Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\windows\config\csrss.exe Not Recognized


  • This topic is locked This topic is locked
20 replies to this topic

#1 crumpy

crumpy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 13 August 2008 - 12:59 PM

Hi, I am new to this and not the greatest with computers so please explain everything as fullly as possible to me

As it says in the title, I have this problem when I load up the computer. But I have also recognized in Windows Task Manager csrss.exe, loads of svchost.exe smss.exe, lsass.exe. But I have noticed that my CPU Usage is always very high and can go up to 100%.

So having followed the preparation guide, here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:40, on 13/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\True Sword 5\TrueSword5.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Documents and Settings\e.pearce-crump\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.30.0.24:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://etonweb;http://etonweb.etoncollege....k;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &IntelliLogin Keyboard - C:\Program Files\JJSoft IntelliLogin\SoftInput.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O15 - Trusted Zone: http://office.microsoft.com,
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121277530687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121278859578
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\Software\..\Telephony: DomainName = school.etoncollege.org.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9896 bytes

I have been searching for answers all day so any help is highly appreciated

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:10 AM

Posted 22 August 2008 - 09:27 AM

Hello, crumpy.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search area select Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - Uninstall List
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 crumpy

crumpy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 23 August 2008 - 08:21 AM

Thanks Billy O'Neal for helping me out. I am really pleased that there is someone who can help me. my OTScanIt is below:

OTScanIt logfile created on: 23/08/2008 13:59:43
OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Documents and Settings\e.pearce-crump\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.02% Memory free
2.60 Gb Paging File | 2.31 Gb Available in Paging File | 89.11% Paging File free
Paging file location(s): C:\pagefile.sys 766 1500;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 26.25 Gb Free Space | 47.06% Space Free | Partition Type: NTFS
Drive D: | 3.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 55.79 Gb Total Space | 26.25 Gb Free Space | 47.06% Space Free | Partition Type: *NT5CSC
I: Drive not present or media not loaded

Computer Name: EPEARCECRUMP
Current User Name: E.Pearce-Crump
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4107 | Size = 405504 bytes | Modified Date = 04/12/2004 03:32:34 | Attr =	]
savservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3755 | Size = 98304 bytes | Modified Date = 30/11/2007 14:07:00 | Attr =	]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 07/09/2004 16:02:40 | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 07/09/2004 16:05:10 | Attr =	]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 07/09/2004 16:12:32 | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 19:04:36 | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr =	]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 03/03/2005 23:29:02 | Attr =	]
ioctlsvc.exe -> %SystemRoot%\system32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 4, 0, 0 | Size = 53248 bytes | Modified Date = 16/09/2005 17:05:42 | Attr =	]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 08/12/2007 13:22:40 | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 07/09/2004 16:02:04 | Attr =	]
savadminservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 69632 bytes | Modified Date = 27/09/2007 13:10:33 | Attr =	]
managementagentnt.exe -> %ProgramFiles%\Sophos\Remote Management System\ManagementAgentNT.exe -> Sophos Plc [Ver = 3,0,4,1735 | Size = 266240 bytes | Modified Date = 27/09/2007 13:10:06 | Attr =	]
alsvc.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.19.168 | Size = 172032 bytes | Modified Date = 16/04/2008 21:11:28 | Attr =	]
routernt.exe -> %ProgramFiles%\Sophos\Remote Management System\RouterNT.exe -> Sophos Plc [Ver = 3,0,4,1735 | Size = 790528 bytes | Modified Date = 27/09/2007 13:10:04 | Attr =	]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 07/09/2004 16:08:02 | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4107 | Size = 405504 bytes | Modified Date = 04/12/2004 03:32:34 | Attr =	]
lxcrmon.exe -> %ProgramFiles%\Lexmark 2400 Series\lxcrmon.exe ->  [Ver = 0.1.25.0 | Size = 286720 bytes | Modified Date = 22/01/2006 18:45:08 | Attr =	]
daemon.exe -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 22/08/2004 17:05:02 | Attr =	]
lxcrcoms.exe -> %SystemRoot%\system32\lxcrcoms.exe ->   [Ver = 99.99.99.99 | Size = 495616 bytes | Modified Date = 03/02/2006 04:11:22 | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 19:04:36 | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4107 | Size = 405504 bytes | Modified Date = 04/12/2004 03:32:34 | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 14/04/2008 05:42:18 | Attr =	]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 07/09/2004 16:02:40 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 06/04/2008 21:29:53 | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 20/01/2008 17:09:27 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 01:41:10 | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 30/03/2008 10:36:30 | Attr =	]
(lxcr_device) lxcr_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\lxcrcoms.exe ->   [Ver = 99.99.99.99 | Size = 495616 bytes | Modified Date = 03/02/2006 04:11:22 | Attr =	]
(Messenger) Messenger [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 03/03/2005 23:29:02 | Attr =	]
(PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 4, 0, 0 | Size = 53248 bytes | Modified Date = 16/09/2005 17:05:42 | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 08/12/2007 13:22:40 | Attr =	]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 07/09/2004 16:02:04 | Attr =	]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 07/09/2004 16:05:10 | Attr =	]
(SAVAdminService) Sophos Anti-Virus status reporter [Win32_Own | Unknown | Running] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 69632 bytes | Modified Date = 27/09/2007 13:10:33 | Attr =	]
(SAVService) Sophos Anti-Virus [Win32_Own | Unknown | Running] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3755 | Size = 98304 bytes | Modified Date = 30/11/2007 14:07:00 | Attr =	]
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(Sophos Agent) Sophos Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\Remote Management System\ManagementAgentNT.exe -> Sophos Plc [Ver = 3,0,4,1735 | Size = 266240 bytes | Modified Date = 27/09/2007 13:10:06 | Attr =	]
(Sophos AutoUpdate Service) Sophos AutoUpdate Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.19.168 | Size = 172032 bytes | Modified Date = 16/04/2008 21:11:28 | Attr =	]
(Sophos Message Router) Sophos Message Router [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\Remote Management System\RouterNT.exe -> Sophos Plc [Ver = 3,0,4,1735 | Size = 790528 bytes | Modified Date = 27/09/2007 13:10:04 | Attr =	]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 07/09/2004 16:12:32 | Attr =	]

