Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud And Iedfix.exe


  • This topic is locked This topic is locked
22 replies to this topic

#1 oxojohn

oxojohn

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:32 AM

Posted 13 August 2008 - 04:13 AM

Hello my name is John, I have been retired for 5 years now and this is my first computer which I have had for 4 years, for what little I know I am self taught, my main interests are, wildlife and anything to do with the countryside and photography.

I first started to have problems when I had a window pop up on screen when opening my emails, it said you have a virus and to get rid of it click “OK” which I did, it then went to a website and started to download a program so I turned the computer off.


When I logged on again the computer was running very slow and kept locking up, I also found that I could no longer update my security programs like Spyware Doctor/ SpyBot/AVG free/Windows update etc, I then had a popup window appear on screen from AVG saying “Potentially Harmful Program Fake Antispyware.YR Infection Type PuP C\windows\system\IEDFIX.exe”

I also found a program on my desktop that said “Smitfraud” not seeing it there before I sent it to the recycle bin, on looking the name up on the web I found this website and how to get rid of it.

http://www.smitfraud.net/

it said that Spyware Doctor was able to remove it, luckily I have that program so on running it, it came up with 4 critical folders and 27 serious threats that Spyware Doctor removed.


I though all was now OK, but on running a scan I had loads of problems again such as Trogon Horses and Viruses etc.


After telling people about my tails of woe on the IDF 50 website (a website for the over 50’s) I was recommended to post a log file to this website even though this is a new word for me.


It would be much appreciated if someone were able to help me with this problem.

Regards.


John.


Below are some of the problems the scans came up with.



Attached File  sized_ScreenShot003.JPG   190.38KB   16 downloads






Attached File  sized_sized_Threat4.JPG   186.83KB   13 downloads






Attached File  sized_Malwarebytes_result.JPG   113.61KB   16 downloads




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:45, on 12/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\SLEE503.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Presorium\Frontgate MX\frntgate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ClickTray Calendar\ClickTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [FG1_00] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Outlook Express] C:\Program Files\Outlook Express\msimn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ClickTray Calendar.lnk = C:\Program Files\ClickTray Calendar\ClickTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188123345234
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.tourismeville.wanadoo.fr/acti...sCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp08.photoprintit.de/microsite/128...IPSUploader.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} - http://express.foto.com/FUploader/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA443052-BA81-4BD6-9815-16608E5D1A04}: NameServer = 212.139.132.26 212.139.132.27
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tuvSmkhE - tuvSmkhE.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://thundercloud.net/wallpaper/two/ducks1024.jpg
O24 - Desktop Component 1: (no name) - http://idf50.co.uk:/clubhouse/templates/su...on_minipost.gif

--
End of file - 15452 bytes




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2600+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1023.49 MiB / 578.71 MiB
Pagefile Memory (total/avail): 1694.55 MiB / 1005.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 112.05 GiB total, 81.99 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 111.79 GiB total, 71.84 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6Y120P0 - 114.49 GiB - 2 partitions
\PARTITION0 - Unknown - 2.44 GiB
\PARTITION1 (bootable) - Installable File System - 112.05 GiB - C:

\\.\PHYSICALDRIVE1 - Maxtor OneTouch USB Disk - 114.49 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - F:


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\john rowe\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOHN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\john rowe
LOGONSERVER=\\JOHN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Corel\Corel SVG Viewer\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Diskeeper Corporation\Diskeeper\;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOHNRO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOHNRO~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=JOHN
USERNAME=john rowe
USERPROFILE=C:\Documents and Settings\john rowe
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

john rowe (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Home Designer Deluxe Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{FB4A5F2C-01AD-420E-9569-0CF5431C3638}
Ad-Aware 2007 --> MsiExec.exe /X{46AC899A-9ECB-43DC-85DE-272E0D116A1E}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Ahead NeroVision Express --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belarc Advisor 7.0 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 3.4 --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClickTray Calendar --> "C:\Program Files\ClickTray Calendar\unins000.exe"
Clipboard Magic 4.01 --> "C:\Program Files\Clipboard Magic\unins000.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Diskeeper 2007 Pro Premier --> MsiExec.exe /X{6EEE934B-F292-4995-95BF-4AE871AC42E8}
Easy Uninstaller --> "C:\Program Files\Easy Uninstaller\Uninstall.exe"
EndItAll 2.0 --> "C:\Program Files\EndItAll\unins000.exe"
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}\setup.exe" -l0x9 MyUninstall
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x9 UNINSTALL
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\Setup.exe" -l0x9 -anything
FastStone Image Viewer 1.8 --> C:\Program Files\FastStone Image Viewer\uninst.exe
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Frontgate MX --> "C:\Program Files\Presorium\Frontgate MX\Uninstall.exe" "C:\Program Files\Presorium\Frontgate MX\install.log"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchU 6 Construction Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CF0CC4E-9B63-4E7E-8950-B92C6AA7E3BD}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Homespun Content Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62201736-0A1F-4C6F-9C59-1AA3360CEA50}\Setup.exe" -l0x9
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ieSpell 2.2.0 (build 647) --> "C:\Program Files\ieSpell\uninst.exe"
Internet Radio Recorder --> MsiExec.exe /I{2D8D1F61-B119-4434-9CC2-A70C2C6F8CF3}
ixla Web Easy Express 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C5596A1-9E8D-11D4-8581-0080C8D5668E}\setup.exe"
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech MouseWare 9.70 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE /s C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxtor OneTouch --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} /l1033
Microsoft AutoRoute 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Web Components --> MsiExec.exe /I{002C9999-0000-0000-C000-000000000112}
Microsoft Phishing Filter Add-in for MSN Search Toolbar --> MsiExec.exe /X{90A38975-8780-41EB-8483-5FFE82526859}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Neat Image v5 Demo (with plug-in) --> "C:\Program Files\Neat Image\unins000.exe"
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Audio Driver --> C:\WINDOWS\System32\nvuAudio.exe Uninstall C:\WINDOWS\System32\NvAudio.nvu,NVIDIA Audio Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvuAudio.exe UninstallGUI
NVIDIA nForce Utilities --> C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf
NVIDIA Windows 2000/XP nForce Drivers --> rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush
Opanda IExif 2.3 --> "C:\Program Files\Opanda\IExif 2.3\unins000.exe"
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PCI SoftV92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1\HXFSetup.exe -U -IPSCRCTR5K.inf
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
RamBooster --> MsiExec.exe /I{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}
Real Alternative 1.51 --> "C:\Program Files\Real Alternative\unins000.exe"
Retrospect 6.0 --> MsiExec.exe /I{C4354214-B919-4C8F-84EB-4F9B84ACC02C}
RoboScreenCapture --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2BD50812-5848-421D-A2B8-02B702690003} /uninstall
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Secunia PSI (BETA) --> MsiExec.exe /X{0A4DF5B0-983C-4691-9D4A-9FD1D4B2A69F}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SierraHome Print Artist --> C:\WINDOWS\IsUninst.exe -f"C:\Sierra\Print Artist\HiUninst.isu" -c"C:\Sierra\Print Artist\Uninstpa.DLL"
Smileycons --> "C:\Program Files\Smileycons\unins000.exe"
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
StartupMonitor --> MsiExec.exe /I{76EFAC4F-1712-401F-B2AE-590B170C9BCE}
Steganos Live Encryption Engine 5.03 --> MsiExec.exe /X{01E9D77A-CA32-450F-99C1-6231D9E99E1C}
Steganos Security Suite 6.0.4 --> MsiExec.exe /X{926B245F-201A-45D8-B4CE-B5A114F23381}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
tinySpell 1.3 --> "C:\Program Files\tinySpell\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Virtual Magnifying Glass 2.00 --> "C:\Program Files\Virtual Magnifying Glass\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordWeb --> C:\Program Files\WordWeb\uninst.exe
XML Paper Specification Shared Components Pack 1.0 -->
Zattoo 3.2.2 Beta --> C:\Program Files\Zattoo\uninst.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O


-- Application Event Log -------------------------------------------------------

Event Record #/Type31729 / Error
Event Submitted/Written: 08/10/2008 06:16:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type31728 / Error
Event Submitted/Written: 08/10/2008 06:16:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type31724 / Warning
Event Submitted/Written: 08/10/2008 10:48:45 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type31723 / Warning
Event Submitted/Written: 08/10/2008 10:48:45 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 800401E4.

Event Record #/Type31722 / Warning
Event Submitted/Written: 08/10/2008 10:48:44 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3836 / Error
Event Submitted/Written: 08/10/2008 10:49:05 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Routing and Remote Access service terminated with service-specific error 340 (0x154).

Event Record #/Type3824 / Error
Event Submitted/Written: 08/10/2008 10:48:52 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Event Record #/Type3823 / Error
Event Submitted/Written: 08/10/2008 10:48:52 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The General Purpose USB Driver (adildr.sys) service failed to start due to the following error:
%%2

Event Record #/Type3801 / Error
Event Submitted/Written: 08/09/2008 03:48:49 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%2

Event Record #/Type3798 / Error
Event Submitted/Written: 08/09/2008 03:48:49 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-08-10 18:20:27 ------------

Fixed code tags and edited for readability. ~ OB

Edited by Orange Blossom, 13 August 2008 - 11:35 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 AM

Posted 22 August 2008 - 09:25 AM

Hello, oxojohn.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search area select Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - Uninstall List
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 oxojohn

oxojohn
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:32 AM

Posted 23 August 2008 - 05:10 AM

Hi Billy.

Many thank for taking this problem on its much appreciated.

Unfortunately I have a problem at the start.

I did all that you requested and then downloaded OTScanIT.exe to the desktop, but when I click OTScanIT.exe file to open it
I get a box on screen from AVG (Screen shot below) so first I sent it to the vault but the file went from the desktop and vanished.
leaving the other file "Icatchme.exe" there, I then downloaded it again and this time when I clicked the file OTScanIT.exe to open it, the AVG warning came up so I clicked "ignore" but I had a box on screen saying (Windows cannot access the specified device, path, or file. you may not have the appropriate permission to access them), as far as I can see I am logged in as administrator.

I did click the other folder to see what happened and a black box appeared and started to download but I stopped it!

Sorry Billy, whats my next move?

Regards.

John.

Tried to post attachments but it says "attachment space used"
So in the AVG warning box it says... (C\documents and settings\desktop\OTScanit.exe TROGEN HORSE Generic 11.OW
detected on open



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 AM

Posted 23 August 2008 - 02:25 PM

Hello :thumbsup:

Yes, AVG has for some reason been detecting OTScanIt lately.

Just post a new HJT log please :)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 oxojohn

oxojohn
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:32 AM

Posted 24 August 2008 - 05:50 AM

Hi Billy.

For some reason when trying again to run OTScanit it worked?? the results are below. :thumbsup:

If you still want another HJT Log let me know??

John.



