Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pxfsf.syspage_fault_in_nonpage_area


  • Please log in to reply
21 replies to this topic

#1 shortyshorts7

shortyshorts7

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 29 January 2008 - 06:07 PM

(Moved this from Misplaced HJT Logs to get this file out easier)
Hello their just today as i started my Pc up i got a blue back round screen with this (Pxfsf.sysPAGE_FAULT_IN_NONPAGE_AREA) as the reason why it was going to this screen. I have a graphics card hooked up to my computer and it seems as if it was disabled or something because my screen re appeared when i hooked my monitor cable back to my on board graphics card. I hope you guys could help me out with my problem. SO to get things started here is my Hijack this file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bob Clarke\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SXG Advisor - {61E61BA1-45ED-4835-B504-BBB9C96CB9CD} - C:\WINDOWS\dpvtporrfd.dll
O3 - Toolbar: The elfwgps - {CF4C34FE-2275-45EC-8C7E-2594CC1811A5} - C:\WINDOWS\elfwgps.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Bob Clarke\Desktop\install_sbd_en.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: bw+0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

--
End of file - 18198 bytes

BC AdBot (Login to Remove)

 


#2 shortyshorts7

shortyshorts7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 03 February 2008 - 06:19 PM

Hello their just today as i started my Pc up i got a blue back round screen with this (Pxfsf.sysPAGE_FAULT_IN_NONPAGE_AREA) as the reason why it was going to this screen. I have a graphics card hooked up to my computer and it seems as if it was disabled or something because my screen re appeared when i hooked my monitor cable back to my on board graphics card. I hope you guys could help me out with my problem. So to get things started here is my Hijack this file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bob Clarke\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SXG Advisor - {61E61BA1-45ED-4835-B504-BBB9C96CB9CD} - C:\WINDOWS\dpvtporrfd.dll
O3 - Toolbar: The elfwgps - {CF4C34FE-2275-45EC-8C7E-2594CC1811A5} - C:\WINDOWS\elfwgps.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Bob Clarke\Desktop\install_sbd_en.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: bw+0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

--
End of file - 18308 bytes

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:48 AM

Posted 10 February 2008 - 02:49 PM

Hello shortyshorts7 and welcome to the BC HijackThis forum. The blue screens are normally caused by faulty hardware or a faulty driver for the hardware. We'll send you over to the Hardware forum when we are done here to have them take a look at that. But while you re here, it does appear that there are some malicious files on this system. Let's see what we can find.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 shortyshorts7

shortyshorts7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 10 February 2008 - 04:10 PM

WinPFind35 logfile created on: 2008-02-11 16:07:08

WinPFind35U Version Beta49	 Folder = C:\Documents and Settings\Bob Clarke\Desktop\WinPFind35u

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

 

510.48 Mb Total Physical Memory | 336.44 Mb Available Physical Memory | 65.91% Memory free

865.36 Mb Paging File | 770.15 Mb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 384 768;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.84 Gb Total Space | 37.43 Gb Free Space | 67.02% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: OFFICE

Current User Name: Bob Clarke

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: Current user



[Processes - Non-Microsoft Only]

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 2008-01-02 05:50:58 | Attr =	]

winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 310272 bytes | Modified Date = 2008-02-10 13:10:14 | Attr =	]



[Win32 Services - Non-Microsoft Only]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 00:56:50 | Attr =	]

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 2006-10-30 09:36:32 | Attr =	]

(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe ->  [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 2005-09-09 17:56:37 | Attr =	]

(McShield) McAfee.com McShield [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe ->  [Ver =  | Size = 225375 bytes | Modified Date = 2001-09-08 07:00:00 | Attr =	]

(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 8 | Size = 245760 bytes | Modified Date = 2003-08-21 18:06:56 | Attr =	]

(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 106496 bytes | Modified Date = 2003-08-08 18:04:38 | Attr =	]

(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 2005-01-26 15:30:04 | Attr =	]

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 131139 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]

(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 2005-01-26 15:25:34 | Attr =	]

(PREVXAgent) PREVXAgent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Prevx2\PXAgent.exe -> File not found

(PSEXESVC) PsExec [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]

(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 69718 bytes | Modified Date = 2005-01-26 15:20:14 | Attr =	]

(SvcProc) System Startup Service  [Win32_Own | Auto | Stopped] -> %SystemRoot%\svcproc.exe -> File not found



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(aeaudio) aeaudio [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 2002-04-01 14:15:00 | Attr =	]

(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 2001-08-17 14:51:56 | Attr =	]

(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 2004-08-03 23:07:44 | Attr =	]

(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Modified Date = 2004-08-03 22:31:20 | Attr =	]

(asc) asc [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 2001-08-17 14:52:00 | Attr =	]

(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 2001-08-17 14:51:58 | Attr =	]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ATWPKT2) ATWPKT2 [Kernel | On_Demand | Stopped] -> %ProgramFiles%\America Online 8.0\ATWPKT2.SYS -> File not found

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.51.0.0 built by: WinDDK | Size = 42368 bytes | Modified Date = 2003-01-15 15:45:06 | Attr =	]

(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 2003-08-29 04:59:24 | Attr =	]

(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %System32%\DRIVERS\cdr4_xp.sys -> Roxio [Ver = 5.2.0.91 | Size = 59440 bytes | Modified Date = 2003-03-19 12:16:22 | Attr =	]

(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\DRIVERS\cdralw2k.sys -> Roxio [Ver = 5.2.0.91 | Size = 23724 bytes | Modified Date = 2003-03-19 12:16:22 | Attr =	]

(cdudf_xp) cdudf_xp [File_System | System | Running] -> %System32%\DRIVERS\cdudf_xp.sys -> Roxio [Ver = 5.2.0.91 built by: WinDDK | Size = 236032 bytes | Modified Date = 2002-04-10 17:48:04 | Attr =	]

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 2001-08-17 14:51:54 | Attr =	]

(CV2K1) CommView Network Monitor [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\cv2k1.sys -> TamoSoft [Ver = 3.0.1.5 built by: WinDDK | Size = 12800 bytes | Modified Date = 2006-04-29 00:31:22 | Attr =	]

(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 2001-08-17 14:52:16 | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-03 23:07:18 | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-03 23:07:18 | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2002-08-29 06:00:00 | Attr =	]

(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\Dvd_2k.sys -> Roxio [Ver = 5.2.0.91 | Size = 24554 bytes | Modified Date = 2002-04-10 18:01:12 | Attr =	]

(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 2001-08-17 13:11:06 | Attr =	]

(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 2006-09-19 15:44:04 | Attr =	]

(gmer) gmer [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 2004-01-28 18:26:03 | Attr =	]

(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]

(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZid412.sys -> HP [Ver = 10, 1, 0, 2 | Size = 49664 bytes | Modified Date = 2005-10-27 19:24:28 | Attr = R  ]

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZipr12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 16496 bytes | Modified Date = 2005-10-27 19:24:29 | Attr = R  ]

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZius12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 21568 bytes | Modified Date = 2005-10-27 19:24:30 | Attr = R  ]

(i81x) i81x [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]

(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]

(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]

(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]

(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 2004-08-03 22:29:48 | Attr =	]

(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 2004-08-03 22:29:50 | Attr =	]

(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 2004-08-03 22:29:42 | Attr =	]

(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 2004-08-03 22:29:44 | Attr =	]

(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found

(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 2004-08-03 22:29:44 | Attr =	]

(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 2004-08-03 22:29:46 | Attr =	]

(ialm) ialm [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4342 | Size = 807998 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]

(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\L8042MOU.SYS -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 55808 bytes | Modified Date = 2006-03-28 17:55:04 | Attr =	]

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHIDFLT2.SYS -> Logitech [Ver = 9.41.1.10 | Size = 22064 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]

(LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LHidKE.Sys -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 27008 bytes | Modified Date = 2006-03-28 17:56:06 | Attr =	]

(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHIDUSB.SYS -> Logitech [Ver = 1.80.0.0 | Size = 37822 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]

(LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHidUsbK.sys -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 36736 bytes | Modified Date = 2006-03-28 17:55:20 | Attr =	]

(LKbdFlt2) Logitech Keyboard Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\lkbdflt2.sys -> Logitech [Ver = 9.41.1.5 | Size = 5840 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]

(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\lmouflt2.sys -> Logitech [Ver = 9.41.1.26 | Size = 67440 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]

(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LMouKE.Sys -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 69760 bytes | Modified Date = 2006-03-28 17:55:58 | Attr =	]

(LNE100) Linksys LNE100TX(v5) Fast Ethernet Adapter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\lne100v5.sys -> LinkSys Group Inc. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Modified Date = 2001-10-24 19:16:10 | Attr = R  ]

(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\Mmc_2k.sys -> Roxio [Ver = 5.2.0.91 | Size = 29638 bytes | Modified Date = 2002-04-10 18:01:00 | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 2001-08-17 14:52:12 | Attr =	]

(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %System32%\DRIVERS\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.121 | Size = 28352 bytes | Modified Date = 2006-04-22 11:29:45 | Attr =	]

(NaiFiltr) NaiFiltr [File_System | On_Demand | Stopped] -> %System32%\DRIVERS\NaiFiltr.sys ->  [Ver =  | Size = 23296 bytes | Modified Date = 2002-03-13 08:50:36 | Attr =	]

(NetACPI) NetACPI [Kernel | System | Stopped] -> %System32%\DRIVERS\dptfcomm.sys ->  [Ver =  | Size = 12288 bytes | Modified Date = 2005-09-02 22:36:42 | Attr =	]

(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 3532544 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]

(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 318, 0 | Size = 17153 bytes | Modified Date = 2002-07-19 11:22:08 | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PrevxDriver) PREVX Kernel Mode Agent [File_System | Boot | Running] -> %System32%\DRIVERS\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 302344 bytes | Modified Date = 2007-09-05 11:46:28 | Attr =	]

(PREVXEmulator) PREVX Emulator driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 107784 bytes | Modified Date = 2007-09-05 11:47:28 | Attr =	]

(PREVXTdi) PREVX TDI filter [Kernel | System | Running] -> %System32%\DRIVERS\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 28040 bytes | Modified Date = 2007-09-05 11:47:16 | Attr =	]

(PSSdk23) PSSdk23 [Kernel | On_Demand | Stopped] -> %System32%\Drivers\PsSdk23.drv -> File not found

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2002-08-29 06:00:00 | Attr =	]

(pwd_2k) pwd_2k [Kernel | System | Running] -> %System32%\DRIVERS\pwd_2K.sys -> Roxio [Ver = 5.2.0.91 | Size = 117898 bytes | Modified Date = 2002-04-10 18:00:44 | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.18a | Size = 20576 bytes | Modified Date = 2007-04-06 18:08:38 | Attr =	]

(PXRDDriver) PREVX Rootkitscan driver [Kernel | System | Running] -> %System32%\DRIVERS\PxRD.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 23048 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 2001-08-17 14:52:20 | Attr =	]

(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 2001-08-17 14:52:20 | Attr =	]

(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 2001-08-17 14:52:18 | Attr =	]

(RT61) Linksys Wireless-G PCI Adapter Driver(RT61) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\rt61.sys -> Ralink Technology Inc. [Ver = 1.00.03.0000 | Size = 356096 bytes | Modified Date = 2005-10-27 15:06:30 | Attr =	]

(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> %System32%\DDMI2.sys -> Gteko Ltd. [Ver = 1, 0, 0, 7 | Size = 6977 bytes | Modified Date = 2004-06-09 09:29:56 | Attr =	]

(Secdrv) Secdrv [Kernel | Auto | Stopped] -> %System32%\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 05:25:53 | Attr = R  ]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 2004-08-03 23:07:44 | Attr =	]

(smwdm) smwdm [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3515 | Size = 545208 bytes | Modified Date = 2002-08-05 10:23:58 | Attr =	]

(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 2001-08-17 13:56:16 | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 2001-08-17 15:07:44 | Attr =	]

(SVKP) SVKP [Kernel | Auto | Stopped] -> %System32%\SVKP.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 2005-09-07 19:51:07 | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 2001-08-17 15:07:34 | Attr =	]

(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 2001-08-17 15:07:36 | Attr =	]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 2001-08-17 15:07:40 | Attr =	]

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 2001-08-17 15:07:42 | Attr =	]

(ts_lb) ts_lb [Kernel | System | Running] -> %System32%\DRIVERS\ts_lb.sys -> TamoSoft [Ver = 1.2.1.4 built by: WinDDK | Size = 17920 bytes | Modified Date = 2006-02-08 22:17:22 | Attr =	]

(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %System32%\DRIVERS\udfreadr_xp.sys -> Roxio [Ver = 5.2.0.91 built by: WinDDK | Size = 206336 bytes | Modified Date = 2002-04-10 17:45:16 | Attr =	]

(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 2001-08-17 14:52:22 | Attr =	]

(USB-100) USB 10/100 Ethernet Adapter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\USBKR100.SYS -> USB Corporation Reserved. [Ver = 5.104.0521.2001 | Size = 27519 bytes | Modified Date = 2001-06-20 13:39:04 | Attr = R  ]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wanatw4.sys -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(xbreader) MaxDrive XBox Driver (xbreader.sys) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\xbreader.sys -> Thesycon GmbH, Germany [Ver = 1.41.512 | Size = 19677 bytes | Modified Date = 2001-01-02 22:53:30 | Attr =	]

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 108736 bytes | Modified Date = 2003-01-14 13:38:36 | Attr =	]

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 78272 bytes | Modified Date = 2003-01-14 13:38:30 | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2007-10-10 19:51:56 | Attr =	]

BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 2003-08-29 04:59:24 | Attr =	]

CookiePatrol -> %SystemDrive%\PROGRA~1\PESTPA~1\CookiePatrol.exe -> File not found

HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]

IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 2005-10-19 08:59:14 | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 2006-10-30 09:36:36 | Attr =	]

Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.60.570 | Size = 94208 bytes | Modified Date = 2006-03-28 17:38:32 | Attr =	]

MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 10 | Size = 245760 bytes | Modified Date = 2003-08-27 11:00:12 | Attr =	]

McRegWiz -> %ProgramFiles%\McAfee.com\Agent\mcregwiz.exe ->  [Ver = 1, 0, 0, 4 | Size = 135168 bytes | Modified Date = 2003-09-02 15:41:38 | Attr =	]

MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 7 | Size = 180224 bytes | Modified Date = 2003-08-21 18:10:50 | Attr =	]

Microsoft Works Portfolio -> %ProgramFiles%\Microsoft Works\wkssb.exe -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 725046 bytes | Modified Date = 2003-04-16 18:15:08 | Attr = R  ]

NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 7307264 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]

nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]

PestPatrol Control Center -> %SystemDrive%\PROGRA~1\PESTPA~1\PPControl.exe -> File not found

PPMemCheck -> %SystemDrive%\PROGRA~1\PESTPA~1\PPMemCheck.exe -> File not found

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 2006-10-25 18:58:18 | Attr =	]

REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2002-02-04 22:32:10 | Attr =	]

SBI -> %UserDesktop%\install_sbd_en.exe -> File not found

SpyHunter Security Suite -> %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter3.exe -> File not found

