 AM

Hello OldTimer,

You were right - Kaspersky probably exaggerated:

Jotti scan results:

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:

File: acad.exe
Status: OK
MD5: 3a02b753c1d58807e211ece00aa34a38
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 01 Feb 2008 08:58:47 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

>No, this mesagges started happening when I installed Alchohol120% trial [that was stupid: I downloaded a torrent from somewhere...]

>By the way I've changed in Regional and language settings - advance tab to Croatian as well...and now command windows appear but with no text at all....See image attached...


>In the meantime I uninstalled Groove, Defender and Hp sowtware...

Cheers,
ZoFf

Attached Files



#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:59 PM

Posted 01 February 2008 - 10:44 AM

Hi ZoFf. I'm not sure what I am looking at in the image. Is that what happens when you double-click the programs to start them?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 ZoFf

ZoFf
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 01 February 2008 - 01:29 PM

Hi OT.

No, it happens every time I boot to Windows. They start appearing one by one and I must
close each one of them (no command line inside, as you see, and I cannot exit like in usual DOS command prompt).
They are all startup programs....that's why I think I should try to uninstall [and reinstall] all of them (iTunes, QuickTime and Google something).

Regards,
ZoFf

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:59 PM

Posted 01 February 2008 - 06:08 PM

Hi ZoFf. Does that only happen at startup or does it happen when you start the programs thorughthe start menu or by directly starting them also? I'm thinking it could have something to do with the ViStart program. It messes with all of the screens in Windows.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 ZoFf

ZoFf
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 02 February 2008 - 01:52 PM

Hi, OT.
Yes, that happened every time I started Nero (before I removed it), but iTunes and QuickTime runs normally..
I'll try with other programs...
Cheers,
ZoFf

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:59 PM

Posted 02 February 2008 - 04:51 PM

Ok, let me know what you find out.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users