<BR>OTScanIt logfile created on: 24/08/2008 11:36:55<BR>OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Documents and Settings\john rowe\Desktop\OTScanIt<BR>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation<BR>Internet Explorer (Version = 6.0.2900.5512)<BR>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy<BR> <BR>1023.49 Mb Total Physical Memory | 541.76 Mb Available Physical Memory | 52.93% Memory free<BR>1.65 Gb Paging File | 1.14 Gb Available in Paging File | 68.87% Paging File free<BR>Paging file location(s): c:\pagefile.sys 768 1536;<BR> <BR>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files<BR>Drive C: | 112.05 Gb Total Space | 83.14 Gb Free Space | 74.20% Space Free | Partition Type: NTFS<BR>D: Drive not present or media not loaded<BR>E: Drive not present or media not loaded<BR>Drive F: | 111.79 Gb Total Space | 72.54 Gb Free Space | 64.89% Space Free | Partition Type: NTFS<BR>G: Drive not present or media not loaded<BR>H: Drive not present or media not loaded<BR>I: Drive not present or media not loaded</P> <P>Computer Name: JOHN<BR>Current User Name: john rowe<BR>Logged in as Administrator.<BR>Current Boot Mode: Normal<BR>Scan Mode: Current user</P> <P>[Processes - Non-Microsoft Only]<BR>vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 09/07/2008 09:05:18 | Attr =	]<BR>aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 16/01/2008 00:15:32 | Attr =	]<BR>photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 102400 bytes | Modified Date = 14/09/2006 07:56:06 | Attr =	]<BR>ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe ->  [Ver =  | Size = 184405 bytes | Modified Date = 28/02/2003 23:29:22 | Attr =	]<BR>avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 17/07/2008 10:05:22 | Attr =	]<BR>eebsvc.exe -> %CommonProgramFiles%\EPSON\EBAPI\eEBSvc.exe ->  [Ver =  | Size = 77824 bytes | Modified Date = 29/01/2002 13:33:14 | Attr =	]<BR>sagent2.exe -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 02:03:00 | Attr =	]<BR>googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 26/07/2007 19:00:56 | Attr =	]<BR>retrorun.exe -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 29184 bytes | Modified Date = 03/01/2003 10:20:48 | Attr =	]<BR>avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 17/07/2008 10:05:24 | Attr =	]<BR>pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.40 | Size = 747912 bytes | Modified Date = 01/02/2008 12:55:54 | Attr =	]<BR>pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.74 | Size = 948616 bytes | Modified Date = 01/02/2008 12:55:56 | Attr =	]<BR>slee503.exe -> %SystemRoot%\system32\slee503.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 28/11/2002 10:10:04 | Attr =	]<BR>avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 17/07/2008 10:05:24 | Attr =	]<BR>zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 09/07/2008 09:05:20 | Attr =	]<BR>avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 17/07/2008 10:05:24 | Attr =	]<BR>pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.106 | Size = 1103240 bytes | Modified Date = 01/02/2008 12:55:56 | Attr =	]<BR>issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 11/08/2005 17:30:30 | Attr =	]<BR>dragdiag.exe -> %ProgramFiles%\Thomson\SpeedTouch USB\DRAGDIAG.EXE -> THOMSON Telecom Belgium [Ver = 3.0.2.0 build 001 | Size = 901120 bytes | Modified Date = 11/06/2007 07:06:16 | Attr =	]<BR>jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 04:27:04 | Attr =	]<BR>frntgate.exe -> %ProgramFiles%\Presorium\Frontgate MX\frntgate.exe -> Presorium Software Pty. Ltd. [Ver = 1.0.2.1 | Size = 1514496 bytes | Modified Date = 03/09/2004 20:57:16 | Attr =	]<BR>printscreen.exe -> %ProgramFiles%\Gadwin Systems\PrintScreen\PrintScreen.exe -> Gadwin Systems, Inc [Ver = 4.3 | Size = 495616 bytes | Modified Date = 20/08/2007 09:42:23 | Attr =	]<BR>googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 23/05/2008 19:21:46 | Attr =	]<BR>clicktray.exe -> %ProgramFiles%\ClickTray Calendar\ClickTray.exe -> WASEO [Ver = 2.5.8.0 | Size = 3495936 bytes | Modified Date = 18/08/2005 16:40:12 | Attr =	]<BR>otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr =	]</P> <P>[Win32 Services - Non-Microsoft Only]<BR>(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 16/01/2008 00:15:32 | Attr =	]<BR>(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 28/03/2006 12:30:39 | Attr =	]<BR>(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 102400 bytes | Modified Date = 14/09/2006 07:56:06 | Attr =	]<BR>(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe ->  [Ver =  | Size = 184405 bytes | Modified Date = 28/02/2003 23:29:22 | Attr =	]<BR>(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0005 | Size = 110677 bytes | Modified Date = 28/02/2003 21:00:00 | Attr =	]<BR>(avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 17/07/2008 10:05:24 | Attr =	]<BR>(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 17/07/2008 10:05:22 | Attr =	]<BR>(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 30/09/2005 19:22:50 | Attr =	]<BR>(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 14/04/2008 01:12:17 | Attr =	]<BR>(EpsonBidirectionalService) EpsonBidirectionalService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\eEBSvc.exe ->  [Ver =  | Size = 77824 bytes | Modified Date = 29/01/2002 13:33:14 | Attr =	]<BR>(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 02:03:00 | Attr =	]<BR>(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 26/07/2007 19:00:56 | Attr =	]<BR>(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 04:24:18 | Attr =	]<BR>(iPodService) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found<BR>(RetroLauncher) Retrospect Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 29184 bytes | Modified Date = 03/01/2003 10:20:48 | Attr =	]<BR>(Retrospect Helper) Retrospect Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Dantz\Retrospect\rthlpsvc.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 57344 bytes | Modified Date = 03/01/2003 10:20:48 | Attr =	]<BR>(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.40 | Size = 747912 bytes | Modified Date = 01/02/2008 12:55:54 | Attr =	]<BR>(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.74 | Size = 948616 bytes | Modified Date = 01/02/2008 12:55:56 | Attr =	]<BR>(SLEE_503_SERVICE) Steganos Live Encryption Engine (Version 503) [Service] [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slee503.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 28/11/2002 10:10:04 | Attr =	]<BR>(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 09/07/2008 09:05:18 | Attr =	]</P> <P>[Driver Services - Non-Microsoft Only]<BR>(ADILOADER) General Purpose USB Driver (adildr.sys) [Kernel | Auto | Stopped] -> %SystemRoot%\System32\Drivers\adildr.sys -> File not found<BR>(adiusbaw) USB ADSL WAN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\adiusbaw.sys -> File not found<BR>(alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcan5wn.sys -> THOMSON [Ver = 301.0.0.12 | Size = 53600 bytes | Modified Date = 08/12/2003 11:53:48 | Attr =	]<BR>(alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcaudsl.sys -> THOMSON [Ver = 301.0.0.12 | Size = 70688 bytes | Modified Date = 08/12/2003 12:53:46 | Attr =	]<BR>(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 13/04/2008 19:36:39 | Attr =	]<BR>(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 10/09/1999 13:06:00 | Attr =	]<BR>(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.01.6307 | Size = 576512 bytes | Modified Date = 28/02/2003 23:38:56 | Attr =	]<BR>(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Modified Date = 17/07/2008 10:05:35 | Attr =	]<BR>(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 17/07/2008 10:05:33 | Attr =	]<BR>(AvgTdiX) AVG Free8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Modified Date = 17/07/2008 10:05:40 | Attr =	]<BR>(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 13/04/2008 19:44:48 | Attr =	]<BR>(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 13/04/2008 19:44:46 | Attr =	]<BR>(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(EL90Xbc) 3Com 3C90X-BC Family PCI EtherLink Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\el90Xbc5.SYS -> 3Com Corporation [Ver = 4.31.00.0000 | Size = 74338 bytes | Modified Date = 13/08/2002 14:27:22 | Attr =	]<BR>(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.0 | Size = 13872 bytes | Modified Date = 14/09/2004 15:38:26 | Attr =	]<BR>(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.60.00 built by: WinDDK | Size = 257408 bytes | Modified Date = 08/11/2006 16:59:36 | Attr =	]<BR>(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 03/08/2004 22:41:56 | Attr =	]<BR>(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.60.00 built by: WinDDK | Size = 989696 bytes | Modified Date = 08/11/2006 17:00:10 | Attr =	]<BR>(IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Modified Date = 01/02/2008 12:55:52 | Attr =	]<BR>(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 10/12/2007 14:53:28 | Attr =	]<BR>(IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 10/12/2007 14:53:28 | Attr =	]<BR>(InCDFs) InCD File System [File_System | Disabled | Stopped] -> %SystemRoot%\System32\drivers\InCDFs.sys -> File not found<BR>(InCDPass) InCDPass [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\InCDPass.sys -> File not found<BR>(incdrm) InCD Reader [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\InCDRm.sys -> File not found<BR>(KLIF) KLIF [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19/07/2007 15:10:28 | Attr =	]<BR>(l8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042Pr2.sys -> Logitech, Inc. [Ver = 9.70.209.0 | Size = 50830 bytes | Modified Date = 02/07/2002 17:20:50 | Attr =	]<BR>(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidFlt2.sys -> Logitech, Inc. [Ver = 9.70.209.0 | Size = 23854 bytes | Modified Date = 02/07/2002 17:20:51 | Attr =	]<BR>(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsb.Sys -> Logitech, Inc. [Ver = 2.10.100.0 | Size = 40508 bytes | Modified Date = 02/07/2002 17:20:51 | Attr =	]<BR>(LKbdFlt2) Logitech Keyboard Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LKbdFlt2.sys -> Logitech, Inc. [Ver = 9.70.209.0 | Size = 6030 bytes | Modified Date = 02/07/2002 17:20:51 | Attr =	]<BR>(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFlt2.sys -> Logitech, Inc. [Ver = 9.70.209.0 | Size = 70382 bytes | Modified Date = 02/07/2002 17:20:51 | Attr =	]<BR>(LwAdiHid) Logitech WingMan Digital Devices(Auto-Detect) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LwAdiHid.sys -> Logitech Inc. [Ver = 5.1.420.093 | Size = 20864 bytes | Modified Date = 29/08/2002 07:16:22 | Attr =	]<BR>(MASPINT) MASPINT [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.04 | Size = 8096 bytes | Modified Date = 29/03/2000 17:11:20 | Attr =	]<BR>(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 19/06/2006 16:26:58 | Attr =	]<BR>(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(MXOFX) USB Storage Adapter FX (MXO) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MXOFX.SYS -> Cypress Semiconductor [Ver = 6.00.1010.0  | Size = 32512 bytes | Modified Date = 14/04/2003 17:00:40 | Attr =	]<BR>(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvax.sys -> NVIDIA Corporation [Ver = 5.10.2917.0 built by: WinDDK | Size = 13056 bytes | Modified Date = 05/12/2002 05:01:00 | Attr = R  ]<BR>(NVENET) NVIDIA nForce MCP Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENET.sys -> NVIDIA Corporation [Ver = 4.14.01.0313 | Size = 80896 bytes | Modified Date = 27/11/2002 20:52:00 | Attr =	]<BR>(nvidesm) nvidesm [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvidesm.sys -> NVIDIA Corporation [Ver = 5.10.2600.0307 built by: WinDDK | Size = 20224 bytes | Modified Date = 13/11/2002 16:10:00 | Attr =	]<BR>(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvapu.sys -> NVIDIA Corporation [Ver = 5.10.2917.0 built by: WinDDK | Size = 241664 bytes | Modified Date = 05/12/2002 05:01:00 | Attr = R  ]<BR>(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nv_agp.SYS -> NVIDIA Corporation [Ver = 4.12.01.0278 | Size = 13568 bytes | Modified Date = 06/09/2002 12:24:00 | Attr =	]<BR>(PID_0920) Logitech QuickCam Express(PID_0920) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LV532AV.SYS -> Logitech Inc. [Ver = 8.1.2.1003 | Size = 152576 bytes | Modified Date = 04/09/2003 10:38:56 | Attr =	]<BR>(PSI) PSI [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\psi_mf.sys -> Secunia [Ver = 0.1.0.0 | Size = 7808 bytes | Modified Date = 10/09/2007 09:28:40 | Attr =	]<BR>(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.67a | Size = 43872 bytes | Modified Date = 23/02/2008 03:38:33 | Attr =	]<BR>(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 28/05/2008 10:33:36 | Attr =	]<BR>(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS ->  SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 28/05/2008 10:33:38 | Attr = R  ]<BR>(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 28/05/2008 10:33:36 | Attr =	]<BR>(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 11:25:53 | Attr =	]<BR>(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 13/04/2008 19:36:39 | Attr =	]<BR>(SLEE_503_DRIVER) Steganos Live Encryption Engine (Version 503) [Driver] [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\slee503.sys ->  [Ver =  | Size = 84736 bytes | Modified Date = 28/11/2002 10:10:02 | Attr =	]<BR>(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 189, 0 | Size = 51176 bytes | Modified Date = 27/02/2008 03:10:44 | Attr =	]<BR>(ST330) ST330 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\st330.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 30464 bytes | Modified Date = 19/03/2007 21:58:00 | Attr = R  ]<BR>(STBUS) STBUS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\stbus.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 12672 bytes | Modified Date = 19/03/2007 21:58:00 | Attr = R  ]<BR>(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 18/08/2001 13:00:00 | Attr =	]<BR>(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 394952 bytes | Modified Date = 09/07/2008 09:05:22 | Attr =	]<BR>(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.60.00 built by: WinDDK | Size = 730112 bytes | Modified Date = 08/11/2006 16:59:30 | Attr =	]</P> <P>[Registry - Non-Microsoft Only]<BR>< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> <BR>AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 17/07/2008 10:05:24 | Attr =	]<BR>ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 5.5.0.106 | Size = 1103240 bytes | Modified Date = 01/02/2008 12:55:56 | Attr =	]<BR>ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 11/08/2005 17:30:30 | Attr =	]<BR>ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 11/08/2005 17:30:30 | Attr =	]<BR>SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\DRAGDIAG.EXE ["C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon] -> THOMSON Telecom Belgium [Ver = 3.0.2.0 build 001 | Size = 901120 bytes | Modified Date = 11/06/2007 07:06:16 | Attr =	]<BR>SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 04:27:04 | Attr =	]<BR>ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 09/07/2008 09:05:20 | Attr =	]<BR>< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> <BR>IMAIL-> Installed = 1 -> <BR>MAPI-> Installed = 1 -> <BR>MSFS-> Installed = 1 -> <BR>< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> <BR>FG1_00 -> %ProgramFiles%\Presorium\Frontgate MX\frntgate.exe [C:\Program Files\Presorium\Frontgate MX\frntgate.exe] -> Presorium Software Pty. Ltd. [Ver = 1.0.2.1 | Size = 1514496 bytes | Modified Date = 03/09/2004 20:57:16 | Attr =	]<BR>Gadwin PrintScreen -> %ProgramFiles%\Gadwin Systems\PrintScreen\PrintScreen.exe ["C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash] -> Gadwin Systems, Inc [Ver = 4.3 | Size = 495616 bytes | Modified Date = 20/08/2007 09:42:23 | Attr =	]<BR>swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 23/09/2007 09:37:07 | Attr =	]<BR>< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> <BR>%AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 23/05/2008 19:21:46 | Attr =	]<BR>< john rowe Startup Folder > -> C:\Documents and Settings\john rowe\Start Menu\Programs\Startup -> <BR>%UserProfile%\Start Menu\Programs\Startup\ClickTray Calendar.lnk -> %ProgramFiles%\ClickTray Calendar\ClickTray.exe -> WASEO [Ver = 2.5.8.0 | Size = 3495936 bytes | Modified Date = 18/08/2005 16:40:12 | Attr =	]<BR>%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE ->  [Ver =  | Size = 38912 bytes | Modified Date = 20/10/2005 12:04:08 | Attr =	]<BR>< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> <BR>*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> <BR>avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 17/07/2008 10:05:40 | Attr =	]<BR>*MultiFile Done* -> -> <BR>< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> <BR>{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 13/05/2008 10:13:36 | Attr =	]<BR>< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> <BR>< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> <BR>*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> <BR>Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 01:12:19 | Attr =	]<BR>*MultiFile Done* -> -> <BR>*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> <BR>C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 01:12:38 | Attr =	]<BR>*MultiFile Done* -> -> <BR>*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> <BR>logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 01:12:24 | Attr =	]<BR>*MultiFile Done* -> -> <BR>*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> <BR>rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =	]<BR>Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 01:12:41 | Attr =	]<BR>*MultiFile Done* -> -> <BR>< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> <BR>< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> <BR>!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr =	]<BR>tuvSmkhE ->  -> File not found<BR>WRNotifier ->  -> File not found<BR>< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -><BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> <BR>< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> <BR>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -><BR>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> <BR>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 91 00 00 00  [binary data] -> <BR>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> 00 -> <BR>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> <BR>< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -><BR>*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> <BR>SCSI miniport ->  -> File not found<BR>*MultiFile Done* -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13/04/2008 19:40:46 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> <BR>*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> <BR>NEC	 MBR-7	->  -> File not found<BR>NEC	 MBR-7.4  ->  -> File not found<BR>PIONEER CHANGR DRM-1804X ->  -> File not found<BR>PIONEER CD-ROM DRM-6324X ->  -> File not found<BR>PIONEER CD-ROM DRM-624X  ->  -> File not found<BR>TORiSAN CD-ROM CDR_C36 ->  -> File not found<BR>*MultiFile Done* -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_DVD-ROM_DDU1612____________________DYS1____\5&37591210&0&0.0.0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomATAPI_CD-RW_52XMax______________________160D____\5&37591210&0&0.1.0 -> <BR>< Drives - Autoruns > ->  -> <BR>AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 12/12/2002 14:47:28 | Attr =	]<BR>< HOSTS File > (260063 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> <BR>< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> <BR>HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> <A href="http://www.tiscali.co.uk/">http://www.tiscali.co.uk/</A> -> <BR>HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> <A href="http://www.google.com/ie">http://www.google.com/ie</A> -> <BR>HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> <BR>HKEY_LOCAL_MACHINE\: Main\\Search Page -> <A href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</A> -> <BR>HKEY_LOCAL_MACHINE\: Main\\Start Page -> <A href="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home">http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home</A> -> <BR>HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> <A href="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</A> -> <BR>HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> <A href="http://www.google.com/ie">http://www.google.com/ie</A> -> <BR>HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> <A href="http://www.google.com/ie">http://www.google.com/ie</A> -> <BR>HKEY_LOCAL_MACHINE\: SearchURL\\ -> <A href="http://www.google.com/keyword/%s[Reg">http://www.google.com/keyword/%s[Reg</A> Error: Value provider does not exist or could not be read.] -> <BR>< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> <BR>HKEY_CURRENT_USER\: Main\\Default_Page_URL -> <A href="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome">http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</A> -> <BR>HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> <BR>HKEY_CURRENT_USER\: Main\\Search Bar -> <A href="http://www.google.com/ie">http://www.google.com/ie</A> -> <BR>HKEY_CURRENT_USER\: Main\\Search Page -> <A href="http://www.google.com">http://www.google.com</A> -> <BR>HKEY_CURRENT_USER\: Main\\Start Page -> <A href="http://www.google.com/ig">http://www.google.com/ig</A> -> <BR>HKEY_CURRENT_USER\: Search\\CustomizeSearch ->  -> <BR>HKEY_CURRENT_USER\: Search\\SearchAssistant -> <A href="http://www.google.com/ie">http://www.google.com/ie</A> -> <BR>HKEY_CURRENT_USER\: SearchURL\\ -> <A href="http://www.google.com/search?q=%s[gogl">http://www.google.com/search?q=%s[gogl</A>] -> <BR>HKEY_CURRENT_USER\: ProxyEnable -> 0 -> <BR>< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4702 domain(s) found. -> <BR>43 domain(s) and sub-domain(s) not assigned to a zone.<BR>< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> <BR>< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> <BR>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7428 domain(s) found. -> <BR>  .[msn] -> My Computer -> <BR>282 domain(s) and sub-domain(s) not assigned to a zone.<BR>< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> <BR>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> <BR>< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> <BR>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr =	]<BR>{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.136 | Size = 455960 bytes | Modified Date = 31/07/2008 13:24:14 | Attr =	]<BR>{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 07/07/2008 09:41:58 | Attr =	]<BR>{724d43a9-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value  does not exist or could not be read.] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 03/02/2008 11:58:09 | Attr =	]<BR>{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]<BR>{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 17/07/2008 10:05:29 | Attr =	]<BR>{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 23/09/2007 09:37:41 | Attr = R  ]<BR>{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 14/05/2008 19:40:44 | Attr =	]<BR>{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 14:08:58 | Attr =	]<BR>{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 16/07/2008 19:18:20 | Attr =	]<BR>< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> <BR>{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>{D6A116E7-5906-42E4-87F6-E7E15936415E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> <BR>{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 23/09/2007 09:37:41 | Attr = R  ]<BR>{724d43a0-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 03/02/2008 11:58:09 | Attr =	]<BR>{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 17/07/2008 10:05:29 | Attr =	]<BR>{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 14:08:58 | Attr =	]<BR>{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 16/07/2008 19:18:20 | Attr =	]<BR>< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> <BR>ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 23/09/2007 09:37:41 | Attr = R  ]<BR>ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>ShellBrowser\\{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>ShellBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 03/02/2008 11:58:09 | Attr =	]<BR>ShellBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 17/07/2008 10:05:29 | Attr =	]<BR>ShellBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 16/07/2008 19:18:20 | Attr =	]<BR>ShellBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 23/09/2007 09:37:41 | Attr = R  ]<BR>WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>WebBrowser\\{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 03/02/2008 11:58:09 | Attr =	]<BR>WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 17/07/2008 10:05:29 | Attr =	]<BR>WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 14:08:58 | Attr =	]<BR>WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found<BR>WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 16/07/2008 19:18:20 | Attr =	]<BR>WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>WebBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>WebBrowser\\{F79AD27F-8140-4E33-8B1D-C4FC6B663CCA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> <BR>{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]<BR>{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]<BR>{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found<BR>{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found<BR>{320AF880-6646-11D3-ABEE-C5DBF3571F46}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Fill Forms] -> File not found<BR>{320AF880-6646-11D3-ABEE-C5DBF3571F49}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Save] -> File not found<BR>{724d43aa-0d85-11d4-9908-00400523e39a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [RoboForm] -> File not found<BR>{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 07/07/2008 09:41:58 | Attr =	]<BR>< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> <BR>CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKEY_LOCAL_MACHINE] ->  [ieSpell] -> File not found<BR>CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKEY_LOCAL_MACHINE] ->  [ieSpell Options] -> File not found<BR>CmdMapping\\{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>CmdMapping\\{2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKEY_LOCAL_MACHINE] ->  [Fill Forms] -> File not found<BR>CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKEY_LOCAL_MACHINE] ->  [Save] -> File not found<BR>CmdMapping\\{688DC797-DC11-46A7-9F1B-445F4F58CE6E} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] ->  [RoboForm] -> File not found<BR>CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 07/07/2008 09:41:58 | Attr =	]<BR>CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found<BR>< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> <BR>&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 2, 0, 647 | Size = 225280 bytes | Modified Date = 27/03/2006 18:17:34 | Attr =	]<BR>Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 2, 0, 647 | Size = 225280 bytes | Modified Date = 27/03/2006 18:17:34 | Attr =	]<BR>Customize Menu ->  -> File not found<BR>E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE -> File not found<BR>Fill Forms ->  -> File not found<BR>Locate Spot on Map by GPS -> %ProgramFiles%\Opanda\IExif 2.3\IExifMap.htm ->  [Ver =  | Size = 573 bytes | Modified Date = 30/06/2005 22:32:10 | Attr =	]<BR>RoboForm Toolbar ->  -> File not found<BR>Save Forms ->  -> File not found<BR>View Exif/GPS/IPTC with IExif -> %ProgramFiles%\Opanda\IExif 2.3\IExifCom.htm ->  [Ver =  | Size = 572 bytes | Modified Date = 28/04/2005 03:31:56 | Attr =	]<BR>< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> <BR>PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> <BR>PluginsPage -> <A href="http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s">http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s</A> -> <BR>< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> <BR>SV1 ->  -> <BR>< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> <BR>{440F8E19-5E3D-424F-B168-4A04075D1238} ->	(3Com 3C920B-EMB Integrated Fast Ethernet Controller) -> <BR>{4484D85B-CBB5-4C06-A5B3-C5176F6F667E} ->	() -> <BR>{B5649B07-A3A1-4717-910D-83E75B54569A} ->	(NVIDIA nForce MCP Networking Controller) -> <BR>{F8898AAD-0C44-4A63-BFE5-9DC4D4277C23} ->	(1394 Net Adapter) -> <BR>< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> <BR>belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.0t | Size = 33280 bytes | Modified Date = 29/07/2005 16:06:02 | Attr =	]<BR>ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value<BR>linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 17/07/2008 10:05:28 | Attr =	]<BR>msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value<BR>< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> <BR>{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> <A href="http://office.microsoft.com/templates/ieawsdc.cab[Microsoft">http://office.microsoft.com/templates/ieawsdc.cab[Microsoft</A> Office Template and Media Control] -> <BR>{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> <A href="http://www.apple.com/qtactivex/qtplugin.cab[Reg">http://www.apple.com/qtactivex/qtplugin.cab[Reg</A> Error: Key does not exist or could not be opened.] -> <BR>{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> <A href="http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop">http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop</A> Utility] -> <BR>{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> <A href="http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Reg">http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Reg</A> Error: Key does not exist or could not be opened.] -> <BR>{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> <A href="http://go.microsoft.com/fwlink/?linkid=39204[Windows">http://go.microsoft.com/fwlink/?linkid=39204[Windows</A> Genuine Advantage Validation Tool] -> <BR>{193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> <A href="http://download.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan">http://download.