THGuard -> %ProgramFiles%\TrojanHunter 4.2\THGuard.exe -> Mischel Internet Security [Ver = 3.8.0.275 | Size = 1089024 bytes | Modified Date = 2005-02-19 16:36:48 | Attr =	]

TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 2005-02-11 13:54:34 | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

msnmsgr -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> File not found

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.60.606 | Size = 573440 bytes | Modified Date = 2006-05-05 06:42:00 | Attr =	]

< Bob Clarke Startup Folder > -> C:\Documents and Settings\Bob Clarke\Start Menu\Programs\Startup -> 

%UserStartup%\Yahoo! Widget Engine.lnk -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 2007-07-20 12:57:16 | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 2005-10-19 08:59:14 | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 

< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 

2 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 

Range1 [] -> * = Trusted sites |  -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 68 domain(s) found. -> 

  .[msn] -> My Computer -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr =	]

{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Need2Find\bar\2.bin\ND2FNBAR.DLL [Need2Find Bar BHO] -> Need2Find [Ver = 2, 0, 3, 20 | Size = 233472 bytes | Modified Date = 2005-09-15 14:51:44 | Attr =	]

{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} [HKEY_LOCAL_MACHINE] -> %AllUsersAppData%\Prevx\pxbho.dll [URLDetector Class] -> Prevx Ltd. [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 2006-01-10 12:09:54 | Attr =	]

{61E61BA1-45ED-4835-B504-BBB9C96CB9CD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\dpvtporrfd.dll [SXG Advisor] ->  [Ver =  | Size = 253952 bytes | Modified Date = 2008-01-24 12:00:04 | Attr =	]

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{BE8D0059-D24D-4919-B76F-99F4A2203647} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{CF4C34FE-2275-45EC-8C7E-2594CC1811A5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\elfwgps.dll [The elfwgps] ->  [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 2008-01-24 12:00:10 | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 2006-08-01 15:35:36 | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{000007C6-17DF-4438-92A4-DE5537471BA3} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{2F099F5D-7003-4441-82C2-707C7C273FEB} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 2006-08-01 15:35:36 | Attr =	]

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&Search ->  -> File not found

Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]

Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]

Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]

Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

{DF3AB0E8-A9F1-EE94-5037-4D5E6EAF3586} ->  -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{6F6F2743-5402-4876-AAA1-8FEF9FD1AD32} ->	(USB 10/100 Ethernet Adapter) -> 

{9E99C564-C221-45A9-8527-4CE1FBA2BADA} ->	() -> 

{C867633F-E466-4EBA-8DF7-3D3C65A1A528} ->	(Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)) -> 

{EFE6B014-908F-4406-9312-2F11C73F8DFC} ->	(Linksys LNE100TX(v5) Fast Ethernet Adapter) -> 

{FC52ECE1-CA5B-49C9-BE2A-68A8C4905ADF} ->	(Broadcom 440x 10/100 Integrated Controller) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

bw+0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw+0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw-0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw00:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw00s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw-0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw10:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw10s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw20:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw20s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw30:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw30s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw40:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw40s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw50:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw50s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw60:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw60s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw70:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw70s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw80:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw80s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw90:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw90s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwa0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwa0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwb0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwb0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwc0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwc0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwd0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwd0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwe0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwe0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwf0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwf0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwg0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwg0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwh0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwh0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwi0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwi0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwj0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwj0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwk0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwk0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwl0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwl0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwm0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwm0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwn0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwn0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwo0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwo0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwp0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwp0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwq0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwq0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwr0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwr0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bws0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bws0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwt0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwt0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwu0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwu0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwv0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwv0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bww0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bww0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwx0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwx0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwy0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwy0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwz0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwz0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

offline-8876480:{B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 

{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/Swdir_Alt_Pub.cab[Shockwave ActiveX Control] -> 

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 

{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> 

{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{D27CDB6E-AE6D-11CF-96B8-444553542500}[HKEY_LOCAL_MACHINE] -> http://active.macromedia.com/flash2/cabs/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> 

{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48}[HKEY_LOCAL_MACHINE] -> http://chat.yahoo.com/cab/yvwrctl.cab[Yahoo! Webcam Viewer Wrapper] -> 

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 00:56:44 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 12:49:30 | Attr =	]

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 00:56:44 | Attr =	]

schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 09:21:15 | Attr =	]

wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2004-08-04 00:56:48 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-04 00:56:46 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 00:56:46 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 00:56:58 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11484 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 00:56:44 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 00:56:58 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 00:56:48 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

bae7368af7dae521884fca -> %SystemDrive%\bae7368af7dae521884fca ->  [Folder | Created Date = 2008-01-27 22:06:41 | Attr =	]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-01-29 21:47:25 | Attr =	]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2008-01-29 21:57:52 | Attr =	]

hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]

pxcom.sys -> %System32%\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 14856 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]

PxEmu.sys -> %System32%\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 107784 bytes | Modified Date = 2007-09-05 11:47:28 | Attr =	]

pxfsf.sys -> %System32%\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 302344 bytes | Modified Date = 2007-09-05 11:46:28 | Attr =	]

PxRD.sys -> %System32%\drivers\PxRD.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 23048 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]

pxtdi.sys -> %System32%\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 28040 bytes | Modified Date = 2007-09-05 11:47:16 | Attr =	]

n?tepad.exe -> %System32%\nоtepad.exe ->  [Ver =  | Size = 430080 bytes | Modified Date = 2005-05-25 08:12:26 | Attr = RHS]

pxinst.dll -> %System32%\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 11264 bytes | Modified Date = 2007-09-05 11:47:18 | Attr =	]

spupdsvc.inf -> %System32%\spupdsvc.inf ->  [Ver =  | Size = 230 bytes | Modified Date = 2008-01-26 00:09:17 | Attr =	]

dpvtporrfd.dll -> %SystemRoot%\dpvtporrfd.dll ->  [Ver =  | Size = 253952 bytes | Modified Date = 2008-01-24 12:00:04 | Attr =	]

elfwgps.dll -> %SystemRoot%\elfwgps.dll ->  [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 2008-01-24 12:00:10 | Attr =	]

fvqkfsp.exe -> %SystemRoot%\fvqkfsp.exe ->  [Ver =  | Size = 81920 bytes | Modified Date = 2008-01-24 12:00:12 | Attr =	]

LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Created Date = 2008-01-27 22:11:41 | Attr =	]

4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]

QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =  H ]

TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 2008-01-29 21:38:47 | Attr =	]

thxcfg.ini -> %SystemRoot%\thxcfg.ini ->  [Ver =  | Size = 32 bytes | Modified Date = 2004-01-28 15:18:40 | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Prevx -> %AllUsersAppData%\Prevx ->  [Folder | Created Date = 2008-01-27 22:08:34 | Attr =	]

Hamachi -> %UserAppData%\Hamachi ->  [Folder | Created Date = 2008-01-21 13:37:02 | Attr =	]

Prevx -> %UserAppData%\Prevx ->  [Folder | Created Date = 2008-01-27 22:16:07 | Attr =	]

U3 -> %UserAppData%\U3 ->  [Folder | Created Date = 2008-01-21 10:59:07 | Attr =	]

=).ppt -> %UserDocuments%\=).ppt ->  [Ver =  | Size = 1159168 bytes | Modified Date = 2008-01-24 04:34:05 | Attr =	]

Ch 1.doc -> %UserDocuments%\Ch 1.doc ->  [Ver =  | Size = 28160 bytes | Modified Date = 2008-01-14 23:08:42 | Attr =	]

Ultimate Private Server info.doc -> %UserDocuments%\Ultimate Private Server info.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 2008-01-21 15:01:59 | Attr =	]

Workouting.xls -> %UserDocuments%\Workouting.xls ->  [Ver =  | Size = 13824 bytes | Modified Date = 2008-01-16 22:21:59 | Attr =	]

Yea i like cars.doc -> %UserDocuments%\Yea i like cars.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 2008-01-21 11:04:13 | Attr =	]

~$timate Private Server info.doc -> %UserDocuments%\~$timate Private Server info.doc ->  [Ver =  | Size = 162 bytes | Modified Date = 2008-01-22 23:55:16 | Attr =  H ]

Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2008-01-26 13:11:07 | Attr =	]

ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-01-29 21:50:58 | Attr =	]

HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2008-01-30 17:57:26 | Attr =	]

VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2008-01-29 21:57:46 | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2008-02-11 16:05:55 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 481041 bytes | Modified Date = 2008-02-11 16:04:09 | Attr =	]



[Files/Folders - Modified Within 30 days]

bae7368af7dae521884fca -> %SystemDrive%\bae7368af7dae521884fca ->  [Folder | Modified Date = 2008-01-28 03:07:11 | Attr =	]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-01-29 21:48:26 | Attr =	]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2008-01-27 22:11:06 | Attr =  HS]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-01-29 21:32:55 | Attr =	]

QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-01-29 21:38:45 | Attr =	]

RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2008-01-29 21:32:52 | Attr =  HS]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2008-01-29 21:57:52 | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-01-31 20:20:25 | Attr =	]

ETC -> %System32%\drivers\ETC ->  [Folder | Modified Date = 2008-01-29 21:35:11 | Attr =	]

hosts -> %System32%\drivers\ETC\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 2008-01-29 21:35:11 | Attr =	]

hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2008-01-27 22:11:43 | Attr =	]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CONFIG -> %System32%\CONFIG ->  [Folder | Modified Date = 2008-01-29 21:33:12 | Attr =	]

d3d9caps.dat -> %System32%\d3d9caps.dat ->  [Ver =  | Size = 1324 bytes | Modified Date = 2008-01-27 21:53:36 | Attr =	]

DLLCACHE -> %System32%\DLLCACHE ->  [Folder | Modified Date = 2008-01-28 03:01:59 | Attr = RHS]

DRIVERS -> %System32%\DRIVERS ->  [Folder | Modified Date = 2008-01-29 21:32:54 | Attr =	]

en-US -> %System32%\en-US ->  [Folder | Modified Date = 2008-01-26 00:11:50 | Attr =	]

IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 81920 bytes | Modified Date = 2008-01-27 14:37:54 | Attr =	]

nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 41237 bytes | Modified Date = 2008-01-27 21:53:35 | Attr =	]

n?tepad.exe -> %System32%\nоtepad.exe ->  [Ver =  | Size = 430080 bytes | Modified Date = 2005-05-25 08:12:26 | Attr = RHS]

spupdsvc.inf -> %System32%\spupdsvc.inf ->  [Ver =  | Size = 230 bytes | Modified Date = 2008-01-26 00:09:17 | Attr =	]

WPA.DBL -> %System32%\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 2008-02-04 18:14:41 | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-01-27 07:26:16 | Attr =  H ]

4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-02-04 18:14:07 | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-01-29 21:32:55 | Attr =   S]

dpvtporrfd.dll -> %SystemRoot%\dpvtporrfd.dll ->  [Ver =  | Size = 253952 bytes | Modified Date = 2008-01-24 12:00:04 | Attr =	]

elfwgps.dll -> %SystemRoot%\elfwgps.dll ->  [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 2008-01-24 12:00:10 | Attr =	]

erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-01-29 21:33:02 | Attr =	]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2008-01-29 21:32:54 | Attr = R S]

fvqkfsp.exe -> %SystemRoot%\fvqkfsp.exe ->  [Ver =  | Size = 81920 bytes | Modified Date = 2008-01-24 12:00:12 | Attr =	]

gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2008-01-18 20:31:10 | Attr = R  ]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2008-01-26 00:11:50 | Attr =	]

ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2008-01-26 00:09:55 | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2008-01-28 03:01:51 | Attr =	]

INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 2008-01-28 03:02:01 | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-01-27 22:58:21 | Attr =  HS]

LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Modified Date = 2008-01-27 22:12:14 | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-02-11 16:02:29 | Attr =	]

PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]

psJ0N -> %SystemRoot%\psJ0N ->  [Ver =  | Size = 24 bytes | Modified Date = 2008-01-28 03:06:58 | Attr =  H ]

QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =  H ]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 317 bytes | Modified Date = 2008-01-29 21:35:37 | Attr =	]

SYSTEM32 -> %System32% ->  [Folder | Modified Date = 2008-01-30 17:56:58 | Attr =	]

TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 2008-02-11 16:02:29 | Attr =	]

WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 2008-01-26 00:05:08 | Attr =	]

WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2008-01-27 22:10:39 | Attr =	]

AA56DBE391895083.job -> %SystemRoot%\tasks\AA56DBE391895083.job ->  [Ver =  | Size = 278 bytes | Modified Date = 2008-01-28 03:00:00 | Attr =  H ]

AFF92997909ADA9B.job -> %SystemRoot%\tasks\AFF92997909ADA9B.job ->  [Ver =  | Size = 238 bytes | Modified Date = 2008-01-28 03:00:00 | Attr =  H ]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-01-27 11:00:00 | Attr =	]

B053D8D9992C9D51.job -> %SystemRoot%\tasks\B053D8D9992C9D51.job ->  [Ver =  | Size = 274 bytes | Modified Date = 2008-01-28 03:00:00 | Attr =  H ]

McAfee.com Update Check (BASEMENT-Bob Clarke).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Bob Clarke).job ->  [Ver =  | Size = 504 bytes | Modified Date = 2008-01-28 03:06:00 | Attr =	]

McAfee.com Update Check (BASEMENT-Brandon Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Brandon Weckerly).job ->  [Ver =  | Size = 514 bytes | Modified Date = 2008-01-28 03:07:00 | Attr =	]

McAfee.com Update Check (BASEMENT-Christian Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Christian Weckerly).job ->  [Ver =  | Size = 520 bytes | Modified Date = 2008-01-28 03:06:00 | Attr =	]

McAfee.com Update Check (BASEMENT-Kyle Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Kyle Weckerly).job ->  [Ver =  | Size = 510 bytes | Modified Date = 2008-01-28 03:03:00 | Attr =	]

McAfee.com Update Check (BASEMENT-Todd Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Todd Weckerly).job ->  [Ver =  | Size = 508 bytes | Modified Date = 2008-01-28 03:03:00 | Attr =	]

McAfee.com Update Check (DC44LL21-Owner).job -> %SystemRoot%\tasks\McAfee.com Update Check (DC44LL21-Owner).job ->  [Ver =  | Size = 492 bytes | Modified Date = 2008-01-28 03:05:00 | Attr =	]

McAfee.com Update Check (OFFICE-Bob Clarke).job -> %SystemRoot%\tasks\McAfee.com Update Check (OFFICE-Bob Clarke).job ->  [Ver =  | Size = 504 bytes | Modified Date = 2008-01-28 03:04:00 | Attr =	]

RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 382 bytes | Modified Date = 2008-01-24 03:00:00 | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-01-28 03:07:35 | Attr =  H ]

WebReg 20030604155305.job -> %SystemRoot%\tasks\WebReg 20030604155305.job ->  [Ver =  | Size = 382 bytes | Modified Date = 2008-01-27 15:53:00 | Attr =	]

data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1728 bytes | Modified Date = 2008-01-29 21:32:01 | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 11094 bytes | Modified Date = 2005-09-30 19:36:29 | Attr =	]

wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2004-12-13 21:11:58 | Attr =	]

wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 41747 bytes | Modified Date = 2007-07-20 20:31:44 | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Modified Date = 2008-01-26 13:11:47 | Attr =	]