[Driver Services - Non-Microsoft Only]
(aiptektp) HyperPen [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\aiptektp.sys -> AIPTEK International Inc. [Ver = 2.34.00 | Size = 22272 bytes | Modified Date = 07/07/2004 17:02:14 | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 17/08/2001 13:51:56 | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 14/04/2008 00:06:40 | Attr =	]
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.5.1.271 | Size = 108791 bytes | Modified Date = 16/11/2004 16:03:52 | Attr =	]
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 18/08/2004 14:53:54 | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 17/08/2001 13:52:00 | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 17/08/2001 13:51:58 | Attr =	]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6483 | Size = 800768 bytes | Modified Date = 04/12/2004 03:34:26 | Attr =	]
(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 7.86.0.0 built by: WinDDK | Size = 121472 bytes | Modified Date = 03/09/2004 17:23:38 | Attr =	]
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\bcmwl5.sys -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 17/08/2001 13:51:54 | Attr =	]
(d347bus) d347bus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\d347bus.sys ->   [Ver = 3.47.0.0 built by: WinDDK | Size = 155136 bytes | Modified Date = 22/08/2004 16:31:10 | Attr =	]
(d347prt) d347prt [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\d347prt.sys ->   [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 22/08/2004 16:31:48 | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 17/08/2001 13:52:16 | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 14/04/2008 00:14:50 | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 14/04/2008 00:14:48 | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04/08/2004 05:00:00 | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.03a | Size = 87488 bytes | Modified Date = 01/12/2004 03:22:00 | Attr =	]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.43a | Size = 40480 bytes | Modified Date = 23/11/2004 02:56:00 | Attr =	]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 17/08/2001 12:12:10 | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 29/01/2008 12:01:28 | Attr =	]
(GTIPCI21) GTIPCI21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gtipci21.sys -> Texas Instruments [Ver = 1.0.1.13 | Size = 80384 bytes | Modified Date = 03/05/2004 21:26:16 | Attr =	]
(HCW77BDA) Hauppauge Nova-T Stick DVB-T Tuner [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hcw70bda.sys -> Hauppauge Computer Works, Inc. [Ver = 3.7.24096 | Size = 118850 bytes | Modified Date = 06/04/2006 12:21:08 | Attr = R  ]
(hcw99rc) Hauppauge Nova-DT IR Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hcw99rc.sys -> Hauppauge Computer Works, Inc. [Ver = 4.1.24096 | Size = 56792 bytes | Modified Date = 06/04/2006 12:22:04 | Attr = R  ]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.23.00 built by: WinDDK | Size = 208000 bytes | Modified Date = 17/03/2005 08:50:40 | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 17/06/2004 20:55:04 | Attr =	]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.SYS -> Conexant Systems, Inc. [Ver = 7.23.00 built by: WinDDK | Size = 1033600 bytes | Modified Date = 17/03/2005 08:51:16 | Attr =	]
(ISODrive) ISO DVD/CD-ROM Device Driver [File_System | System | Running] -> %ProgramFiles%\UltraISO\drivers\ISODrive.sys -> EZB Systems, Inc. [Ver = 3.12 built by: WinDDK | Size = 73728 bytes | Modified Date = 26/02/2008 14:07:54 | Attr =	]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\lvusbsta.sys -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 17/03/2004 11:04:14 | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 17/08/2001 13:52:12 | Attr =	]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 5.02.13.06 | Size = 125813 bytes | Modified Date = 26/08/2004 13:42:50 | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 03/08/2004 22:29:56 | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 13/02/2004 16:46:00 | Attr =	]
(pepifilter) Volume Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\lv302af.sys -> File not found
(PID_08A0) Labtec WebCam(PID_08A0) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\LV302AV.SYS -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 05:00:00 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 11/12/2007 23:34:50 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 17/08/2001 13:52:20 | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 17/08/2001 13:52:20 | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 17/08/2001 13:52:18 | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 9, 0, 0, 3 | Size = 11354 bytes | Modified Date = 31/08/2004 08:53:04 | Attr =	]
(SAVOnAccessControl) SAVOnAccessControl [File_System | System | Running] -> %SystemRoot%\system32\drivers\savonaccesscontrol.sys -> Sophos Plc [Ver = 3.7.2.250 | Size = 101120 bytes | Modified Date = 28/10/2007 20:31:11 | Attr =	]
(SAVOnAccessFilter) SAVOnAccessFilter [File_System | System | Running] -> %SystemRoot%\system32\drivers\savonaccessfilter.sys -> Sophos Plc [Ver = 3.7.2.250 | Size = 33408 bytes | Modified Date = 28/10/2007 20:31:09 | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 11:25:53 | Attr =	]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfdrv01.sys -> Protection Technology [Ver = 1.37 | Size = 50688 bytes | Modified Date = 10/08/2005 13:44:04 | Attr =	]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfhlp02.sys -> Protection Technology [Ver = 2.3 | Size = 6656 bytes | Modified Date = 16/05/2005 14:20:39 | Attr =	]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfsync02.sys -> Protection Technology [Ver = 2.10 | Size = 19968 bytes | Modified Date = 14/04/2005 13:12:32 | Attr =	]
(sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfvfs02.sys -> Protection Technology [Ver = 2.13 | Size = 63488 bytes | Modified Date = 03/11/2005 15:40:07 | Attr =	]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 14/04/2008 00:06:40 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 17/08/2001 14:07:44 | Attr =	]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 716272 bytes | Modified Date = 03/02/2008 17:15:05 | Attr =	]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 14/07/2004 11:29:04 | Attr =	]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 14/07/2004 11:28:50 | Attr =	]
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.4249 | Size = 272568 bytes | Modified Date = 01/11/2004 19:52:46 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 17/08/2001 14:07:34 | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 17/08/2001 14:07:36 | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 17/08/2001 14:07:40 | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 17/08/2001 14:07:42 | Attr =	]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25883 bytes | Modified Date = 06/12/2004 01:05:00 | Attr =	]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 06/12/2004 01:05:00 | Attr =	]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 06/12/2004 01:05:00 | Attr =	]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 06/12/2004 01:05:00 | Attr =	]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86586 bytes | Modified Date = 06/12/2004 01:05:00 | Attr =	]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15227 bytes | Modified Date = 06/12/2004 01:05:00 | Attr =	]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 06/12/2004 01:05:00 | Attr =	]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 06/12/2004 01:05:00 | Attr =	]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 06/12/2004 01:05:00 | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 23/07/2008 12:28:41 | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 17/08/2001 13:52:22 | Attr =	]
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9000-61 Driver | Size = 3210496 bytes | Modified Date = 21/10/2004 20:56:04 | Attr =	]
(W8335XP) NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WG511v2XP.sys -> Marvell Semiconductor, Inc [Ver = 3.01.01.07 | Size = 265984 bytes | Modified Date = 17/03/2006 12:41:02 | Attr =	]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.23.00 built by: WinDDK | Size = 705280 bytes | Modified Date = 17/03/2005 08:50:32 | Attr =	]
(WmBEnum) Logitech Virtual Bus Enumerator Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WmBEnum.sys -> Logitech Inc. [Ver = 4.40.130 | Size = 10144 bytes | Modified Date = 14/04/2004 11:08:00 | Attr =	]
(WmFilter) Logitech WingMan HID Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WmFilter.sys -> Logitech Inc. [Ver = 4.40.130 | Size = 21280 bytes | Modified Date = 14/04/2004 11:08:00 | Attr =	]
(WmVirHid) Logitech Virtual Hid Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WmVirHid.sys -> Logitech Inc. [Ver = 4.40.130 | Size = 5600 bytes | Modified Date = 14/04/2004 11:08:00 | Attr =	]
(WmXlCore) Logitech WingMan Translation Layer Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WmXlCore.sys -> Logitech Inc. [Ver = 4.40.130 | Size = 44064 bytes | Modified Date = 14/04/2004 11:08:00 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe ["C:\Program Files\D-Tools\daemon.exe"  -lang 1033] -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 22/08/2004 17:05:02 | Attr =	]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe ["C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s] ->  [Ver = 0.1.35.8 | Size = 290816 bytes | Modified Date = 02/02/2006 09:11:28 | Attr =	]
LXCRCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\lxcrtime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16] ->  [Ver =  | Size = 65536 bytes | Modified Date = 01/12/2005 19:38:40 | Attr =	]
lxcrmon.exe -> %ProgramFiles%\Lexmark 2400 Series\lxcrmon.exe ["C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"] ->  [Ver = 0.1.25.0 | Size = 286720 bytes | Modified Date = 22/01/2006 18:45:08 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< e.pearce-crump Startup Folder > -> C:\Documents and Settings\e.pearce-crump\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL -> %ProgramFiles%\Sophos\Sophos Anti-Virus\sophos_detoured.dll -> Sophos Plc [Ver = 1.0.0.3770 | Size = 173056 bytes | Modified Date = 31/01/2008 14:23:15 | Attr =	]
*MultiFile Done* -> -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [CDBurn] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 05:42:20 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 05:42:40 | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 05:42:26 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 05:42:06 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 05:42:42 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4107 | Size = 90112 bytes | Modified Date = 04/12/2004 03:32:40 | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 07/09/2004 16:08:06 | Attr =	]
