Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think Their Is A Virus On My Computer


  • This topic is locked This topic is locked
25 replies to this topic

#1 crazyd

crazyd

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 05 October 2008 - 08:04 AM

Hi to the beepingcomputer family. I'm a new member and i not sure if suppose to post my log here but maybe someone can help me..I think my computer has a virus in it can someone form the beepingcomputer team look at my log and advice me in the right direction.thanks alot for assistance i would greatly appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:35 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

(Unable to list running processes)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\vsdrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKUS\S-1-5-19\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PackNoVs] "C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PackNoVs] "C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [PackNoVs] "C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1223156724781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1223155816406
O17 - HKLM\System\CCS\Services\Tcpip\..\{94025268-EE3D-41B3-9904-520EE0A22123}: NameServer = 196.3.132.1 196.3.132.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 11556 bytes

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:55 AM

Posted 13 October 2008 - 07:47 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 crazyd

crazyd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 15 October 2008 - 08:35 PM

Hi thanks for replying to my post.Couples of things i got the reports OTveiwIT which i copy and paste below.However i didnt get to scann the computer Kaspersky Online Scanner i dont know why but i have also posted the error message so maybe you can tell me what to do.Also i have uninstall my anti-virus AVG8(Free) to try to use the Kasperky should i install it back.Another thing is you said if you dont relpy in 24hrs to send you a PM can you tell me what is a PM plz.Thank you.

OTviewIT Logs
OTveiwIT
OTViewIt logfile created on: 10/15/2008 9:16:51 PM - Run 4
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Administrator\Desktop\log
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 510.20 Mb Available Physical Memory | 49.90% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 21.93 Gb Free Space | 56.15% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 27.87 Gb Free Space | 71.35% Space Free | Partition Type: NTFS
Drive E: | 154.76 Gb Total Space | 112.87 Gb Free Space | 72.93% Space Free | Partition Type: NTFS
Drive F: | 469.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 614.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HEAVEN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/08/30 19:03:45 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/08/30 19:03:45 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/09/20 04:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2008/09/27 17:14:53 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2004/08/03 12:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2007/02/07 22:04:50 | 00,239,104 | R--- | M] () -- C:\heap41a\svchost.exe
[2006/08/14 08:00:04 | 16,050,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2004/12/13 21:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2005/10/26 11:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[2007/04/03 18:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
[2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/05/21 07:00:22 | 00,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
[2007/09/20 10:35:10 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[2005/06/08 11:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
[2007/09/20 10:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
[2007/09/20 10:35:40 | 01,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[2005/08/10 02:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
[2006/02/24 06:58:14 | 00,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
[2006/08/31 19:33:02 | 00,115,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2004/08/03 12:56:52 | 03,148,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2003/08/06 08:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
[2004/12/13 21:36:08 | 00,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe
[2008/10/11 16:58:57 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\log\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/27 16:06:06 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/09/23 02:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/08/30 19:03:45 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/09/23 02:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/11/13 20:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/09/20 04:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2007/09/20 10:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2003/07/28 07:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/09/27 17:14:53 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/04/30 04:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus [Boot | Running])
[2004/04/30 04:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi [Boot | Running])
[2004/08/03 10:59:44 | 00,095,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2006/08/30 19:03:45 | 01,681,920 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2006/08/30 19:11:04 | 00,168,576 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW [On_Demand | Running])
[2007/03/05 15:51:24 | 00,034,576 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
[2007/03/05 16:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])
[2007/03/05 15:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT [On_Demand | Stopped])
[2007/03/05 16:01:18 | 00,039,184 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb [On_Demand | Running])
[2006/09/19 16:20:04 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
[2007/03/05 15:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum [Boot | Running])
[2007/03/05 15:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2006/09/19 16:19:58 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2006/09/19 16:20:06 | 00,274,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2006/09/19 16:20:02 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])
[2006/11/22 08:41:18 | 00,022,416 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
[2006/09/19 11:54:16 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/08/15 08:41:16 | 04,368,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/09/19 17:19:58 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/09/19 16:20:06 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2001/08/23 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2006/11/10 04:45:42 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31bus.sys -- (SE31bus [On_Demand | Running])
[2006/11/10 04:45:50 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mdfl.sys -- (SE31mdfl [On_Demand | Running])
[2006/11/10 04:45:52 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mdm.sys -- (SE31mdm [On_Demand | Running])
[2006/11/10 04:45:56 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mgmt.sys -- (SE31mgmt [On_Demand | Running])
[2006/11/10 04:46:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se31nd5.sys -- (se31nd5 [On_Demand | Running])
[2006/11/10 04:46:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31obex.sys -- (SE31obex [On_Demand | Running])
[2006/11/10 04:46:12 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se31unic.sys -- (se31unic [On_Demand | Running])
[2006/09/19 11:52:53 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/09/27 17:02:05 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/05 15:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm [On_Demand | Running])
[2007/03/05 15:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
[2006/02/20 12:59:28 | 00,058,288 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus [On_Demand | Stopped])
[2006/02/20 12:59:32 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl [On_Demand | Stopped])
[2006/02/20 12:59:34 | 00,094,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm [On_Demand | Stopped])
[2006/02/20 12:59:34 | 00,085,408 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt [On_Demand | Stopped])
[2006/02/20 12:59:36 | 00,083,344 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"provider"=MSN