Prevx -> %AllUsersAppData%\Prevx ->  [Folder | Modified Date = 2008-01-27 22:16:07 | Attr =	]

Viewpoint -> %AllUsersAppData%\Viewpoint ->  [Folder | Modified Date = 2008-01-27 02:14:23 | Attr =	]

Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 2008-01-26 15:38:40 | Attr =	]

Hamachi -> %UserAppData%\Hamachi ->  [Folder | Modified Date = 2008-01-26 15:16:26 | Attr =	]

Prevx -> %UserAppData%\Prevx ->  [Folder | Modified Date = 2008-01-27 22:57:52 | Attr =	]

U3 -> %UserAppData%\U3 ->  [Folder | Modified Date = 2008-01-21 11:05:32 | Attr =	]

Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 2008-01-26 15:38:49 | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 88064 bytes | Modified Date = 2008-01-20 10:12:29 | Attr =	]

Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-27 21:43:11 | Attr =	]

=).ppt -> %UserDocuments%\=).ppt ->  [Ver =  | Size = 1159168 bytes | Modified Date = 2008-01-24 04:34:05 | Attr =	]

Ch 1.doc -> %UserDocuments%\Ch 1.doc ->  [Ver =  | Size = 28160 bytes | Modified Date = 2008-01-14 23:08:42 | Attr =	]

My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 2008-01-27 21:42:55 | Attr = R  ]

Note Pad -> %UserDocuments%\Note Pad ->  [Folder | Modified Date = 2008-01-21 09:51:33 | Attr =	]

Player -> %UserDocuments%\Player ->  [Folder | Modified Date = 2008-01-20 10:12:28 | Attr =	]

Ultimate Private Server info.doc -> %UserDocuments%\Ultimate Private Server info.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 2008-01-21 15:01:59 | Attr =	]

Work.xls -> %UserDocuments%\Work.xls ->  [Ver =  | Size = 23552 bytes | Modified Date = 2008-02-11 13:27:09 | Attr =	]

Workouting.xls -> %UserDocuments%\Workouting.xls ->  [Ver =  | Size = 13824 bytes | Modified Date = 2008-01-16 22:21:59 | Attr =	]

Yea i like cars.doc -> %UserDocuments%\Yea i like cars.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 2008-01-21 11:04:13 | Attr =	]

~$timate Private Server info.doc -> %UserDocuments%\~$timate Private Server info.doc ->  [Ver =  | Size = 162 bytes | Modified Date = 2008-01-22 23:55:16 | Attr =  H ]

Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2008-01-26 13:11:07 | Attr =	]

ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-01-29 21:50:58 | Attr =	]

HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2008-01-30 17:57:26 | Attr =	]

Microsoft Excel.lnk -> %UserDesktop%\Microsoft Excel.lnk ->  [Ver =  | Size = 2481 bytes | Modified Date = 2008-02-11 13:25:40 | Attr =	]

Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk ->  [Ver =  | Size = 2483 bytes | Modified Date = 2008-01-27 18:45:42 | Attr =	]

QuickTime Player.lnk -> %UserDesktop%\QuickTime Player.lnk ->  [Ver =  | Size = 2187 bytes | Modified Date = 2008-01-31 20:20:08 | Attr =	]

VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2008-01-29 21:57:46 | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2008-02-11 16:05:55 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 481041 bytes | Modified Date = 2008-02-11 16:04:09 | Attr =	]

Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 2008-01-26 13:11:02 | Attr =	]

Blizzard Entertainment -> %CommonProgramFiles%\Blizzard Entertainment ->  [Folder | Modified Date = 2008-01-27 08:43:58 | Attr =	]



< End of report >


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:48 AM

Posted 10 February 2008 - 04:53 PM

Hi shortyshorts7. Let's see if we can clean this up a bit. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
NY -> (SvcProc) System Startup Service  [Win32_Own | Auto | Stopped] -> %SystemRoot%\svcproc.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> CookiePatrol -> %SystemDrive%\PROGRA~1\PESTPA~1\CookiePatrol.exe
YN -> PestPatrol Control Center -> %SystemDrive%\PROGRA~1\PESTPA~1\PPControl.exe
YN -> PPMemCheck -> %SystemDrive%\PROGRA~1\PESTPA~1\PPMemCheck.exe
YN -> SBI -> %UserDesktop%\install_sbd_en.exe
YN -> SpyHunter Security Suite -> %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter3.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> msnmsgr -> %ProgramFiles%\MSN Messenger\msnmsgr.exe
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {61E61BA1-45ED-4835-B504-BBB9C96CB9CD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\dpvtporrfd.dll [SXG Advisor]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {90C61707-C8F8-43DB-A25C-C1F4B18EE41E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {BE8D0059-D24D-4919-B76F-99F4A2203647} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {CF4C34FE-2275-45EC-8C7E-2594CC1811A5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\elfwgps.dll [The elfwgps]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{000007C6-17DF-4438-92A4-DE5537471BA3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{2F099F5D-7003-4441-82C2-707C7C273FEB} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Search -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
YN -> {DF3AB0E8-A9F1-EE94-5037-4D5E6EAF3586} -> 
[Files/Folders - Created Within 30 days]
NY -> n?tepad.exe -> %System32%\nоtepad.exe
NY -> dpvtporrfd.dll -> %SystemRoot%\dpvtporrfd.dll
NY -> elfwgps.dll -> %SystemRoot%\elfwgps.dll
NY -> fvqkfsp.exe -> %SystemRoot%\fvqkfsp.exe
NY -> thxcfg.ini -> %SystemRoot%\thxcfg.ini
[Files/Folders - Modified Within 30 days]
NY -> n?tepad.exe -> %System32%\nоtepad.exe
NY -> dpvtporrfd.dll -> %SystemRoot%\dpvtporrfd.dll
NY -> elfwgps.dll -> %SystemRoot%\elfwgps.dll
NY -> fvqkfsp.exe -> %SystemRoot%\fvqkfsp.exe
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 shortyshorts7

shortyshorts7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 10 February 2008 - 05:19 PM

sorry for the delay i tried to figure away to get around this message (the system administrator has set policies to prevent this installation) but i couldn't figure a way to do it

#7 shortyshorts7

shortyshorts7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 10 February 2008 - 08:41 PM

got it to work finally now its running and on a hour so far for scanning

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:48 AM

Posted 10 February 2008 - 10:37 PM

Hi shortyshorts7. I'll bet the malware doesn't like it lol. Let it run and see what happens.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 shortyshorts7

shortyshorts7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 11 February 2008 - 06:09 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/12/2008 at 01:19 AM

Application Version : 3.9.1008

Core Rules Database Version : 3399
Trace Rules Database Version: 1391

Scan type : Complete Scan
Total Scan Time : 05:41:23

Memory items scanned : 120
Memory threats detected : 0
Registry items scanned : 6421
Registry threats detected : 39
File items scanned : 62955
File threats detected : 134

Kontiki Download Manager Browser Helper Object
HKLM\Software\Classes\CLSID\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\InprocServer32
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\InprocServer32#ThreadingModel
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\ProgID
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\Programmable
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\TypeLib
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\VersionIndependentProgID
C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
C:\PROGRAM FILES\NEED2FIND\BAR\2.BIN\ND2FNBAR.DLL
HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
C:\WINDOWS\SYS02.EXE
C:\WINDOWS\SYS05.EXE
C:\WINDOWS\SYS100.EXE
C:\WINDOWS\SYS1010.EXE
C:\WINDOWS\SYS1114.EXE
C:\WINDOWS\SYS1121.EXE
C:\WINDOWS\SYS1127.EXE
C:\WINDOWS\SYS1143.EXE
C:\WINDOWS\SYS118.EXE
C:\WINDOWS\SYS172.EXE
C:\WINDOWS\SYS1827.EXE
C:\WINDOWS\SYS188.EXE
C:\WINDOWS\SYS2533.EXE
C:\WINDOWS\SYS2554.EXE
C:\WINDOWS\SYS2556.EXE
C:\WINDOWS\SYS260.EXE
C:\WINDOWS\SYS2610.EXE
C:\WINDOWS\SYS263.EXE
C:\WINDOWS\SYS265.EXE
C:\WINDOWS\SYS266.EXE
C:\WINDOWS\SYS268.EXE
C:\WINDOWS\SYS269.EXE
C:\WINDOWS\SYS2723.EXE
C:\WINDOWS\SYS2740.EXE
C:\WINDOWS\SYS2744.EXE
C:\WINDOWS\SYS2746.EXE
C:\WINDOWS\SYS2748.EXE
C:\WINDOWS\SYS2753.EXE
C:\WINDOWS\SYS310.EXE
C:\WINDOWS\SYS32.EXE
C:\WINDOWS\SYS3558.EXE
C:\WINDOWS\SYS3614.EXE
C:\WINDOWS\SYS3618.EXE
C:\WINDOWS\SYS3624.EXE
C:\WINDOWS\SYS3629.EXE
C:\WINDOWS\SYS3633.EXE
C:\WINDOWS\SYS3636.EXE
C:\WINDOWS\SYS3638.EXE
C:\WINDOWS\SYS3642.EXE
C:\WINDOWS\SYS37.EXE
C:\WINDOWS\SYS4621.EXE
C:\WINDOWS\SYS4627.EXE
C:\WINDOWS\SYS4628.EXE
C:\WINDOWS\SYS4629.EXE
C:\WINDOWS\SYS4630.EXE
C:\WINDOWS\SYS4711.EXE
C:\WINDOWS\SYS4721.EXE
C:\WINDOWS\SYS4726.EXE
C:\WINDOWS\SYS4733.EXE
C:\WINDOWS\SYS4737.EXE
C:\WINDOWS\SYS4738.EXE
C:\WINDOWS\SYS5129.EXE
C:\WINDOWS\SYS5155.EXE
C:\WINDOWS\SYS5156.EXE
C:\WINDOWS\SYS5158.EXE
C:\WINDOWS\SYS5159.EXE
C:\WINDOWS\SYS527.EXE
C:\WINDOWS\SYS5953.EXE
C:\WINDOWS\SYS5957.EXE
C:\WINDOWS\SYS5958.EXE
C:\WINDOWS\SYS596.EXE
C:\WINDOWS\SYS735.EXE
C:\WINDOWS\SYS81.EXE
C:\WINDOWS\SYS837.EXE
C:\WINDOWS\SYS841.EXE
C:\WINDOWS\SYS850.EXE
C:\WINDOWS\SYS921.EXE
C:\WINDOWS\SYS94.EXE
C:\WINDOWS\SYS955.EXE
C:\WINDOWS\SYSTEM32\ZHMRVF.EXE.TCF

Spyware.WebSearch (WinTools/HuntBar)
HKLM\Software\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32#ThreadingModel
C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLST.DLL

Trojan.Zufyxe
HKLM\System\ControlSet003\Services\NetACPI
C:\WINDOWS\SYSTEM32\DRIVERS\DPTFCOMM.SYS
HKLM\System\ControlSet004\Services\NetACPI
HKLM\System\CurrentControlSet\Services\NetACPI

Adware.ZToolbar
C:\WINDOWS\system32\azebar.xml

Adware.QuickLinks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quicklinks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quicklinks#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quicklinks#DisplayName

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net

Adware.180solutions/Seekmo
HKCR\AppId\SeekmoTB.DLL
HKCR\AppId\SeekmoTB.DLL#AppID

Malware.MalwareAlarm
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm\Uninstall.exe
C:\Program Files\MalwareAlarm

Adware.Lop
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CREATIVELOCKS\GRAM BAIT BARB TEST.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\4WINDOWSETTINGSFAST\FACE BEEP.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\4WINDOWSETTINGSFAST\MEOWREAL.EXE
C:\DOCUMENTS AND SETTINGS\BOB CLARKE\APPLICATION DATA\CREATIVELOCKS\GRAM BAIT BARB TEST.EXE
C:\DOCUMENTS AND SETTINGS\BOB CLARKE\APPLICATION DATA\CREATIVELOCKS\IWXUDIOL.EXE
C:\DOCUMENTS AND SETTINGS\BOB CLARKE\APPLICATION DATA\CREATIVELOCKS\VC UP STORE.EXE
C:\DOCUMENTS AND SETTINGS\BOB CLARKE\APPLICATION DATA\CREATIVELOCKS\VQQUSOKL.EXE
C:\DOCUMENTS AND SETTINGS\BOB CLARKE\APPLICATION DATA\ONE VIEW PLATFORM\MIXLICENSE.EXE

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DOCUMENTS AND SETTINGS\BOB CLARKE\APPLICATION DATA\INSTALL_EN[1].EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP712\A0741932.EXE

Adware.SXGAdvisor
C:\DOCUMENTS AND SETTINGS\BOB CLARKE\DESKTOP\WINPFIND35U\MOVEDFILES\02112008_193434\WINDOWS\DPVTPORRFD.DLL

Trojan.Unclassified/EGO
C:\DOCUMENTS AND SETTINGS\BOB CLARKE\DESKTOP\WINPFIND35U\MOVEDFILES\02112008_193434\WINDOWS\ELFWGPS.DLL

Adware.ClickSpring
C:\Documents and Settings\Bob Clarke\Desktop\WinPFind35u\MovedFiles\02112008_193434\WINDOWS\System32\NTEPAD~1.EXE

Adware.Tracking Cookie
C:\Program Files\EarthLink 5.0\icsn@earthlink.net\Cookies\bob clarke@emarketmakers[2].txt

Trojan.NewDotNet-Installer
C:\PROGRAM FILES\FILESUBMIT\STONEHENGE_THEME.ZIP\NNEZTA388.EXE

Adware.Need2Find
C:\PROGRAM FILES\NEED2FIND\BAR\2.BIN\N2PLUGIN.DLL
C:\PROGRAM FILES\NEED2FIND\BAR\2.BIN\NPND2FN.DLL

Adware.MovieLand/MediaPipe
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\P2PNETWORKS\MPP2PL.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP712\A0741987.EXE

Adware.TrustInCash
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0740506.ICO
C:\WINDOWS\ADULT.ICO

Rogue.AdvancedCleaner
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP712\A0741939.EXE

Trojan.Downloader-Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP712\A0741973.DLL

Adware.ContextPlus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP712\A0741974.EXE

Trojan.DollarRevenue
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP712\A0741975.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP712\A0741976.EXE

Trojan.Downloader-Gen/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP712\A0741978.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP712\A0741979.DLL

Adware.Direct Revenue
C:\WINDOWS\HOEYKGCIQIJ.EXE.TCF

Adware.Unknown Origin
C:\WINDOWS\SHOPPING.ICO

Trojan.Downloader-Gen/Jovi
C:\WINDOWS\SYS142.EXE
C:\WINDOWS\SYS149.EXE
C:\WINDOWS\SYS154.EXE
C:\WINDOWS\SYS156.EXE
C:\WINDOWS\SYS23.EXE
C:\WINDOWS\SYS24.EXE
C:\WINDOWS\SYS2648.EXE
C:\WINDOWS\SYS270.EXE
C:\WINDOWS\SYS2711.EXE
C:\WINDOWS\SYS2713.EXE
C:\WINDOWS\SYS2716.EXE
C:\WINDOWS\SYS277.EXE
C:\WINDOWS\SYS3117.EXE
C:\WINDOWS\SYS3226.EXE
C:\WINDOWS\SYS3231.EXE
C:\WINDOWS\SYS3958.EXE
C:\WINDOWS\SYS4012.EXE
C:\WINDOWS\SYS4014.EXE
C:\WINDOWS\SYS5511.EXE
C:\WINDOWS\SYS5530.EXE
C:\WINDOWS\SYS5535.EXE