NavLogon ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 14/04/2008 00:10:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPHILIPS_CDRW/DVD_SCB5265________________TD15____\5&340b0ccf&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0\2&12b1de20&3&000 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 11/08/2004 17:15:00 | Attr =	]
autorun.inf [[autorun] | open=Setup\rsrc\autorun.exe | icon=Setup\rsrc\Art\cod2.ico |  | shell\dinstall\command=Directx\dxsetup.exe | shell\dinstall=&DirectX(R)... | ] -> D:\autorun.inf [ UDF ] ->  [Ver =  | Size = 145 bytes | Modified Date = 14/06/2005 02:40:45 | Attr = R  ]
AutoRun.exe [MZ | ] -> F:\AutoRun.exe [ CDFS ] -> Electronic Arts [Ver = 1.0.0.1 | Size = 402696 bytes | Modified Date = 14/08/2007 01:30:58 | Attr = R  ]
Autorun [] -> F:\Autorun.exe [ CDFS ] -> Electronic Arts [Ver = 1.0.0.1 | Size = 402696 bytes | Modified Date = 14/08/2007 01:30:58 | Attr = R  ]
autorun.dat [ŠĻą”±į | ] -> F:\autorun.dat [ CDFS ] ->  [Ver =  | Size = 2984960 bytes | Modified Date = 02/09/2007 05:56:15 | Attr = R  ]
autorun.inf [[autorun] | open=Autorun.exe | Icon=fifapc.ico | Name=FIFA 08 |  | [Special] | Disk=1 | ProductGuiID={0A2A5039-B37F-489D-B1DC-A5258DF9E697} |  | ] -> F:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 136 bytes | Modified Date = 02/09/2007 05:50:18 | Attr = R  ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page ->  -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.euro.dell.com/ -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.www.daemon-search.com/default -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> http://etonweb;http://etonweb.etoncollege.org.uk;http://libserve;http://etononline;http://etononline.etoncollege.org.uk;http://nts18.school.etoncollege.org.uk;*.etoncollege.org.uk;<local> -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5 domain(s) found. -> 
www_etoncollege.org.uk [http] -> Local intranet -> 
etonweb* .[http] -> Local intranet -> 
*.windowsupdate_microsoft.com [http] -> Trusted sites -> 
oca_microsoft.com [http] -> Trusted sites -> 
oca_microsoft.com [https] -> Trusted sites -> 
windowsupdate_microsoft.com [http] -> Trusted sites -> 
*.etoncollege_org.uk [http] -> Local intranet -> 
*.etoncollege_org.uk [https] -> Local intranet -> 
windowsupdate.com .[http] -> Trusted sites -> 
3 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6 domain(s) found. -> 
etoncollege.org.uk .[http] -> Local intranet -> 
etoncollege.org.uk .[https] -> Local intranet -> 
*.foundation_etoncollege.org.uk [http] -> Local intranet -> 
*.foundation_etoncollege.org.uk [https] -> Local intranet -> 
*.school_etoncollege.org.uk [http] -> Local intranet -> 
*.school_etoncollege.org.uk [https] -> Local intranet -> 
www_etoncollege.org.uk [http] -> Local intranet -> 
etonweb* .[http] -> Local intranet -> 
*.windowsupdate_microsoft.com [http] -> Trusted sites -> 
oca_microsoft.com [http] -> Trusted sites -> 
oca_microsoft.com [https] -> Trusted sites -> 
windowsupdate_microsoft.com [http] -> Trusted sites -> 
office_microsoft.com, [http] -> Trusted sites -> 
*.etoncollege_org.uk [http] -> Local intranet -> 
*.etoncollege_org.uk [https] -> Local intranet -> 
windowsupdate.com .[http] -> Trusted sites -> 
3 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
AutorunsDisabled [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{9EEA28BA-2FB0-488F-8B99-528E8B06D4FD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 04:25:19 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr =	]
{58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 17:53:20 | Attr = R  ]
{700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 17:53:20 | Attr = R  ]
AutorunsDisabled: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 17:53:20 | Attr = R  ]
CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 17:53:20 | Attr = R  ]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&IntelliLogin Keyboard -> %ProgramFiles%\JJSoft IntelliLogin\SoftInput.htm ->  [Ver =  | Size = 1529 bytes | Modified Date = 18/11/2006 09:32:48 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1F60B938-02DA-4C65-B4CF-E8CEBC9E154E} ->	() -> 
{32D74E37-9A82-4CF1-BA17-442D4F17B85C} ->	(Broadcom NetXtreme 57xx Gigabit Controller) -> 
{F83CAA20-C4AB-46C8-BA18-08638FEEEDFA} ->	(BT Voyager 1065 Laptop Adapter) -> 
{FFBD798B-9B6A-46BC-B49E-5783F5C0AC2A} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 12:42:30 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/c/1/1/c1119a8f-4bfa-44d6-a3c1-ed651c6c4b5b/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] -> 
{20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] -> 
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}[HKEY_LOCAL_MACHINE] -> http://musicmix.messenger.msn.com/Medialogic.CAB[CMediaMix Object] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121277530687[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121278859578[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{B9191F79-5613-4C76-AA2A-398534BB8999}[HKEY_LOCAL_MACHINE] -> http://download.yahoo.com/dl/installs/yab_af.cab[Reg Error: Key does not exist or could not be opened.] -> 
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\TargetGroupEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\TargetGroup -> Boy computers -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUServer -> http://nts12 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUStatusServer -> http://nts12 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\DisableNotifications -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\DisableUnicastResponsesToMulticastBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\DefaultOutboundAction -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\DefaultInboundAction -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\\AllowUserPrefMerge -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\\Enabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Google\Google Earth\googleearth.exe:*:enabled:Google Earth -> %program files%\Google\Google Earth\googleearth.exe:*:enabled:Google Earth -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\keyhole\keyhole 2 LT\keyhole.exe:*:enabled:Keyhole -> %program files%\keyhole\keyhole 2 LT\keyhole.exe:*:enabled:Keyhole -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Kontiki\Khost.exe:*:disabled:Kontiki host plugin -> %program files%\Kontiki\Khost.exe:*:disabled:Kontiki host plugin -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Kontiki\kservice.exe:*:disabled:Kontiki service 2 -> %program files%\Kontiki\kservice.exe:*:disabled:Kontiki service 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\KService\kservice.exe:*:disabled:Kontiki service -> %program files%\KService\kservice.exe:*:disabled:Kontiki service -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Microsoft Office\Office10\Outlook.exe:*:enabled:Microsoft Outlook 2002 -> %program files%\Microsoft Office\Office10\Outlook.exe:*:enabled:Microsoft Outlook 2002 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Microsoft Office\Office11\Outlook.exe:*:enabled:Microsoft Office Outlook 2003 -> %program files%\Microsoft Office\Office11\Outlook.exe:*:enabled:Microsoft Office Outlook 2003 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Microsoft Office\Office12\Outlook.exe:*:enabled:Microsoft Office Outlook 2007 -> %program files%\Microsoft Office\Office12\Outlook.exe:*:enabled:Microsoft Office Outlook 2007 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Sophos\Remote Management System\RouterNT.exe:*:enabled:Sophos Remote Management -> %program files%\Sophos\Remote Management System\RouterNT.exe:*:enabled:Sophos Remote Management -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Symantec Antivirus\Rtvscan.exe:*:enabled:Symantec Scanner -> %program files%\Symantec Antivirus\Rtvscan.exe:*:enabled:Symantec Scanner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Symantec\LiveUpdate\Lucomserver.exe:*:enabled:Symantec LiveUpdate -> %program files%\Symantec\LiveUpdate\Lucomserver.exe:*:enabled:Symantec LiveUpdate -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Symantec\LiveUpdate\LuComServer_2_6.exe:*:enabled:Symantec LiveUpdate Client -> %program files%\Symantec\LiveUpdate\LuComServer_2_6.exe:*:enabled:Symantec LiveUpdate Client -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%program files%\Symantec\Symantec System Center\NscTop.exe:*:enabled:Symantec System Center -> %program files%\Symantec\Symantec System Center\NscTop.exe:*:enabled:Symantec System Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%programfiles%\itunes\itunes.exe:*:enabled:iTunes -> %ProgramFiles%\iTunes\iTunes.exe [%programfiles%\itunes\itunes.exe:*:enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 30/03/2008 10:36:34 | Attr =	]
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%systemroot%\kdx\khost.exe:*:disabled:Kontiki plugin -> %SystemRoot%\kdx\khost.exe [%systemroot%\kdx\khost.exe:*:disabled:Kontiki plugin] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\\AllowUserPrefMerge -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\\Enabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2967:UDP:*:enabled:Symantec Management -> 2967:UDP:*:enabled:Symantec Management -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\38037:TCP:*:enabled:Symantec AMS1 -> 38037:TCP:*:enabled:Symantec AMS1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\38037:UDP:*:enabled:Symantec AMS 2 -> 38037:UDP:*:enabled:Symantec AMS 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\38292:TCP:*:enabled:Symantec AMS 3 -> 38292:TCP:*:enabled:Symantec AMS 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\38292:UDP:*:enabled:Symantec AMS 4 -> 38292:UDP:*:enabled:Symantec AMS 4 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\38293:UDP:*:enabled:Intel PDS (Symantec) -> 38293:UDP:*:enabled:Intel PDS (Symantec) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\8192:TCP:*:enabled:Corba TCP -> 8192:TCP:*:enabled:Corba TCP -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\8192:UDP:*:enabled:Corba UDP -> 8192:UDP:*:enabled:Corba UDP -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\8193:TCP:*:enabled:Sophos 1 TCP -> 8193:TCP:*:enabled:Sophos 1 TCP -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\8193:UDP:*:enabled:Sophos 1 UDP -> 8193:UDP:*:enabled:Sophos 1 UDP -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\8194:TCP:*:enabled:Sophos 2 TCP -> 8194:TCP:*:enabled:Sophos 2 TCP -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\8194:UDP:*:enabled:Sophos 2 UDP -> 8194:UDP:*:enabled:Sophos 2 UDP -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings\\Enabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings\\RemoteAddresses -> 10.30.0.0/24 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\\Enabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\\RemoteAddresses -> 10.30.0.0/24 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\\Enabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\\RemoteAddresses -> 10.30.0.0/24 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework\\Enabled -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 05:42:02 