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan</A> Control] -> <BR>{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}[HKEY_LOCAL_MACHINE] -> <A href="http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092909294421[MSSecurityAdvisor">http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092909294421[MSSecurityAdvisor</A> Class] -> <BR>{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> <A href="http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend">http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend</A> Micro ActiveX Scan Agent 6.6] -> <BR>{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> <A href="http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec">http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec</A> AntiVirus scanner] -> <BR>{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> <A href="http://office.microsoft.com/officeupdate/content/opuc3.cab[Office">http://office.microsoft.com/officeupdate/content/opuc3.cab[Office</A> Update Installation Engine] -> <BR>{4E888414-DB8F-11D1-9CD9-00C04F98436A}[HKEY_LOCAL_MACHINE] -> <A href="https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab[Microsoft.WinRep">https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab[Microsoft.WinRep</A>] -> <BR>{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> <A href="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab[Windows">http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab[Windows</A> Live Safety Center Base Module] -> <BR>{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> <A href="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188123345234[MUWebControl">http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188123345234[MUWebControl</A> Class] -> <BR>{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F}[HKEY_LOCAL_MACHINE] -> <A href="http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB[HouseCallButton.setup">http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB[HouseCallButton.setup</A>] -> <BR>{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> <A href="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java">http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java</A> Plug-in 1.6.0_07] -> <BR>{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> <A href="http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg">http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg</A> Error: Key does not exist or could not be opened.] -> <BR>{917623D1-D8E5-11D2-BE8B-00104B06BDE3}[HKEY_LOCAL_MACHINE] -> <A href="http://paris.tourismeville.wanadoo.fr/activex/AxisCamControl.cab[CamImage">http://paris.tourismeville.wanadoo.fr/activex/AxisCamControl.cab[CamImage</A> Class] -> <BR>{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> <A href="http://www.crucial.com/controls/cpcScanner.cab[Crucial">http://www.crucial.com/controls/cpcScanner.cab[Crucial</A> cpcScan] -> <BR>{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}[HKEY_LOCAL_MACHINE] -> <A href="http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB[TSEasyInstallX">http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB[TSEasyInstallX</A> Control] -> <BR>{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> <A href="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec">http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec</A> RuFSI Registry Information Class] -> <BR>{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> <A href="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java">http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java</A> Plug-in 1.6.0_07] -> <BR>{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> <A href="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java">http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java</A> Plug-in 1.6.0_07] -> <BR>{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> <A href="http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom">http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom</A> Class] -> <BR>{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> <A href="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave">http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave</A> Flash Object] -> <BR>{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}[HKEY_LOCAL_MACHINE] -> <A href="http://asp08.photoprintit.de/microsite/12849//defaults/activex/IPSUploader.cab[IPSUploader">http://asp08.photoprintit.de/microsite/12849//defaults/activex/IPSUploader.cab[IPSUploader</A> Control] -> <BR>{FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39}[HKEY_LOCAL_MACHINE] -> <A href="http://express.foto.com/FUploader/SpeedUploader.cab[Reg">http://express.foto.com/FUploader/SpeedUploader.cab[Reg</A> Error: Key does not exist or could not be opened.] -> <BR>DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> <A href="file://C:\WINDOWS\Java\classes\dajava.cab[Reg">file://C:\WINDOWS\Java\classes\dajava.cab[Reg</A> Error: Key does not exist or could not be opened.] -> <BR>Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> <A href="file://C:\WINDOWS\Java\classes\xmldso.cab[Reg">file://C:\WINDOWS\Java\classes\xmldso.cab[Reg</A> Error: Key does not exist or could not be opened.] -> <BR>< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -><BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\.Owner -> {4E62C4DE-627D-4604-B157-4B7D6B09F02E} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\{4E62C4DE-627D-4604-B157-4B7D6B09F02E} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/IEAWSDC.DLL\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\.Owner -> {A90A5822-F108-45AD-8482-9BC8B12DD539} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\{A90A5822-F108-45AD-8482-9BC8B12DD539} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\.Owner -> {193C772A-87BE-4B19-A7BB-445B226FE9A1} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\{193C772A-87BE-4B19-A7BB-445B226FE9A1} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HouseCallButton.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HouseCallButton.dll\\.Owner -> {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HouseCallButton.dll\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll\\.Owner -> {215B8138-A3CF-44C5-803F-8226143CFC0A} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IPSUploader.ocx\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IPSUploader.ocx\\.Owner -> {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IPSUploader.ocx\\{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LegitCheckControl.DLL\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallMgr.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallMgr.dll\\.Owner -> {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallMgr.dll\\{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallX.ocx\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallX.ocx\\.Owner -> {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallX.ocx\\{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI.ini\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI.ini\\.Owner -> {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI.ini\\{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI_X.ini\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI_X.ini\\.Owner -> {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI_X.ini\\{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\.Owner -> {474F00F5-3853-492C-AC3A-476512BBC336} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\{474F00F5-3853-492C-AC3A-476512BBC336} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\.Owner -> {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ASYCFILT.DLL\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ASYCFILT.DLL\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ASYCFILT.DLL\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/COMCAT.DLL\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/COMCAT.DLL\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/COMCAT.DLL\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll\\.Owner -> {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll\\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvbvm60.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvbvm60.dll\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvbvm60.dll\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OLEAUT32.DLL\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OLEAUT32.DLL\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OLEAUT32.DLL\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\{0E5F0222-96B9-11D3-8997-00104BD12D94} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/STDOLE2.TLB\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/STDOLE2.TLB\\.Owner -> Unknown Owner -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/STDOLE2.TLB\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> Unknown Owner -> </P> <P><BR>[Registry - Additional Scans - Non-Microsoft Only]<BR>< BotCheck > -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -><BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\ExtendedDataValue -> 72 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -><BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -><BR>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> <BR>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 -> <BR>Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -><BR>*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> <BR>msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 01:12:00 | Attr =	]<BR>C:\WINDOWS\system32\urqOFWmM ->  -> File not found<BR>*MultiFile Done* -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> <BR>*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> <BR>kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14/04/2008 01:11:56 | Attr =	]<BR>msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 01:12:00 | Attr =	]<BR>schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =	]<BR>wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14/04/2008 01:12:08 | Attr =	]<BR>*MultiFile Done* -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 780 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 2 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> <BR>*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> <BR>scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =	]<BR>*MultiFile Done* -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> <BR>*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> <BR>Windows NT Access Provider ->  -> File not found<BR>*MultiFile Done* -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 14/04/2008 01:12:02 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> C0 11 E9 00 32 50 66 AB 40 6A B3 0C FF 30 68 6D 66 30 39 32 39 34 33 62 00 00 00 00 01 00 00 00 C0 01 00 00 C4 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 63 6B 74 6C  [binary data] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> BC 25 07 1A F3 81 63 34 B5  [binary data] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> DF 50 0B 6D E1 EB  [binary data] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> EC 7B 48 64 0C 86 53 68 F2 FE A2 B5 F2 DE 50 4E  [binary data] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> <A href="http://www.passport.com">http://www.passport.com</A> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> BE B9 73 3E 11 FA C8 01  [binary data] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -><BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 29819 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 01:11:55 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1723:TCP -> 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1701:UDP -> 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\500:UDP -> 500:UDP:*:Enabled:@xpsp2res.dll,-22017 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 17/07/2008 10:05:24 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 640280 bytes | Modified Date = 17/07/2008 10:05:24 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 14/04/2008 01:12:28 | Attr =  HS]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1723:TCP -> 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1701:UDP -> 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\500:UDP -> 500:UDP:*:Enabled:@xpsp2res.dll,-22017 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -><BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 01:12:11 | Attr =	]<BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> <BR>Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> <BR>Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> <BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -><BR>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> <BR>< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> <BR>.bat [@ = batfile] ->  -> File not found<BR>.cmd [@ = cmdfile] ->  -> File not found<BR>.com [@ = comfile] ->  -> File not found<BR>.exe [@ = exefile] ->  -> File not found<BR>.pif [@ = piffile] ->  -> File not found<BR>.scr [@ = scrfile] ->  -> File not found<BR>< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> <BR>{00000409-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 SR-1 Premium<BR>{00040409-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 Disc 2<BR>{002C9999-0000-0000-C000-000000000112} -> Microsoft Office Web Components<BR>{01E9D77A-CA32-450F-99C1-6231D9E99E1C} -> Steganos Live Encryption Engine 5.03<BR>{05902375-5DFF-4AB7-81A4-283E87807B11} -> World Racing Demo<BR>{0A4DF5B0-983C-4691-9D4A-9FD1D4B2A69F} -> Secunia PSI (BETA)<BR>{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} -> MSXML 6.0 Parser (KB933579)<BR>{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel<BR>{0C5596A1-9E8D-11D4-8581-0080C8D5668E} -> ixla Web Easy Express 3.0.1<BR>{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0<BR>{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} -> Security Update for CAPICOM (KB931906)<BR>{1A15507A-8551-4626-915D-3D5FA095CC1B} -> Corel Paint Shop Pro X<BR>{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} -> Google Earth<BR>{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer<BR>{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2<BR>{24ED4D80-8294-11D5-96CD-0040266301AD} -> FinePixViewer Ver.3.2<BR>{25569723-DC5A-4467-A639-79535BF01B71} -> Adobe Help Center 2.1<BR>{2BA00471-0328-3743-93BD-FA813353A783} -> Microsoft .NET Framework 3.0 Service Pack 1<BR>{2BD50812-5848-421D-A2B8-02B702690003} -> RoboScreenCapture<BR>{2D8D1F61-B119-4434-9CC2-A70C2C6F8CF3} -> Internet Radio Recorder<BR>{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7<BR>{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP<BR>{369B36BE-3D64-4641-9AEA-808D436FE132} -> Microsoft Picture It! Photo 7.0<BR>{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978)<BR>{3CB41017-F5CA-4C56-934C-ED02156251E6} -> iTunes<BR>{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66} -> HydraVision<BR>{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} -> Maxtor OneTouch<BR>{46AC899A-9ECB-43DC-85DE-272E0D116A1E} -> Ad-Aware 2007<BR>{5809E7CF-4DCF-11D4-9875-00105ACE7734} -> Logitech MouseWare 9.70 <BR>{5CF0CC4E-9B63-4E7E-8950-B92C6AA7E3BD} -> Google SketchU 6 Construction Library<BR>{62201736-0A1F-4C6F-9C59-1AA3360CEA50} -> Homespun Content Pack<BR>{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0<BR>{6C11D561-620B-47DA-A693-4C597F3CDF40} -> EPSON Smart Panel<BR>{6EEE934B-F292-4995-95BF-4AE871AC42E8} -> Diskeeper 2007 Pro Premier<BR>{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable<BR>{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} -> Microsoft Works 7.0<BR>{76EFAC4F-1712-401F-B2AE-590B170C9BCE} -> StartupMonitor<BR>{7C4196CA-CA41-4F34-9C08-7724E7705D52} -> Jasc Animation Shop 3<BR>{7EE9DE0D-9228-4C33-B80E-FDD1773600DF} -> Microsoft Works Suite Add-in for Microsoft Word<BR>{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32} -> EPSON Web-To-Page<BR>{7F34A21F-2DEB-4598-BB19-611D6BD24271} -> Managed DirectX (0901)<BR>{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B} -> Microsoft AutoRoute 2006<BR>{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight<BR>{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system<BR>{90A38975-8780-41EB-8483-5FFE82526859} -> Microsoft Phishing Filter Add-in for MSN Search Toolbar<BR>{926B245F-201A-45D8-B4CE-B5A114F23381} -> Steganos Security Suite 6.0.4<BR>{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E} -> EPSON Photo Print<BR>{98736A65-3C79-49EC-B7E9-A3C77774B0E6} -> Google SketchUp 6<BR>{9A3EABC0-CA06-11D4-BF77-00104B130C19} -> EPSON TWAIN 5<BR>{9DE006A5-B384-4EDE-A760-0F217136B9EA} -> Microsoft IntelliType Pro 2.2<BR>{A4D7B764-4140-11D4-88EB-0050DA3579C0} -> Nero - Burning Rom<BR>{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} -> Adobe Photoshop Elements 5.0<BR>{A9CF9052-F4A0-475D-A00F-A8388C62DD63} -> MSXML 4.0 SP2 (KB925672)<BR>{AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2<BR>{ADE3CACC-EC31-480C-83A0-587EE60CE8DF} -> RamBooster<BR>{B2EFE303-A594-11D5-95EB-005004BC1C65} -> EPSON PhotoQuicker3.2<BR>{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684} -> Google SketchUp 6<BR>{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy<BR>{B43357AA-3A6D-4D94-B56E-43C44D09E548} -> Microsoft .NET Framework (English)<BR>{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1<BR>{B69CC1A5-0404-11D6-ABCB-005004C21D30} -> EPSON Copy Utility<BR>{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation<BR>{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)<BR>{C4354214-B919-4C8F-84EB-4F9B84ACC02C} -> Retrospect 6.0<BR>{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} -> TuneUp Utilities 2007<BR>{C94E45B0-6AA6-4FB9-9AAE-22085F631880} -> VBA<BR>{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition<BR>{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7} -> SpeedTouch USB Software<BR>{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6} -> Works Suite OS Pack<BR>{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer<BR>{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5} -> ScanToWeb<BR>{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} -> Update Manager<BR>{F45298E5-0083-426F-A668-1A2C5F04B8A0} -> FaxTools<BR>{FB4A5F2C-01AD-420E-9569-0CF5431C3638} -> 3D Home Designer Deluxe<BR>{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} -> HighMAT Extension to Microsoft Windows XP CD Writing Wizard<BR>{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C} -> Adobe Setup<BR>Adobe Atmosphere Player -> Adobe Atmosphere Player for Acrobat and Adobe Reader<BR>Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX<BR>Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2<BR>Adobe Photoshop Elements 5 -> Adobe Photoshop Elements 5.0<BR>Adobe_719d6f144d0c086a0dfa7ff76bb9ac1 -> Adobe Photoshop CS3<BR>AI RoboForm -> AI RoboForm (All Users)<BR>ATI Display Driver -> ATI Display Driver<BR>AVG8Uninstall -> AVG Free 8.0<BR>Belarc Advisor 2.0 -> Belarc Advisor 7.0<BR>CAL -> Canon Camera Access Library<BR>CameraWindowDVC5 -> Canon Camera Window DC_DV 5 for ZoomBrowser EX<BR>CameraWindowDVC6 -> Canon Camera Window DC_DV 6 for ZoomBrowser EX<BR>CameraWindowMC -> Canon Camera Window MC 6 for ZoomBrowser EX<BR>CANON iMAGE GATEWAY Task -> CANON iMAGE GATEWAY Task for ZoomBrowser EX<BR>Canon Internet Library for ZoomBrowser EX -> Canon Internet Library for ZoomBrowser EX<BR>CCleaner -> CCleaner (remove only)<BR>ClickTray Calendar_is1 -> ClickTray Calendar<BR>Clipboard Magic_is1 -> Clipboard Magic 4.01<BR>CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1 -> PCI SoftV92 Modem<BR>CSCLIB -> Canon Camera Support Core Library<BR>DPP -> Canon Utilities Digital Photo Professional 3.4<BR>Easy Uninstaller -> Easy Uninstaller<BR>EndItAll_is1 -> EndItAll 2.0<BR>EOS Utility -> Canon Utilities EOS Utility<BR>EPSON Printer and Utilities -> EPSON Printer Software<BR>ERUNT_is1 -> ERUNT 1.1j<BR>FastStone Image Viewer -> FastStone Image Viewer 1.8<BR>Gadwin PrintScreen -> Gadwin PrintScreen<BR>GeForms 1.8 -> GeForms 1.8<BR>getPlus(R)_ocx -> getPlus(R)_ocx<BR>Google Updater -> Google Updater<BR>HijackThis -> HijackThis 2.0.2<BR>IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs<BR>ieSpell -> ieSpell 2.2.0 (build 647)<BR>InstallShield_{2BD50812-5848-421D-A2B8-02B702690003} -> RoboScreenCapture<BR>InstallShield_{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} -> Maxtor OneTouch<BR>InstallShield_{FB4A5F2C-01AD-420E-9569-0CF5431C3638} -> 3D Home Designer Deluxe Edition<BR>KB870669 -> Microsoft Data Access Components KB870669<BR>KB898458 -> Security Update for Step By Step Interactive Training (KB898458)<BR>KB911564 -> Security Update for Windows Media Player (KB911564)<BR>KB911565 -> Security Update for Windows Media Player 10 (KB911565)<BR>KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734)<BR>KB923723 -> Security Update for Step By Step Interactive Training (KB923723)<BR>KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)<BR>KB931906 -> Security Update for CAPICOM (KB931906)<BR>KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782)<BR>KB939683 -> Hotfix for Windows Media Player 11 (KB939683)<BR>KB941569 -> Security Update for Windows XP (KB941569)<BR>KB946648 -> Security Update for Windows XP (KB946648)<BR>KB950759 -> Security Update for Windows XP (KB950759)<BR>KB950760 -> Security Update for Windows XP (KB950760)<BR>KB950762 -> Security Update for Windows XP (KB950762)<BR>KB950974 -> Security Update for Windows XP (KB950974)<BR>KB951066 -> Security Update for Windows XP (KB951066)<BR>KB951072-v2 -> Update for Windows XP (KB951072-v2)<BR>KB951376-v2 -> Security Update for Windows XP (KB951376-v2)<BR>KB951698 -> Security Update for Windows XP (KB951698)<BR>KB951748 -> Security Update for Windows XP (KB951748)<BR>KB951978 -> Update for Windows XP (KB951978)<BR>KB952287 -> Hotfix for Windows XP (KB952287)<BR>KB952954 -> Security Update for Windows XP (KB952954)<BR>KB953838 -> Security Update for Windows XP (KB953838)<BR>KB953839 -> Security Update for Windows XP (KB953839)<BR>Logitech Resource Center -> Logitech Resource Center<BR>M928367 -> Microsoft .NET Framework 1.0 Hotfix (KB928367)<BR>Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware<BR>Microsoft .NET Framework Full v1.0.3705 (1033) -> Microsoft .NET Framework (English) v1.0.3705<BR>Mozilla Firefox (3.0.1) -> Mozilla Firefox (3.0.1)<BR>MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP<BR>MWASPI -> MicroStaff WINASPI<BR>MXOFX -> USB Storage Adapter FX (MXO)<BR>Neat Image_is1 -> Neat Image v5 Demo (with plug-in)<BR>NeroVision!UninstallKey -> Ahead NeroVision Express<BR>NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs<BR>NVIDIA Audio Driver -> NVIDIA Audio Driver<BR>NVIDIA Drivers -> NVIDIA Drivers<BR>NVIDIAnForce -> NVIDIA Windows 2000/XP nForce Drivers<BR>Opanda IExif_is1 -> Opanda IExif 2.3<BR>PhotoStitch -> Canon Utilities PhotoStitch<BR>Picasa2 -> Picasa 2<BR>Presorium Frontgate MX -> Frontgate MX<BR>Print Artist -> SierraHome Print Artist<BR>RAW Image Task -> Canon RAW Image Task for ZoomBrowser EX<BR>RealAlt_is1 -> Real Alternative 1.51<BR>RemoteCaptureTask -> Canon RemoteCapture Task for ZoomBrowser EX<BR>Smileycons_is1 -> Smileycons<BR>Spyware Doctor -> Spyware Doctor 5.5<BR>SpywareBlaster_is1 -> SpywareBlaster 4.1<BR>SSUtils -> NVIDIA nForce Utilities<BR>tinySpell_is1 -> tinySpell 1.3<BR>Unlocker -> Unlocker 1.8.5<BR>Virtual Magnifying Glass_is1 -> Virtual Magnifying Glass 2.00<BR>WIC -> Windows Imaging Component<BR>Windows Live OneCare safety scanner -> Windows Live OneCare safety scanner<BR>Windows Media Format Runtime -> Windows Media Format 11 runtime<BR>Windows Media Player -> Windows Media Player 11<BR>Windows XP Service Pack -> Windows XP Service Pack 3<BR>WMFDist11 -> Windows Media Format 11 runtime<BR>wmp11 -> Windows Media Player 11<BR>WordWeb -> WordWeb<BR>Works2003Setup -> Microsoft Works 2003 Setup Launcher<BR>Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0<BR>XpsEPSC -> XML Paper Specification Shared Components Pack 1.0<BR>ZoneAlarm -> ZoneAlarm<BR>ZoneAlarmSB Uninstall -> ZoneAlarm Spy Blocker<BR>ZoomBrowser EX -> Canon Utilities ZoomBrowser EX<BR>< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> </P> <P><BR>[Files/Folders - Created Within 30 days]<BR>$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Created Date = 31/07/2008 15:24:06 | Attr =  H ]<BR>Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 10/08/2008 18:13:32 | Attr =	]<BR>hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 09/08/2008 11:26:47 | Attr =	]<BR>lpwdm.sys -> %SystemRoot%\System32\drivers\lpwdm.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 16128 bytes | Created Date = 05/08/2008 21:57:01 | Attr = R  ]<BR>mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 05/08/2008 19:42:34 | Attr =	]<BR>mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 05/08/2008 19:42:33 | Attr =	]<BR>st330.sys -> %SystemRoot%\System32\drivers\st330.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 30464 bytes | Created Date = 05/08/2008 21:57:01 | Attr = R  ]<BR>stbus.sys -> %SystemRoot%\System32\drivers\stbus.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 12672 bytes | Created Date = 05/08/2008 21:57:02 | Attr = R  ]<BR>en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 09/08/2008 12:02:55 | Attr =	]<BR>1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> <BR>ir50_qc.dll -> %SystemRoot%\System32\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Created Date = 09/08/2008 11:27:00 | Attr =	]<BR>ir50_qcx.dll -> %SystemRoot%\System32\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Created Date = 09/08/2008 11:27:01 | Attr =	]<BR>java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 09/08/2008 16:17:43 | Attr =	]<BR>javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 09/08/2008 16:17:43 | Attr =	]<BR>javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 09/08/2008 16:17:43 | Attr =	]<BR>javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 09/08/2008 16:17:43 | Attr =	]<BR>pid.inf -> %SystemRoot%\System32\pid.inf ->  [Ver =  | Size = 1261 bytes | Created Date = 09/08/2008 11:26:51 | Attr =	]<BR>scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 09/08/2008 12:02:59 | Attr =	]<BR>ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 10/08/2008 18:14:03 | Attr =	]<BR>3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> <BR>imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 3739 bytes | Created Date = 21/08/2008 17:00:52 | Attr =	]<BR>l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 09/08/2008 12:02:56 | Attr =	]<BR>Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 09/08/2008 12:16:37 | Attr =	]<BR>[Files Created - Additional Folder Scans - Non-Microsoft Only]<BR>Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 05/08/2008 19:42:32 | Attr =	]<BR>Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 31/07/2008 15:13:06 | Attr =	]<BR>Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 05/08/2008 19:42:42 | Attr =	]<BR>Zattoo -> %UserProfile%\Local Settings\Application Data\Zattoo ->  [Folder | Created Date = 21/08/2008 17:57:24 | Attr =	]<BR>ZattooPlayer -> %UserProfile%\Local Settings\Application Data\ZattooPlayer ->  [Folder | Created Date = 29/07/2008 11:06:31 | Attr =	]<BR><A href="mailto:!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg">!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg</A> -> %UserProfile%\My Documents\!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg ->  [Ver =  | Size = 219717 bytes | Created Date = 19/08/2008 11:10:43 | Attr =	]<BR>2 ScreenShot.jpg -> %UserProfile%\My Documents\2 ScreenShot.jpg ->  [Ver =  | Size = 145565 bytes | Created Date = 22/08/2008 23:17:25 | Attr =	]<BR>bookmark.htm -> %UserProfile%\My Documents\bookmark.htm ->  [Ver =  | Size = 38000 bytes | Created Date = 15/08/2008 23:09:38 | Attr =	]<BR>Direct Debit Instructions.doc -> %UserProfile%\My Documents\Direct Debit Instructions.doc ->  [Ver =  | Size = 19456 bytes | Created Date = 11/08/2008 20:01:55 | Attr =	]<BR>image009.jpg -> %UserProfile%\My Documents\image009.jpg ->  [Ver =  | Size = 43580 bytes | Created Date = 19/08/2008 20:28:47 | Attr =	]<BR>land 2.jpg -> %UserProfile%\My Documents\land 2.jpg ->  [Ver =  | Size = 1129973 bytes | Created Date = 16/08/2008 19:58:10 | Attr =	]<BR>land.jpg -> %UserProfile%\My Documents\land.jpg ->  [Ver =  | Size = 577288 bytes | Created Date = 16/08/2008 19:49:56 | Attr =	]<BR>PrintScreen Files -> %UserProfile%\My Documents\PrintScreen Files ->  [Folder | Created Date = 11/08/2008 17:54:58 | Attr =	]<BR>ScreenShot.jpg -> %UserProfile%\My Documents\ScreenShot.jpg ->  [Ver =  | Size = 118715 bytes | Created Date = 22/08/2008 23:15:30 | Attr =	]<BR>Sprayer.jpg -> %UserProfile%\My Documents\Sprayer.jpg ->  [Ver =  | Size = 706929 bytes | Created Date = 31/07/2008 17:53:41 | Attr =	]<BR>Test 1 at 11-20 am.jpg -> %UserProfile%\My Documents\Test 1 at 11-20 am.jpg ->  [Ver =  | Size = 183221 bytes | Created Date = 11/08/2008 11:24:04 | Attr =	]<BR>Updater -> %UserProfile%\My Documents\Updater ->  [Folder | Created Date = 15/08/2008 20:33:53 | Attr =	]<BR>Wyevale%20Flyer%20for%20Web.pdf -> %UserProfile%\My Documents\Wyevale%20Flyer%20for%20Web.pdf ->  [Ver =  | Size = 1660754 bytes | Created Date = 18/08/2008 19:07:56 | Attr =	]<BR>Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk ->  [Ver =  | Size = 851 bytes | Created Date = 09/08/2008 16:17:57 | Attr =	]<BR>Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 696 bytes | Created Date = 05/08/2008 19:42:34 | Attr =	]<BR>SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 06/08/2008 10:06:46 | Attr =	]<BR>Tiscali Broadband.lnk -> %AllUsersProfile%\Desktop\Tiscali Broadband.lnk ->  [Ver =  | Size = 1641 bytes | Created Date = 05/08/2008 22:47:01 | Attr = R  ]<BR>Tiscali Help.lnk -> %AllUsersProfile%\Desktop\Tiscali Help.lnk ->  [Ver =  | Size = 1884 bytes | Created Date = 05/08/2008 22:47:20 | Attr = R  ]<BR>ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 22/08/2008 19:46:21 | Attr =	]<BR>@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier<BR>BetterJPEG.lnk -> %UserProfile%\Desktop\BetterJPEG.lnk ->  [Ver =  | Size = 732 bytes | Created Date = 22/08/2008 12:02:03 | Attr =	]<BR>dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 10/08/2008 18:11:33 | Attr =	]<BR>@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier<BR>ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk ->  [Ver =  | Size = 592 bytes | Created Date = 19/08/2008 22:51:32 | Attr =	]<BR>GeForms 1.8.lnk -> %UserProfile%\Desktop\GeForms 1.8.lnk ->  [Ver =  | Size = 887 bytes | Created Date = 11/08/2008 18:02:07 | Attr =	]<BR>HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 12/08/2008 16:20:36 | Attr =	]<BR>NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk ->  [Ver =  | Size = 611 bytes | Created Date = 19/08/2008 22:51:32 | Attr =	]<BR>OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 22/08/2008 23:11:38 | Attr =	]<BR>OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Created Date = 22/08/2008 23:10:39 | Attr =	]<BR>@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier<BR>Shortcut to ERDNT.lnk -> %UserProfile%\Desktop\Shortcut to ERDNT.lnk ->  [Ver =  | Size = 464 bytes | Created Date = 19/08/2008 22:57:06 | Attr =	]<BR>Smitfraud And Iedfix.exe.url -> %UserProfile%\Desktop\Smitfraud And Iedfix.exe.url ->  [Ver =  | Size = 260 bytes | Created Date = 22/08/2008 21:48:38 | Attr =	]<BR>Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 963 bytes | Created Date = 31/07/2008 15:13:11 | Attr =	]<BR>SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk ->  [Ver =  | Size = 690 bytes | Created Date = 31/07/2008 22:38:31 | Attr =	]<BR>SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 6467096 bytes | Created Date = 06/08/2008 09:54:22 | Attr =	]<BR>@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier<BR>Task Killer.lnk -> %UserProfile%\Desktop\Task Killer.lnk ->  [Ver =  | Size = 723 bytes | Created Date = 13/08/2008 13:55:00 | Attr =	]<BR>Google Updater.