Adware.Spyware Labs
C:\WINDOWS\SYSTEM32\BO2802040113.DLL

Adware.NicTech Networks
C:\WINDOWS\SYSTEM32\D4J02E1MGH.DLL
C:\WINDOWS\SYSTEM32\DNNU0159E.DLL
C:\WINDOWS\SYSTEM32\M4PO0E73EH.DLL

Dialer.DialerPlatformLimited
C:\WINDOWS\SYSTEM32\MAXD.EXE

#10 shortyshorts7

shortyshorts7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 11 February 2008 - 06:12 AM

New Winpfind and what do you mean by a old log of Winpfind35 and ill be back around 3 pm have to go to school now

WinPFind35 logfile created on: 2008-02-12 06:11:10
WinPFind35U Version Beta49	 Folder = C:\Documents and Settings\Bob Clarke\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
 
510.48 Mb Total Physical Memory | 311.59 Mb Available Physical Memory | 61.04% Memory free
865.36 Mb Paging File | 741.73 Mb Available in Paging File | 85.71% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 37.38 Gb Free Space | 66.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 15.48 Mb Total Space | 2.93 Mb Free Space | 18.92% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Bob Clarke
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user

[Processes - Non-Microsoft Only]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-11 16:22:57 | Attr =	]
superantispyware.exe -> %UserDesktop%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 2007-06-21 14:06:28 | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 310272 bytes | Modified Date = 2008-02-10 13:10:14 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 00:56:50 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 2006-10-30 09:36:32 | Attr =	]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe ->  [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 2005-09-09 17:56:37 | Attr =	]
(McShield) McAfee.com McShield [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe ->  [Ver =  | Size = 225375 bytes | Modified Date = 2001-09-08 07:00:00 | Attr =	]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 8 | Size = 245760 bytes | Modified Date = 2003-08-21 18:06:56 | Attr =	]
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 106496 bytes | Modified Date = 2003-08-08 18:04:38 | Attr =	]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 2005-01-26 15:30:04 | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 131139 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 2005-01-26 15:25:34 | Attr =	]
(PREVXAgent) PREVXAgent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Prevx2\PXAgent.exe -> File not found
(PSEXESVC) PsExec [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 69718 bytes | Modified Date = 2005-01-26 15:20:14 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2007-10-10 19:51:56 | Attr =	]
BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 2003-08-29 04:59:24 | Attr =	]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 2005-10-19 08:59:14 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 2006-10-30 09:36:36 | Attr =	]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.60.570 | Size = 94208 bytes | Modified Date = 2006-03-28 17:38:32 | Attr =	]
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 10 | Size = 245760 bytes | Modified Date = 2003-08-27 11:00:12 | Attr =	]
McRegWiz -> %ProgramFiles%\McAfee.com\Agent\mcregwiz.exe ->  [Ver = 1, 0, 0, 4 | Size = 135168 bytes | Modified Date = 2003-09-02 15:41:38 | Attr =	]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 7 | Size = 180224 bytes | Modified Date = 2003-08-21 18:10:50 | Attr =	]
Microsoft Works Portfolio -> %ProgramFiles%\Microsoft Works\wkssb.exe -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 725046 bytes | Modified Date = 2003-04-16 18:15:08 | Attr = R  ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 7307264 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 2006-10-25 18:58:18 | Attr =	]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2002-02-04 22:32:10 | Attr =	]
THGuard -> %ProgramFiles%\TrojanHunter 4.2\THGuard.exe -> Mischel Internet Security [Ver = 3.8.0.275 | Size = 1089024 bytes | Modified Date = 2005-02-19 16:36:48 | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 2005-02-11 13:54:34 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SUPERAntiSpyware -> F:\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 2007-06-21 14:06:28 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.60.606 | Size = 573440 bytes | Modified Date = 2006-05-05 06:42:00 | Attr =	]
< Bob Clarke Startup Folder > -> C:\Documents and Settings\Bob Clarke\Start Menu\Programs\Startup -> 
%UserStartup%\Yahoo! Widget Engine.lnk -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 2007-07-20 12:57:16 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 2005-10-19 08:59:14 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
Range1 [] -> * = Trusted sites |  -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 68 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr =	]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} [HKEY_LOCAL_MACHINE] -> %AllUsersAppData%\Prevx\pxbho.dll [URLDetector Class] -> Prevx Ltd. [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 2006-01-10 12:09:54 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 2006-08-01 15:35:36 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 2006-08-01 15:35:36 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6F6F2743-5402-4876-AAA1-8FEF9FD1AD32} ->	(USB 10/100 Ethernet Adapter) -> 
{9E99C564-C221-45A9-8527-4CE1FBA2BADA} ->	() -> 
{C867633F-E466-4EBA-8DF7-3D3C65A1A528} ->	(Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)) -> 
{EFE6B014-908F-4406-9312-2F11C73F8DFC} ->	(Linksys LNE100TX(v5) Fast Ethernet Adapter) -> 
{FC52ECE1-CA5B-49C9-BE2A-68A8C4905ADF} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bw+0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw+0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw-0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw00:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw00s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw-0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw10:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw10s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw20:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw20s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw30:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw30s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw40:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw40s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw50:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw50s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw60:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw60s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw70:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw70s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw80:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw80s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw90:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw90s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwa0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwa0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwb0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwb0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwc0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwc0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwd0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwd0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwe0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwe0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwf0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwf0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwg0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwg0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwh0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwh0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwi0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwi0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwj0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwj0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwk0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwk0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwl0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwl0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwm0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwm0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwn0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwn0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwo0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwo0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwp0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwp0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwq0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwq0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwr0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwr0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bws0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bws0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwt0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwt0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwu0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwu0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwv0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwv0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bww0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bww0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwx0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwx0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwy0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwy0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwz0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwz0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
offline-8876480:{B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/Swdir_Alt_Pub.cab[Shockwave ActiveX Control] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> 
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{D27CDB6E-AE6D-11CF-96B8-444553542500}[HKEY_LOCAL_MACHINE] -> http://active.macromedia.com/flash2/cabs/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> 
{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48}[HKEY_LOCAL_MACHINE] -> http://chat.yahoo.com/cab/yvwrctl.cab[Yahoo! Webcam Viewer Wrapper] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 



[Files/Folders - Created Within 30 days]
bae7368af7dae521884fca -> %SystemDrive%\bae7368af7dae521884fca ->  [Folder | Created Date = 2008-01-27 22:06:41 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-01-29 21:47:25 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2008-01-29 21:57:52 | Attr =	]
hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]
pxcom.sys -> %System32%\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 14856 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]
PxEmu.sys -> %System32%\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 107784 bytes | Modified Date = 2007-09-05 11:47:28 | Attr =	]
pxfsf.sys -> %System32%\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 302344 bytes | Modified Date = 2007-09-05 11:46:28 | Attr =	]
PxRD.sys -> %System32%\drivers\PxRD.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 23048 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]
pxtdi.sys -> %System32%\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 28040 bytes | Modified Date = 2007-09-05 11:47:16 | Attr =	]
igfx.hlp -> %System32%\igfx.hlp ->  [Ver =  | Size = 57801 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]
pxinst.dll -> %System32%\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 11264 bytes | Modified Date = 2007-09-05 11:47:18 | Attr =	]
spupdsvc.inf -> %System32%\spupdsvc.inf ->  [Ver =  | Size = 230 bytes | Modified Date = 2008-01-26 00:09:17 | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =  H ]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 2008-01-29 21:38:47 | Attr =	]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

[Files/Folders - Modified Within 30 days]
bae7368af7dae521884fca -> %SystemDrive%\bae7368af7dae521884fca ->  [Folder | Modified Date = 2008-01-28 03:07:11 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-01-29 21:48:26 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2008-01-27 22:11:06 | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-02-12 05:53:30 | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-01-29 21:38:45 | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2008-01-29 21:32:52 | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2008-01-29 21:57:52 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-02-12 05:56:03 | Attr =	]
ETC -> %System32%\drivers\ETC ->  [Folder | Modified Date = 2008-01-29 21:35:11 | Attr =	]
hosts -> %System32%\drivers\ETC\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 2008-01-29 21:35:11 | Attr =	]
hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2008-02-11 19:38:27 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CONFIG -> %System32%\CONFIG ->  [Folder | Modified Date = 2008-01-29 21:33:12 | Attr =	]
d3d9caps.dat -> %System32%\d3d9caps.dat ->  [Ver =  | Size = 1324 bytes | Modified Date = 2008-02-12 05:58:39 | Attr =	]
DLLCACHE -> %System32%\DLLCACHE ->  [Folder | Modified Date = 2008-01-28 03:01:59 | Attr = RHS]
DRIVERS -> %System32%\DRIVERS ->  [Folder | Modified Date = 2008-01-29 21:32:54 | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 2008-01-26 00:11:50 | Attr =	]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 81920 bytes | Modified Date = 2008-01-27 14:37:54 | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 41237 bytes | Modified Date = 2008-02-12 05:58:34 | Attr =	]
spupdsvc.inf -> %System32%\spupdsvc.inf ->  [Ver =  | Size = 230 bytes | Modified Date = 2008-01-26 00:09:17 | Attr =	]
WPA.DBL -> %System32%\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 2008-02-12 06:01:29 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-01-27 07:26:16 | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-02-12 06:01:08 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-01-29 21:32:55 | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-01-29 21:33:02 | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2008-01-29 21:32:54 | Attr = R S]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2008-01-18 20:31:10 | Attr = R  ]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2008-01-26 00:11:50 | Attr =	]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2008-01-26 00:09:55 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2008-01-28 03:01:51 | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 2008-01-28 03:02:01 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-01-27 22:58:21 | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-02-12 06:00:38 | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]
psJ0N -> %SystemRoot%\psJ0N ->  [Ver =  | Size = 24 bytes | Modified Date = 2008-01-28 03:06:58 | Attr =  H ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 317 bytes | Modified Date = 2008-01-29 21:35:37 | Attr =	]
SYSTEM32 -> %System32% ->  [Folder | Modified Date = 2008-02-12 05:59:53 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2008-02-12 05:56:33 | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 2008-02-12 05:58:57 | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 2008-01-26 00:05:08 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2008-01-27 22:10:39 | Attr =	]
AA56DBE391895083.job -> %SystemRoot%\tasks\AA56DBE391895083.job ->  [Ver =  | Size = 278 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =  H ]
AFF92997909ADA9B.job -> %SystemRoot%\tasks\AFF92997909ADA9B.job ->  [Ver =  | Size = 238 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =  H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-01-27 11:00:00 | Attr =	]
B053D8D9992C9D51.job -> %SystemRoot%\tasks\B053D8D9992C9D51.job ->  [Ver =  | Size = 274 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =  H ]
McAfee.com Update Check (BASEMENT-Bob Clarke).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Bob Clarke).job ->  [Ver =  | Size = 504 bytes | Modified Date = 2008-02-12 05:56:01 | Attr =	]
McAfee.com Update Check (BASEMENT-Brandon Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Brandon Weckerly).job ->  [Ver =  | Size = 514 bytes | Modified Date = 2008-02-12 05:57:00 | Attr =	]
McAfee.com Update Check (BASEMENT-Christian Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Christian Weckerly).job ->  [Ver =  | Size = 520 bytes | Modified Date = 2008-02-12 05:56:01 | Attr =	]
McAfee.com Update Check (BASEMENT-Kyle Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Kyle Weckerly).job ->  [Ver =  | Size = 510 bytes | Modified Date = 2008-01-28 03:03:00 | Attr =	]
McAfee.com Update Check (BASEMENT-Todd Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Todd Weckerly).job ->  [Ver =  | Size = 508 bytes | Modified Date = 2008-01-28 03:03:00 | Attr =	]
McAfee.com Update Check (DC44LL21-Owner).job -> %SystemRoot%\tasks\McAfee.com Update Check (DC44LL21-Owner).job ->  [Ver =  | Size = 492 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =	]
McAfee.com Update Check (OFFICE-Bob Clarke).job -> %SystemRoot%\tasks\McAfee.com Update Check (OFFICE-Bob Clarke).job ->  [Ver =  | Size = 504 bytes | Modified Date = 2008-02-12 05:56:33 | Attr =	]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 448 bytes | Modified Date = 2008-02-12 05:58:18 | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 382 bytes | Modified Date = 2008-01-24 03:00:00 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-02-12 05:58:18 | Attr =  H ]
WebReg 20030604155305.job -> %SystemRoot%\tasks\WebReg 20030604155305.job ->  [Ver =  | Size = 382 bytes | Modified Date = 2008-01-27 15:53:00 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2008-02-12 05:55:41 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2008-02-12 05:55:41 | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1728 bytes | Modified Date = 2008-01-29 21:32:01 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 11094 bytes | Modified Date = 2005-09-30 19:36:29 | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2004-12-13 21:11:58 | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 41747 bytes | Modified Date = 2007-07-20 20:31:44 | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\Bob Clarke\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 2007-06-21 14:07:10 | Attr =	]
AIM_PH.dat -> C:\Documents and Settings\Bob Clarke\Local Settings\Temp\AIM_PH.dat ->  [Ver =  | Size = 1270 bytes | Modified Date = 2008-02-11 20:19:02 | Attr =	]

< End of report >


#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:48 AM

Posted 11 February 2008 - 12:32 PM

Hi shortyshorts7. Is this machine not capable of booting normally? Try doing a normal reboot and then performing a new scan with WinPFind35. Use these options:
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
for the fix log file, open the WinPFind35u folder on your desktop. Inside that should be a folder named MovedFiles. Open that folder. Inside that should be a file with a name in a date/time format like this: mmddyyyy_hhmmss.log. Open that file with Notepad and post the contents of the file back here with your new log from above.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 shortyshorts7

shortyshorts7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 11 February 2008 - 03:16 PM

WinPFind35 logfile created on: 2008-02-12 15:14:03

WinPFind35U Version Beta49	 Folder = C:\Documents and Settings\Bob Clarke\Desktop\WinPFind35u

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

 

510.48 Mb Total Physical Memory | 350.05 Mb Available Physical Memory | 68.57% Memory free

865.36 Mb Paging File | 779.11 Mb Available in Paging File | 90.03% Paging File free

Paging file location(s): C:\pagefile.sys 384 768;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.84 Gb Total Space | 37.38 Gb Free Space | 66.94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 15.48 Mb Total Space | 2.93 Mb Free Space | 18.92% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: OFFICE

Current User Name: Bob Clarke

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: Current user



[Processes - Non-Microsoft Only]

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-11 16:22:57 | Attr =	]

winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 310272 bytes | Modified Date = 2008-02-10 13:10:14 | Attr =	]



[Win32 Services - Non-Microsoft Only]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 00:56:50 | Attr =	]

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 2006-10-30 09:36:32 | Attr =	]

(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe ->  [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 2005-09-09 17:56:37 | Attr =	]

(McShield) McAfee.com McShield [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe ->  [Ver =  | Size = 225375 bytes | Modified Date = 2001-09-08 07:00:00 | Attr =	]