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14/04/2008 05:41:58 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 05:42:02 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14/04/2008 05:42:06 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14/04/2008 05:42:10 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 960 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 14/04/2008 05:42:06 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 14/04/2008 05:42:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 65 C0 D2 9A 6D 4D D2 E4 53 0D 52 87 0E EB A3 1D 31 32 36 37 66 62 37 31 00 00 00 00 5F 5C 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 B1 24 22 9E DD 08 67 E4 90 13 5B 12  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 0B 45 8D 23 C4 A6 F0 43 49  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 94 1D 6A 87 55 A1  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\\MachineSid -> 01 05 00 00 00 00 00 05 15 00 00 00 58 3E E4 4E 27 52 79 53 EA 70 19 58 12 36 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 04/08/2004 05:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> D9 8E 9B 17 92 F0 66 C0 36 A4 9C 80 65 98 94 07  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> B6 8E 21 55 7C FD C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 55 F4 DC E9 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DC 87 E0 E9 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 09 B9 E1 E9 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 05:42:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 17383 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 05:41:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 05:42:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\ypager.exe -> %ProgramFiles%\Yahoo!\Messenger\ypager.exe [C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 14/04/2008 00:23:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 1022840 bytes | Modified Date = 29/08/2007 00:43:30 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 12844576 bytes | Modified Date = 21/05/2008 04:37:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 30/03/2008 10:36:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe -> %ProgramFiles%\Electronic Arts\Battlefield 2142\BF2142.exe [C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> %ProgramFiles%\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 16:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 05:42:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 5.0.0482 | Size = 1587512 bytes | Modified Date = 13/02/2004 12:25:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPAGER.EXE -> %ProgramFiles%\Yahoo!\Messenger\YPAGER.EXE [C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\yserver.exe -> %ProgramFiles%\Yahoo!\Messenger\yserver.exe [C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA SPORTS\2006 FIFA World Cup (TM)\FIFAWC06.exe -> %ProgramFiles%\EA SPORTS\2006 FIFA World Cup (TM)\FIFAWC06.exe [C:\Program Files\EA SPORTS\2006 FIFA World Cup (TM)\FIFAWC06.exe:*:Enabled:FIFAWC06] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\e.pearce-crump\My Documents\My Games\Call of Duty\CoDMP.exe -> %UserProfile%\My Documents\My Games\Call of Duty\CoDMP.exe [C:\Documents and Settings\e.pearce-crump\My Documents\My Games\Call of Duty\CoDMP.exe:*:Enabled:CoDMP] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NovaLogic\Delta Force\Df.exe -> %ProgramFiles%\NovaLogic\Delta Force\Df.exe [C:\Program Files\NovaLogic\Delta Force\Df.exe:*:Enabled:Df] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 14/04/2008 00:23:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe -> %ProgramFiles%\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe -> %ProgramFiles%\uTorrent\utorrent.exe [C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe -> %ProgramFiles%\Sports Interactive\Football Manager 2008\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008] -> Sports Interactive [Ver = 8.0.2 | Size = 22242560 bytes | Modified Date = 16/03/2008 15:57:07 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> %ProgramFiles%\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 30/03/2008 10:36:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 16:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 05:42:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 05:42:12 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 05:42:06 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 05:42:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 14/04/2008 05:42:06 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 14/04/2008 05:42:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 05:42:06 | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 23/10/2006 02:48:20 | Attr =	]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23/10/2006 01:01:50 | Attr =	]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> Sophos Plc [Ver = 3.10.54.138 | Size = 245760 bytes | Modified Date = 21/06/2007 11:18:00 | Attr =	]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 03:06:00 | Attr =	]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 11/03/2007 22:26:24 | Attr =	]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
AdobeUpdater hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 28/02/2007 23:06:56 | Attr =	]
Apoint hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 13/09/2004 16:33:20 | Attr =	]
ATIPTA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5125 | Size = 344064 bytes | Modified Date = 03/12/2004 21:00:00 | Attr =	]
atwtusb hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\ATWTUSB.EXE -> WALTOP International Corp. [Ver = 2, 47, 2, 0 | Size = 290816 bytes | Modified Date = 21/09/2005 19:08:48 | Attr =	]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] ->  -> File not found
.cmd [@ = cmdfile] ->  -> File not found
.com [@ = comfile] ->  -> File not found
.exe [@ = exefile] ->  -> File not found
.html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 20/07/2008 18:00:51 | Attr =	]
.pif [@ = piffile] ->  -> File not found
.scr [@ = scrfile] ->  -> File not found
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{0046FA01-C5B9-4985-BACB-398DC480FC05} -> Adobe Photoshop CS3
{02DFF6B1-1654-411C-8D7B-FD6052EF016F} -> Apple Software Update
{034759DA-E21A-4795-BFB3-C66D17FAD183} -> Sophos Anti-Virus
{04AF207D-9A77-465A-8B76-991F6AB66245} -> Adobe Help Viewer CS3
{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} -> mSSO
{08B32819-6EEF-4057-AEDA-5AB681A36A23} -> Adobe Bridge Start Meeting
{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3} -> Destinations
{09DA4F91-2A09-4232-AB8C-6BC740096DE3} -> Sonic Update Manager
{0A2A5039-B37F-489D-B1DC-A5258DF9E697} -> FIFA 08
{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} -> MSXML 6.0 Parser (KB933579)
{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} -> WD Diagnostics
{0AC58B09-0CFB-4B52-9119-07BBDD1FFAE3} -> Windows Live Local Add-in for Microsoft Office Outlook
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel
{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} -> mLogView
{0ED47137-C071-46CC-A243-E5E33271E10E} -> Windows Live Sign-in Assistant
{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} -> Security Update for CAPICOM (KB931906)
{10E1E87C-656C-4D08-86D6-5443D28583BE} -> TrayApp
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Sonic DLA
{121634B0-2F4B-11D3-ADA3-00C04F52DD52} -> Windows Installer Clean Up
{13F00518-807A-4B3A-83B0-A7CD90F3A398} -> MarketResearch
{15C418EB-7675-42be-B2B3-281952DA014D} -> Sophos AutoUpdate
{15C70064-2463-49dd-9A88-B700F75BB428} -> dj_sf_ProductContext
{15EE79F4-4ED1-4267-9B0F-351009325D7D} -> HP Software Update
{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} -> QuickTime
{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} -> Adobe WinSoft Linguistics Plugin
{1AFAE2EB-BC93-4B28-9C7C-004BBF974E3C} -> BT Voyager 1065 Wireless Utility
{1D433ADB-010F-4024-AF9E-D7D0855AAFC9} -> USB GAME PAD
{1F0BD960-6525-4FEE-B577-2473F77F1277} -> Windows Messenger 5.0
{1F528948-0E80-4C96-B455-DE4167CB1DF7} -> Internal Network Card Power Management
{23FB368F-1399-4EAC-817C-4B83ECBE3D83} -> mProSafe
{29E5EA97-5F74-4A57-B8B2-D4F169117183} -> Adobe Stock Photos CS3
{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0} -> WebReg
{2BA00471-0328-3743-93BD-FA813353A783} -> Microsoft .NET Framework 3.0 Service Pack 1
{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB} -> Microsoft XNA Framework Redistributable 1.0 Refresh
{3248F0A8-6813-11D6-A77B-00B0D0150100} -> J2SE Runtime Environment 5.0 Update 10
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1
{3248F0A8-6813-11D6-A77B-00B0D0160050} -> Java(TM) 6 Update 5
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978)
{3819891A-030B-4a4e-98ED-B28A649E48AB} -> HP Deskjet 3900 series
{3D047C15-C859-45F7-81CE-F2681778069B} -> iPod for Windows 2006-01-10
{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B} -> Google Earth
{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} -> DAEMON Tools
{3E9D596A-61D4-4239-BD19-2DB984D2A16F} -> mIWA
{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5} -> Nokia Connectivity Cable Driver
{415CDA53-9100-476F-A7B2-476691E117C7} -> HP Smart Web Printing
{42F6BED9-41DD-40F1-85A8-8E0350493626} -> HPDeskjet3900Series
{44734179-8A79-4DEE-BB08-73037F065543} -> Apple Mobile Device Support
{472ABCE2-5B2E-4D29-ABF4-94E1097558A6} -> Diplomacy
{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3} -> HPSSupply
{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} -> mHlpDell
{51846830-E7B2-4218-8968-B77F0FF475B8} -> Adobe Color EU Extra Settings
{543E938C-BDC4-4933-A612-01293996845F} -> UnloadSupport
{54793AA1-5001-42F4-ABB6-C364617C6078} -> Adobe Linguistics CS3
{571700F0-DB9D-4B3A-B03D-35A14BB5939F} -> Windows Live Messenger
{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} -> iTunes
{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE} -> Adobe Flash Player 9 ActiveX
{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA} -> Microsoft IntelliType Pro 5.2
{5F26311C-B135-4F7F-B11E-8E650F83651E} -> DeviceFunctionQFolder
{64635543-70E7-436D-8D6D-4A721595029E} -> Microsoft IntelliPoint 5.2
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD 5.1
{6ABE0BEE-D572-4FE8-B434-9E72A289431B} -> Adobe Fonts All
{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A} -> mCore
{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} -> Adobe Asset Services CS3
{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626} -> mIWCA
{716E0306-8318-4364-8B8F-0CC4E9376BAC} -> MSXML 4.0 SP2 Parser and SDK
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{730837D4-FF5E-48DB-BA49-33E732DFF0B3} -> PanoStandAlone
{75C22B40-6D12-4439-80DC-CAB3313EADA5} -> dj_sf_software_req
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec
{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper
{802771A9-A856-4A41-ACF7-1450E523C923} -> Adobe XMP Panels CS3
{803A0DF9-8C4F-454F-9652-277417919642} -> Ladbrokes