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.google.com
"Start Page"=about:blank

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.google.com
"Start Page"=about:blank

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.google.com
"Start Page"=about:blank

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.google.com
"Start Page"=about:blank

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"provider"=MSN

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (781 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (HKLM) -- C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" (HKLM) -- C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions (Sony Ericsson Mobile Communications AB)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"Vistadrv"=C:\WINDOWS\system32\vsdrv.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)
"Comrade.exe"=C:\Program Files\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"L08AXLRD_5793187"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m (Microsoft Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)
"Comrade.exe"=C:\Program Files\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"L08AXLRD_5793187"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m (Microsoft Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PackNoVs"="C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (Home)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PackNoVs"="C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (Home)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"=rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (Microsoft Corporation)
"nlpo_02"=cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (Microsoft Corporation)
"nlpo_03"=rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (Microsoft Corporation)
"nlpo_04"=cmd.exe /c md "%SystemRoot%\System32\dllcache" (Microsoft Corporation)
"nlpo_05"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (Microsoft Corporation)
"nlpo_06"=rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (Microsoft Corporation)
"nlpo_07"=rundll32 advpack.dll,LaunchINFSection nlite.inf,S (Microsoft Corporation)
"PackNoVs"="C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (Home)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"=rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (Microsoft Corporation)
"nlpo_02"=cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (Microsoft Corporation)
"nlpo_03"=rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (Microsoft Corporation)
"nlpo_04"=cmd.exe /c md "%SystemRoot%\System32\dllcache" (Microsoft Corporation)
"nlpo_05"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (Microsoft Corporation)
"nlpo_06"=rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (Microsoft Corporation)
"nlpo_07"=rundll32 advpack.dll,LaunchINFSection nlite.inf,S (Microsoft Corporation)
"PackNoVs"="C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (Home)

========== (O4) Startup Folders ==========

[2008/09/27 16:06:01 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[2007/04/02 10:36:54 | 00,657,168 | ---- | M] (IVT Corporation.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoRemoteRecursiveEvents"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"status"=present
"winlogon"=C:\heap41a\svchost.exe -- [2007/02/07 22:04:50 | 00,239,104 | R--- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"verbosestatus"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"SetVisualStyle"=C:\WINDOWS\Resources\Themes\Crystal Clear Aero\Crystal Clear Aero.mss -- File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"SetVisualStyle"=C:\WINDOWS\Resources\Themes\Crystal Clear Aero\Crystal Clear Aero.mss -- File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"SetVisualStyle"=C:\WINDOWS\Resources\Themes\Crystal Clear Aero\Crystal Clear Aero.mss -- File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"SetVisualStyle"=C:\WINDOWS\Resources\Themes\Crystal Clear Aero\Crystal Clear Aero.mss -- File not found