(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 8 | Size = 245760 bytes | Modified Date = 2003-08-21 18:06:56 | Attr =	]

(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 106496 bytes | Modified Date = 2003-08-08 18:04:38 | Attr =	]

(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 2005-01-26 15:30:04 | Attr =	]

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 131139 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]

(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 2005-01-26 15:25:34 | Attr =	]

(PREVXAgent) PREVXAgent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Prevx2\PXAgent.exe -> File not found

(PSEXESVC) PsExec [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]

(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 69718 bytes | Modified Date = 2005-01-26 15:20:14 | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(aeaudio) aeaudio [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 2002-04-01 14:15:00 | Attr =	]

(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 2001-08-17 14:51:56 | Attr =	]

(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 2004-08-03 23:07:44 | Attr =	]

(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Modified Date = 2004-08-03 22:31:20 | Attr =	]

(asc) asc [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 2001-08-17 14:52:00 | Attr =	]

(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 2001-08-17 14:51:58 | Attr =	]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ATWPKT2) ATWPKT2 [Kernel | On_Demand | Stopped] -> %ProgramFiles%\America Online 8.0\ATWPKT2.SYS -> File not found

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.51.0.0 built by: WinDDK | Size = 42368 bytes | Modified Date = 2003-01-15 15:45:06 | Attr =	]

(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 2003-08-29 04:59:24 | Attr =	]

(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %System32%\DRIVERS\cdr4_xp.sys -> Roxio [Ver = 5.2.0.91 | Size = 59440 bytes | Modified Date = 2003-03-19 12:16:22 | Attr =	]

(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\DRIVERS\cdralw2k.sys -> Roxio [Ver = 5.2.0.91 | Size = 23724 bytes | Modified Date = 2003-03-19 12:16:22 | Attr =	]

(cdudf_xp) cdudf_xp [File_System | System | Running] -> %System32%\DRIVERS\cdudf_xp.sys -> Roxio [Ver = 5.2.0.91 built by: WinDDK | Size = 236032 bytes | Modified Date = 2002-04-10 17:48:04 | Attr =	]

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 2001-08-17 14:51:54 | Attr =	]

(CV2K1) CommView Network Monitor [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\cv2k1.sys -> TamoSoft [Ver = 3.0.1.5 built by: WinDDK | Size = 12800 bytes | Modified Date = 2006-04-29 00:31:22 | Attr =	]

(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 2001-08-17 14:52:16 | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-03 23:07:18 | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-03 23:07:18 | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2002-08-29 06:00:00 | Attr =	]

(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\Dvd_2k.sys -> Roxio [Ver = 5.2.0.91 | Size = 24554 bytes | Modified Date = 2002-04-10 18:01:12 | Attr =	]

(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 2001-08-17 13:11:06 | Attr =	]

(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 2006-09-19 15:44:04 | Attr =	]

(gmer) gmer [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 2004-01-28 18:26:03 | Attr =	]

(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]

(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZid412.sys -> HP [Ver = 10, 1, 0, 2 | Size = 49664 bytes | Modified Date = 2005-10-27 19:24:28 | Attr = R  ]

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZipr12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 16496 bytes | Modified Date = 2005-10-27 19:24:29 | Attr = R  ]

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZius12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 21568 bytes | Modified Date = 2005-10-27 19:24:30 | Attr = R  ]

(i81x) i81x [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]

(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]

(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]

(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]

(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 2004-08-03 22:29:48 | Attr =	]

(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 2004-08-03 22:29:50 | Attr =	]

(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 2004-08-03 22:29:42 | Attr =	]

(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 2004-08-03 22:29:44 | Attr =	]

(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found

(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 2004-08-03 22:29:44 | Attr =	]

(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 2004-08-03 22:29:46 | Attr =	]

(ialm) ialm [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4342 | Size = 807998 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]

(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\L8042MOU.SYS -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 55808 bytes | Modified Date = 2006-03-28 17:55:04 | Attr =	]

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHIDFLT2.SYS -> Logitech [Ver = 9.41.1.10 | Size = 22064 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]

(LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LHidKE.Sys -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 27008 bytes | Modified Date = 2006-03-28 17:56:06 | Attr =	]

(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHIDUSB.SYS -> Logitech [Ver = 1.80.0.0 | Size = 37822 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]

(LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHidUsbK.sys -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 36736 bytes | Modified Date = 2006-03-28 17:55:20 | Attr =	]

(LKbdFlt2) Logitech Keyboard Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\lkbdflt2.sys -> Logitech [Ver = 9.41.1.5 | Size = 5840 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]

(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\lmouflt2.sys -> Logitech [Ver = 9.41.1.26 | Size = 67440 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]

(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LMouKE.Sys -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 69760 bytes | Modified Date = 2006-03-28 17:55:58 | Attr =	]

(LNE100) Linksys LNE100TX(v5) Fast Ethernet Adapter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\lne100v5.sys -> LinkSys Group Inc. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Modified Date = 2001-10-24 19:16:10 | Attr = R  ]

(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\Mmc_2k.sys -> Roxio [Ver = 5.2.0.91 | Size = 29638 bytes | Modified Date = 2002-04-10 18:01:00 | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 2001-08-17 14:52:12 | Attr =	]

(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %System32%\DRIVERS\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.121 | Size = 28352 bytes | Modified Date = 2006-04-22 11:29:45 | Attr =	]

(NaiFiltr) NaiFiltr [File_System | On_Demand | Stopped] -> %System32%\DRIVERS\NaiFiltr.sys ->  [Ver =  | Size = 23296 bytes | Modified Date = 2002-03-13 08:50:36 | Attr =	]

(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 3532544 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]

(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 318, 0 | Size = 17153 bytes | Modified Date = 2002-07-19 11:22:08 | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PrevxDriver) PREVX Kernel Mode Agent [File_System | Boot | Running] -> %System32%\DRIVERS\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 302344 bytes | Modified Date = 2007-09-05 11:46:28 | Attr =	]

(PREVXEmulator) PREVX Emulator driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 107784 bytes | Modified Date = 2007-09-05 11:47:28 | Attr =	]

(PREVXTdi) PREVX TDI filter [Kernel | System | Running] -> %System32%\DRIVERS\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 28040 bytes | Modified Date = 2007-09-05 11:47:16 | Attr =	]

(PSSdk23) PSSdk23 [Kernel | On_Demand | Stopped] -> %System32%\Drivers\PsSdk23.drv -> File not found

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2002-08-29 06:00:00 | Attr =	]

(pwd_2k) pwd_2k [Kernel | System | Running] -> %System32%\DRIVERS\pwd_2K.sys -> Roxio [Ver = 5.2.0.91 | Size = 117898 bytes | Modified Date = 2002-04-10 18:00:44 | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.18a | Size = 20576 bytes | Modified Date = 2007-04-06 18:08:38 | Attr =	]

(PXRDDriver) PREVX Rootkitscan driver [Kernel | System | Running] -> %System32%\DRIVERS\PxRD.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 23048 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 2001-08-17 14:52:20 | Attr =	]

(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 2001-08-17 14:52:20 | Attr =	]

(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 2001-08-17 14:52:18 | Attr =	]

(RT61) Linksys Wireless-G PCI Adapter Driver(RT61) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\rt61.sys -> Ralink Technology Inc. [Ver = 1.00.03.0000 | Size = 356096 bytes | Modified Date = 2005-10-27 15:06:30 | Attr =	]

(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> F:\SUPERAntiSpyware\SASDIFSV.SYS ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 2006-10-10 13:53:48 | Attr =	]

(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> F:\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2006-02-16 17:51:08 | Attr = R  ]

(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> F:\SUPERAntiSpyware\SASKUTIL.sys ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2007-02-27 12:39:26 | Attr =	]

(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> %System32%\DDMI2.sys -> Gteko Ltd. [Ver = 1, 0, 0, 7 | Size = 6977 bytes | Modified Date = 2004-06-09 09:29:56 | Attr =	]

(Secdrv) Secdrv [Kernel | Auto | Stopped] -> %System32%\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 05:25:53 | Attr = R  ]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 2004-08-03 23:07:44 | Attr =	]

(smwdm) smwdm [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3515 | Size = 545208 bytes | Modified Date = 2002-08-05 10:23:58 | Attr =	]

(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 2001-08-17 13:56:16 | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 2001-08-17 15:07:44 | Attr =	]

(SVKP) SVKP [Kernel | Auto | Stopped] -> %System32%\SVKP.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 2005-09-07 19:51:07 | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 2001-08-17 15:07:34 | Attr =	]

(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 2001-08-17 15:07:36 | Attr =	]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 2001-08-17 15:07:40 | Attr =	]

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 2001-08-17 15:07:42 | Attr =	]

(ts_lb) ts_lb [Kernel | System | Running] -> %System32%\DRIVERS\ts_lb.sys -> TamoSoft [Ver = 1.2.1.4 built by: WinDDK | Size = 17920 bytes | Modified Date = 2006-02-08 22:17:22 | Attr =	]

(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %System32%\DRIVERS\udfreadr_xp.sys -> Roxio [Ver = 5.2.0.91 built by: WinDDK | Size = 206336 bytes | Modified Date = 2002-04-10 17:45:16 | Attr =	]

(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 2001-08-17 14:52:22 | Attr =	]

(USB-100) USB 10/100 Ethernet Adapter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\USBKR100.SYS -> USB Corporation Reserved. [Ver = 5.104.0521.2001 | Size = 27519 bytes | Modified Date = 2001-06-20 13:39:04 | Attr = R  ]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wanatw4.sys -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(xbreader) MaxDrive XBox Driver (xbreader.sys) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\xbreader.sys -> Thesycon GmbH, Germany [Ver = 1.41.512 | Size = 19677 bytes | Modified Date = 2001-01-02 22:53:30 | Attr =	]

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 108736 bytes | Modified Date = 2003-01-14 13:38:36 | Attr =	]

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 78272 bytes | Modified Date = 2003-01-14 13:38:30 | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2007-10-10 19:51:56 | Attr =	]

BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 2003-08-29 04:59:24 | Attr =	]

HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]

IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 2005-10-19 08:59:14 | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 2006-10-30 09:36:36 | Attr =	]

Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.60.570 | Size = 94208 bytes | Modified Date = 2006-03-28 17:38:32 | Attr =	]

MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 10 | Size = 245760 bytes | Modified Date = 2003-08-27 11:00:12 | Attr =	]

McRegWiz -> %ProgramFiles%\McAfee.com\Agent\mcregwiz.exe ->  [Ver = 1, 0, 0, 4 | Size = 135168 bytes | Modified Date = 2003-09-02 15:41:38 | Attr =	]

MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 7 | Size = 180224 bytes | Modified Date = 2003-08-21 18:10:50 | Attr =	]

Microsoft Works Portfolio -> %ProgramFiles%\Microsoft Works\wkssb.exe -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 725046 bytes | Modified Date = 2003-04-16 18:15:08 | Attr = R  ]

NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 7307264 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]

nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 2006-10-25 18:58:18 | Attr =	]

REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2002-02-04 22:32:10 | Attr =	]

THGuard -> %ProgramFiles%\TrojanHunter 4.2\THGuard.exe -> Mischel Internet Security [Ver = 3.8.0.275 | Size = 1089024 bytes | Modified Date = 2005-02-19 16:36:48 | Attr =	]

TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 2005-02-11 13:54:34 | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

SUPERAntiSpyware -> F:\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 2007-06-21 14:06:28 | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.60.606 | Size = 573440 bytes | Modified Date = 2006-05-05 06:42:00 | Attr =	]

< Bob Clarke Startup Folder > -> C:\Documents and Settings\Bob Clarke\Start Menu\Programs\Startup -> 

%UserStartup%\Yahoo! Widget Engine.lnk -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 2007-07-20 12:57:16 | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 2005-10-19 08:59:14 | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 

< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 

2 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 

Range1 [] -> * = Trusted sites |  -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 68 domain(s) found. -> 

  .[msn] -> My Computer -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr =	]

{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} [HKEY_LOCAL_MACHINE] -> %AllUsersAppData%\Prevx\pxbho.dll [URLDetector Class] -> Prevx Ltd. [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 2006-01-10 12:09:54 | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 2006-08-01 15:35:36 | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 2006-08-01 15:35:36 | Attr =	]

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]

Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]

Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]

Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{6F6F2743-5402-4876-AAA1-8FEF9FD1AD32} ->	(USB 10/100 Ethernet Adapter) -> 

{9E99C564-C221-45A9-8527-4CE1FBA2BADA} ->	() -> 

{C867633F-E466-4EBA-8DF7-3D3C65A1A528} ->	(Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)) -> 

{EFE6B014-908F-4406-9312-2F11C73F8DFC} ->	(Linksys LNE100TX(v5) Fast Ethernet Adapter) -> 

{FC52ECE1-CA5B-49C9-BE2A-68A8C4905ADF} ->	(Broadcom 440x 10/100 Integrated Controller) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

bw+0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw+0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw-0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw00:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw00s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw-0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw10:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw10s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw20:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw20s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw30:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw30s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw40:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw40s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw50:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw50s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw60:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw60s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw70:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw70s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw80:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw80s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw90:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bw90s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwa0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwa0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwb0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwb0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwc0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwc0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwd0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwd0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwe0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwe0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwf0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwf0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwg0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwg0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwh0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwh0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwi0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwi0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwj0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwj0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwk0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwk0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwl0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwl0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwm0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwm0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwn0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwn0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwo0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwo0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwp0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwp0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwq0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwq0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwr0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwr0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bws0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bws0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwt0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwt0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwu0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwu0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwv0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwv0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bww0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bww0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwx0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwx0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwy0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwy0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwz0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

bwz0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

offline-8876480:{B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 

{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/Swdir_Alt_Pub.cab[Shockwave ActiveX Control] -> 

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 

{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> 

{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{D27CDB6E-AE6D-11CF-96B8-444553542500}[HKEY_LOCAL_MACHINE] -> http://active.macromedia.com/flash2/cabs/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> 

{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48}[HKEY_LOCAL_MACHINE] -> http://chat.yahoo.com/cab/yvwrctl.cab[Yahoo! Webcam Viewer Wrapper] -> 

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 00:56:44 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 12:49:30 | Attr =	]

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 00:56:44 | Attr =	]

schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 09:21:15 | Attr =	]

wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2004-08-04 00:56:48 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 776 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-04 00:56:46 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 00:56:46 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 00:56:58 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11497 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 00:56:44 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 00:56:58 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 00:56:48 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

bae7368af7dae521884fca -> %SystemDrive%\bae7368af7dae521884fca ->  [Folder | Created Date = 2008-01-27 22:06:41 | Attr =	]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-01-29 21:47:25 | Attr =	]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2008-01-29 21:57:52 | Attr =	]

hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]

pxcom.sys -> %System32%\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 14856 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]

PxEmu.sys -> %System32%\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 107784 bytes | Modified Date = 2007-09-05 11:47:28 | Attr =	]

pxfsf.sys -> %System32%\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 302344 bytes | Modified Date = 2007-09-05 11:46:28 | Attr =	]