{810C97DE-8D3C-423E-99B1-EC091FDF3A0A} -> Altiris Helpdesk ActiveX Controls
{824D3839-DAA1-4315-A822-7AE3E620E528} -> VideoToolkit01
{8389382B-53BA-4A87-8854-91E3D80A5AC7} -> HP Photosmart Essential2.01
{87885939-F824-42bf-B790-231B1E8EF2BB} -> dj_sf_software
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player
{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} -> mPfMgr
{8C6027FD-53DC-446D-BB75-CACD7028A134} -> HP Update
{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} -> Adobe Device Central CS3
{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} -> Adobe Type Support
{90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders  (English) 12
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{3EC77D26-799B-4CD8-914F-C1565E796173} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{430971B1-C31E-45DA-81E0-72C095BAB72C} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-00B0-0409-0000-0000000FF1CE} -> Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90176341-0A8B-4CCC-A78D-F862228A6B95} -> Adobe Anchor Service CS3
{90B0D222-8C21-4B35-9262-53B042F18AF9} -> mPfWiz
{91120000-001A-0000-0000-0000000FF1CE} -> Microsoft Office Outlook 2007
{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{4AD3A076-427C-491F-A5B7-7D1DE788A756} -> Update for Microsoft Office Outlook 2007 (KB952142)
{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A420F522-7395-4872-9882-C591B4B92278} -> Update for Office 2007 (KB946691)
{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{AD72BABE-C733-4FCF-9674-4314466191B9} -> Security Update for Microsoft Office Word 2007 (KB950113)
{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{D9806966-6AA1-4B55-9528-6748E37CEE86} -> Update for Outlook 2007 Junk Email Filter (kb955433)
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{1AFF2298-CC00-4A3B-866A-C62B8373794E} -> Security Update for 2007 Microsoft Office System (KB951596)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{558B709B-821B-4FC5-90FC-9A8890641E77} -> Security Update for Microsoft Office PowerPoint 2007 (KB951338)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6BAD036C-261F-4BEF-96CF-C20678D07A41} -> Security Update for Visio 2007 (KB947590)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7399DD71-8E24-4E60-B6A8-6CED89C0AC26} -> Security Update for Microsoft Office Excel 2007 (KB951546)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00} -> Security Update for Microsoft Office system 2007 (KB951808)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A420F522-7395-4872-9882-C591B4B92278} -> Update for Office 2007 (KB946691)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{AD72BABE-C733-4FCF-9674-4314466191B9} -> Security Update for Microsoft Office Word 2007 (KB950113)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{93F54611-2701-454e-94AB-623F458D9E6B} -> DeviceDiscovery
{94658027-9F16-4509-BBD7-A59FE57C3023} -> mZConfig
{9541FED0-327F-4DF0-8B96-EF57EF622F19} -> Sonic RecordNow! Plus
{95655ED4-7CA5-46DF-907F-7144877A32E5} -> Adobe Color NA Recommended Settings
{9C9824D9-9000-4373-A6A5-D0E5D4831394} -> Adobe Bridge CS3
{9CC89556-3578-48DD-8408-04E66EBEF401} -> mXML
{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} -> ALPS Touch Pad Driver
{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} -> Adobe CMaps
{A2D81E70-2A98-4A08-A628-94388B063C5E} -> Adobe Color - Photoshop Specific
{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1 -> Moyea FLV to Video Converter version 1.14.1.7
{A9CF9052-F4A0-475D-A00F-A8388C62DD63} -> MSXML 4.0 SP2 (KB925672)
{AB405A0E-458F-4A58-9445-F221E7D99C2F} -> PC Software for Sharp EL-6990 and YO/ZQ-290
{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} -> PDF Settings
{AC76BA86-7AD7-1033-7B44-A80000000002} -> Adobe Reader 8
{AE86AE81-CD7F-496F-A39F-0210C985E71B} -> FM Modifier 2.25
{AEA07F97-9088-497c-8821-0F36BD5DC251} -> HPProductAssistant
{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter
{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} -> Adobe Camera Raw 4.0
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player
{B9242864-2841-4ADE-86E0-8F90F91B04DD} -> Logitech Gaming Software
{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} -> Adobe Default Language CS3
{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation
{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1} -> SolutionCenter
{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8} -> Windows Rights Management Client with Service Pack 2
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)
{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} -> Adobe ExtendScript Toolkit 2
{C5074CC4-0E26-4716-A307-960272A90040} -> QuickSet
{C609012F-FB56-4AA0-8FEC-5A8E5715702C} -> FM Modifier 2.12
{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC} -> mToolkit
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{D050D7362D214723AD585B541FFB6C11} -> DivX Content Uploader
{D0A05794-48C2-4424-A15A-9F20FCFDD374} -> Call of Duty(R) 2
{D0DFF92A-492E-4C40-B862-A74A173C25C5} -> Adobe Version Cue CS3 Client
{D1BB4446-AE9C-4256-9A7F-4D46604D2462} -> Adobe Setup
{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} -> Adobe PDF Library Files
{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} -> iPod for Windows 2005-10-12
{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} -> Adobe Color Common Settings
{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} -> Adobe Color JA Extra Settings
{E09B48B5-E141-427A-AB0C-D3605127224A} -> Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
{E2662C24-B31E-4349-A084-32EB76E8B760} -> BufferChm
{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect
{E69AE897-9E0B-485C-8552-7841F48D42D8} -> Adobe Update Manager CS3
{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04} -> Toolbox
{EC905264-BCFE-423B-9C42-C3A106266790} -> Windows Rights Management Client Backwards Compatibility SP2
{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} -> mMHouse
{F5936267-D467-4e7b-8940-A7D9F0398EF3} -> HP Deskjet Printer Driver Software 9.0
{F6090A17-0967-4A8A-B3C3-422A1B514D49} -> mDrWiFi
{F72E2DDC-3DB8-4190-A21D-63883D955FE7} -> PSSWCORE
{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} -> mWlsSafe
{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA} -> Status
{FE64AE29-0883-4C70-8388-DC026019C900} -> HP Image Zone Express
{FF11005D-CBC8-45D5-A288-25C7BB304121} -> Sophos Remote Management System
82A44D22-9452-49FB-00FB-CEC7DCAF7E23 -> EA SPORTS online 2008
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player Plugin
Adobe Shockwave Player -> Adobe Shockwave Player
Adobe_2ac78060bc5856b0c1cf873bb919b58 -> Adobe Photoshop CS3
Any Video Converter_is1 -> Any Video Converter 2.0.6
ATI Display Driver -> ATI Display Driver
AviSynth -> AviSynth 2.5
CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1 -> Conexant D110 MDC V.92 Modem
Digital Camera Driver -> Digital Camera Driver
EditPad Lite -> JGsoft EditPad Lite 6.1.2
ffdshow_is1 -> ffdshow [rev 1723] [2007-12-24]
FLV Player -> FLV Player 2.0, build 23
FLVPlayer -> FLV Player 1.3.3
Football Manager 2008 -> Football Manager 2008
Fraps -> Fraps
Free Video to JPG Converter_is1 -> Free Video to JPG Converter version 1.2
Free YouTube to iPod Converter_is1 -> Free YouTube to iPod Converter version 2.8
Game Cam -> Game Cam 2.0
HOMESTUDENTR -> Microsoft Office Home and Student 2007
HP Imaging Device Functions -> HP Imaging Device Functions 9.0
HP Photosmart Essential -> HP Photosmart Essential 2.01
HP Solution Center & Imaging Support Tools -> HP Solution Center 9.0
HPExtendedCapabilities -> HP Customer Participation Program 9.0
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B} -> iPod for Windows 2006-01-10
InstallShield_{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5} -> Nokia Connectivity Cable Driver
InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374} -> Call of Duty(R) 2
InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} -> iPod for Windows 2005-10-12
InterActual Player -> InterActual Player
iPod movie Converter 3 -> iPod movie Converter 3
iWare iWare Mouse -> iWare iWare Mouse 3.2
KB891122 -> Windows Media Format SDK Hotfix - KB891122
KB898458 -> Security Update for Step By Step Interactive Training (KB898458)
KB909520 -> Microsoft Base Smart Card Cryptographic Service Provider Package
KB911564 -> Security Update for Windows Media Player (KB911564)
KB911565 -> Security Update for Windows Media Player 10 (KB911565)
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734)
KB923723 -> Security Update for Step By Step Interactive Training (KB923723)
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)
KB931906 -> Security Update for CAPICOM (KB931906)
KB932471.T301_380ToU433_380 -> Hotfix for Microsoft .NET Framework 3.0 (KB932471)
KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782)
KB939683 -> Hotfix for Windows Media Player 11 (KB939683)
KB941569 -> Security Update for Windows XP (KB941569)
KB947864-IE7 -> Hotfix for Windows Internet Explorer 7 (KB947864)
KB948110(ENU) -> Hotfix 2050 for SQL Server 2000 ENU (KB948110)
KB950759-IE7 -> Security Update for Windows Internet Explorer 7 (KB950759)
KB950760 -> Security Update for Windows XP (KB950760)
KB950762 -> Security Update for Windows XP (KB950762)
KB950974 -> Security Update for Windows XP (KB950974)
KB951066 -> Security Update for Windows XP (KB951066)
KB951072-v2 -> Update for Windows XP (KB951072-v2)
KB951376 -> Security Update for Windows XP (KB951376)
KB951376-v2 -> Security Update for Windows XP (KB951376-v2)
KB951698 -> Security Update for Windows XP (KB951698)
KB951748 -> Security Update for Windows XP (KB951748)
KB951978 -> Update for Windows XP (KB951978)
KB952287 -> Hotfix for Windows XP (KB952287)
KB952954 -> Security Update for Windows XP (KB952954)
KB953838-IE7 -> Security Update for Windows Internet Explorer 7 (KB953838)
KB953839 -> Security Update for Windows XP (KB953839)
Lexmark 2400 Series -> Lexmark 2400 Series
Lexmark Fax Solutions -> Lexmark Fax Solutions
M886903 -> Microsoft .NET Framework 1.1 Hotfix (KB886903)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.1) -> Mozilla Firefox (3.0.1)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
Nero BurnRights!UninstallKey -> Nero BurnRights
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
OpenAL -> OpenAL
OUTLOOKR -> Microsoft Office Outlook 2007
Picasa2 -> Picasa 2
Pocket Oxford Latin -> Pocket Oxford Latin
ProInst -> Intel(R) PROSet/Wireless Software
RealPlayer 6.0 -> RealPlayer
Rmtablet -> Wireless Tablet Series
SopCast -> SopCast 2.0.4
Start To Learn Touch Typing -> Start To Learn Touch Typing
UltraISO_is1 -> UltraISO Premium V9.0
Uninstall_is1 -> Uninstall 1.0.0.0
WIC -> Windows Imaging Component
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinGTK-2_is1 -> GTK+ 2.8.9 runtime environment
WinRAR archiver -> WinRAR archiver
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Wyzo -> Wyzo 0.5.3
XpsEPSC -> XML Paper Specification Shared Components Pack 1.0
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 