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk ->  [Ver =  | Size = 920 bytes | Created Date = 14/08/2008 15:08:03 | Attr =	]<BR>ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ->  [Ver =  | Size = 767 bytes | Created Date = 19/08/2008 22:52:19 | Attr =	]<BR>Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 09/08/2008 16:15:51 | Attr =	]<BR>BetterJPEG 2 -> %ProgramFiles%\BetterJPEG 2 ->  [Folder | Created Date = 22/08/2008 11:53:12 | Attr =	]<BR>1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> <BR>Gadwin Systems -> %ProgramFiles%\Gadwin Systems ->  [Folder | Created Date = 11/08/2008 17:54:57 | Attr =	]<BR>Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 05/08/2008 19:42:32 | Attr =	]<BR>Sun -> %ProgramFiles%\Sun ->  [Folder | Created Date = 09/08/2008 16:17:57 | Attr =	]<BR>Task Killer -> %ProgramFiles%\Task Killer ->  [Folder | Created Date = 13/08/2008 13:54:55 | Attr =	]<BR>Thomson -> %ProgramFiles%\Thomson ->  [Folder | Created Date = 05/08/2008 22:46:48 | Attr =	]<BR>Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 12/08/2008 16:20:30 | Attr =	]<BR>Uninstall Information -> %ProgramFiles%\Uninstall Information ->  [Folder | Created Date = 09/08/2008 12:17:26 | Attr =  H ]<BR>Zattoo -> %ProgramFiles%\Zattoo ->  [Folder | Created Date = 29/07/2008 11:05:28 | Attr =	]</P> <P>[Files/Folders - Modified Within 30 days]<BR>$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Modified Date = 24/08/2008 11:00:06 | Attr =  H ]<BR>Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 24/08/2008 10:42:33 | Attr =  HS]<BR>Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 10/08/2008 18:13:32 | Attr =	]<BR>ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 09/08/2008 11:51:54 | Attr = RHS]<BR>Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 22/08/2008 11:53:12 | Attr =	]<BR>System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 13/08/2008 22:03:47 | Attr =  HS]<BR>WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 22/08/2008 21:58:13 | Attr =	]<BR>Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Modified Date = 22/08/2008 23:29:27 | Attr =	]<BR>incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 26541192 bytes | Modified Date = 22/08/2008 23:29:25 | Attr =	]<BR>microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 67349 bytes | Modified Date = 22/08/2008 23:29:25 | Attr =	]<BR>miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 211986 bytes | Modified Date = 09/08/2008 18:49:28 | Attr =	]<BR>etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 21/08/2008 18:33:59 | Attr =	]<BR>hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 260063 bytes | Modified Date = 21/08/2008 18:33:59 | Attr = R  ]<BR>hosts.20080731-151936.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080731-151936.backup ->  [Ver =  | Size = 256098 bytes | Modified Date = 31/07/2008 15:19:02 | Attr = R  ]<BR>hosts.20080731-152009.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080731-152009.backup ->  [Ver =  | Size = 256098 bytes | Modified Date = 31/07/2008 15:19:36 | Attr = R  ]<BR>hosts.20080821-183359.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080821-183359.backup ->  [Ver =  | Size = 256098 bytes | Modified Date = 31/07/2008 15:20:09 | Attr = R  ]<BR>fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 16144416 bytes | Modified Date = 23/08/2008 17:53:21 | Attr =  HS]<BR>fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 210152 bytes | Modified Date = 23/08/2008 17:53:21 | Attr =  HS]<BR>mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 30/07/2008 20:07:52 | Attr =	]<BR>mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 30/07/2008 20:07:56 | Attr =	]<BR>bits -> %SystemRoot%\System32\bits ->  [Folder | Modified Date = 09/08/2008 12:02:54 | Attr =	]<BR>1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> <BR>CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 09/08/2008 12:11:13 | Attr =	]<BR>CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 23/08/2008 17:53:11 | Attr =	]<BR>Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 09/08/2008 11:56:29 | Attr =	]<BR>config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 21/08/2008 21:38:03 | Attr =	]<BR>dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 13/08/2008 18:57:13 | Attr = RHS]<BR>drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 24/08/2008 09:42:59 | Attr =	]<BR>en -> %SystemRoot%\System32\en ->  [Folder | Modified Date = 09/08/2008 12:02:55 | Attr =	]<BR>en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 09/08/2008 12:03:02 | Attr =	]<BR>FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1807712 bytes | Modified Date = 09/08/2008 12:16:51 | Attr =	]<BR>npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 09/08/2008 11:56:46 | Attr =	]<BR>NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 22/08/2008 22:49:07 | Attr =	]<BR>oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 09/08/2008 11:55:36 | Attr =	]<BR>perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 71110 bytes | Modified Date = 09/08/2008 12:21:12 | Attr =	]<BR>perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 441550 bytes | Modified Date = 09/08/2008 12:21:12 | Attr =	]<BR>PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 522188 bytes | Modified Date = 09/08/2008 12:21:11 | Attr =	]<BR>ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 09/08/2008 11:50:22 | Attr =	]<BR>Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 13/08/2008 22:03:47 | Attr =	]<BR>scripting -> %SystemRoot%\System32\scripting ->  [Folder | Modified Date = 09/08/2008 12:02:59 | Attr =	]<BR>Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 09/08/2008 12:15:15 | Attr =	]<BR>usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 09/08/2008 12:03:02 | Attr =	]<BR>vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 352918 bytes | Modified Date = 24/08/2008 09:43:26 | Attr =	]<BR>wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 09/08/2008 12:15:14 | Attr =	]<BR>wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 12626 bytes | Modified Date = 24/08/2008 10:41:27 | Attr =	]<BR>$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 13/08/2008 18:56:29 | Attr =  H ]<BR>3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> <BR>$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 09/08/2008 11:50:11 | Attr =  H ]<BR>AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 09/08/2008 12:15:15 | Attr =	]<BR>bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 24/08/2008 09:42:02 | Attr =   S]<BR>Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 15/08/2008 18:51:56 | Attr =	]<BR>Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 12/08/2008 10:54:54 | Attr =   S]<BR>ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 09/08/2008 11:43:22 | Attr =	]<BR>ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 20/08/2008 07:56:06 | Attr =	]<BR>Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 09/08/2008 12:15:12 | Attr = R S]<BR>Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 09/08/2008 12:03:39 | Attr =	]<BR>ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 09/08/2008 12:03:31 | Attr =	]<BR>imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 3739 bytes | Modified Date = 21/08/2008 17:23:51 | Attr =	]<BR>inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 13/08/2008 18:57:15 | Attr =  H ]<BR>Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 24/08/2008 10:42:33 | Attr =  HS]<BR>Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 24/08/2008 11:32:14 | Attr =	]<BR>l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Modified Date = 09/08/2008 12:02:57 | Attr =	]<BR>msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 09/08/2008 12:15:15 | Attr =	]<BR>network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 09/08/2008 12:03:31 | Attr =	]<BR>peernet -> %SystemRoot%\peernet ->  [Folder | Modified Date = 09/08/2008 12:02:54 | Attr =	]<BR>Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 24/08/2008 11:35:36 | Attr =	]<BR>security -> %SystemRoot%\security ->  [Folder | Modified Date = 09/08/2008 12:11:07 | Attr =	]<BR>ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Modified Date = 09/08/2008 12:03:38 | Attr =	]<BR>srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 09/08/2008 11:56:38 | Attr =	]<BR>system -> %SystemRoot%\system ->  [Folder | Modified Date = 09/08/2008 11:55:33 | Attr =	]<BR>system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 15/08/2008 21:37:21 | Attr =	]<BR>Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 24/08/2008 11:33:15 | Attr =	]<BR>win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1501 bytes | Modified Date = 11/08/2008 18:32:04 | Attr =	]<BR>WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 09/08/2008 12:04:00 | Attr =	]<BR>1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job ->  [Ver =  | Size = 398 bytes | Modified Date = 22/08/2008 17:26:37 | Attr =	]<BR>SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 24/08/2008 09:42:32 | Attr =  H ]<BR>C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 01/01/2004 19:59:32 | Attr =	]<BR>hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 2337 bytes | Modified Date = 15/07/2008 21:59:56 | Attr =	]<BR>C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache(2)\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache(2) ->  [Folder | Modified Date = 01/07/2003 17:22:15 | Attr =	]<BR>about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache(2)\about.dat ->  [Ver =  | Size = 2302 bytes | Modified Date = 17/07/2002 11:00:00 | Attr =	]<BR>college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache(2)\college.dat ->  [Ver =  | Size = 314360 bytes | Modified Date = 17/07/2002 11:00:00 | Attr =	]<BR>C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 20/05/2003 12:46:02 | Attr =	]<BR>qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 24/08/2008 10:42:04 | Attr =	]<BR>qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5505 bytes | Modified Date = 24/08/2008 10:42:04 | Attr =	]<BR>C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 19/07/2006 15:12:54 | Attr =	]<BR>data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 3804 bytes | Modified Date = 22/05/2003 22:19:49 | Attr =	]<BR>opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa12.dat ->  [Ver =  | Size = 8388 bytes | Modified Date = 19/07/2006 15:07:31 | Attr =	]<BR>C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 08/12/2007 13:18:05 | Attr =	]<BR>CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 11/12/2003 12:44:38 | Attr =	]<BR>wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 23/05/2003 19:33:54 | Attr =	]<BR>wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat ->  [Ver =  | Size = 556808 bytes | Modified Date = 02/12/2007 20:02:22 | Attr =	]<BR>[Files Modified - Additional Folder Scans - Non-Microsoft Only]<BR>Google Updater -> %AllUsersProfile%\Application Data\Google Updater ->  [Folder | Modified Date = 24/08/2008 09:54:40 | Attr =	]<BR>Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Modified Date = 05/08/2008 19:42:32 | Attr =	]<BR>Retrospect -> %AllUsersProfile%\Application Data\Retrospect ->  [Folder | Modified Date = 07/08/2008 11:48:21 | Attr =	]<BR>Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 31/07/2008 15:20:17 | Attr =	]<BR>TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 24/08/2008 10:30:56 | Attr =	]<BR>@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34<BR>@Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2<BR>ZoomBrowser -> %AllUsersProfile%\Application Data\ZoomBrowser ->  [Folder | Modified Date = 04/08/2008 19:35:08 | Attr =	]<BR>Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 22/08/2008 19:54:14 | Attr =	]<BR>Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 05/08/2008 19:42:42 | Attr =	]<BR>Mozilla -> %AppData%\Mozilla ->  [Folder | Modified Date = 31/07/2008 15:00:41 | Attr =	]<BR>SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 06/08/2008 10:06:46 | Attr =	]<BR>Uniblue -> %AppData%\Uniblue ->  [Folder | Modified Date = 03/08/2008 13:51:41 | Attr =	]<BR>ZoomBrowser EX -> %AppData%\ZoomBrowser EX ->  [Folder | Modified Date = 04/08/2008 19:35:19 | Attr =	]<BR>DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 136704 bytes | Modified Date = 21/08/2008 17:53:17 | Attr =	]<BR>Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 22/08/2008 22:32:01 | Attr =	]<BR>Zattoo -> %UserProfile%\Local Settings\Application Data\Zattoo ->  [Folder | Modified Date = 21/08/2008 17:58:47 | Attr =	]<BR>ZattooPlayer -> %UserProfile%\Local Settings\Application Data\ZattooPlayer ->  [Folder | Modified Date = 21/08/2008 17:57:45 | Attr =	]<BR><A href="mailto:!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg">!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg</A> -> %UserProfile%\My Documents\!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg ->  [Ver =  | Size = 219717 bytes | Modified Date = 19/08/2008 11:12:44 | Attr =	]<BR>2 ScreenShot.jpg -> %UserProfile%\My Documents\2 ScreenShot.jpg ->  [Ver =  | Size = 145565 bytes | Modified Date = 22/08/2008 23:17:25 | Attr =	]<BR>ALL MY PHOTOS -> %UserProfile%\My Documents\ALL MY PHOTOS ->  [Folder | Modified Date = 16/08/2008 19:25:19 | Attr = R  ]<BR>bookmark.htm -> %UserProfile%\My Documents\bookmark.htm ->  [Ver =  | Size = 38000 bytes | Modified Date = 15/08/2008 23:11:22 | Attr =	]<BR>CODES -> %UserProfile%\My Documents\CODES ->  [Folder | Modified Date = 08/08/2008 10:17:35 | Attr = R  ]<BR>COMPUTER TIPS -> %UserProfile%\My Documents\COMPUTER TIPS ->  [Folder | Modified Date = 22/08/2008 20:07:37 | Attr = R  ]<BR>desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 80 bytes | Modified Date = 09/08/2008 12:17:47 | Attr =  HS]<BR>Direct Debit Instructions.doc -> %UserProfile%\My Documents\Direct Debit Instructions.doc ->  [Ver =  | Size = 19456 bytes | Modified Date = 11/08/2008 20:01:55 | Attr =	]<BR>fun -> %UserProfile%\My Documents\fun ->  [Folder | Modified Date = 13/08/2008 15:02:06 | Attr =	]<BR>image009.jpg -> %UserProfile%\My Documents\image009.jpg ->  [Ver =  | Size = 43580 bytes | Modified Date = 19/08/2008 20:28:36 | Attr =	]<BR>land 2.jpg -> %UserProfile%\My Documents\land 2.jpg ->  [Ver =  | Size = 1129973 bytes | Modified Date = 16/08/2008 21:54:22 | Attr =	]<BR>land.jpg -> %UserProfile%\My Documents\land.jpg ->  [Ver =  | Size = 577288 bytes | Modified Date = 16/08/2008 19:49:57 | Attr =	]<BR>My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 09/08/2008 12:17:48 | Attr = R  ]<BR>My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 09/08/2008 12:17:47 | Attr = R  ]<BR>PrintScreen Files -> %UserProfile%\My Documents\PrintScreen Files ->  [Folder | Modified Date = 13/08/2008 14:34:10 | Attr =	]<BR>ScreenShot.jpg -> %UserProfile%\My Documents\ScreenShot.jpg ->  [Ver =  | Size = 118715 bytes | Modified Date = 22/08/2008 23:15:30 | Attr =	]<BR>Sprayer.jpg -> %UserProfile%\My Documents\Sprayer.jpg ->  [Ver =  | Size = 706929 bytes | Modified Date = 31/07/2008 17:53:42 | Attr =	]<BR>Test 1 at 11-20 am.jpg -> %UserProfile%\My Documents\Test 1 at 11-20 am.jpg ->  [Ver =  | Size = 183221 bytes | Modified Date = 11/08/2008 11:24:05 | Attr =	]<BR>Thumbs.db -> %UserProfile%\My Documents\Thumbs.db ->  [Ver =  | Size = 3590504 bytes | Modified Date = 22/08/2008 23:23:04 | Attr =  HS]<BR>@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable<BR>Updater -> %UserProfile%\My Documents\Updater ->  [Folder | Modified Date = 15/08/2008 20:33:53 | Attr =	]<BR>Wyevale%20Flyer%20for%20Web.pdf -> %UserProfile%\My Documents\Wyevale%20Flyer%20for%20Web.pdf ->  [Ver =  | Size = 1660754 bytes | Modified Date = 18/08/2008 19:07:56 | Attr =	]<BR>Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk ->  [Ver =  | Size = 851 bytes | Modified Date = 09/08/2008 16:17:57 | Attr =	]<BR>Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 696 bytes | Modified Date = 05/08/2008 19:42:34 | Attr =	]<BR>SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 06/08/2008 10:06:46 | Attr =	]<BR>ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 22/08/2008 19:46:53 | Attr =	]<BR>@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier<BR>BetterJPEG.lnk -> %UserProfile%\Desktop\BetterJPEG.lnk ->  [Ver =  | Size = 732 bytes | Modified Date = 22/08/2008 12:02:03 | Attr =	]<BR>dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 10/08/2008 18:23:41 | Attr =	]<BR>@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier<BR>ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk ->  [Ver =  | Size = 592 bytes | Modified Date = 19/08/2008 22:51:32 | Attr =	]<BR>GeForms 1.8.lnk -> %UserProfile%\Desktop\GeForms 1.8.lnk ->  [Ver =  | Size = 887 bytes | Modified Date = 11/08/2008 18:02:07 | Attr =	]<BR>HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 12/08/2008 16:20:37 | Attr =	]<BR>NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk ->  [Ver =  | Size = 611 bytes | Modified Date = 19/08/2008 22:51:32 | Attr =	]<BR>OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 24/08/2008 11:34:38 | Attr =	]<BR>OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Modified Date = 22/08/2008 23:10:47 | Attr =	]<BR>@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier<BR>Shortcut to ERDNT.lnk -> %UserProfile%\Desktop\Shortcut to ERDNT.lnk ->  [Ver =  | Size = 464 bytes | Modified Date = 19/08/2008 22:57:06 | Attr =	]<BR>Smitfraud And Iedfix.exe.url -> %UserProfile%\Desktop\Smitfraud And Iedfix.exe.url ->  [Ver =  | Size = 260 bytes | Modified Date = 22/08/2008 21:48:38 | Attr =	]<BR>Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 963 bytes | Modified Date = 02/08/2008 11:51:14 | Attr =	]<BR>SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk ->  [Ver =  | Size = 690 bytes | Modified Date = 31/07/2008 22:38:31 | Attr =	]<BR>SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 6467096 bytes | Modified Date = 06/08/2008 09:55:26 | Attr =	]<BR>@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier<BR>Task Killer.lnk -> %UserProfile%\Desktop\Task Killer.lnk ->  [Ver =  | Size = 723 bytes | Modified Date = 13/08/2008 13:55:00 | Attr =	]<BR>Thumbs.db -> %UserProfile%\Desktop\Thumbs.db ->  [Ver =  | Size = 1533400 bytes | Modified Date = 21/08/2008 19:52:39 | Attr =  HS]<BR>@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable<BR>ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ->  [Ver =  | Size = 767 bytes | Modified Date = 19/08/2008 22:52:19 | Attr =	]<BR>Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 09/08/2008 16:15:51 | Attr =	]<BR>System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 09/08/2008 12:15:14 | Attr =	]<BR>Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 06/08/2008 10:03:54 | Attr =	]</P> <P>[CatchMe Rootkit Scan by GMER]<BR>< Windows folder & sub-folders ><BR>detected NTDLL code modification:<BR>ZwClose<BR>scanning hidden processes ...<BR>IPC error: 2 The system cannot find the file specified.<BR>scanning hidden services & system hive ...<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Ati HotKey Poller]<BR>"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ati2mtag]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cbidf]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NtServicePack]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NVENET]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Ati HotKey Poller]<BR>"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ati2mtag]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cbidf]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NtServicePack]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NVENET]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\Ati HotKey Poller]<BR>"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\ati2mtag]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\cbidf]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\NtServicePack]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\NVENET]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Ati HotKey Poller]<BR>"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ati2mtag]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cbidf]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NVENET]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\Ati HotKey Poller]<BR>"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\ati2mtag]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\cbidf]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\NtServicePack]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"<BR>"TypesSupported"=dword:00000007<BR>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\NVENET]<BR>"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"<BR>"TypesSupported"=dword:00000007<BR>scanning hidden registry entries ...<BR>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.386\OpenWithProgids]<BR>"vxdfile"=hex(0):<BR>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vxd\OpenWithProgids]<BR>"vxdfile"=hex(0):<BR>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]<BR>"Upgrade"=dword:00000001<BR>[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop]<BR>"Mode"=dword:00000001<BR>"ScrollPos640x480(1).x"=dword:00000000<BR>"ScrollPos640x480(1).y"=dword:00000000<BR>"Sort"=dword:00000000<BR>"SortDir"=dword:00000001<BR>"Col"=dword:00000002<BR>"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,..<BR>"FFlags"=dword:00000224<BR>"ScrollPos1024x768(1).x"=dword:00000000<BR>"ScrollPos1024x768(1).y"=dword:00000000<BR>"ItemPos1024x768(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,01,00,00,02,..<BR>"ScrollPos800x600(1).x"=dword:00000000<BR>"ScrollPos800x600(1).y"=dword:00000000<BR>"ItemPos800x600(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,15,00,00,00,02,..<BR>"ScrollPos1152x864(1).x"=dword:00000000<BR>"ScrollPos1152x864(1).y"=dword:00000000<BR>"ItemPos1152x864(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,60,00,00,00,4d,..<BR>"ItemPos640x480(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,41,01,00,00,7e,..<BR>"ScrollPos1280x1024(1).x"=dword:00000000<BR>"ScrollPos1280x1024(1).y"=dword:00000000<BR>"ItemPos1280x1024(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f6,00,00,00,02,..<BR>"ScrollPos1280x960(1).x"=dword:00000000<BR>"ScrollPos1280x960(1).y"=dword:00000000<BR>"ItemPos1280x960(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,15,00,00,00,02,..<BR>scanning hidden files ...<BR>C:\WINDOWS\Web\Wallpaper\BLISS.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc 5904 bytes<BR>C:\WINDOWS\system32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\3models.gif:Q30lsldxJoudresxAaaqpcawXc 8988 bytes<BR>C:\WINDOWS\system32\images\3models.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\but3_off.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\but3_on.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\main_bot.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\main_mid.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\main_top.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\model1.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\panel_bot.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\panel_top.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\pc.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\pcwcover.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\pcw_award_cover.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\Thumbs.db:encryptable 0 bytes<BR>C:\WINDOWS\system32\images\topoff.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\topon.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>C:\WINDOWS\system32\images\webscreen.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes<BR>scan completed successfully<BR>hidden processes: 0<BR>hidden services: 0<BR>hidden files: 21<BR>< Document and Settings folder & sub folders ><BR>detected NTDLL code modification:<BR>ZwClose<BR>scanning hidden files ...<BR>IPC error: 2 The system cannot find the file specified.<BR>C:\Documents and Settings\All Users\Application Data\OD2\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 120 bytes<BR>C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 98 bytes<BR>C:\Documents and Settings\john rowe\Desktop\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010001.ci 471040 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010001.dir 4096 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010001.wid 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010001.wsb 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010002.ci 16384 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010002.dir 4096 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010002.wid 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000C.ci 106496 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000C.dir 4096 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000C.wid 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000D.ci 40960 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000D.dir 4096 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000D.wid 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0001.000 240 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0001.001 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0001.002 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0002.000 240 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0002.001 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0002.002 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAD0002.000 240 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAD0002.001 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAD0002.002 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiPT0000.000 240 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiPT0000.001 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiPT0000.002 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:INDEX.000 240 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:INDEX.001 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:INDEX.002 65536 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:Used0000.000 240 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:Used0000.001 0 bytes<BR>C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:Used0000.002 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\Copy of SPREADSHEETS & INVOICE\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\My Music\Jeff Wayne\The War of the Worlds [2005 Bonus Track] Disc 1\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\My Music\Jeff Wayne\The War of the Worlds [2005 Bonus Track] Disc 2\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\My Music\Jeff Wayne\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\My Music\Michael Bolton\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\My Music\Neil Diamond\The Best Of Neil Diamond [UK]\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\My Music\Neil Diamond\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Chester Zoo\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Isle of Wight\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\variouse\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\ASTON VILLAGE HALL\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Bambi\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Bidulph Grange\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\ANIMALS\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Cats\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Christmas\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Clouds\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\cruise\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Bridgenorth\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Bruges\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\BIRDS\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\BODNANT GARDENS\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\SOUTH OF FRANCE\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\LONDON\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Long Lane Cottage\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Devon & Cornswall\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Devon 2\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Edinburgh Tattoo\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\harry\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Iain's Wedding\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Cotswolds\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\whitbey & Durham\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Jessica\2007_12_12\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Jessica\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Kens Flight\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\family trip to wales\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Looe and Polperro\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\majorca\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\malta\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\lacock\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Longleat\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Weston Under Lizard\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Tenerife\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\2008_07_16\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Aberdyfi\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Angela\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Provence\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Saint Ives 2005\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Scarecrows\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Party\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Photshop bits\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Scotland\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Devon\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Menorca\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Tissington and Ilam\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Mum and Dad\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\nerga\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\New Folder\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\PrintScreen Files\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\SHOP RENTS and details\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\CODES\Building a sparrow nest box - the cutting plans_files\angela steve icesave\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\CODES\Building a sparrow nest box - the cutting plans_files\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\CODES\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\COMPUTER TIPS\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\Icesave letters\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\LETTERS ENVALOPES\imformation\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\LETTERS ENVALOPES\nowwich union\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\LETTERS ENVALOPES\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\plans\Thumbs.db:encryptable 0 bytes<BR>C:\Documents and Settings\john rowe\My Documents\fun\Thumbs.db:encryptable 0 bytes<BR>scan completed successfully<BR>hidden files: 117</P> <P>< End of report ><BR>