PxRD.sys -> %System32%\drivers\PxRD.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 23048 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]

pxtdi.sys -> %System32%\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 28040 bytes | Modified Date = 2007-09-05 11:47:16 | Attr =	]

igfx.hlp -> %System32%\igfx.hlp ->  [Ver =  | Size = 57801 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]

pxinst.dll -> %System32%\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 11264 bytes | Modified Date = 2007-09-05 11:47:18 | Attr =	]

spupdsvc.inf -> %System32%\spupdsvc.inf ->  [Ver =  | Size = 230 bytes | Modified Date = 2008-01-26 00:09:17 | Attr =	]

PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]

QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =  H ]

TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 2008-01-29 21:38:47 | Attr =	]

3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Prevx -> %AllUsersAppData%\Prevx ->  [Folder | Created Date = 2008-01-27 22:08:34 | Attr =	]

SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-02-11 19:28:56 | Attr =	]

Hamachi -> %UserAppData%\Hamachi ->  [Folder | Created Date = 2008-01-21 13:37:02 | Attr =	]

Prevx -> %UserAppData%\Prevx ->  [Folder | Created Date = 2008-01-27 22:16:07 | Attr =	]

SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-02-11 19:28:56 | Attr =	]

U3 -> %UserAppData%\U3 ->  [Folder | Created Date = 2008-01-21 10:59:07 | Attr =	]

=).ppt -> %UserDocuments%\=).ppt ->  [Ver =  | Size = 1159168 bytes | Modified Date = 2008-01-24 04:34:05 | Attr =	]

Ch 1.doc -> %UserDocuments%\Ch 1.doc ->  [Ver =  | Size = 28160 bytes | Modified Date = 2008-01-14 23:08:42 | Attr =	]

Ultimate Private Server info.doc -> %UserDocuments%\Ultimate Private Server info.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 2008-01-21 15:01:59 | Attr =	]

Workouting.xls -> %UserDocuments%\Workouting.xls ->  [Ver =  | Size = 13824 bytes | Modified Date = 2008-01-16 22:21:59 | Attr =	]

Yea i like cars.doc -> %UserDocuments%\Yea i like cars.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 2008-01-21 11:04:13 | Attr =	]

~$timate Private Server info.doc -> %UserDocuments%\~$timate Private Server info.doc ->  [Ver =  | Size = 162 bytes | Modified Date = 2008-01-22 23:55:16 | Attr =  H ]

Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2008-01-26 13:11:07 | Attr =	]

ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-01-29 21:50:58 | Attr =	]

HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2008-01-30 17:57:26 | Attr =	]

New Microsoft Excel Worksheet.xls -> %UserDesktop%\New Microsoft Excel Worksheet.xls ->  [Ver =  | Size = 11776 bytes | Modified Date = 2008-02-12 06:00:19 | Attr =	]

SUPERAntiSpyware -> %UserDesktop%\SUPERAntiSpyware ->  [Folder | Created Date = 2008-02-12 06:02:45 | Attr =	]

VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2008-01-29 21:57:46 | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2008-02-11 16:05:55 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 481041 bytes | Modified Date = 2008-02-11 16:04:09 | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2008-02-11 16:56:07 | Attr =	]



[Files/Folders - Modified Within 30 days]

bae7368af7dae521884fca -> %SystemDrive%\bae7368af7dae521884fca ->  [Folder | Modified Date = 2008-01-28 03:07:11 | Attr =	]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-01-29 21:48:26 | Attr =	]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2008-01-27 22:11:06 | Attr =  HS]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-02-12 05:53:30 | Attr =	]

QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-01-29 21:38:45 | Attr =	]

RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2008-01-29 21:32:52 | Attr =  HS]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2008-01-29 21:57:52 | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-02-12 05:56:03 | Attr =	]

ETC -> %System32%\drivers\ETC ->  [Folder | Modified Date = 2008-01-29 21:35:11 | Attr =	]

hosts -> %System32%\drivers\ETC\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 2008-01-29 21:35:11 | Attr =	]

hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2008-02-11 19:38:27 | Attr =	]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CONFIG -> %System32%\CONFIG ->  [Folder | Modified Date = 2008-01-29 21:33:12 | Attr =	]

d3d9caps.dat -> %System32%\d3d9caps.dat ->  [Ver =  | Size = 1324 bytes | Modified Date = 2008-02-12 05:58:39 | Attr =	]

DLLCACHE -> %System32%\DLLCACHE ->  [Folder | Modified Date = 2008-01-28 03:01:59 | Attr = RHS]

DRIVERS -> %System32%\DRIVERS ->  [Folder | Modified Date = 2008-01-29 21:32:54 | Attr =	]

en-US -> %System32%\en-US ->  [Folder | Modified Date = 2008-01-26 00:11:50 | Attr =	]

IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 81920 bytes | Modified Date = 2008-01-27 14:37:54 | Attr =	]

nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 41237 bytes | Modified Date = 2008-02-12 15:09:08 | Attr =	]

spupdsvc.inf -> %System32%\spupdsvc.inf ->  [Ver =  | Size = 230 bytes | Modified Date = 2008-01-26 00:09:17 | Attr =	]

WPA.DBL -> %System32%\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 2008-02-12 15:12:27 | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-01-27 07:26:16 | Attr =  H ]

3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-02-12 15:12:10 | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-01-29 21:32:55 | Attr =   S]

erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-01-29 21:33:02 | Attr =	]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2008-01-29 21:32:54 | Attr = R S]

gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2008-01-18 20:31:10 | Attr = R  ]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2008-01-26 00:11:50 | Attr =	]

ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2008-01-26 00:09:55 | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2008-01-28 03:01:51 | Attr =	]

INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 2008-01-28 03:02:01 | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-01-27 22:58:21 | Attr =  HS]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-02-12 15:10:39 | Attr =	]

PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]

psJ0N -> %SystemRoot%\psJ0N ->  [Ver =  | Size = 24 bytes | Modified Date = 2008-01-28 03:06:58 | Attr =  H ]

QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =  H ]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 317 bytes | Modified Date = 2008-01-29 21:35:37 | Attr =	]

SYSTEM32 -> %System32% ->  [Folder | Modified Date = 2008-02-12 05:59:53 | Attr =	]

Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2008-02-12 15:09:50 | Attr =   S]

TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 2008-02-12 15:09:24 | Attr =	]

WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 2008-01-26 00:05:08 | Attr =	]

WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2008-01-27 22:10:39 | Attr =	]

AA56DBE391895083.job -> %SystemRoot%\tasks\AA56DBE391895083.job ->  [Ver =  | Size = 278 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =  H ]

AFF92997909ADA9B.job -> %SystemRoot%\tasks\AFF92997909ADA9B.job ->  [Ver =  | Size = 238 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =  H ]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-01-27 11:00:00 | Attr =	]

B053D8D9992C9D51.job -> %SystemRoot%\tasks\B053D8D9992C9D51.job ->  [Ver =  | Size = 274 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =  H ]

McAfee.com Update Check (BASEMENT-Bob Clarke).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Bob Clarke).job ->  [Ver =  | Size = 504 bytes | Modified Date = 2008-02-12 05:56:01 | Attr =	]

McAfee.com Update Check (BASEMENT-Brandon Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Brandon Weckerly).job ->  [Ver =  | Size = 514 bytes | Modified Date = 2008-02-12 05:57:00 | Attr =	]

McAfee.com Update Check (BASEMENT-Christian Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Christian Weckerly).job ->  [Ver =  | Size = 520 bytes | Modified Date = 2008-02-12 05:56:01 | Attr =	]

McAfee.com Update Check (BASEMENT-Kyle Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Kyle Weckerly).job ->  [Ver =  | Size = 510 bytes | Modified Date = 2008-01-28 03:03:00 | Attr =	]

McAfee.com Update Check (BASEMENT-Todd Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Todd Weckerly).job ->  [Ver =  | Size = 508 bytes | Modified Date = 2008-01-28 03:03:00 | Attr =	]

McAfee.com Update Check (DC44LL21-Owner).job -> %SystemRoot%\tasks\McAfee.com Update Check (DC44LL21-Owner).job ->  [Ver =  | Size = 492 bytes | Modified Date = 2008-02-12 15:10:00 | Attr =	]

McAfee.com Update Check (OFFICE-Bob Clarke).job -> %SystemRoot%\tasks\McAfee.com Update Check (OFFICE-Bob Clarke).job ->  [Ver =  | Size = 504 bytes | Modified Date = 2008-02-12 15:09:50 | Attr =	]

RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 448 bytes | Modified Date = 2008-02-12 15:09:08 | Attr =	]

RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 382 bytes | Modified Date = 2008-01-24 03:00:00 | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-02-12 15:10:52 | Attr =  H ]

WebReg 20030604155305.job -> %SystemRoot%\tasks\WebReg 20030604155305.job ->  [Ver =  | Size = 382 bytes | Modified Date = 2008-01-27 15:53:00 | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2008-02-12 05:55:41 | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2008-02-12 05:55:41 | Attr =	]

data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1728 bytes | Modified Date = 2008-01-29 21:32:01 | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 11094 bytes | Modified Date = 2005-09-30 19:36:29 | Attr =	]

wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2004-12-13 21:11:58 | Attr =	]

wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 41747 bytes | Modified Date = 2007-07-20 20:31:44 | Attr =	]

SSUPDATE.EXE -> C:\Documents and Settings\Bob Clarke\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 2007-06-21 14:07:10 | Attr =	]

AIM_PH.dat -> C:\Documents and Settings\Bob Clarke\Local Settings\Temp\AIM_PH.dat ->  [Ver =  | Size = 1270 bytes | Modified Date = 2008-02-11 20:19:02 | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Modified Date = 2008-01-26 13:11:47 | Attr =	]

Prevx -> %AllUsersAppData%\Prevx ->  [Folder | Modified Date = 2008-01-27 22:16:07 | Attr =	]

SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-02-11 19:28:56 | Attr =	]

Viewpoint -> %AllUsersAppData%\Viewpoint ->  [Folder | Modified Date = 2008-01-27 02:14:23 | Attr =	]

Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 2008-01-26 15:38:40 | Attr =	]

Hamachi -> %UserAppData%\Hamachi ->  [Folder | Modified Date = 2008-01-26 15:16:26 | Attr =	]

Prevx -> %UserAppData%\Prevx ->  [Folder | Modified Date = 2008-01-27 22:57:52 | Attr =	]

SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-02-11 19:28:56 | Attr =	]

U3 -> %UserAppData%\U3 ->  [Folder | Modified Date = 2008-01-21 11:05:32 | Attr =	]

Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 2008-01-26 15:38:49 | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 88064 bytes | Modified Date = 2008-01-20 10:12:29 | Attr =	]

IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 3240082 bytes | Modified Date = 2008-02-12 15:10:40 | Attr =  H ]

Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-27 21:43:11 | Attr =	]

=).ppt -> %UserDocuments%\=).ppt ->  [Ver =  | Size = 1159168 bytes | Modified Date = 2008-01-24 04:34:05 | Attr =	]

Ch 1.doc -> %UserDocuments%\Ch 1.doc ->  [Ver =  | Size = 28160 bytes | Modified Date = 2008-01-14 23:08:42 | Attr =	]

My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 2008-01-27 21:42:55 | Attr = R  ]

Note Pad -> %UserDocuments%\Note Pad ->  [Folder | Modified Date = 2008-01-21 09:51:33 | Attr =	]

Player -> %UserDocuments%\Player ->  [Folder | Modified Date = 2008-01-20 10:12:28 | Attr =	]

Ultimate Private Server info.doc -> %UserDocuments%\Ultimate Private Server info.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 2008-01-21 15:01:59 | Attr =	]

Work.xls -> %UserDocuments%\Work.xls ->  [Ver =  | Size = 23552 bytes | Modified Date = 2008-02-11 13:27:09 | Attr =	]

Workouting.xls -> %UserDocuments%\Workouting.xls ->  [Ver =  | Size = 13824 bytes | Modified Date = 2008-01-16 22:21:59 | Attr =	]

Yea i like cars.doc -> %UserDocuments%\Yea i like cars.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 2008-01-21 11:04:13 | Attr =	]

~$timate Private Server info.doc -> %UserDocuments%\~$timate Private Server info.doc ->  [Ver =  | Size = 162 bytes | Modified Date = 2008-01-22 23:55:16 | Attr =  H ]

Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2008-01-26 13:11:07 | Attr =	]

ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-01-29 21:50:58 | Attr =	]

HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2008-01-30 17:57:26 | Attr =	]

Microsoft Excel.lnk -> %UserDesktop%\Microsoft Excel.lnk ->  [Ver =  | Size = 2481 bytes | Modified Date = 2008-02-11 16:23:29 | Attr =	]

Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk ->  [Ver =  | Size = 2483 bytes | Modified Date = 2008-01-27 18:45:42 | Attr =	]

New Microsoft Excel Worksheet.xls -> %UserDesktop%\New Microsoft Excel Worksheet.xls ->  [Ver =  | Size = 11776 bytes | Modified Date = 2008-02-12 06:00:19 | Attr =	]

QuickTime Player.lnk -> %UserDesktop%\QuickTime Player.lnk ->  [Ver =  | Size = 2187 bytes | Modified Date = 2008-01-31 20:20:08 | Attr =	]

SUPERAntiSpyware -> %UserDesktop%\SUPERAntiSpyware ->  [Folder | Modified Date = 2008-02-12 06:07:07 | Attr =	]

VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2008-01-29 21:57:46 | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2008-02-11 19:38:39 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 481041 bytes | Modified Date = 2008-02-11 16:04:09 | Attr =	]

Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 2008-01-26 13:11:02 | Attr =	]

Blizzard Entertainment -> %CommonProgramFiles%\Blizzard Entertainment ->  [Folder | Modified Date = 2008-01-27 08:43:58 | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2008-02-11 16:56:07 | Attr =	]



< End of report >


#13 shortyshorts7

shortyshorts7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 11 February 2008 - 03:18 PM

thats my fix log file and i can kinda load up normally but only 2 icons apear on my desktop and thats it. and ill be back around 6 pm have work
Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Service SvcProc stopped successfully.
Service SvcProc deleted successfully.
File C:\WINDOWS\svcproc.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CookiePatrol deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PestPatrol Control Center deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PPMemCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SBI deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpyHunter Security Suite deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E61BA1-45ED-4835-B504-BBB9C96CB9CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61E61BA1-45ED-4835-B504-BBB9C96CB9CD}\ deleted successfully.
C:\WINDOWS\dpvtporrfd.dll unregistered successfully.
C:\WINDOWS\dpvtporrfd.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{CF4C34FE-2275-45EC-8C7E-2594CC1811A5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4C34FE-2275-45EC-8C7E-2594CC1811A5}\ deleted successfully.
C:\WINDOWS\elfwgps.dll unregistered successfully.
C:\WINDOWS\elfwgps.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{000007C6-17DF-4438-92A4-DE5537471BA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000007C6-17DF-4438-92A4-DE5537471BA3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2F099F5D-7003-4441-82C2-707C7C273FEB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F099F5D-7003-4441-82C2-707C7C273FEB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\{DF3AB0E8-A9F1-EE94-5037-4D5E6EAF3586} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF3AB0E8-A9F1-EE94-5037-4D5E6EAF3586}\ not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\nоtepad.exe moved successfully.
File C:\WINDOWS\dpvtporrfd.dll not found!
File C:\WINDOWS\elfwgps.dll not found!
C:\WINDOWS\fvqkfsp.exe moved successfully.
C:\WINDOWS\thxcfg.ini moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\nоtepad.exe not found!
File C:\WINDOWS\dpvtporrfd.dll not found!
File C:\WINDOWS\elfwgps.dll not found!
File C:\WINDOWS\fvqkfsp.exe not found!
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:48 AM

Posted 11 February 2008 - 04:15 PM

Hi shortyshorts7. Go ahead and boot it up normally. If you need to download WinPFind35 to this user desktop go ahead and do so. Then run a log with the above options. I need to see what's running during a normal bootup (unless you always want to use Safe Mode).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 shortyshorts7

shortyshorts7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 11 February 2008 - 05:56 PM

Lol i figured out why i didn't see anything its because i had my monitor cord hooked up to my main board video card and not my graphics card but i fixed it and here is the log while booted up normally.