[Files/Folders - Created Within 30 days]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 13/08/2008 11:46:38 | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 13/08/2008 11:46:37 | Attr =	]
pgdfgsvc.exe -> %SystemRoot%\System32\pgdfgsvc.exe -> Sysinternals - www.sysinternals.com [Ver = 2.31 | Size = 25992 bytes | Created Date = 12/08/2008 22:10:11 | Attr =	]
$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ -> %SystemRoot%\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ ->  [Folder | Created Date = 13/08/2008 21:38:38 | Attr =	]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
game.ini -> %SystemRoot%\game.ini ->  [Ver =  | Size = 287 bytes | Created Date = 17/08/2008 21:26:31 | Attr =	]
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job ->  [Ver =  | Size = 504 bytes | Created Date = 13/08/2008 12:15:07 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 13/08/2008 18:53:56 | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 12/08/2008 15:19:10 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 13/08/2008 11:32:47 | Attr =	]
Help -> %AppData%\Help ->  [Folder | Created Date = 12/08/2008 22:10:13 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 12/08/2008 15:19:18 | Attr =	]
True Sword -> %AppData%\True Sword ->  [Folder | Created Date = 13/08/2008 17:30:58 | Attr =	]
TuneUp Software -> %AppData%\TuneUp Software ->  [Folder | Created Date = 13/08/2008 12:15:01 | Attr =	]
Help -> %UserProfile%\Local Settings\Application Data\Help ->  [Folder | Created Date = 12/08/2008 22:10:13 | Attr =	]
Call of Duty(R) 2 Multiplayer.lnk -> %AllUsersProfile%\Desktop\Call of Duty(R) 2 Multiplayer.lnk ->  [Ver =  | Size = 1563 bytes | Created Date = 17/08/2008 21:26:33 | Attr =	]
Call of Duty(R) 2 Single Player.lnk -> %AllUsersProfile%\Desktop\Call of Duty(R) 2 Single Player.lnk ->  [Ver =  | Size = 1563 bytes | Created Date = 17/08/2008 21:26:33 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 23/08/2008 13:54:22 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
FM Stories -> %UserProfile%\Desktop\FM Stories ->  [Folder | Created Date = 13/08/2008 00:19:59 | Attr =	]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation									 [Ver = 1.24				 | Size = 1885072 bytes | Created Date = 13/08/2008 00:36:56 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 23/08/2008 13:57:12 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Created Date = 23/08/2008 13:56:17 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Shortcut to Work.lnk -> %UserProfile%\Desktop\Shortcut to Work.lnk ->  [Ver =  | Size = 415 bytes | Created Date = 13/08/2008 00:17:03 | Attr =	]
stick cricket1.bmp -> %UserProfile%\Desktop\stick cricket1.bmp ->  [Ver =  | Size = 2359350 bytes | Created Date = 14/08/2008 20:46:08 | Attr =	]
Unimportant Computer Stuff -> %UserProfile%\Desktop\Unimportant Computer Stuff ->  [Folder | Created Date = 13/08/2008 00:20:38 | Attr =	]
Activision -> %ProgramFiles%\Activision ->  [Folder | Created Date = 17/08/2008 21:13:22 | Attr =	]
Codemasters -> %ProgramFiles%\Codemasters ->  [Folder | Created Date = 12/08/2008 16:34:23 | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 13/08/2008 11:46:35 | Attr =	]
Panda Security -> %ProgramFiles%\Panda Security ->  [Folder | Created Date = 13/08/2008 18:32:06 | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 13/08/2008 11:32:31 | Attr =	]
True Sword 5 -> %ProgramFiles%\True Sword 5 ->  [Folder | Created Date = 13/08/2008 17:30:38 | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 13/08/2008 18:02:09 | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 23/08/2008 13:37:57 | Attr =  H ]
2 C:\*.tmp files -> C:\*.tmp -> 
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 23/08/2008 13:37:57 | Attr = R  ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 13/08/2008 12:41:23 | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 13/08/2008 21:33:57 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 23/08/2008 13:38:30 | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 30/07/2008 20:14:32 | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 30/07/2008 20:14:36 | Attr =	]
PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys ->  [Ver =  | Size = 22328 bytes | Modified Date = 21/08/2008 16:59:35 | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 13/08/2008 21:03:59 | Attr =	]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 18/08/2008 17:09:57 | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 13/08/2008 12:29:42 | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 12/08/2008 16:53:48 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 14/08/2008 10:44:12 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 13/08/2008 21:50:23 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1568800 bytes | Modified Date = 16/08/2008 12:34:44 | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 11/08/2008 11:20:20 | Attr =	]
OpenAL32.dll -> %SystemRoot%\System32\OpenAL32.dll -> Portions (C) Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.19 | Size = 114688 bytes | Modified Date = 12/08/2008 16:55:07 | Attr =	]
pgdfgsvc.exe -> %SystemRoot%\System32\pgdfgsvc.exe -> Sysinternals - www.sysinternals.com [Ver = 2.31 | Size = 25992 bytes | Modified Date = 12/08/2008 22:12:55 | Attr =	]
PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe ->  [Ver =  | Size = 107832 bytes | Modified Date = 21/08/2008 16:59:28 | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 13/08/2008 12:41:23 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 13/08/2008 16:45:34 | Attr =	]
wrap_oal.dll -> %SystemRoot%\System32\wrap_oal.dll -> Creative Labs [Ver = 2.1.4.0 | Size = 409600 bytes | Modified Date = 12/08/2008 16:55:07 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 13/08/2008 21:50:40 | Attr =  H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ -> %SystemRoot%\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ ->  [Folder | Modified Date = 13/08/2008 21:38:38 | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 13/08/2008 21:35:18 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 23/08/2008 13:17:17 | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 23/08/2008 12:10:05 | Attr =  HS]
game.ini -> %SystemRoot%\game.ini ->  [Ver =  | Size = 287 bytes | Modified Date = 17/08/2008 21:26:31 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 13/08/2008 21:50:36 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 13/08/2008 21:51:42 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 23/08/2008 13:38:30 | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 23/08/2008 13:58:04 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 246 bytes | Modified Date = 13/08/2008 18:02:08 | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 23/08/2008 13:36:58 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 13/08/2008 12:15:07 | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 23/08/2008 13:55:51 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 756 bytes | Modified Date = 13/08/2008 18:02:08 | Attr =	]
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job ->  [Ver =  | Size = 504 bytes | Modified Date = 23/08/2008 14:00:00 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 23/08/2008 13:17:31 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 02/11/2006 20:29:34 | Attr =	]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 9170 bytes | Modified Date = 12/08/2008 20:17:16 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 16/06/2005 23:16:43 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 8453 bytes | Modified Date = 19/08/2008 14:48:54 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 7182 bytes | Modified Date = 19/08/2008 14:48:54 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 16/04/2008 14:39:49 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11748 bytes | Modified Date = 07/02/2006 15:39:11 | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8566 bytes | Modified Date = 05/06/2007 20:55:42 | Attr =	]
C:\Documents and Settings\e.pearce-crump\Local Settings\Temp\ -> C:\Documents and Settings\e.pearce-crump\Local Settings\Temp ->  [Folder | Modified Date = 23/08/2008 13:59:38 | Attr =	]
_isE6.exe -> C:\Documents and Settings\e.pearce-crump\Local Settings\Temp\_isE6.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 24/05/2006 13:10:42 | Attr = R  ]
3 C:\Documents and Settings\e.pearce-crump\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\e.pearce-crump\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\e.pearce-crump\Local Settings\Temp\{E384E530-E296-457A-ADB2-BD790EAC4606}\ -> C:\Documents and Settings\e.pearce-crump\Local Settings\Temp\{E384E530-E296-457A-ADB2-BD790EAC4606} ->  [Folder | Modified Date = 12/08/2008 16:55:41 | Attr =	]
ISSetup.dll -> C:\Documents and Settings\e.pearce-crump\Local Settings\Temp\{E384E530-E296-457A-ADB2-BD790EAC4606}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 05/03/2007 16:03:42 | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\e.pearce-crump\Local Settings\Temp\{E384E530-E296-457A-ADB2-BD790EAC4606}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 164784 bytes | Modified Date = 17/05/2006 12:21:04 | Attr = R  ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 23/08/2008 13:55:51 | Attr =	]
Perflib_Perfdata_30c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_30c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 28/07/2008 10:05:18 | Attr =	]
Perflib_Perfdata_d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_d0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 21/02/2008 08:23:50 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 13/08/2008 18:55:24 | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Modified Date = 12/08/2008 15:19:10 | Attr =	]
Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help ->  [Folder | Modified Date = 16/08/2008 12:32:31 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 13/08/2008 11:32:48 | Attr =	]
Help -> %AppData%\Help ->  [Folder | Modified Date = 12/08/2008 22:10:13 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 12/08/2008 15:19:18 | Attr =	]
True Sword -> %AppData%\True Sword ->  [Folder | Modified Date = 13/08/2008 17:30:58 | Attr =	]
TuneUp Software -> %AppData%\TuneUp Software ->  [Folder | Modified Date = 13/08/2008 12:15:01 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 182272 bytes | Modified Date = 28/07/2008 14:24:51 | Attr =	]
Help -> %UserProfile%\Local Settings\Application Data\Help ->  [Folder | Modified Date = 12/08/2008 22:10:13 | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 2109778 bytes | Modified Date = 16/08/2008 12:31:12 | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 16/08/2008 18:13:19 | Attr =	]
EA SPORTS(TM) Rugby 08 -> %UserProfile%\My Documents\EA SPORTS(TM) Rugby 08 ->  [Folder | Modified Date = 13/08/2008 00:17:36 | Attr =	]
FIFA 08 -> %UserProfile%\My Documents\FIFA 08 ->  [Folder | Modified Date = 12/08/2008 20:15:00 | Attr =	]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 13/08/2008 16:38:05 | Attr = R  ]
Call of Duty(R) 2 Multiplayer.lnk -> %AllUsersProfile%\Desktop\Call of Duty(R) 2 Multiplayer.lnk ->  [Ver =  | Size = 1563 bytes | Modified Date = 17/08/2008 21:26:33 | Attr =	]
Call of Duty(R) 2 Single Player.lnk -> %AllUsersProfile%\Desktop\Call of Duty(R) 2 Single Player.lnk ->  [Ver =  | Size = 1563 bytes | Modified Date = 17/08/2008 21:26:33 | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 31/07/2008 19:12:57 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 23/08/2008 13:54:32 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
Dad Book -> %UserProfile%\Desktop\Dad Book ->  [Folder | Modified Date = 24/07/2008 14:02:06 | Attr =	]
Fifa -> %UserProfile%\Desktop\Fifa ->  [Folder | Modified Date = 13/08/2008 16:41:04 | Attr =	]
FM Stories -> %UserProfile%\Desktop\FM Stories ->  [Folder | Modified Date = 13/08/2008 00:21:22 | Attr =	]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation									 [Ver = 1.24				 | Size = 1885072 bytes | Modified Date = 13/08/2008 00:36:59 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 23/08/2008 13:57:12 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Modified Date = 23/08/2008 13:56:18 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Shortcut to Work.lnk -> %UserProfile%\Desktop\Shortcut to Work.lnk ->  [Ver =  | Size = 415 bytes | Modified Date = 13/08/2008 00:17:03 | Attr =	]
stick cricket1.bmp -> %UserProfile%\Desktop\stick cricket1.bmp ->  [Ver =  | Size = 2359350 bytes | Modified Date = 14/08/2008 20:46:09 | Attr =	]
Unimportant Computer Stuff -> %UserProfile%\Desktop\Unimportant Computer Stuff ->  [Folder | Modified Date = 13/08/2008 20:48:36 | Attr =	]
Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts ->  [Folder | Modified Date = 16/08/2008 12:03:50 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 23/08/2008 13:38:29 | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:2e,f8,80,e6,cb,bf,01,9e,50,7a,f9,35,a7,89,59,bc,8a,d7,d0,b2,2a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:00,0d,e1,b0,4f,8a,21,a9,b1,92,ce,05,b6,c9,92,21,79,53,22,bf,6f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:2e,f8,80,e6,cb,bf,01,9e,50,7a,f9,35,a7,89,59,bc,8a,d7,d0,b2,2a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:00,0d,e1,b0,4f,8a,21,a9,b1,92,ce,05,b6,c9,92,21,79,53,22,bf,6f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:2e,f8,80,e6,cb,bf,01,9e,50,7a,f9,35,a7,89,59,bc,8a,d7,d0,b2,2a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:00,0d,e1,b0,4f,8a,21,a9,b1,92,ce,05,b6,c9,92,21,79,53,22,bf,6f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,c7,05,90,7a,f9,5e,67,1d,eb,f6,89,f2,da,bd,31,c5,b7,..
"hj34z0"=hex:9e,91,14,02,44,ab,9f,86,e2,f0,26,b1,23,36,31,d6,d1,ea,c3,fb,b4,..
"hj34z1"=hex:25,91,14,02,3c,ab,9f,86,e3,f0,27,b1,22,36,31,d6,d1,ea,c3,fb,78,..
"hj34z2"=hex:25,91,14,02,3c,ab,9f,86,e3,f0,27,b1,22,36,31,d6,d1,ea,c3,fb,78,..
"hj34z3"=hex:25,91,14,02,3c,ab,9f,86,e3,f0,27,b1,22,36,31,d6,d1,ea,c3,fb,78,..
"hj34z4"=hex:25,91,14,02,3c,ab,9f,86,e3,f0,27,b1,22,36,31,d6,d1,ea,c3,fb,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:2e,f8,80,e6,cb,bf,01,9e,50,7a,f9,35,a7,89,59,bc,8a,d7,d0,b2,2a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:00,0d,e1,b0,4f,8a,21,a9,b1,92,ce,05,b6,c9,92,21,79,53,22,bf,6f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:2e,f8,80,e6,cb,bf,01,9e,50,7a,f9,35,a7,89,59,bc,8a,d7,d0,b2,2a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:00,0d,e1,b0,4f,8a,21,a9,b1,92,ce,05,b6,c9,92,21,79,53,22,bf,6f,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D9CA4E7-D4BF-4A66-29FD-FD1829CA8CCD}]
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF 362 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF 102 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:D3A1BA7A 97 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\Desktop\Adobe CS3\Photoshop\Adobe CS3\resources\media\img\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\Desktop\AVI\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\Desktop\Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\Desktop\Work\D Block\Geography\Coursework\things which haven't been used\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Alan Shearer Wallpaper NUFC Downloads.url:favicon 1150 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 1 Fun\Sports Interactive - Softography.url:favicon 4286 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 2 Work\Biology EW WED 4th OCT\Asthma - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 2 Work\Biology EW WED 4th OCT\Cystic fibrosis - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 2 Work\Classics\Greek\Eton College - OCR GCSE Greek Vocabulary Tester.url:favicon 8854 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 2 Work\Classics\OCR AS Latin Vocabulary Tester.url:favicon 11134 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 2 Work\Classics\OCR GCSE Latin Vocabulary Tester.url:favicon 11134 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 2 Work\Divinity Trials Coursework\Religious thoughts on cloning.url:favicon 3126 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 2 Work\e32 Lent '07.url:favicon 8854 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 2 Work\Mathematics\CUBIC EQUATION CALCULATOR.url:favicon 318 bytes
C:\Documents and Settings\e.pearce-crump\Favorites\Edward 2 Work\www.wordreference.com.url:favicon 1406 bytes