#6 oxojohn

oxojohn
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:32 AM

Posted 24 August 2008 - 12:58 PM

Sorry Billy, try this one :thumbsup: I could not find the EDIT button????????




[code=auto:0]
OTScanIt logfile created on: 24/08/2008 11:36:55
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\john rowe\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.49 Mb Total Physical Memory | 541.76 Mb Available Physical Memory | 52.93% Memory free
1.65 Gb Paging File | 1.14 Gb Available in Paging File | 68.87% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 112.05 Gb Total Space | 83.14 Gb Free Space | 74.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 111.79 Gb Total Space | 72.54 Gb Free Space | 64.89% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN
Current User Name: john rowe
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 09/07/2008 09:05:18 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 16/01/2008 00:15:32 | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 14/09/2006 07:56:06 | Attr = ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 184405 bytes | Modified Date = 28/02/2003 23:29:22 | Attr = ]
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 17/07/2008 10:05:22 | Attr = ]
eebsvc.exe -> %CommonProgramFiles%\EPSON\EBAPI\eEBSvc.exe -> [Ver = | Size = 77824 bytes | Modified Date = 29/01/2002 13:33:14 | Attr = ]
sagent2.exe -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 02:03:00 | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 26/07/2007 19:00:56 | Attr = ]
retrorun.exe -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 29184 bytes | Modified Date = 03/01/2003 10:20:48 | Attr = ]
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 17/07/2008 10:05:24 | Attr = ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.40 | Size = 747912 bytes | Modified Date = 01/02/2008 12:55:54 | Attr = ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.74 | Size = 948616 bytes | Modified Date = 01/02/2008 12:55:56 | Attr = ]
slee503.exe -> %SystemRoot%\system32\slee503.exe -> [Ver = | Size = 40960 bytes | Modified Date = 28/11/2002 10:10:04 | Attr = ]
avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 17/07/2008 10:05:24 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 09/07/2008 09:05:20 | Attr = ]
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 17/07/2008 10:05:24 | Attr = ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.106 | Size = 1103240 bytes | Modified Date = 01/02/2008 12:55:56 | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 11/08/2005 17:30:30 | Attr = ]
dragdiag.exe -> %ProgramFiles%\Thomson\SpeedTouch USB\DRAGDIAG.EXE -> THOMSON Telecom Belgium [Ver = 3.0.2.0 build 001 | Size = 901120 bytes | Modified Date = 11/06/2007 07:06:16 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 04:27:04 | Attr = ]
frntgate.exe -> %ProgramFiles%\Presorium\Frontgate MX\frntgate.exe -> Presorium Software Pty. Ltd. [Ver = 1.0.2.1 | Size = 1514496 bytes | Modified Date = 03/09/2004 20:57:16 | Attr = ]
printscreen.exe -> %ProgramFiles%\Gadwin Systems\PrintScreen\PrintScreen.exe -> Gadwin Systems, Inc [Ver = 4.3 | Size = 495616 bytes | Modified Date = 20/08/2007 09:42:23 | Attr = ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 23/05/2008 19:21:46 | Attr = ]
clicktray.exe -> %ProgramFiles%\ClickTray Calendar\ClickTray.exe -> WASEO [Ver = 2.5.8.0 | Size = 3495936 bytes | Modified Date = 18/08/2005 16:40:12 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 16/01/2008 00:15:32 | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 28/03/2006 12:30:39 | Attr = ]
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 14/09/2006 07:56:06 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 184405 bytes | Modified Date = 28/02/2003 23:29:22 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0005 | Size = 110677 bytes | Modified Date = 28/02/2003 21:00:00 | Attr = ]
(avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 17/07/2008 10:05:24 | Attr = ]
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 17/07/2008 10:05:22 | Attr = ]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 30/09/2005 19:22:50 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 14/04/2008 01:12:17 | Attr = ]
(EpsonBidirectionalService) EpsonBidirectionalService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\eEBSvc.exe -> [Ver = | Size = 77824 bytes | Modified Date = 29/01/2002 13:33:14 | Attr = ]
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 02:03:00 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 26/07/2007 19:00:56 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 04:24:18 | Attr = ]
(iPodService) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found
(RetroLauncher) Retrospect Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 29184 bytes | Modified Date = 03/01/2003 10:20:48 | Attr = ]
(Retrospect Helper) Retrospect Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Dantz\Retrospect\rthlpsvc.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 57344 bytes | Modified Date = 03/01/2003 10:20:48 | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.40 | Size = 747912 bytes | Modified Date = 01/02/2008 12:55:54 | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.74 | Size = 948616 bytes | Modified Date = 01/02/2008 12:55:56 | Attr = ]
(SLEE_503_SERVICE) Steganos Live Encryption Engine (Version 503) [Service] [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slee503.exe -> [Ver = | Size = 40960 bytes | Modified Date = 28/11/2002 10:10:04 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 09/07/2008 09:05:18 | Attr = ]