WinPFind35 logfile created on: 2008-02-12 17:55:04
WinPFind35U Version Beta49	 Folder = C:\Documents and Settings\Bob Clarke\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
 
510.48 Mb Total Physical Memory | 165.68 Mb Available Physical Memory | 32.45% Memory free
865.36 Mb Paging File | 569.93 Mb Available in Paging File | 65.86% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 36.88 Gb Free Space | 66.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 15.48 Mb Total Space | 2.93 Mb Free Space | 18.92% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Bob Clarke
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
mcvsrte.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 106496 bytes | Modified Date = 2003-08-08 18:04:38 | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 131139 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]
bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 2003-08-29 04:59:24 | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 2005-02-11 13:54:34 | Attr =	]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 10 | Size = 245760 bytes | Modified Date = 2003-08-27 11:00:12 | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 2006-10-30 09:36:36 | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee.com\VSO\McShield.exe ->  [Ver =  | Size = 225375 bytes | Modified Date = 2001-09-08 07:00:00 | Attr =	]
thguard.exe -> %ProgramFiles%\TrojanHunter 4.2\THGuard.exe -> Mischel Internet Security [Ver = 3.8.0.275 | Size = 1089024 bytes | Modified Date = 2005-02-19 16:36:48 | Attr =	]
superantispyware.exe -> F:\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 2007-06-21 14:06:28 | Attr =	]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.60.606 | Size = 573440 bytes | Modified Date = 2006-05-05 06:42:00 | Attr =	]
yahoowidgetengine.exe -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 2007-07-20 12:57:16 | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 2006-10-30 09:36:32 | Attr =	]
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KhalShared\KHALMNPR.exe -> Logitech Inc. [Ver = 2.60.570 | Size = 94208 bytes | Modified Date = 2006-03-28 17:38:32 | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-11 16:22:57 | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 310272 bytes | Modified Date = 2008-02-10 13:10:14 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 00:56:50 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 2006-10-30 09:36:32 | Attr =	]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe ->  [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 2005-09-09 17:56:37 | Attr =	]
(McShield) McAfee.com McShield [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe ->  [Ver =  | Size = 225375 bytes | Modified Date = 2001-09-08 07:00:00 | Attr =	]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 8 | Size = 245760 bytes | Modified Date = 2003-08-21 18:06:56 | Attr =	]
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 106496 bytes | Modified Date = 2003-08-08 18:04:38 | Attr =	]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 2005-01-26 15:30:04 | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 131139 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 2005-01-26 15:25:34 | Attr =	]
(PREVXAgent) PREVXAgent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Prevx2\PXAgent.exe -> File not found
(PSEXESVC) PsExec [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 69718 bytes | Modified Date = 2005-01-26 15:20:14 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 2002-04-01 14:15:00 | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 2001-08-17 14:51:56 | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 2004-08-03 23:07:44 | Attr =	]
(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Modified Date = 2004-08-03 22:31:20 | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 2001-08-17 14:52:00 | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 2001-08-17 14:51:58 | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ATWPKT2) ATWPKT2 [Kernel | On_Demand | Stopped] -> %ProgramFiles%\America Online 8.0\ATWPKT2.SYS -> File not found
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.51.0.0 built by: WinDDK | Size = 42368 bytes | Modified Date = 2003-01-15 15:45:06 | Attr =	]
(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 2003-08-29 04:59:24 | Attr =	]
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %System32%\DRIVERS\cdr4_xp.sys -> Roxio [Ver = 5.2.0.91 | Size = 59440 bytes | Modified Date = 2003-03-19 12:16:22 | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\DRIVERS\cdralw2k.sys -> Roxio [Ver = 5.2.0.91 | Size = 23724 bytes | Modified Date = 2003-03-19 12:16:22 | Attr =	]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %System32%\DRIVERS\cdudf_xp.sys -> Roxio [Ver = 5.2.0.91 built by: WinDDK | Size = 236032 bytes | Modified Date = 2002-04-10 17:48:04 | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 2001-08-17 14:51:54 | Attr =	]
(CV2K1) CommView Network Monitor [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\cv2k1.sys -> TamoSoft [Ver = 3.0.1.5 built by: WinDDK | Size = 12800 bytes | Modified Date = 2006-04-29 00:31:22 | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 2001-08-17 14:52:16 | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-03 23:07:18 | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-03 23:07:18 | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2002-08-29 06:00:00 | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\Dvd_2k.sys -> Roxio [Ver = 5.2.0.91 | Size = 24554 bytes | Modified Date = 2002-04-10 18:01:12 | Attr =	]
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 2001-08-17 13:11:06 | Attr =	]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 2006-09-19 15:44:04 | Attr =	]
(gmer) gmer [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 2004-01-28 18:26:03 | Attr =	]
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZid412.sys -> HP [Ver = 10, 1, 0, 2 | Size = 49664 bytes | Modified Date = 2005-10-27 19:24:28 | Attr = R  ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZipr12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 16496 bytes | Modified Date = 2005-10-27 19:24:29 | Attr = R  ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZius12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 21568 bytes | Modified Date = 2005-10-27 19:24:30 | Attr = R  ]
(i81x) i81x [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 2004-08-03 22:29:38 | Attr =	]
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 2004-08-03 22:29:48 | Attr =	]
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 2004-08-03 22:29:50 | Attr =	]
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 2004-08-03 22:29:42 | Attr =	]
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 2004-08-03 22:29:44 | Attr =	]
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 2004-08-03 22:29:44 | Attr =	]
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 2004-08-03 22:29:46 | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4342 | Size = 807998 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\L8042MOU.SYS -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 55808 bytes | Modified Date = 2006-03-28 17:55:04 | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHIDFLT2.SYS -> Logitech [Ver = 9.41.1.10 | Size = 22064 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]
(LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LHidKE.Sys -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 27008 bytes | Modified Date = 2006-03-28 17:56:06 | Attr =	]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHIDUSB.SYS -> Logitech [Ver = 1.80.0.0 | Size = 37822 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]
(LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHidUsbK.sys -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 36736 bytes | Modified Date = 2006-03-28 17:55:20 | Attr =	]
(LKbdFlt2) Logitech Keyboard Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\lkbdflt2.sys -> Logitech [Ver = 9.41.1.5 | Size = 5840 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\lmouflt2.sys -> Logitech [Ver = 9.41.1.26 | Size = 67440 bytes | Modified Date = 2001-09-19 05:11:00 | Attr =	]
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LMouKE.Sys -> Logitech, Inc. [Ver = 2.60.570.00 | Size = 69760 bytes | Modified Date = 2006-03-28 17:55:58 | Attr =	]
(LNE100) Linksys LNE100TX(v5) Fast Ethernet Adapter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\lne100v5.sys -> LinkSys Group Inc. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Modified Date = 2001-10-24 19:16:10 | Attr = R  ]
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %System32%\DRIVERS\Mmc_2k.sys -> Roxio [Ver = 5.2.0.91 | Size = 29638 bytes | Modified Date = 2002-04-10 18:01:00 | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 2001-08-17 14:52:12 | Attr =	]
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %System32%\DRIVERS\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.121 | Size = 28352 bytes | Modified Date = 2006-04-22 11:29:45 | Attr =	]
(NaiFiltr) NaiFiltr [File_System | On_Demand | Running] -> %System32%\DRIVERS\NaiFiltr.sys ->  [Ver =  | Size = 23296 bytes | Modified Date = 2002-03-13 08:50:36 | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 3532544 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 318, 0 | Size = 17153 bytes | Modified Date = 2002-07-19 11:22:08 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PrevxDriver) PREVX Kernel Mode Agent [File_System | Boot | Running] -> %System32%\DRIVERS\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 302344 bytes | Modified Date = 2007-09-05 11:46:28 | Attr =	]
(PREVXEmulator) PREVX Emulator driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 107784 bytes | Modified Date = 2007-09-05 11:47:28 | Attr =	]
(PREVXTdi) PREVX TDI filter [Kernel | System | Running] -> %System32%\DRIVERS\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 28040 bytes | Modified Date = 2007-09-05 11:47:16 | Attr =	]
(PSSdk23) PSSdk23 [Kernel | On_Demand | Stopped] -> %System32%\Drivers\PsSdk23.drv -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2002-08-29 06:00:00 | Attr =	]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %System32%\DRIVERS\pwd_2K.sys -> Roxio [Ver = 5.2.0.91 | Size = 117898 bytes | Modified Date = 2002-04-10 18:00:44 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.18a | Size = 20576 bytes | Modified Date = 2007-04-06 18:08:38 | Attr =	]
(PXRDDriver) PREVX Rootkitscan driver [Kernel | System | Running] -> %System32%\DRIVERS\PxRD.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 23048 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 2001-08-17 14:52:20 | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 2001-08-17 14:52:20 | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 2001-08-17 14:52:18 | Attr =	]
(RT61) Linksys Wireless-G PCI Adapter Driver(RT61) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\rt61.sys -> Ralink Technology Inc. [Ver = 1.00.03.0000 | Size = 356096 bytes | Modified Date = 2005-10-27 15:06:30 | Attr =	]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> F:\SUPERAntiSpyware\SASDIFSV.SYS ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 2006-10-10 13:53:48 | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> F:\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2006-02-16 17:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> F:\SUPERAntiSpyware\SASKUTIL.sys ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2007-02-27 12:39:26 | Attr =	]
(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> %System32%\DDMI2.sys -> Gteko Ltd. [Ver = 1, 0, 0, 7 | Size = 6977 bytes | Modified Date = 2004-06-09 09:29:56 | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 05:25:53 | Attr = R  ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 2004-08-03 23:07:44 | Attr =	]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3515 | Size = 545208 bytes | Modified Date = 2002-08-05 10:23:58 | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 2001-08-17 13:56:16 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 2001-08-17 15:07:44 | Attr =	]
(SVKP) SVKP [Kernel | Auto | Running] -> %System32%\SVKP.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 2005-09-07 19:51:07 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 2001-08-17 15:07:34 | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 2001-08-17 15:07:36 | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 2001-08-17 15:07:40 | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 2001-08-17 15:07:42 | Attr =	]
(ts_lb) ts_lb [Kernel | System | Running] -> %System32%\DRIVERS\ts_lb.sys -> TamoSoft [Ver = 1.2.1.4 built by: WinDDK | Size = 17920 bytes | Modified Date = 2006-02-08 22:17:22 | Attr =	]
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %System32%\DRIVERS\udfreadr_xp.sys -> Roxio [Ver = 5.2.0.91 built by: WinDDK | Size = 206336 bytes | Modified Date = 2002-04-10 17:45:16 | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 2001-08-17 14:52:22 | Attr =	]
(USB-100) USB 10/100 Ethernet Adapter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\USBKR100.SYS -> USB Corporation Reserved. [Ver = 5.104.0521.2001 | Size = 27519 bytes | Modified Date = 2001-06-20 13:39:04 | Attr = R  ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(xbreader) MaxDrive XBox Driver (xbreader.sys) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\xbreader.sys -> Thesycon GmbH, Germany [Ver = 1.41.512 | Size = 19677 bytes | Modified Date = 2001-01-02 22:53:30 | Attr =	]
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 108736 bytes | Modified Date = 2003-01-14 13:38:36 | Attr =	]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 78272 bytes | Modified Date = 2003-01-14 13:38:30 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2007-10-10 19:51:56 | Attr =	]
BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 2003-08-29 04:59:24 | Attr =	]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 2005-10-19 08:59:14 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 2006-10-30 09:36:36 | Attr =	]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.60.570 | Size = 94208 bytes | Modified Date = 2006-03-28 17:38:32 | Attr =	]
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 10 | Size = 245760 bytes | Modified Date = 2003-08-27 11:00:12 | Attr =	]
McRegWiz -> %ProgramFiles%\McAfee.com\Agent\mcregwiz.exe ->  [Ver = 1, 0, 0, 4 | Size = 135168 bytes | Modified Date = 2003-09-02 15:41:38 | Attr =	]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 7 | Size = 180224 bytes | Modified Date = 2003-08-21 18:10:50 | Attr =	]
Microsoft Works Portfolio -> %ProgramFiles%\Microsoft Works\wkssb.exe -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 725046 bytes | Modified Date = 2003-04-16 18:15:08 | Attr = R  ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8194 | Size = 7307264 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 2005-11-04 18:03:00 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 2006-10-25 18:58:18 | Attr =	]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2002-02-04 22:32:10 | Attr =	]
THGuard -> %ProgramFiles%\TrojanHunter 4.2\THGuard.exe -> Mischel Internet Security [Ver = 3.8.0.275 | Size = 1089024 bytes | Modified Date = 2005-02-19 16:36:48 | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 2005-02-11 13:54:34 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SUPERAntiSpyware -> F:\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 2007-06-21 14:06:28 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.60.606 | Size = 573440 bytes | Modified Date = 2006-05-05 06:42:00 | Attr =	]
< Bob Clarke Startup Folder > -> C:\Documents and Settings\Bob Clarke\Start Menu\Programs\Startup -> 
%UserStartup%\Yahoo! Widget Engine.lnk -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 2007-07-20 12:57:16 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 2005-10-19 08:59:14 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
Range1 [] -> * = Trusted sites |  -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 68 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr =	]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} [HKEY_LOCAL_MACHINE] -> %AllUsersAppData%\Prevx\pxbho.dll [URLDetector Class] -> Prevx Ltd. [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 2006-01-10 12:09:54 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 2006-08-01 15:35:36 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 2006-08-01 15:35:36 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll ->  [Ver = 2, 5, 1, 6 | Size = 200704 bytes | Modified Date = 2004-08-26 11:26:36 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6F6F2743-5402-4876-AAA1-8FEF9FD1AD32} ->	(USB 10/100 Ethernet Adapter) -> 
{9E99C564-C221-45A9-8527-4CE1FBA2BADA} ->	() -> 
{C867633F-E466-4EBA-8DF7-3D3C65A1A528} ->	(Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)) -> 
{EFE6B014-908F-4406-9312-2F11C73F8DFC} ->	(Linksys LNE100TX(v5) Fast Ethernet Adapter) -> 
{FC52ECE1-CA5B-49C9-BE2A-68A8C4905ADF} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bw+0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw+0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw-0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw00:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw00s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw-0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw10:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw10s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw20:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw20s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw30:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw30s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw40:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw40s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw50:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw50s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw60:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw60s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw70:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw70s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw80:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw80s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw90:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bw90s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwa0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwa0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwb0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwb0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwc0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwc0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwd0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwd0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwe0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwe0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwf0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwf0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwg0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwg0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwh0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwh0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwi0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwi0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwj0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwj0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwk0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwk0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwl0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwl0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwm0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwm0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwn0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwn0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwo0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwo0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwp0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwp0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwq0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwq0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwr0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwr0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bws0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bws0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwt0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwt0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwu0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwu0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwv0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwv0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bww0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bww0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwx0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwx0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwy0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwy0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwz0:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
bwz0s:{b3d46edf-0591-4fcc-b098-b3f93ed97aeb} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
offline-8876480:{B3D46EDF-0591-4FCC-B098-B3F93ED97AEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 2006-04-30 09:10:46 | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/Swdir_Alt_Pub.cab[Shockwave ActiveX Control] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> 
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{D27CDB6E-AE6D-11CF-96B8-444553542500}[HKEY_LOCAL_MACHINE] -> http://active.macromedia.com/flash2/cabs/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> 
{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48}[HKEY_LOCAL_MACHINE] -> http://chat.yahoo.com/cab/yvwrctl.cab[Yahoo! Webcam Viewer Wrapper] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 00:56:44 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 12:49:30 | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 00:56:44 | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 09:21:15 | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2004-08-04 00:56:48 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 844 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-04 00:56:46 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 00:56:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11500 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 00:56:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 00:56:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
bae7368af7dae521884fca -> %SystemDrive%\bae7368af7dae521884fca ->  [Folder | Created Date = 2008-01-27 22:06:41 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-01-29 21:47:25 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 535351296 bytes | Modified Date = 2008-02-12 17:50:48 | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2008-01-29 21:57:52 | Attr =	]
hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]
pxcom.sys -> %System32%\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 14856 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]
PxEmu.sys -> %System32%\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 107784 bytes | Modified Date = 2007-09-05 11:47:28 | Attr =	]
pxfsf.sys -> %System32%\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 302344 bytes | Modified Date = 2007-09-05 11:46:28 | Attr =	]
PxRD.sys -> %System32%\drivers\PxRD.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 23048 bytes | Modified Date = 2007-09-05 11:45:42 | Attr =	]
pxtdi.sys -> %System32%\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 28040 bytes | Modified Date = 2007-09-05 11:47:16 | Attr =	]
igfx.hlp -> %System32%\igfx.hlp ->  [Ver =  | Size = 57801 bytes | Modified Date = 2005-10-19 08:59:12 | Attr =	]
pxinst.dll -> %System32%\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8744 built by: WinDDK | Size = 11264 bytes | Modified Date = 2007-09-05 11:47:18 | Attr =	]
spupdsvc.inf -> %System32%\spupdsvc.inf ->  [Ver =  | Size = 230 bytes | Modified Date = 2008-01-26 00:09:17 | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =  H ]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 2008-01-29 21:38:47 | Attr =	]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Prevx -> %AllUsersAppData%\Prevx ->  [Folder | Created Date = 2008-01-27 22:08:34 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-02-11 19:28:56 | Attr =	]
Hamachi -> %UserAppData%\Hamachi ->  [Folder | Created Date = 2008-01-21 13:37:02 | Attr =	]
Prevx -> %UserAppData%\Prevx ->  [Folder | Created Date = 2008-01-27 22:16:07 | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-02-11 19:28:56 | Attr =	]
U3 -> %UserAppData%\U3 ->  [Folder | Created Date = 2008-01-21 10:59:07 | Attr =	]
=).ppt -> %UserDocuments%\=).ppt ->  [Ver =  | Size = 1159168 bytes | Modified Date = 2008-01-24 04:34:05 | Attr =	]
Ch 1.doc -> %UserDocuments%\Ch 1.doc ->  [Ver =  | Size = 28160 bytes | Modified Date = 2008-01-14 23:08:42 | Attr =	]
Ultimate Private Server info.doc -> %UserDocuments%\Ultimate Private Server info.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 2008-01-21 15:01:59 | Attr =	]
Workouting.xls -> %UserDocuments%\Workouting.xls ->  [Ver =  | Size = 13824 bytes | Modified Date = 2008-01-16 22:21:59 | Attr =	]
Yea i like cars.doc -> %UserDocuments%\Yea i like cars.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 2008-01-21 11:04:13 | Attr =	]
~$timate Private Server info.doc -> %UserDocuments%\~$timate Private Server info.doc ->  [Ver =  | Size = 162 bytes | Modified Date = 2008-01-22 23:55:16 | Attr =  H ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2008-01-26 13:11:07 | Attr =	]
WinPFind35u.exe -> %AllUsersDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 481041 bytes | Modified Date = 2008-02-11 16:04:09 | Attr =	]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-01-29 21:50:58 | Attr =	]
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2008-01-30 17:57:26 | Attr =	]
New Microsoft Excel Worksheet.xls -> %UserDesktop%\New Microsoft Excel Worksheet.xls ->  [Ver =  | Size = 11776 bytes | Modified Date = 2008-02-12 06:00:19 | Attr =	]
SUPERAntiSpyware -> %UserDesktop%\SUPERAntiSpyware ->  [Folder | Created Date = 2008-02-12 06:02:45 | Attr =	]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2008-01-29 21:57:46 | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2008-02-11 16:05:55 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2008-02-11 16:56:07 | Attr =	]