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\01\10-{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}-v1-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\13\15-{F3430519-CF67-408A-8D70-53D5B2F2DA5D}-v13-{F3430519-CF67-408A-8D70-53D5B2F2DA5D}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 31620 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\13\15-{F3430519-CF67-408A-8D70-53D5B2F2DA5D}-v13-{F3430519-CF67-408A-8D70-53D5B2F2DA5D}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3568 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\43\43-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v43-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\44\44-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v44-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\45\45-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v45-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2910 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\45\45-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v45-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\46\46-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v46-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2946 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\46\46-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v46-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\47\47-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v47-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 930 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\47\47-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v47-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\48\48-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v48-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7842 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\48\48-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v48-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 968 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\61\61-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v61-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\62\62-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v62-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\63\63-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v63-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2910 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\63\63-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v63-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\64\64-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v64-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2946 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\64\64-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v64-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\65\65-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v65-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 930 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\65\65-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v65-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\66\66-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v66-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v66-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7842 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.co.uk\DFSR\Staging\CS{B412B387-7AA0-3A0F-F4CA-350B6CCCB3B6}\66\66-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v66-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v66-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 968 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.com\DFSR\Staging\CS{7C73B0EA-3873-60B5-7F6D-75AD09245BD9}\01\83-{7C73B0EA-3873-60B5-7F6D-75AD09245BD9}-v1-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.com\DFSR\Staging\CS{7C73B0EA-3873-60B5-7F6D-75AD09245BD9}\85\85-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v85-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 85224 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.com\DFSR\Staging\CS{7C73B0EA-3873-60B5-7F6D-75AD09245BD9}\85\85-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v85-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5988 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.com\DFSR\Staging\CS{7C73B0EA-3873-60B5-7F6D-75AD09245BD9}\85\85-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v85-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 9448 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.com\DFSR\Staging\CS{7C73B0EA-3873-60B5-7F6D-75AD09245BD9}\86\86-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v86-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v86-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30936 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.com\DFSR\Staging\CS{7C73B0EA-3873-60B5-7F6D-75AD09245BD9}\86\86-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v86-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v86-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3352 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.com\DFSR\Staging\CS{7C73B0EA-3873-60B5-7F6D-75AD09245BD9}\87\87-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v87-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4440 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Messenger\epc_91@hotmail.com\SharingMetadata\apcrump0@hotmail.com\DFSR\Staging\CS{7C73B0EA-3873-60B5-7F6D-75AD09245BD9}\87\87-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v87-{B180F26F-2641-4E59-AED1-D83D1EF87D62}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\e.pearce-crump\Local Settings\Application Data\Microsoft\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Shortcuts\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2007\screenshots\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2007\skins\goal\graphics\backgrounds\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2007\skins\goal\graphics\boxes\bordered\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2007\skins\goal\graphics\button\embedded\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2007\skins\goal\graphics\button\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2007\skins\goal\graphics\picked\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2007\skins\goal\graphics\pitch\popup\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2007\skins\goal\graphics\scrollbar\vertical\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Unsorted pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Crystal Palace\11-12\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Crystal Palace\07-08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Crystal Palace\08-09\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Crystal Palace\09-10\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Crystal Palace\10-11\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Crystal Palace\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\England\19-20\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\England\20-22\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\England\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\England\World Cup 2022\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\QPR\11-12\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\QPR\12-13\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\QPR\13-14\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\QPR\14-15\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\QPR\15-16\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\QPR\16-17\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\QPR\17-18\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\QPR\18-19\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\QPR\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Real Madrid\19-20\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Real Madrid\Players\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Real Madrid\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\screenshots\Venables Challenge\Tottenham\2022-23\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\balls\balls\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\balls\mitre\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\ita\fiorentina\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\ita\inter\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\ita\Lazio\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\ita\milan\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\ita\Napoli\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\spa\primera\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\eng\Man Utd\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\eng\Arsenal\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\eng\blackburn\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\eng\Derby\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\eng\newcastle\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\eng\prem managers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\eng\tottenham\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\Face Gen 180x180\fra\St-Etienne\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\eng\comps\normal\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\eng\eng\eng\eng\prem\normal\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\eng\eng\eng\eng\prem\small\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\ger\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\germany\background\left\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\graphics\pictures\logos\normal\comps\uefa\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\italy\background\left\clubs\ita\serie a\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\italy\background\left\competition\ita\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\nations\South America\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\nations e\Europe\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\logos\spain\background\left\clubs\esp\liga bbva\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\managers\bello\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\managers\cheyne_stokes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\managers\norman_cropley\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Sports Interactive\Football Manager 2008\user data\managers\prison break dude\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Work\D Block\Geography\Coursework\things which haven't been used\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Music\iTunes\iTunes Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Music\iTunes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Greek\homer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Greek\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\3n + 2x17n\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\D Block\11 weird q\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\D Block\Circle Equations\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\D Block\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\E Mich 05 trial\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\E Mich Sum 06 NON CALC\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\E Sum 06 CALC\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\functions ew\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\IMC\BMO Hamilton\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\IMC\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\SMC\SMC 2001 Solutions and Answers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\SMC\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Maths\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Random\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Arsenal vs. Newcastle FA Cup 4th Round 26-01-08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Cricket\CWC 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Cricket\ICC World 2020 Cup\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Cricket\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\2006-07 Photos\32\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\2006-07 Photos\33\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\2006-07 Photos\34\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\2006-07 Photos\35\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\2006-07 Photos\36\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\2006-07 Photos\37\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\kaka\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\05-06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\06-07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\07-08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Allardyce\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Ameobi\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Barton\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Beye\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Duff\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Dyer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Emre\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Faye\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Geremi\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Given\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Luque\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Martins\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\mp3\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\N'Zogbia\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Newcastle\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Owen\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Parker\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Shearer\Testamonial\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Shearer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Siberski\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Newcastle\Viduka\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\pato\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Premier Icons\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\ronaldinho\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\uefa football\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\ENgland Football\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Football\Footballers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Rugby\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\Trip to Newcastle Friday 22nd Aug 08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Sport\wwe\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\History\Notes on Stalin and agriculture\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\History Coursework\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Home\Andrew\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Home\Aza\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Home\Colleen and us\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Home\Donald\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Home\Images of Plum\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Home\Me\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Home\Me and plum\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Home\Snow\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Home\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\BLC2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\camera\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Cool\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\English GCSE Folder\Gcse\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\English GCSE Folder\Huck Finn\Draft\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\English GCSE Folder\Huck Finn\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\English GCSE Folder\Miller\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\English GCSE Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\English Summer 07 Trials\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Eton\4th of June 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Eton\4th of June 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Eton\Ascension Day 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Eton\Snow at Eton College\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Eton\Summer at Eton\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Eton\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Eton\Wall Game\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Arsenal\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Career\Barcelona\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Career\Fiorentina\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Career\Liverpool\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Career\Newcastle\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Career\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Career\West Ham\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\FM08\Career\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\FM08\Problems\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\FM08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Jokes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Liverpool-Argentina\Argentina\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Liverpool-Argentina\Liverpool\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Liverpool-Argentina\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\LLM Managerial Career\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Problems\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\The Mike Ashley Challenge\2006-07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Football Manager\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Funny\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\geog poster\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\Edward's Pictures\Geography Southall\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\e.pearce-crump\My Documents\My Videos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat 74748 bytes
scan completed successfully
hidden files: 305