[Driver Services - Non-Microsoft Only]
(ADILOADER) General Purpose USB Driver (adildr.sys) [Kernel | Auto | Stopped] -> %SystemRoot%\System32\Drivers\adildr.sys -> File not found
(adiusbaw) USB ADSL WAN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\adiusbaw.sys -> File not found
(alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcan5wn.sys -> THOMSON [Ver = 301.0.0.12 | Size = 53600 bytes | Modified Date = 08/12/2003 11:53:48 | Attr = ]
(alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcaudsl.sys -> THOMSON [Ver = 301.0.0.12 | Size = 70688 bytes | Modified Date = 08/12/2003 12:53:46 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 13/04/2008 19:36:39 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 10/09/1999 13:06:00 | Attr = ]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.01.6307 | Size = 576512 bytes | Modified Date = 28/02/2003 23:38:56 | Attr = ]
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Modified Date = 17/07/2008 10:05:35 | Attr = ]
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 17/07/2008 10:05:33 | Attr = ]
(AvgTdiX) AVG Free8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Modified Date = 17/07/2008 10:05:40 | Attr = ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 13/04/2008 19:44:48 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 13/04/2008 19:44:46 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(EL90Xbc) 3Com 3C90X-BC Family PCI EtherLink Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\el90Xbc5.SYS -> 3Com Corporation [Ver = 4.31.00.0000 | Size = 74338 bytes | Modified Date = 13/08/2002 14:27:22 | Attr = ]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.0 | Size = 13872 bytes | Modified Date = 14/09/2004 15:38:26 | Attr = ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.60.00 built by: WinDDK | Size = 257408 bytes | Modified Date = 08/11/2006 16:59:36 | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 03/08/2004 22:41:56 | Attr = ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.60.00 built by: WinDDK | Size = 989696 bytes | Modified Date = 08/11/2006 17:00:10 | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Modified Date = 01/02/2008 12:55:52 | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 10/12/2007 14:53:28 | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 10/12/2007 14:53:28 | Attr = ]
(InCDFs) InCD File System [File_System | Disabled | Stopped] -> %SystemRoot%\System32\drivers\InCDFs.sys -> File not found
(InCDPass) InCDPass [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\InCDPass.sys -> File not found
(incdrm) InCD Reader [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\InCDRm.sys -> File not found
(KLIF) KLIF [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19/07/2007 15:10:28 | Attr = ]
(l8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042Pr2.sys -> Logitech, Inc. [Ver = 9.70.209.0 | Size = 50830 bytes | Modified Date = 02/07/2002 17:20:50 | Attr = ]
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidFlt2.sys -> Logitech, Inc. [Ver = 9.70.209.0 | Size = 23854 bytes | Modified Date = 02/07/2002 17:20:51 | Attr = ]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsb.Sys -> Logitech, Inc. [Ver = 2.10.100.0 | Size = 40508 bytes | Modified Date = 02/07/2002 17:20:51 | Attr = ]
(LKbdFlt2) Logitech Keyboard Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LKbdFlt2.sys -> Logitech, Inc. [Ver = 9.70.209.0 | Size = 6030 bytes | Modified Date = 02/07/2002 17:20:51 | Attr = ]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFlt2.sys -> Logitech, Inc. [Ver = 9.70.209.0 | Size = 70382 bytes | Modified Date = 02/07/2002 17:20:51 | Attr = ]
(LwAdiHid) Logitech WingMan Digital Devices(Auto-Detect) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LwAdiHid.sys -> Logitech Inc. [Ver = 5.1.420.093 | Size = 20864 bytes | Modified Date = 29/08/2002 07:16:22 | Attr = ]
(MASPINT) MASPINT [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.04 | Size = 8096 bytes | Modified Date = 29/03/2000 17:11:20 | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 19/06/2006 16:26:58 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(MXOFX) USB Storage Adapter FX (MXO) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MXOFX.SYS -> Cypress Semiconductor [Ver = 6.00.1010.0 | Size = 32512 bytes | Modified Date = 14/04/2003 17:00:40 | Attr = ]
(nvax) Service for NVIDIA® nForce™ Audio Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvax.sys -> NVIDIA Corporation [Ver = 5.10.2917.0 built by: WinDDK | Size = 13056 bytes | Modified Date = 05/12/2002 05:01:00 | Attr = R ]
(NVENET) NVIDIA nForce MCP Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENET.sys -> NVIDIA Corporation [Ver = 4.14.01.0313 | Size = 80896 bytes | Modified Date = 27/11/2002 20:52:00 | Attr = ]
(nvidesm) nvidesm [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvidesm.sys -> NVIDIA Corporation [Ver = 5.10.2600.0307 built by: WinDDK | Size = 20224 bytes | Modified Date = 13/11/2002 16:10:00 | Attr = ]
(nvnforce) Service for NVIDIA® nForce™ Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvapu.sys -> NVIDIA Corporation [Ver = 5.10.2917.0 built by: WinDDK | Size = 241664 bytes | Modified Date = 05/12/2002 05:01:00 | Attr = R ]
(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nv_agp.SYS -> NVIDIA Corporation [Ver = 4.12.01.0278 | Size = 13568 bytes | Modified Date = 06/09/2002 12:24:00 | Attr = ]
(PID_0920) Logitech QuickCam Express(PID_0920) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LV532AV.SYS -> Logitech Inc. [Ver = 8.1.2.1003 | Size = 152576 bytes | Modified Date = 04/09/2003 10:38:56 | Attr = ]
(PSI) PSI [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\psi_mf.sys -> Secunia [Ver = 0.1.0.0 | Size = 7808 bytes | Modified Date = 10/09/2007 09:28:40 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.67a | Size = 43872 bytes | Modified Date = 23/02/2008 03:38:33 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 28/05/2008 10:33:36 | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 28/05/2008 10:33:38 | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 28/05/2008 10:33:36 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 11:25:53 | Attr = ]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 13/04/2008 19:36:39 | Attr = ]
(SLEE_503_DRIVER) Steganos Live Encryption Engine (Version 503) [Driver] [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\slee503.sys -> [Ver = | Size = 84736 bytes | Modified Date = 28/11/2002 10:10:02 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 189, 0 | Size = 51176 bytes | Modified Date = 27/02/2008 03:10:44 | Attr = ]
(ST330) ST330 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\st330.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 30464 bytes | Modified Date = 19/03/2007 21:58:00 | Attr = R ]
(STBUS) STBUS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\stbus.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 12672 bytes | Modified Date = 19/03/2007 21:58:00 | Attr = R ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 18/08/2001 13:00:00 | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 394952 bytes | Modified Date = 09/07/2008 09:05:22 | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.60.00 built by: WinDDK | Size = 730112 bytes | Modified Date = 08/11/2006 16:59:30 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 17/07/2008 10:05:24 | Attr = ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 5.5.0.106 | Size = 1103240 bytes | Modified Date = 01/02/2008 12:55:56 | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 11/08/2005 17:30:30 | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 11/08/2005 17:30:30 | Attr = ]
SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\DRAGDIAG.EXE ["C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon] -> THOMSON Telecom Belgium [Ver = 3.0.2.0 build 001 | Size = 901120 bytes | Modified Date = 11/06/2007 07:06:16 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 04:27:04 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 09/07/2008 09:05:20 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
FG1_00 -> %ProgramFiles%\Presorium\Frontgate MX\frntgate.exe [C:\Program Files\Presorium\Frontgate MX\frntgate.exe] -> Presorium Software Pty. Ltd. [Ver = 1.0.2.1 | Size = 1514496 bytes | Modified Date = 03/09/2004 20:57:16 | Attr = ]
Gadwin PrintScreen -> %ProgramFiles%\Gadwin Systems\PrintScreen\PrintScreen.exe ["C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash] -> Gadwin Systems, Inc [Ver = 4.3 | Size = 495616 bytes | Modified Date = 20/08/2007 09:42:23 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 23/09/2007 09:37:07 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 23/05/2008 19:21:46 | Attr = ]
< john rowe Startup Folder > -> C:\Documents and Settings\john rowe\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\ClickTray Calendar.lnk -> %ProgramFiles%\ClickTray Calendar\ClickTray.exe -> WASEO [Ver = 2.5.8.0 | Size = 3495936 bytes | Modified Date = 18/08/2005 16:40:12 | Attr = ]
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 20/10/2005 12:04:08 | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 17/07/2008 10:05:40 | Attr = ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 13/05/2008 10:13:36 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 01:12:19 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 01:12:38 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 01:12:24 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 01:12:41 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ]
tuvSmkhE -> -> File not found
WRNotifier -> -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 91 00 00 00 [binary data] ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> 00 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13/04/2008 19:40:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_DVD-ROM_DDU1612____________________DYS1____\5&37591210&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomATAPI_CD-RW_52XMax______________________160D____\5&37591210&0&0.1.0 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 12/12/2002 14:47:28 | Attr = ]
< HOSTS File > (260063 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.tiscali.co.uk/ ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ig ->
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4702 domain(s) found. ->
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7428 domain(s) found. ->
.[msn] -> My Computer ->
282 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr = ]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.136 | Size = 455960 bytes | Modified Date = 31/07/2008 13:24:14 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 07/07/2008 09:41:58 | Attr = ]
{724d43a9-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value does not exist or could not be read.] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 03/02/2008 11:58:09 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr = ]
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 17/07/2008 10:05:29 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 23/09/2007 09:37:41 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 14/05/2008 19:40:44 | Attr = ]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 14:08:58 | Attr = ]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 16/07/2008 19:18:20 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{D6A116E7-5906-42E4-87F6-E7E15936415E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 23/09/2007 09:37:41 | Attr = R ]
{724d43a0-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 03/02/2008 11:58:09 | Attr = ]
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 17/07/2008 10:05:29 | Attr = ]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 14:08:58 | Attr = ]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 16/07/2008 19:18:20 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 23/09/2007 09:37:41 | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 03/02/2008 11:58:09 | Attr = ]
ShellBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 17/07/2008 10:05:29 | Attr = ]
ShellBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 16/07/2008 19:18:20 | Attr = ]
ShellBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 23/09/2007 09:37:41 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 03/02/2008 11:58:09 | Attr = ]
WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 17/07/2008 10:05:29 | Attr = ]
WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 14:08:58 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 16/07/2008 19:18:20 | Attr = ]
WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{F79AD27F-8140-4E33-8B1D-C4FC6B663CCA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10/06/2008 04:27:02 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr = ]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F46}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Fill Forms] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Save] -> File not found
{724d43aa-0d85-11d4-9908-00400523e39a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [RoboForm] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 07/07/2008 09:41:58 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKEY_LOCAL_MACHINE] -> [ieSpell] -> File not found
CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKEY_LOCAL_MACHINE] -> [ieSpell Options] -> File not found
CmdMapping\\{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKEY_LOCAL_MACHINE] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKEY_LOCAL_MACHINE] -> [Save] -> File not found
CmdMapping\\{688DC797-DC11-46A7-9F1B-445F4F58CE6E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> [RoboForm] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 07/07/2008 09:41:58 | Attr = ]
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 2, 0, 647 | Size = 225280 bytes | Modified Date = 27/03/2006 18:17:34 | Attr = ]
Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 2, 0, 647 | Size = 225280 bytes | Modified Date = 27/03/2006 18:17:34 | Attr = ]
Customize Menu -> -> File not found
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE -> File not found
Fill Forms -> -> File not found
Locate Spot on Map by GPS -> %ProgramFiles%\Opanda\IExif 2.3\IExifMap.htm -> [Ver = | Size = 573 bytes | Modified Date = 30/06/2005 22:32:10 | Attr = ]
RoboForm Toolbar -> -> File not found
Save Forms -> -> File not found
View Exif/GPS/IPTC with IExif -> %ProgramFiles%\Opanda\IExif 2.3\IExifCom.htm -> [Ver = | Size = 572 bytes | Modified Date = 28/04/2005 03:31:56 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{440F8E19-5E3D-424F-B168-4A04075D1238} -> (3Com 3C920B-EMB Integrated Fast Ethernet Controller) ->
{4484D85B-CBB5-4C06-A5B3-C5176F6F667E} -> () ->
{B5649B07-A3A1-4717-910D-83E75B54569A} -> (NVIDIA nForce MCP Networking Controller) ->
{F8898AAD-0C44-4A63-BFE5-9DC4D4277C23} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.0t | Size = 33280 bytes | Modified Date = 29/07/2005 16:06:02 | Attr = ]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 17/07/2008 10:05:28 | Attr = ]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[Reg Error: Key does not exist or could not be opened.] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...ctor/sw.cab[Reg Error: Key does not exist or could not be opened.] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://download.ewido.net/ewidoOnlineScan....ewidoOnlineScan Control] ->
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/0/5...SecurityAdvisor Class] ->
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecal...cImpl.cab[Trend Micro ActiveX Scan Agent 6.6] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...ff.cab[Symantec AntiVirus scanner] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/c...puc3.cab[Office Update Installation Engine] ->
{4E888414-DB8F-11D1-9CD9-00C04F98436A}[HKEY_LOCAL_MACHINE] -> https://webresponse.one.microsoft.com/oas/A...icrosoft.WinRep] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/...300.cab[Windows Live Safety Center Base Module] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...34[MUWebControl Class] ->
{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F}[HKEY_LOCAL_MACHINE] -> http://de.trendmicro-europe.com/file_downl...allButton.setup] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...s-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...trashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}[HKEY_LOCAL_MACHINE] -> http://paris.tourismeville.wanadoo.fr/acti...ol.cab[CamImage Class] ->
{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Crucial cpcScan] ->
{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}[HKEY_LOCAL_MACHINE] -> http://www.trendsecure.com/easy_install/_a...[TSEasyInstallX Control] ->
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...sa.cab[Symantec RuFSI Registry Information Class] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...s-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...s-i586.cab[Java Plug-in 1.6.0_07] ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...h.cab[Shockwave Flash Object] ->
{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}[HKEY_LOCAL_MACHINE] -> http://asp08.photoprintit.de/microsite/128...cab[IPSUploader Control] ->
{FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39}[HKEY_LOCAL_MACHINE] -> http://express.foto.com/FUploader/SpeedUploader.cab[Reg Error: Key does not exist or could not be opened.] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\.Owner -> {4E62C4DE-627D-4604-B157-4B7D6B09F02E} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\{4E62C4DE-627D-4604-B157-4B7D6B09F02E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/IEAWSDC.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\.Owner -> {A90A5822-F108-45AD-8482-9BC8B12DD539} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\{A90A5822-F108-45AD-8482-9BC8B12DD539} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\.Owner -> {193C772A-87BE-4B19-A7BB-445B226FE9A1} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HouseCallButton.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HouseCallButton.dll\\.Owner -> {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HouseCallButton.dll\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll\\.Owner -> {215B8138-A3CF-44C5-803F-8226143CFC0A} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IPSUploader.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IPSUploader.ocx\\.Owner -> {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IPSUploader.ocx\\{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LegitCheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallMgr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallMgr.dll\\.Owner -> {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallMgr.dll\\{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallX.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallX.ocx\\.Owner -> {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEasyInstallX.ocx\\{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI.ini\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI.ini\\.Owner -> {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI.ini\\{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI_X.ini\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI_X.ini\\.Owner -> {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TSEI_X.ini\\{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\.Owner -> {474F00F5-3853-492C-AC3A-476512BBC336} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\{474F00F5-3853-492C-AC3A-476512BBC336} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\.Owner -> {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ASYCFILT.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ASYCFILT.DLL\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ASYCFILT.DLL\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/COMCAT.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/COMCAT.DLL\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/COMCAT.DLL\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll\\.Owner -> {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll\\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvbvm60.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvbvm60.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvbvm60.dll\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OLEAUT32.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OLEAUT32.DLL\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OLEAUT32.DLL\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/STDOLE2.TLB\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/STDOLE2.TLB\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/STDOLE2.TLB\\{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> Unknown Owner ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\ExtendedDataValue -> 72 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 01:12:00 | Attr = ]
C:\WINDOWS\system32\urqOFWmM -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14/04/2008 01:11:56 | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 01:12:00 | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14/04/2008 01:12:05 | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14/04/2008 01:12:08 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 780 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 14/04/2008 01:12:05 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 14/04/2008 01:12:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> C0 11 E9 00 32 50 66 AB 40 6A B3 0C FF 30 68 6D 66 30 39 32 39 34 33 62 00 00 00 00 01 00 00 00 C0 01 00 00 C4 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 63 6B 74 6C [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> BC 25 07 1A F3 81 63 34 B5 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> DF 50 0B 6D E1 EB [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> EC 7B 48 64 0C 86 53 68 F2 FE A2 B5 F2 DE 50 4E [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> BE B9 73 3E 11 FA C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 29819 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1723:TCP -> 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1701:UDP -> 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\500:UDP -> 500:UDP:*:Enabled:@xpsp2res.dll,-22017 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 17/07/2008 10:05:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 640280 bytes | Modified Date = 17/07/2008 10:05:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 14/04/2008 01:12:28 | Attr = HS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1723:TCP -> 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1701:UDP -> 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\500:UDP -> 500:UDP:*:Enabled:@xpsp2res.dll,-22017 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 01:12:11 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> -> File not found
.cmd [@ = cmdfile] -> -> File not found
.com [@ = comfile] -> -> File not found
.exe [@ = exefile] -> -> File not found
.pif [@ = piffile] -> -> File not found
.scr [@ = scrfile] -> -> File not found
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{00000409-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 SR-1 Premium
{00040409-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 Disc 2
{002C9999-0000-0000-C000-000000000112} -> Microsoft Office Web Components
{01E9D77A-CA32-450F-99C1-6231D9E99E1C} -> Steganos Live Encryption Engine 5.03
{05902375-5DFF-4AB7-81A4-283E87807B11} -> World Racing Demo
{0A4DF5B0-983C-4691-9D4A-9FD1D4B2A69F} -> Secunia PSI (BETA)
{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} -> MSXML 6.0 Parser (KB933579)
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel
{0C5596A1-9E8D-11D4-8581-0080C8D5668E} -> ixla Web Easy Express 3.0.1
{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0
{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} -> Security Update for CAPICOM (KB931906)
{1A15507A-8551-4626-915D-3D5FA095CC1B} -> Corel Paint Shop Pro X
{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} -> Google Earth
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2
{24ED4D80-8294-11D5-96CD-0040266301AD} -> FinePixViewer Ver.3.2
{25569723-DC5A-4467-A639-79535BF01B71} -> Adobe Help Center 2.1
{2BA00471-0328-3743-93BD-FA813353A783} -> Microsoft .NET Framework 3.0 Service Pack 1
{2BD50812-5848-421D-A2B8-02B702690003} -> RoboScreenCapture
{2D8D1F61-B119-4434-9CC2-A70C2C6F8CF3} -> Internet Radio Recorder
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java™ 6 Update 7
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{369B36BE-3D64-4641-9AEA-808D436FE132} -> Microsoft Picture It! Photo 7.0
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978)
{3CB41017-F5CA-4C56-934C-ED02156251E6} -> iTunes
{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66} -> HydraVision
{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} -> Maxtor OneTouch
{46AC899A-9ECB-43DC-85DE-272E0D116A1E} -> Ad-Aware 2007
{5809E7CF-4DCF-11D4-9875-00105ACE7734} -> Logitech MouseWare 9.70
{5CF0CC4E-9B63-4E7E-8950-B92C6AA7E3BD} -> Google SketchU 6 Construction Library
{62201736-0A1F-4C6F-9C59-1AA3360CEA50} -> Homespun Content Pack
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
{6C11D561-620B-47DA-A693-4C597F3CDF40} -> EPSON Smart Panel
{6EEE934B-F292-4995-95BF-4AE871AC42E8} -> Diskeeper 2007 Pro Premier
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} -> Microsoft Works 7.0
{76EFAC4F-1712-401F-B2AE-590B170C9BCE} -> StartupMonitor
{7C4196CA-CA41-4F34-9C08-7724E7705D52} -> Jasc Animation Shop 3
{7EE9DE0D-9228-4C33-B80E-FDD1773600DF} -> Microsoft Works Suite Add-in for Microsoft Word
{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32} -> EPSON Web-To-Page
{7F34A21F-2DEB-4598-BB19-611D6BD24271} -> Managed DirectX (0901)
{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B} -> Microsoft AutoRoute 2006
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{90A38975-8780-41EB-8483-5FFE82526859} -> Microsoft Phishing Filter Add-in for MSN Search Toolbar
{926B245F-201A-45D8-B4CE-B5A114F23381} -> Steganos Security Suite 6.0.4
{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E} -> EPSON Photo Print
{98736A65-3C79-49EC-B7E9-A3C77774B0E6} -> Google SketchUp 6
{9A3EABC0-CA06-11D4-BF77-00104B130C19} -> EPSON TWAIN 5
{9DE006A5-B384-4EDE-A760-0F217136B9EA} -> Microsoft IntelliType Pro 2.2
{A4D7B764-4140-11D4-88EB-0050DA3579C0} -> Nero - Burning Rom
{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} -> Adobe Photoshop Elements 5.0
{A9CF9052-F4A0-475D-A00F-A8388C62DD63} -> MSXML 4.0 SP2 (KB925672)
{AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2
{ADE3CACC-EC31-480C-83A0-587EE60CE8DF} -> RamBooster
{B2EFE303-A594-11D5-95EB-005004BC1C65} -> EPSON PhotoQuicker3.2
{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684} -> Google SketchUp 6
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B43357AA-3A6D-4D94-B56E-43C44D09E548} -> Microsoft .NET Framework (English)
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B69CC1A5-0404-11D6-ABCB-005004C21D30} -> EPSON Copy Utility
{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)
{C4354214-B919-4C8F-84EB-4F9B84ACC02C} -> Retrospect 6.0
{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} -> TuneUp Utilities 2007
{C94E45B0-6AA6-4FB9-9AAE-22085F631880} -> VBA
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7} -> SpeedTouch USB Software
{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6} -> Works Suite OS Pack
{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer
{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5} -> ScanToWeb
{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} -> Update Manager
{F45298E5-0083-426F-A668-1A2C5F04B8A0} -> FaxTools
{FB4A5F2C-01AD-420E-9569-0CF5431C3638} -> 3D Home Designer Deluxe
{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} -> HighMAT Extension to Microsoft Windows XP CD Writing Wizard
{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C} -> Adobe Setup
Adobe Atmosphere Player -> Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2
Adobe Photoshop Elements 5 -> Adobe Photoshop Elements 5.0
Adobe_719d6f144d0c086a0dfa7ff76bb9ac1 -> Adobe Photoshop CS3
AI RoboForm -> AI RoboForm (All Users)
ATI Display Driver -> ATI Display Driver
AVG8Uninstall -> AVG Free 8.0
Belarc Advisor 2.0 -> Belarc Advisor 7.0
CAL -> Canon Camera Access Library
CameraWindowDVC5 -> Canon Camera Window DC_DV 5 for ZoomBrowser EX
CameraWindowDVC6 -> Canon Camera Window DC_DV 6 for ZoomBrowser EX
CameraWindowMC -> Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task -> CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX -> Canon Internet Library for ZoomBrowser EX
CCleaner -> CCleaner (remove only)
ClickTray Calendar_is1 -> ClickTray Calendar
Clipboard Magic_is1 -> Clipboard Magic 4.01
CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1 -> PCI SoftV92 Modem
CSCLIB -> Canon Camera Support Core Library
DPP -> Canon Utilities Digital Photo Professional 3.4
Easy Uninstaller -> Easy Uninstaller
EndItAll_is1 -> EndItAll 2.0
EOS Utility -> Canon Utilities EOS Utility
EPSON Printer and Utilities -> EPSON Printer Software
ERUNT_is1 -> ERUNT 1.1j
FastStone Image Viewer -> FastStone Image Viewer 1.8
Gadwin PrintScreen -> Gadwin PrintScreen
GeForms 1.8 -> GeForms 1.8
getPlus®_ocx -> getPlus®_ocx
Google Updater -> Google Updater
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ieSpell -> ieSpell 2.2.0 (build 647)
InstallShield_{2BD50812-5848-421D-A2B8-02B702690003} -> RoboScreenCapture
InstallShield_{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} -> Maxtor OneTouch
InstallShield_{FB4A5F2C-01AD-420E-9569-0CF5431C3638} -> 3D Home Designer Deluxe Edition
KB870669 -> Microsoft Data Access Components KB870669
KB898458 -> Security Update for Step By Step Interactive Training (KB898458)
KB911564 -> Security Update for Windows Media Player (KB911564)
KB911565 -> Security Update for Windows Media Player 10 (KB911565)
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734)
KB923723 -> Security Update for Step By Step Interactive Training (KB923723)
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)
KB931906 -> Security Update for CAPICOM (KB931906)
KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782)
KB939683 -> Hotfix for Windows Media Player 11 (KB939683)
KB941569 -> Security Update for Windows XP (KB941569)
KB946648 -> Security Update for Windows XP (KB946648)
KB950759 -> Security Update for Windows XP (KB950759)
KB950760 -> Security Update for Windows XP (KB950760)
KB950762 -> Security Update for Windows XP (KB950762)
KB950974 -> Security Update for Windows XP (KB950974)
KB951066 -> Security Update for Windows XP (KB951066)
KB951072-v2 -> Update for Windows XP (KB951072-v2)
KB951376-v2 -> Security Update for Windows XP (KB951376-v2)
KB951698 -> Security Update for Windows XP (KB951698)
KB951748 -> Security Update for Windows XP (KB951748)
KB951978 -> Update for Windows XP (KB951978)
KB952287 -> Hotfix for Windows XP (KB952287)
KB952954 -> Security Update for Windows XP (KB952954)
KB953838 -> Security Update for Windows XP (KB953838)
KB953839 -> Security Update for Windows XP (KB953839)
Logitech Resource Center -> Logitech Resource Center
M928367 -> Microsoft .NET Framework 1.0 Hotfix (KB928367)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework Full v1.0.3705 (1033) -> Microsoft .NET Framework (English) v1.0.3705
Mozilla Firefox (3.0.1) -> Mozilla Firefox (3.0.1)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
MWASPI -> MicroStaff WINASPI
MXOFX -> USB Storage Adapter FX (MXO)
Neat Image_is1 -> Neat Image v5 Demo (with plug-in)
NeroVision!UninstallKey -> Ahead NeroVision Express
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NVIDIA Audio Driver -> NVIDIA Audio Driver
NVIDIA Drivers -> NVIDIA Drivers
NVIDIAnForce -> NVIDIA Windows 2000/XP nForce Drivers
Opanda IExif_is1 -> Opanda IExif 2.3
PhotoStitch -> Canon Utilities PhotoStitch
Picasa2 -> Picasa 2
Presorium Frontgate MX -> Frontgate MX
Print Artist -> SierraHome Print Artist
RAW Image Task -> Canon RAW Image Task for ZoomBrowser EX
RealAlt_is1 -> Real Alternative 1.51
RemoteCaptureTask -> Canon RemoteCapture Task for ZoomBrowser EX
Smileycons_is1 -> Smileycons
Spyware Doctor -> Spyware Doctor 5.5
SpywareBlaster_is1 -> SpywareBlaster 4.1
SSUtils -> NVIDIA nForce Utilities
tinySpell_is1 -> tinySpell 1.3
Unlocker -> Unlocker 1.8.5
Virtual Magnifying Glass_is1 -> Virtual Magnifying Glass 2.00
WIC -> Windows Imaging Component
Windows Live OneCare safety scanner -> Windows Live OneCare safety scanner
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
WordWeb -> WordWeb
Works2003Setup -> Microsoft Works 2003 Setup Launcher
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
XpsEPSC -> XML Paper Specification Shared Components Pack 1.0
ZoneAlarm -> ZoneAlarm
ZoneAlarmSB Uninstall -> ZoneAlarm Spy Blocker
ZoomBrowser EX -> Canon Utilities ZoomBrowser EX
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->