[Files/Folders - Modified Within 30 days]
bae7368af7dae521884fca -> %SystemDrive%\bae7368af7dae521884fca ->  [Folder | Modified Date = 2008-01-28 03:07:11 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-01-29 21:48:26 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2008-01-27 22:11:06 | Attr =  HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 535351296 bytes | Modified Date = 2008-02-12 17:50:48 | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-02-12 05:53:30 | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-01-29 21:38:45 | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2008-01-29 21:32:52 | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2008-01-29 21:57:52 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-02-12 05:56:03 | Attr =	]
ETC -> %System32%\drivers\ETC ->  [Folder | Modified Date = 2008-01-29 21:35:11 | Attr =	]
hosts -> %System32%\drivers\ETC\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 2008-01-29 21:35:11 | Attr =	]
hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-01-21 13:35:26 | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2008-02-11 19:38:27 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CONFIG -> %System32%\CONFIG ->  [Folder | Modified Date = 2008-01-29 21:33:12 | Attr =	]
d3d9caps.dat -> %System32%\d3d9caps.dat ->  [Ver =  | Size = 1324 bytes | Modified Date = 2008-02-12 05:58:39 | Attr =	]
DLLCACHE -> %System32%\DLLCACHE ->  [Folder | Modified Date = 2008-01-28 03:01:59 | Attr = RHS]
DRIVERS -> %System32%\DRIVERS ->  [Folder | Modified Date = 2008-01-29 21:32:54 | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 2008-01-26 00:11:50 | Attr =	]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 81920 bytes | Modified Date = 2008-01-27 14:37:54 | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 41237 bytes | Modified Date = 2008-02-12 17:51:00 | Attr =	]
spupdsvc.inf -> %System32%\spupdsvc.inf ->  [Ver =  | Size = 230 bytes | Modified Date = 2008-01-26 00:09:17 | Attr =	]
WPA.DBL -> %System32%\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 2008-02-12 17:51:19 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-01-27 07:26:16 | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-02-12 17:50:50 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-01-29 21:32:55 | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-01-29 21:33:02 | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2008-01-29 21:32:54 | Attr = R S]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2008-01-18 20:31:10 | Attr = R  ]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2008-01-26 00:11:50 | Attr =	]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2008-01-26 00:09:55 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2008-01-28 03:01:51 | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 2008-01-28 03:02:01 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-01-27 22:58:21 | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-02-12 17:52:46 | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-01-29 21:47:32 | Attr =	]
psJ0N -> %SystemRoot%\psJ0N ->  [Ver =  | Size = 24 bytes | Modified Date = 2008-01-28 03:06:58 | Attr =  H ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-01-31 20:20:25 | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 317 bytes | Modified Date = 2008-01-29 21:35:37 | Attr =	]
SYSTEM32 -> %System32% ->  [Folder | Modified Date = 2008-02-12 05:59:53 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2008-02-12 17:51:30 | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 2008-02-12 17:51:10 | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 2008-01-26 00:05:08 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2008-01-27 22:10:39 | Attr =	]
AA56DBE391895083.job -> %SystemRoot%\tasks\AA56DBE391895083.job ->  [Ver =  | Size = 278 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =  H ]
AFF92997909ADA9B.job -> %SystemRoot%\tasks\AFF92997909ADA9B.job ->  [Ver =  | Size = 238 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =  H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-01-27 11:00:00 | Attr =	]
B053D8D9992C9D51.job -> %SystemRoot%\tasks\B053D8D9992C9D51.job ->  [Ver =  | Size = 274 bytes | Modified Date = 2008-02-12 06:00:00 | Attr =  H ]
McAfee.com Update Check (BASEMENT-Bob Clarke).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Bob Clarke).job ->  [Ver =  | Size = 504 bytes | Modified Date = 2008-02-12 17:51:00 | Attr =	]
McAfee.com Update Check (BASEMENT-Brandon Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Brandon Weckerly).job ->  [Ver =  | Size = 514 bytes | Modified Date = 2008-02-12 17:52:00 | Attr =	]
McAfee.com Update Check (BASEMENT-Christian Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Christian Weckerly).job ->  [Ver =  | Size = 520 bytes | Modified Date = 2008-02-12 17:51:00 | Attr =	]
McAfee.com Update Check (BASEMENT-Kyle Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Kyle Weckerly).job ->  [Ver =  | Size = 510 bytes | Modified Date = 2008-02-12 17:53:00 | Attr =	]
McAfee.com Update Check (BASEMENT-Todd Weckerly).job -> %SystemRoot%\tasks\McAfee.com Update Check (BASEMENT-Todd Weckerly).job ->  [Ver =  | Size = 508 bytes | Modified Date = 2008-02-12 17:53:00 | Attr =	]
McAfee.com Update Check (DC44LL21-Owner).job -> %SystemRoot%\tasks\McAfee.com Update Check (DC44LL21-Owner).job ->  [Ver =  | Size = 492 bytes | Modified Date = 2008-02-12 17:55:00 | Attr =	]
McAfee.com Update Check (OFFICE-Bob Clarke).job -> %SystemRoot%\tasks\McAfee.com Update Check (OFFICE-Bob Clarke).job ->  [Ver =  | Size = 504 bytes | Modified Date = 2008-02-12 17:51:30 | Attr =	]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 448 bytes | Modified Date = 2008-02-12 17:50:58 | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 382 bytes | Modified Date = 2008-01-24 03:00:00 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-02-12 17:50:54 | Attr =  H ]
WebReg 20030604155305.job -> %SystemRoot%\tasks\WebReg 20030604155305.job ->  [Ver =  | Size = 382 bytes | Modified Date = 2008-01-27 15:53:00 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2008-02-12 17:54:11 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2008-02-12 17:54:11 | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1728 bytes | Modified Date = 2008-01-29 21:32:01 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 11094 bytes | Modified Date = 2005-09-30 19:36:29 | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2004-12-13 21:11:58 | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 41747 bytes | Modified Date = 2007-07-20 20:31:44 | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\Bob Clarke\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 2007-06-21 14:07:10 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Modified Date = 2008-01-26 13:11:47 | Attr =	]
Prevx -> %AllUsersAppData%\Prevx ->  [Folder | Modified Date = 2008-01-27 22:16:07 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-02-11 19:28:56 | Attr =	]
Viewpoint -> %AllUsersAppData%\Viewpoint ->  [Folder | Modified Date = 2008-01-27 02:14:23 | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 2008-01-26 15:38:40 | Attr =	]
Hamachi -> %UserAppData%\Hamachi ->  [Folder | Modified Date = 2008-01-26 15:16:26 | Attr =	]
Prevx -> %UserAppData%\Prevx ->  [Folder | Modified Date = 2008-01-27 22:57:52 | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-02-11 19:28:56 | Attr =	]
U3 -> %UserAppData%\U3 ->  [Folder | Modified Date = 2008-01-21 11:05:32 | Attr =	]
Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 2008-01-26 15:38:49 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 88064 bytes | Modified Date = 2008-01-20 10:12:29 | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 594832 bytes | Modified Date = 2008-02-12 17:50:06 | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-27 21:43:11 | Attr =	]
=).ppt -> %UserDocuments%\=).ppt ->  [Ver =  | Size = 1159168 bytes | Modified Date = 2008-01-24 04:34:05 | Attr =	]
Ch 1.doc -> %UserDocuments%\Ch 1.doc ->  [Ver =  | Size = 28160 bytes | Modified Date = 2008-01-14 23:08:42 | Attr =	]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 2008-01-27 21:42:55 | Attr = R  ]
Note Pad -> %UserDocuments%\Note Pad ->  [Folder | Modified Date = 2008-01-21 09:51:33 | Attr =	]
Player -> %UserDocuments%\Player ->  [Folder | Modified Date = 2008-01-20 10:12:28 | Attr =	]
Ultimate Private Server info.doc -> %UserDocuments%\Ultimate Private Server info.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 2008-01-21 15:01:59 | Attr =	]
Work.xls -> %UserDocuments%\Work.xls ->  [Ver =  | Size = 23552 bytes | Modified Date = 2008-02-11 13:27:09 | Attr =	]
Workouting.xls -> %UserDocuments%\Workouting.xls ->  [Ver =  | Size = 13824 bytes | Modified Date = 2008-01-16 22:21:59 | Attr =	]
Yea i like cars.doc -> %UserDocuments%\Yea i like cars.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 2008-01-21 11:04:13 | Attr =	]
~$timate Private Server info.doc -> %UserDocuments%\~$timate Private Server info.doc ->  [Ver =  | Size = 162 bytes | Modified Date = 2008-01-22 23:55:16 | Attr =  H ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2008-01-26 13:11:07 | Attr =	]
WinPFind35u.exe -> %AllUsersDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 481041 bytes | Modified Date = 2008-02-11 16:04:09 | Attr =	]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-01-29 21:50:58 | Attr =	]
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2008-01-30 17:57:26 | Attr =	]
Microsoft Excel.lnk -> %UserDesktop%\Microsoft Excel.lnk ->  [Ver =  | Size = 2481 bytes | Modified Date = 2008-02-11 16:23:29 | Attr =	]
Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk ->  [Ver =  | Size = 2483 bytes | Modified Date = 2008-01-27 18:45:42 | Attr =	]
New Microsoft Excel Worksheet.xls -> %UserDesktop%\New Microsoft Excel Worksheet.xls ->  [Ver =  | Size = 11776 bytes | Modified Date = 2008-02-12 06:00:19 | Attr =	]
QuickTime Player.lnk -> %UserDesktop%\QuickTime Player.lnk ->  [Ver =  | Size = 2187 bytes | Modified Date = 2008-01-31 20:20:08 | Attr =	]
SUPERAntiSpyware -> %UserDesktop%\SUPERAntiSpyware ->  [Folder | Modified Date = 2008-02-12 06:07:07 | Attr =	]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2008-01-29 21:57:46 | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2008-02-11 19:38:39 | Attr =	]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 2008-01-26 13:11:02 | Attr =	]
Blizzard Entertainment -> %CommonProgramFiles%\Blizzard Entertainment ->  [Folder | Modified Date = 2008-01-27 08:43:58 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2008-02-11 16:56:07 | Attr =	]

< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users