< End of report >


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:10 AM

Posted 23 August 2008 - 08:12 PM

Hello, crumpy.
Does the program name "MSSO" ring any bells for you?

You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case microTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to run an OTScanIt Fix
  • Please reopen Posted Image
  • Click on Posted Image
  • In the Posted Image area copy and paste in the following (Do not include the word CODE)
    [Registry - Non-Microsoft Only]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> AutorunsDisabled [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {9EEA28BA-2FB0-488F-8B99-528E8B06D4FD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> AutorunsDisabled: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
    YN -> CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
    YN -> CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
    YN -> CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
    YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    YN -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10]
    YN -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01]
    [Files/Folders - Created Within 30 days]
    NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Files/Folders - Modified Within 30 days]
    NY -> 2 C:\*.tmp files -> C:\*.tmp
    NY -> WINDOWS -> %SystemRoot%
    NY -> 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
  • Press the Posted Image button.
  • Copy/Paste the resultant report in a reply here
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
In your next reply, please include the following:
  • OtScanIt Fix Report
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 crumpy

crumpy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 24 August 2008 - 05:16 AM

After I ran the fix, it told me to restart my computer, which I did. However, on load-up it tells me that:

'A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time you've seen tis stop error screen, restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove and newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption and then restart your computer.

Tecnical information:

*** STOP: 0x0000007B (0xBA4CB528, 0xC0000034, 0x00000000, 0x00000000)'

However, this is not the first time I have seen this message. I can't get back on my computer so this message comes from another computer

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:10 AM

Posted 24 August 2008 - 10:41 AM

I'm sorry, crumpy.

I don't know what caused OTScanIt to cause problems.

But we can undo OTScanIt's actions.

Do you have access to a Windows XP CD?
Do you know how to burn an ISO file?

We can work if neither is true but things are a lot easier if we have one or the other :thumbsup:

Billy3

Edited by Billy O'Neal, 24 August 2008 - 10:41 AM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 crumpy

crumpy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 August 2008 - 04:04 AM

Unfortunately the Windows XP CD is at school so it is two weeks from me getting hold of it again. I kind of know how to burn an iso file but if you remind me how to do it then I can do it. I am writing this message from another computer which I have access to so I can constantly refer to this page if I have problems.

Perhaps if you tell me how to do all three options, then I can choose one to do and we can see from there.

Thanks for all your help, Billy O'Neal.

crumpy

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:10 AM

Posted 25 August 2008 - 08:57 AM

Alright... I'm going to have to try this on one of my own machines and write instructions for you. I promise I'll have them tonight :thumbsup: . Just gonna take some time to run through them on one of my machines.

See you ASAP,
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:10 AM

Posted 25 August 2008 - 08:47 PM

Hello :thumbsup:

Lets get you fixed up:

From the other machine you have, please go to this page:
http://fileforum.betanews.com/detail/ImgBurn/1128426215/1
and download IMGBurn.

Double click the downloaded program on your desktop, and install IMGBurn.

Then download Knoppix 5.1.1 from this page:
ftp://ftp.kernel.org/pub/dist/knoppix/KNO...07-01-04-EN.iso
Warning: This is a large download, it may take quite a while to complete.
Save it to your desktop.

Open IMGBurn via the newly created icon on your desktop, or by pointing to Start -> All Programs -> ImgBurn -> ImgBurn
Push the large "Write image file to disk" button.
Right under "Source" and next to "Please select a file" push the Posted Image button.
Browse to the knoppix image file on your desktop.

Place a blank CD-R into your clean system's CD Burner, and oress the large button that looks like a page going into a CD in the bottom left of IMGBurn.

Now place this CD into the non-bootable system. Configure the system to boot from CD; you can usually do this by pressing F10, F11, or F12 from the screen where the PC Maker shows, and select CDRom as your boot device.
When you see this screen:
Posted Image
Press enter, and wait for Knoppix to boot.
On Knoppix' desktop, you should see an icon for your hard disk (Looks like Posted Image)
Right click the drive, and select "Change Read\Write Mode".
Press Yes at the prompt.
Then click the hard disk icon on your desktop.
Now double click on Documents and Settings -> e.pearce-crump -> Desktop -> OTScanIt -> MovedFiles
Now there will be one folder named with a bunch of numbers. Double click that.
Click C_Windows
Next go to Edit -> Selection -> Select all.
Next Edit -> Cut.
Now go back to the desktop (Just drag this open window out of the way)
and click on the hard disk icon again.
Now click on WINDOWS.
Now go to Edit -> Paste XX files
(Where XX is some number)
Wait for the files to be copied back.
When prompted, press the "Overwrite All" button.

Once the files are done moving, press the large K button in the lower left corner of the screen, and select Log Out...
Then press "Turn off computer".

Now remove the knoppix disk from your CD ROM when asked, and turn your system back on. Things should reboot normally.

Hopefully this should get things back up and running. :)
NOTE: Upon reboot, it is possible OTScanIt will attempt to move these files over again. Repeat the process of booting to knoppix and cut/pasting the files back into the windows directory one more time and things should be good.

Let me know how it goes,
Billy3

Edited by Billy O'Neal, 25 August 2008 - 08:57 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 crumpy

crumpy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 August 2008 - 09:34 AM

Thanks to your help, I am back on my laptop, but it took two goes of booting knoppix to get it working properly. Despite this, when the computer loads, it now comes up with this:

Attached File  new_error.bmp   165.92KB   21 downloads

But it does not seem to be affecting the computer thus far.

Here is a new HijackItLog

Now for the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:57, on 26/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exee
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Documents and Settings\e.pearce-crump\Desktop\Unimportant Computer Stuff\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.30.0.24:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://etonweb;http://etonweb.etoncollege....k;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1323581016-1400459815-1478062314-13563\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &IntelliLogin Keyboard - C:\Program Files\JJSoft IntelliLogin\SoftInput.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O15 - Trusted Zone: http://office.microsoft.com,
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121277530687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121278859578
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\Software\..\Telephony: DomainName = school.etoncollege.org.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 9532 bytes

Do you think that the microTorrent program is slowing my computer down? This computer is occasionally used by others so it was probably downloaded by those who used it.

I am really grateful for all of your help, Billy O'Neal

crumpy

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:10 AM

Posted 26 August 2008 - 11:38 AM

Hello, crumpy.
w0000t!
Glad to hear that things worked well :thumbsup:

MicroTorrent is more commonly spelled µTorrent.. does that make it more familiar? (I don't have the µ key on my keyboard so I spell it out)

We have to remove some entries in HiJack This
  • Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
  • Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

That should stop the error message.

You then may wish to reinstall your lexmark software, which you can get from here:
http://support.lexmark.com/perl/support/su...s=229:1:0:0:0:0

In your next reply, please include the following:
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 crumpy

crumpy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 August 2008 - 09:02 AM

Thanks very much Billy O'Neal. The error message has now gone away. Having followed your advice, here are the two logs:

ESET OnlineScan Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3391 (20080827)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=cd107a6c54c1f54eb5886170acfb6eb5
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-27 01:54:29
# local_time=2008-08-27 02:54:29 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=432167
# found=0
# scan_time=5551

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:16, on 27/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\e.pearce-crump\Desktop\Unimportant Computer Stuff\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.30.0.24:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://etonweb;http://etonweb.etoncollege....k;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &IntelliLogin Keyboard - C:\Program Files\JJSoft IntelliLogin\SoftInput.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O15 - Trusted Zone: http://office.microsoft.com,
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121277530687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121278859578
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\Software\..\Telephony: DomainName = school.etoncollege.org.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9382 bytes

I will now re-install the Lexmark support thing from the hyperlink.

Thanks,

crumpy

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:10 AM

Posted 27 August 2008 - 07:58 PM

I'm sorry.. one more.
Check/fix this :
R3 - Default URLSearchHook is missing

And post a new HJT log after both fixing that and re-installing the lexmark program. :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 crumpy

crumpy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 28 August 2008 - 05:17 AM

Here is my new HijackThis Log as required:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:20, on 28/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\e.pearce-crump\Desktop\Unimportant Computer Stuff\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.30.0.24:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://etonweb;http://etonweb.etoncollege....k;<local>
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &IntelliLogin Keyboard - C:\Program Files\JJSoft IntelliLogin\SoftInput.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O15 - Trusted Zone: http://office.microsoft.com,
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121277530687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121278859578
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\Software\..\Telephony: DomainName = school.etoncollege.org.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = school.etoncollege.org.uk
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9348 bytes

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:10 AM

Posted 28 August 2008 - 08:05 PM

Hello, crumpy.
You now appear to be clean. Congratulations!

We need to clean up our tools.
  • Please download OTMoveIt2 by OldTimer and save it to your desktop.
  • Click the Clean Up button.
    Posted Image
  • Accept any prompts.
  • This will remove any tools we used, including OTMoveIt, and will require a reboot.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infections you had were "Unknown!!"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    You can view a video of the following instructions.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    Note: You should only do this once!
    :thumbsup:
  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
    :)
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    :)
  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.
    :)
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.
    :spacer:
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.
    :spacer:
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.
    :spacer:
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
    :spacer:
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users