[Files/Folders - Created Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 31/07/2008 15:24:06 | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 10/08/2008 18:13:32 | Attr = ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 09/08/2008 11:26:47 | Attr = ]
lpwdm.sys -> %SystemRoot%\System32\drivers\lpwdm.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 16128 bytes | Created Date = 05/08/2008 21:57:01 | Attr = R ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 05/08/2008 19:42:34 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 05/08/2008 19:42:33 | Attr = ]
st330.sys -> %SystemRoot%\System32\drivers\st330.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 30464 bytes | Created Date = 05/08/2008 21:57:01 | Attr = R ]
stbus.sys -> %SystemRoot%\System32\drivers\stbus.sys -> THOMSON Telecom Belgium [Ver = 4.1.0.2 build 014 | Size = 12672 bytes | Created Date = 05/08/2008 21:57:02 | Attr = R ]
en -> %SystemRoot%\System32\en -> [Folder | Created Date = 09/08/2008 12:02:55 | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
ir50_qc.dll -> %SystemRoot%\System32\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Created Date = 09/08/2008 11:27:00 | Attr = ]
ir50_qcx.dll -> %SystemRoot%\System32\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Created Date = 09/08/2008 11:27:01 | Attr = ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 09/08/2008 16:17:43 | Attr = ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 09/08/2008 16:17:43 | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 09/08/2008 16:17:43 | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 09/08/2008 16:17:43 | Attr = ]
pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 1261 bytes | Created Date = 09/08/2008 11:26:51 | Attr = ]
scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 09/08/2008 12:02:59 | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 10/08/2008 18:14:03 | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 3739 bytes | Created Date = 21/08/2008 17:00:52 | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 09/08/2008 12:02:56 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 09/08/2008 12:16:37 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 05/08/2008 19:42:32 | Attr = ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 31/07/2008 15:13:06 | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 05/08/2008 19:42:42 | Attr = ]
Zattoo -> %UserProfile%\Local Settings\Application Data\Zattoo -> [Folder | Created Date = 21/08/2008 17:57:24 | Attr = ]
ZattooPlayer -> %UserProfile%\Local Settings\Application Data\ZattooPlayer -> [Folder | Created Date = 29/07/2008 11:06:31 | Attr = ]
!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg -> %UserProfile%\My Documents\!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg -> [Ver = | Size = 219717 bytes | Created Date = 19/08/2008 11:10:43 | Attr = ]
2 ScreenShot.jpg -> %UserProfile%\My Documents\2 ScreenShot.jpg -> [Ver = | Size = 145565 bytes | Created Date = 22/08/2008 23:17:25 | Attr = ]
bookmark.htm -> %UserProfile%\My Documents\bookmark.htm -> [Ver = | Size = 38000 bytes | Created Date = 15/08/2008 23:09:38 | Attr = ]
Direct Debit Instructions.doc -> %UserProfile%\My Documents\Direct Debit Instructions.doc -> [Ver = | Size = 19456 bytes | Created Date = 11/08/2008 20:01:55 | Attr = ]
image009.jpg -> %UserProfile%\My Documents\image009.jpg -> [Ver = | Size = 43580 bytes | Created Date = 19/08/2008 20:28:47 | Attr = ]
land 2.jpg -> %UserProfile%\My Documents\land 2.jpg -> [Ver = | Size = 1129973 bytes | Created Date = 16/08/2008 19:58:10 | Attr = ]
land.jpg -> %UserProfile%\My Documents\land.jpg -> [Ver = | Size = 577288 bytes | Created Date = 16/08/2008 19:49:56 | Attr = ]
PrintScreen Files -> %UserProfile%\My Documents\PrintScreen Files -> [Folder | Created Date = 11/08/2008 17:54:58 | Attr = ]
ScreenShot.jpg -> %UserProfile%\My Documents\ScreenShot.jpg -> [Ver = | Size = 118715 bytes | Created Date = 22/08/2008 23:15:30 | Attr = ]
Sprayer.jpg -> %UserProfile%\My Documents\Sprayer.jpg -> [Ver = | Size = 706929 bytes | Created Date = 31/07/2008 17:53:41 | Attr = ]
Test 1 at 11-20 am.jpg -> %UserProfile%\My Documents\Test 1 at 11-20 am.jpg -> [Ver = | Size = 183221 bytes | Created Date = 11/08/2008 11:24:04 | Attr = ]
Updater -> %UserProfile%\My Documents\Updater -> [Folder | Created Date = 15/08/2008 20:33:53 | Attr = ]
Wyevale%20Flyer%20for%20Web.pdf -> %UserProfile%\My Documents\Wyevale%20Flyer%20for%20Web.pdf -> [Ver = | Size = 1660754 bytes | Created Date = 18/08/2008 19:07:56 | Attr = ]
Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk -> [Ver = | Size = 851 bytes | Created Date = 09/08/2008 16:17:57 | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 05/08/2008 19:42:34 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 06/08/2008 10:06:46 | Attr = ]
Tiscali Broadband.lnk -> %AllUsersProfile%\Desktop\Tiscali Broadband.lnk -> [Ver = | Size = 1641 bytes | Created Date = 05/08/2008 22:47:01 | Attr = R ]
Tiscali Help.lnk -> %AllUsersProfile%\Desktop\Tiscali Help.lnk -> [Ver = | Size = 1884 bytes | Created Date = 05/08/2008 22:47:20 | Attr = R ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 22/08/2008 19:46:21 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
BetterJPEG.lnk -> %UserProfile%\Desktop\BetterJPEG.lnk -> [Ver = | Size = 732 bytes | Created Date = 22/08/2008 12:02:03 | Attr = ]
dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 10/08/2008 18:11:33 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 592 bytes | Created Date = 19/08/2008 22:51:32 | Attr = ]
GeForms 1.8.lnk -> %UserProfile%\Desktop\GeForms 1.8.lnk -> [Ver = | Size = 887 bytes | Created Date = 11/08/2008 18:02:07 | Attr = ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 12/08/2008 16:20:36 | Attr = ]
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Created Date = 19/08/2008 22:51:32 | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 22/08/2008 23:11:38 | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 22/08/2008 23:10:39 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Shortcut to ERDNT.lnk -> %UserProfile%\Desktop\Shortcut to ERDNT.lnk -> [Ver = | Size = 464 bytes | Created Date = 19/08/2008 22:57:06 | Attr = ]
Smitfraud And Iedfix.exe.url -> %UserProfile%\Desktop\Smitfraud And Iedfix.exe.url -> [Ver = | Size = 260 bytes | Created Date = 22/08/2008 21:48:38 | Attr = ]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Created Date = 31/07/2008 15:13:11 | Attr = ]
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Created Date = 31/07/2008 22:38:31 | Attr = ]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 6467096 bytes | Created Date = 06/08/2008 09:54:22 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier
Task Killer.lnk -> %UserProfile%\Desktop\Task Killer.lnk -> [Ver = | Size = 723 bytes | Created Date = 13/08/2008 13:55:00 | Attr = ]
Google Updater.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> [Ver = | Size = 920 bytes | Created Date = 14/08/2008 15:08:03 | Attr = ]
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Created Date = 19/08/2008 22:52:19 | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 09/08/2008 16:15:51 | Attr = ]
BetterJPEG 2 -> %ProgramFiles%\BetterJPEG 2 -> [Folder | Created Date = 22/08/2008 11:53:12 | Attr = ]
1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp ->
Gadwin Systems -> %ProgramFiles%\Gadwin Systems -> [Folder | Created Date = 11/08/2008 17:54:57 | Attr = ]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 05/08/2008 19:42:32 | Attr = ]
Sun -> %ProgramFiles%\Sun -> [Folder | Created Date = 09/08/2008 16:17:57 | Attr = ]
Task Killer -> %ProgramFiles%\Task Killer -> [Folder | Created Date = 13/08/2008 13:54:55 | Attr = ]
Thomson -> %ProgramFiles%\Thomson -> [Folder | Created Date = 05/08/2008 22:46:48 | Attr = ]
Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 12/08/2008 16:20:30 | Attr = ]
Uninstall Information -> %ProgramFiles%\Uninstall Information -> [Folder | Created Date = 09/08/2008 12:17:26 | Attr = H ]
Zattoo -> %ProgramFiles%\Zattoo -> [Folder | Created Date = 29/07/2008 11:05:28 | Attr = ]

[Files/Folders - Modified Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 24/08/2008 11:00:06 | Attr = H ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 24/08/2008 10:42:33 | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 10/08/2008 18:13:32 | Attr = ]
ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 09/08/2008 11:51:54 | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 22/08/2008 11:53:12 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 13/08/2008 22:03:47 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 22/08/2008 21:58:13 | Attr = ]
Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 22/08/2008 23:29:27 | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 26541192 bytes | Modified Date = 22/08/2008 23:29:25 | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 67349 bytes | Modified Date = 22/08/2008 23:29:25 | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 211986 bytes | Modified Date = 09/08/2008 18:49:28 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 21/08/2008 18:33:59 | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 260063 bytes | Modified Date = 21/08/2008 18:33:59 | Attr = R ]
hosts.20080731-151936.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080731-151936.backup -> [Ver = | Size = 256098 bytes | Modified Date = 31/07/2008 15:19:02 | Attr = R ]
hosts.20080731-152009.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080731-152009.backup -> [Ver = | Size = 256098 bytes | Modified Date = 31/07/2008 15:19:36 | Attr = R ]
hosts.20080821-183359.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080821-183359.backup -> [Ver = | Size = 256098 bytes | Modified Date = 31/07/2008 15:20:09 | Attr = R ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 16144416 bytes | Modified Date = 23/08/2008 17:53:21 | Attr = HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 210152 bytes | Modified Date = 23/08/2008 17:53:21 | Attr = HS]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 30/07/2008 20:07:52 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 30/07/2008 20:07:56 | Attr = ]
bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 09/08/2008 12:02:54 | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 09/08/2008 12:11:13 | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 23/08/2008 17:53:11 | Attr = ]
Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 09/08/2008 11:56:29 | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 21/08/2008 21:38:03 | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 13/08/2008 18:57:13 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 24/08/2008 09:42:59 | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 09/08/2008 12:02:55 | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 09/08/2008 12:03:02 | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 1807712 bytes | Modified Date = 09/08/2008 12:16:51 | Attr = ]
npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 09/08/2008 11:56:46 | Attr = ]
NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 22/08/2008 22:49:07 | Attr = ]
oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 09/08/2008 11:55:36 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 71110 bytes | Modified Date = 09/08/2008 12:21:12 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 441550 bytes | Modified Date = 09/08/2008 12:21:12 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 522188 bytes | Modified Date = 09/08/2008 12:21:11 | Attr = ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 09/08/2008 11:50:22 | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 13/08/2008 22:03:47 | Attr = ]
scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 09/08/2008 12:02:59 | Attr = ]
Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 09/08/2008 12:15:15 | Attr = ]
usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 09/08/2008 12:03:02 | Attr = ]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 352918 bytes | Modified Date = 24/08/2008 09:43:26 | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 09/08/2008 12:15:14 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 12626 bytes | Modified Date = 24/08/2008 10:41:27 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/08/2008 18:56:29 | Attr = H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 09/08/2008 11:50:11 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 09/08/2008 12:15:15 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 24/08/2008 09:42:02 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 15/08/2008 18:51:56 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 12/08/2008 10:54:54 | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 09/08/2008 11:43:22 | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 20/08/2008 07:56:06 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 09/08/2008 12:15:12 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 09/08/2008 12:03:39 | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 09/08/2008 12:03:31 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 3739 bytes | Modified Date = 21/08/2008 17:23:51 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 13/08/2008 18:57:15 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 24/08/2008 10:42:33 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 24/08/2008 11:32:14 | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 09/08/2008 12:02:57 | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 09/08/2008 12:15:15 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 09/08/2008 12:03:31 | Attr = ]
peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 09/08/2008 12:02:54 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 24/08/2008 11:35:36 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 09/08/2008 12:11:07 | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 09/08/2008 12:03:38 | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 09/08/2008 11:56:38 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 09/08/2008 11:55:33 | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 15/08/2008 21:37:21 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 24/08/2008 11:33:15 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1501 bytes | Modified Date = 11/08/2008 18:32:04 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 09/08/2008 12:04:00 | Attr = ]
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 398 bytes | Modified Date = 22/08/2008 17:26:37 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 24/08/2008 09:42:32 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 01/01/2004 19:59:32 | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 2337 bytes | Modified Date = 15/07/2008 21:59:56 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache(2)\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache(2) -> [Folder | Modified Date = 01/07/2003 17:22:15 | Attr = ]
about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache(2)\about.dat -> [Ver = | Size = 2302 bytes | Modified Date = 17/07/2002 11:00:00 | Attr = ]
college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache(2)\college.dat -> [Ver = | Size = 314360 bytes | Modified Date = 17/07/2002 11:00:00 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 20/05/2003 12:46:02 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 24/08/2008 10:42:04 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5505 bytes | Modified Date = 24/08/2008 10:42:04 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 19/07/2006 15:12:54 | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 3804 bytes | Modified Date = 22/05/2003 22:19:49 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa12.dat -> [Ver = | Size = 8388 bytes | Modified Date = 19/07/2006 15:07:31 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 08/12/2007 13:18:05 | Attr = ]
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 12 bytes | Modified Date = 11/12/2003 12:44:38 | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 23/05/2003 19:33:54 | Attr = ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 556808 bytes | Modified Date = 02/12/2007 20:02:22 | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Modified Date = 24/08/2008 09:54:40 | Attr = ]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 05/08/2008 19:42:32 | Attr = ]
Retrospect -> %AllUsersProfile%\Application Data\Retrospect -> [Folder | Modified Date = 07/08/2008 11:48:21 | Attr = ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 31/07/2008 15:20:17 | Attr = ]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 24/08/2008 10:30:56 | Attr = ]
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
@Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
ZoomBrowser -> %AllUsersProfile%\Application Data\ZoomBrowser -> [Folder | Modified Date = 04/08/2008 19:35:08 | Attr = ]
Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 22/08/2008 19:54:14 | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 05/08/2008 19:42:42 | Attr = ]
Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 31/07/2008 15:00:41 | Attr = ]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 06/08/2008 10:06:46 | Attr = ]
Uniblue -> %AppData%\Uniblue -> [Folder | Modified Date = 03/08/2008 13:51:41 | Attr = ]
ZoomBrowser EX -> %AppData%\ZoomBrowser EX -> [Folder | Modified Date = 04/08/2008 19:35:19 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 136704 bytes | Modified Date = 21/08/2008 17:53:17 | Attr = ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 22/08/2008 22:32:01 | Attr = ]
Zattoo -> %UserProfile%\Local Settings\Application Data\Zattoo -> [Folder | Modified Date = 21/08/2008 17:58:47 | Attr = ]
ZattooPlayer -> %UserProfile%\Local Settings\Application Data\ZattooPlayer -> [Folder | Modified Date = 21/08/2008 17:57:45 | Attr = ]
!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg -> %UserProfile%\My Documents\!cid_002301c8e6ac$c68ea660$3fc59856@aurora.jpg -> [Ver = | Size = 219717 bytes | Modified Date = 19/08/2008 11:12:44 | Attr = ]
2 ScreenShot.jpg -> %UserProfile%\My Documents\2 ScreenShot.jpg -> [Ver = | Size = 145565 bytes | Modified Date = 22/08/2008 23:17:25 | Attr = ]
ALL MY PHOTOS -> %UserProfile%\My Documents\ALL MY PHOTOS -> [Folder | Modified Date = 16/08/2008 19:25:19 | Attr = R ]
bookmark.htm -> %UserProfile%\My Documents\bookmark.htm -> [Ver = | Size = 38000 bytes | Modified Date = 15/08/2008 23:11:22 | Attr = ]
CODES -> %UserProfile%\My Documents\CODES -> [Folder | Modified Date = 08/08/2008 10:17:35 | Attr = R ]
COMPUTER TIPS -> %UserProfile%\My Documents\COMPUTER TIPS -> [Folder | Modified Date = 22/08/2008 20:07:37 | Attr = R ]
desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 80 bytes | Modified Date = 09/08/2008 12:17:47 | Attr = HS]
Direct Debit Instructions.doc -> %UserProfile%\My Documents\Direct Debit Instructions.doc -> [Ver = | Size = 19456 bytes | Modified Date = 11/08/2008 20:01:55 | Attr = ]
fun -> %UserProfile%\My Documents\fun -> [Folder | Modified Date = 13/08/2008 15:02:06 | Attr = ]
image009.jpg -> %UserProfile%\My Documents\image009.jpg -> [Ver = | Size = 43580 bytes | Modified Date = 19/08/2008 20:28:36 | Attr = ]
land 2.jpg -> %UserProfile%\My Documents\land 2.jpg -> [Ver = | Size = 1129973 bytes | Modified Date = 16/08/2008 21:54:22 | Attr = ]
land.jpg -> %UserProfile%\My Documents\land.jpg -> [Ver = | Size = 577288 bytes | Modified Date = 16/08/2008 19:49:57 | Attr = ]
My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 09/08/2008 12:17:48 | Attr = R ]
My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 09/08/2008 12:17:47 | Attr = R ]
PrintScreen Files -> %UserProfile%\My Documents\PrintScreen Files -> [Folder | Modified Date = 13/08/2008 14:34:10 | Attr = ]
ScreenShot.jpg -> %UserProfile%\My Documents\ScreenShot.jpg -> [Ver = | Size = 118715 bytes | Modified Date = 22/08/2008 23:15:30 | Attr = ]
Sprayer.jpg -> %UserProfile%\My Documents\Sprayer.jpg -> [Ver = | Size = 706929 bytes | Modified Date = 31/07/2008 17:53:42 | Attr = ]
Test 1 at 11-20 am.jpg -> %UserProfile%\My Documents\Test 1 at 11-20 am.jpg -> [Ver = | Size = 183221 bytes | Modified Date = 11/08/2008 11:24:05 | Attr = ]
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 3590504 bytes | Modified Date = 22/08/2008 23:23:04 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
Updater -> %UserProfile%\My Documents\Updater -> [Folder | Modified Date = 15/08/2008 20:33:53 | Attr = ]
Wyevale%20Flyer%20for%20Web.pdf -> %UserProfile%\My Documents\Wyevale%20Flyer%20for%20Web.pdf -> [Ver = | Size = 1660754 bytes | Modified Date = 18/08/2008 19:07:56 | Attr = ]
Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk -> [Ver = | Size = 851 bytes | Modified Date = 09/08/2008 16:17:57 | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 05/08/2008 19:42:34 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 06/08/2008 10:06:46 | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 22/08/2008 19:46:53 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
BetterJPEG.lnk -> %UserProfile%\Desktop\BetterJPEG.lnk -> [Ver = | Size = 732 bytes | Modified Date = 22/08/2008 12:02:03 | Attr = ]
dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 10/08/2008 18:23:41 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 592 bytes | Modified Date = 19/08/2008 22:51:32 | Attr = ]
GeForms 1.8.lnk -> %UserProfile%\Desktop\GeForms 1.8.lnk -> [Ver = | Size = 887 bytes | Modified Date = 11/08/2008 18:02:07 | Attr = ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 12/08/2008 16:20:37 | Attr = ]
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Modified Date = 19/08/2008 22:51:32 | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 24/08/2008 11:34:38 | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 22/08/2008 23:10:47 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Shortcut to ERDNT.lnk -> %UserProfile%\Desktop\Shortcut to ERDNT.lnk -> [Ver = | Size = 464 bytes | Modified Date = 19/08/2008 22:57:06 | Attr = ]
Smitfraud And Iedfix.exe.url -> %UserProfile%\Desktop\Smitfraud And Iedfix.exe.url -> [Ver = | Size = 260 bytes | Modified Date = 22/08/2008 21:48:38 | Attr = ]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Modified Date = 02/08/2008 11:51:14 | Attr = ]
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Modified Date = 31/07/2008 22:38:31 | Attr = ]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 6467096 bytes | Modified Date = 06/08/2008 09:55:26 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier
Task Killer.lnk -> %UserProfile%\Desktop\Task Killer.lnk -> [Ver = | Size = 723 bytes | Modified Date = 13/08/2008 13:55:00 | Attr = ]
Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 1533400 bytes | Modified Date = 21/08/2008 19:52:39 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Modified Date = 19/08/2008 22:52:19 | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 09/08/2008 16:15:51 | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 09/08/2008 12:15:14 | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 06/08/2008 10:03:54 | Attr = ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Ati HotKey Poller]
"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ati2mtag]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cbidf]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NtServicePack]
"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NVENET]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Ati HotKey Poller]
"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ati2mtag]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cbidf]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NtServicePack]
"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NVENET]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\Ati HotKey Poller]
"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\ati2mtag]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\cbidf]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\NtServicePack]
"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\NVENET]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Ati HotKey Poller]
"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ati2mtag]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cbidf]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack]
"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NVENET]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\Ati HotKey Poller]
"EventMessageFile"=str(2):"C:\WINDOWS\System32\Ati2evxx.exe"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\ati2mtag]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2mtag.sys"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\cbidf]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\NtServicePack]
"EventMessageFile"=str(2):"%SystemRoot%\System32\spmsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\NVENET]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.386\OpenWithProgids]
"vxdfile"=hex(0):
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vxd\OpenWithProgids]
"vxdfile"=hex(0):
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
"Upgrade"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop]
"Mode"=dword:00000001
"ScrollPos640x480(1).x"=dword:00000000
"ScrollPos640x480(1).y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:00000002
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,..
"FFlags"=dword:00000224
"ScrollPos1024x768(1).x"=dword:00000000
"ScrollPos1024x768(1).y"=dword:00000000
"ItemPos1024x768(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,01,00,00,02,..
"ScrollPos800x600(1).x"=dword:00000000
"ScrollPos800x600(1).y"=dword:00000000
"ItemPos800x600(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,15,00,00,00,02,..
"ScrollPos1152x864(1).x"=dword:00000000
"ScrollPos1152x864(1).y"=dword:00000000
"ItemPos1152x864(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,60,00,00,00,4d,..
"ItemPos640x480(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,41,01,00,00,7e,..
"ScrollPos1280x1024(1).x"=dword:00000000
"ScrollPos1280x1024(1).y"=dword:00000000
"ItemPos1280x1024(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f6,00,00,00,02,..
"ScrollPos1280x960(1).x"=dword:00000000
"ScrollPos1280x960(1).y"=dword:00000000
"ItemPos1280x960(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,15,00,00,00,02,..
scanning hidden files ...
C:\WINDOWS\Web\Wallpaper\BLISS.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc 5904 bytes
C:\WINDOWS\system32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\3models.gif:Q30lsldxJoudresxAaaqpcawXc 8988 bytes
C:\WINDOWS\system32\images\3models.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\but3_off.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\but3_on.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\main_bot.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\main_mid.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\main_top.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\model1.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\panel_bot.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\panel_top.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\pc.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\pcwcover.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\pcw_award_cover.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\Thumbs.db:encryptable 0 bytes
C:\WINDOWS\system32\images\topoff.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\topon.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\system32\images\webscreen.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 21
< Document and Settings folder & sub folders >
detected NTDLL code modification:
ZwClose
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\OD2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 120 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 98 bytes
C:\Documents and Settings\john rowe\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010001.ci 471040 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010001.dir 4096 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010001.wid 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010001.wsb 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010002.ci 16384 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010002.dir 4096 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:00010002.wid 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000C.ci 106496 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000C.dir 4096 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000C.wid 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000D.ci 40960 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000D.dir 4096 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:0001000D.wid 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0001.000 240 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0001.001 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0001.002 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0002.000 240 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0002.001 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAB0002.002 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAD0002.000 240 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAD0002.001 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiAD0002.002 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiPT0000.000 240 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiPT0000.001 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:CiPT0000.002 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:INDEX.000 240 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:INDEX.001 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:INDEX.002 65536 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:Used0000.000 240 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:Used0000.001 0 bytes
C:\Documents and Settings\john rowe\Local Settings\Application Data\Microsoft\Outlook\outlook.pst:Used0000.002 0 bytes
C:\Documents and Settings\john rowe\My Documents\Copy of SPREADSHEETS & INVOICE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\My Music\Jeff Wayne\The War of the Worlds [2005 Bonus Track] Disc 1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\My Music\Jeff Wayne\The War of the Worlds [2005 Bonus Track] Disc 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\My Music\Jeff Wayne\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\My Music\Michael Bolton\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\My Music\Neil Diamond\The Best Of Neil Diamond [UK]\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\My Music\Neil Diamond\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Chester Zoo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Isle of Wight\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\variouse\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\ASTON VILLAGE HALL\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Bambi\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Bidulph Grange\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\ANIMALS\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Cats\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Christmas\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Clouds\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\cruise\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Bridgenorth\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Bruges\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\BIRDS\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\BODNANT GARDENS\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\SOUTH OF FRANCE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\LONDON\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Long Lane Cottage\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Devon & Cornswall\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Devon 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Edinburgh Tattoo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\harry\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Iain's Wedding\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Cotswolds\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\whitbey & Durham\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Jessica\2007_12_12\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Jessica\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Kens Flight\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\family trip to wales\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Looe and Polperro\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\majorca\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\malta\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\lacock\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Longleat\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Weston Under Lizard\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Tenerife\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\2008_07_16\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Aberdyfi\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Angela\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Provence\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Saint Ives 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Scarecrows\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Party\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Photshop bits\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Scotland\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Devon\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Menorca\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Tissington and Ilam\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\Mum and Dad\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\nerga\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\ALL MY PHOTOS\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\PrintScreen Files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\SHOP RENTS and details\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\CODES\Building a sparrow nest box - the cutting plans_files\angela steve icesave\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\CODES\Building a sparrow nest box - the cutting plans_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\CODES\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\COMPUTER TIPS\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\Icesave letters\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\LETTERS ENVALOPES\imformation\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\LETTERS ENVALOPES\nowwich union\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\LETTERS ENVALOPES\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\plans\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\john rowe\My Documents\fun\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 117

< End of report >

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 AM

Posted 24 August 2008 - 03:47 PM

Hmm... those reports don't seem to work right.. you're not the only one I've been having issues with OTSI with.

Please post a fresh HJT log below :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 oxojohn

oxojohn
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:32 AM

Posted 25 August 2008 - 08:40 AM




Edited by oxojohn, 25 August 2008 - 08:51 AM.


#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 AM

Posted 25 August 2008 - 09:09 AM

Hmm... that post appears blank....
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 oxojohn

oxojohn
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:32 AM

Posted 25 August 2008 - 10:11 AM

Done it! :thumbsup:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:00, on 25/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Presorium\Frontgate MX\frntgate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ClickTray Calendar\ClickTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [FG1_00] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ClickTray Calendar.lnk = C:\Program Files\ClickTray Calendar\ClickTray.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188123345234
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.tourismeville.wanadoo.fr/acti...sCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp08.photoprintit.de/microsite/128...IPSUploader.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} - http://express.foto.com/FUploader/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA443052-BA81-4BD6-9815-16608E5D1A04}: NameServer = 212.139.132.26 212.139.132.27
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tuvSmkhE - tuvSmkhE.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://thundercloud.net/wallpaper/two/ducks1024.jpg
O24 - Desktop Component 1: (no name) - http://idf50.co.uk:/clubhouse/templates/su...on_minipost.gif

--
End of file - 15384 bytes

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 AM

Posted 25 August 2008 - 12:51 PM

Hello, oxojohn.
We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
ZoneAlarm Spy Blocker Toolbar (NOT Zonealarm; the firewall is fine)

We need to move some files
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
    HKEY_CLASSES_ROOT\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
    HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}
    HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
    C:\Program Files\ZoneAlarmSB
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTMoveIt2's Log
  • Kaspersky's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 oxojohn

oxojohn
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:32 AM

Posted 26 August 2008 - 04:11 AM

Hello Billy3
Thanks for your perseverance.

Here are the 3 log files that you requested.

oxojohn.

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\\ not found.
< HKEY_CLASSES_ROOT\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} >
Registry key HKEY_CLASSES_ROOT\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\\ not found.
< HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} >
Registry key HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\\ not found.
< HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} >
Registry key HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ not found.
C:\Program Files\ZoneAlarmSB\bar\History moved successfully.
C:\Program Files\ZoneAlarmSB\bar\1.bin moved successfully.
C:\Program Files\ZoneAlarmSB\bar moved successfully.
C:\Program Files\ZoneAlarmSB moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08252008_195918




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 25, 2008 15:15:15
Records in database: 1144482
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 158505
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 04:04:30


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Desktop\SmitfraudFixunz\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\john rowe\.housecall6.6\Quarantine\UKVideo-uninstall.exe.bac_a02448 Infected: not-a-virus:Dialer.Win32.Small.gen 1

The selected area was scanned.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:44, on 26/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Presorium\Frontgate MX\frntgate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ClickTray Calendar\ClickTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [ZoneAlarmSB Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [FG1_00] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ClickTray Calendar.lnk = C:\Program Files\ClickTray Calendar\ClickTray.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188123345234
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.tourismeville.wanadoo.fr/acti...sCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp08.photoprintit.de/microsite/128...IPSUploader.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} - http://express.foto.com/FUploader/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA443052-BA81-4BD6-9815-16608E5D1A04}: NameServer = 212.139.132.26 212.139.132.27
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tuvSmkhE - tuvSmkhE.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://thundercloud.net/wallpaper/two/ducks1024.jpg
O24 - Desktop Component 1: (no name) - http://idf50.co.uk:/clubhouse/templates/su...on_minipost.gif

--
End of file - 15181 bytes


Thanks again. oxojohn

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 AM

Posted 26 August 2008 - 10:35 AM

Hello, oxojohn.
You now appear to be clean. Congratulations!

We need to clean up our tools.
  • Please download OTMoveIt2 by OldTimer and save it to your desktop.
  • Click the Clean Up button.
    Posted Image
  • Accept any prompts.
  • This will remove any tools we used, including OTMoveIt, and will require a reboot.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infections you had were "ZoneAlarm Spyblocker Toolbar"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    You can view a video of the following instructions.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    Note: You should only do this once!
    :thumbsup:
  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
    :)
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    :)
  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.
    :)
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.
    :spacer:
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.
    :spacer:
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.
    :spacer:
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
    :spacer:
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 oxojohn

oxojohn
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:32 AM

Posted 26 August 2008 - 01:45 PM

Hi Billy 3

Unfortunately one of the problems that was created when my troubles first started was that system restore stopped working.

All my previous restore points vanished and I was unable to create a new restore point.

Looking at my next move, I now have to create a restore point, but on trying to do so I get the massage.
(System Restore is not able to create a restore point)

Sorry to be a pain! but what do I do next.

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 AM

Posted 26 August 2008 - 02:20 PM

You're no pain :thumbsup:

Try this:

Go to Start -> RIGHT CLICK on My Computer -> Properties
"System Restore" tab

Is "Turn off system restore" checked?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users