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2006/09/27 16:45:28 | 00,544,032 | ---- | M] (Microsoft Corporation)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/12 21:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2006/09/27 16:45:28 | 00,544,032 | ---- | M] (Microsoft Corporation)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/12 21:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}: Button: Encarta Search Bar -- %CommonProgramFiles%\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL [2007/05/21 07:00:20 | 00,293,656 | ---- | M] (Microsoft Corporation)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: &FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1223156724781 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1223155816406 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{395B4DC2-3392-4E29-B4DF-6DDD5C636F3B} (Servers: | Description: )
{A3BA15FD-FFAF-4CAC-8D25-8F717F64F8E2} (Servers: | Description: )
{C5AA9435-089E-4729-B18D-E96A922DA7E0} (Servers: | Description: )
{C70320F1-C262-49FC-BF68-1CB33B4A1F7D} (Servers: | Description: Sony Ericsson Device 049 USB Ethernet Emulation (NDIS 5))

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/09/24 03:04:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 17:43:36 | 00,000,024 | ---- | M] () -- D:\autoexec.bat -- [ NTFS ]

autorun.inf [[autorun] | open=setup.exe | icon=setup.exe,0 | [Version] | CDGuid={3819891A-030B-4a4e-98ED-B28A649E48AB} | SoftwareGuid= | InfrastructureDatabaseList=hpfmdl05.dat | LanguagesInthisCD=nld,enu,fra,deu,ita,ptb,esn | DefaultLanguageInThisRelease=enu | DIVISION=hpf | ICE_REV=05 | FIRST_IO_REVISION=12 | LAST_IO_REVISION=12 | VCD_FILEVER=14 | Manufacturer=HP | RegistryManufacturer=Hewlett-Packard | ProductSeries=Deskjet 3900 series | Pre-Install=%ProgramFiles%%Manufacturer% | SilentInstall=No | InvalidPathCharacters=$%#& | PreloadICEEngineToGUIDFolder=%sourcepath%hpzprl01.dat | PreloadRecoveryMechanism=%sourcepath%hpzprl02.dat | PreloadRestingPad=%sourcepath%hpzprl03.dat | UI_03=Yes | UI_20=Yes | UI_21=Yes | UI_25=No | UI_30=Yes | UI_50=Yes | UI_80=No,NoDeviceConnected | UI_250=Yes | UI_260=Yes | NetworkFinishUI=Yes | NetworkWelcomeUI=Yes | RegistryRebootLocation=DigitalImaging\Install | PreloadICEEngineToInstallDir=%sourcepath%hpqprl01.dat | PreloadMarsToUninstallFolder=%sourcepath%hpqprl03.dat | SoftwareKey=HP Photo & Imaging | Provider=HP | FIRST_CA_REVISION=1 | LAST_CA_REVISION=1 | CheckForCUEInstallFolder=Yes | PreloadProductDrivers=hpfprl01.dat,hpfprl02.dat | PreloadDeskjetSW=hpfprl04.dat | ConnectivityPlugin=%sourcepath%setup\hpzdui01.exe | UsingDeviceDiscovery=Yes | SHORTCUTCHECKBOX=Yes | STARTUP=Yes | SHORTCUT=Yes | Log=1 | MaxPathForCD=150 | MaxInstallDirLength=80 | DriverVer=05/23/2005, 3900.05.05.04 | [Strings] | %Preload%=%InstallDir%Digital Imaging\%CDGuid%\ | %ICETemp%=%ProgramFiles%%ICETempInPF%\ | %ICETempInPF%=%Manufacturer%\Temp\%CDGuid% | %Recovery%=%ICETemp% | %RecoveryInPF%=%ICETempInPF% | %ProductScrubberDatfile%=hpfscr05.dat | %autorunlocation%=. | %setupName%=hpzsetup.exe | %MSIRollbackDatFile%=hpzmsirb.dat | %CUEVersion%=5.0 | %CUEDivision%=hpf | %{3819891A-030B-4a4e-98ED-B28A649E48AB}%=%InstallDir%Digital Imaging\%CDGuid%\Product | %DeviceFunctionPL83%={677BD78E-7BA5-4ff2-8FEB-13A4235D19B9} | %DeviceManagementPL83%={92809620-7EE3-47a3-B2E0-C0A6853C6923} | %SimpleDPAppGUID%={84299C21-01C6-4a3d-8790-C1A1DEB9D959} | %SimpleDPApp_ICE_REV%=07 | %DeviceManagementGUID%={F2075322-392C-466e-83DF-EA60A13B8EB3} | %DeviceManagement_ICE_REV%=01 | %DeviceFunctionGUID%={349F25FE-D3D2-49e9-96C8-AB45BD71E05A} | %DeviceFunction_ICE_REV%=02 | %CreativeProjectsContentGUID%={EBE188EE-A7BF-46e3-A4AD-B9ED7E737BC4} | %CreativeProjectsContent_ICE_REV%=03 | %DocumentViewerGUID%={90BD92EA-CFE7-4783-97A9-5EF0CBF6CBA9} | %DocumentViewer_ICE_REV%=04 | %eSupportGUID%={129F934F-59CC-4461-8F09-204FEEC78FFF} | %eSupport_ICE_REV%=05 | %CustomerExperienceGUID%={798101B1-24F9-4a07-8152-65F3A3A9BC31} | %CustomerExperience_ICE_REV%=06 | %RemotePrintGUID%={A61FF77A-CF6A-456d-8ED1-395A3FA982A1} | %RemotePrint_ICE_REV%=08 | %FullDPAppGUID%={1A65E29E-5BAF-4452-A111-3290AED6BDBC} | %FullDPApp_ICE_REV%=09 | [SUI.OPTIN] | Qualifier=%LangQualifier% | LaunchBase=%sourcepath%setup\ | 1=hpzgat01.exe -on -gate MARS -f %datfile% | [SUI.OPTOUT] | Qualifier=%LangQualifier% | LaunchBase=%sourcepath%setup\ | 1=hpzgat01.exe -off -gate MARS -f %datfile% | [SUI] | Opt-In_Default=ON | [LanguageMap] | 0x0409=enu | 0x0404=cht | 0x0804=chs | 0x0405=csy | 0x0406=dan | 0x0407=deu | 0x0408=ell | 0x040a=esn | 0x040b=fin | 0x040c=fra | 0x040e=hun | 0x0410=ita | 0x0411=jpn | 0x0412=kor | 0x0413=nld | 0x0414=nob | 0x0415=plk | 0x0416=ptb | 0x0419=rus | 0x041d=sve | 0x041f=trk | 0x0c04=cht | 0x1004=chs | 0x1404=cht | 0x0813=nld | 0x0809=enu | 0x0c09=enu | 0x1009=enu | 0x1409=enu | 0x1809=enu | 0x1c09=enu | 0x2009=enu | 0x2409=enu | 0x2809=enu | 0x2c09=enu | 0x080c=fra | 0x0c0c=fra | 0x100c=fra | 0x140c=fra | 0x180c=fra | 0x0456=esn | 0x0807=deu | 0x0c07=deu | 0x1007=deu | 0x1407=deu | 0x0810=ita | 0x0812=kor | 0x0c0a=esn | 0x080a=esn | 0x100a=esn | 0x140a=esn | 0x180a=esn | 0x1c0a=esn | 0x200a=esn | 0x240a=esn | 0x280a=esn | 0x2c0a=esn | 0x300a=esn | 0x340a=esn | 0x380a=esn | 0x3c0a=esn | 0x400a=esn | 0x440a=esn | 0x480a=esn | 0x4c0a=esn | 0x500a=esn | 0x042d=esn | 0x0403=esn | 0x081d=sve | 0x0422=rus | 0x0816=ptb | 0x040d=heb | 0x041e=xxx | 0x0401=ara | 0x0801=ara | 0x0c01=ara | 0x1001=ara | 0x1401=ara | 0x1801=ara | 0x1c01=ara | 0x2001=ara | 0x2401=ara | 0x2801=ara | 0x2c01=ara | 0x3001=ara | 0x3401=ara | 0x3801=ara | 0x3c01=ara | 0x4001=ara | [TwoLetterLanguageMap] | ara=ar | cht=zh | chs=zh | csy=cs | dan=da | deu=de | ell=el | enu=en | esn=es | fin=fi | fra=fr | heb=he | hun=hu | ita=it | jpn=ja | kor=ko | nld=nl | nob=no | plk=pl | ptb=pt | rus=ru | sve=sv | trk=tr | [PreInstalls] | 1=Kahuna1 | 2=Kahuna2 | 3=Kahuna3 | 4=Kahuna4 | 5=Kahuna5 | 6=Kahuna6 | 7=Kahuna7 | [PreInstalls.Kahuna1] | CDGUID={5D22B85D-6503-4c4d-8BE1-D5CD9E0F5181} | 1={7AB63E68-A8E2-49EF-A575-CCEC39F66312} | 2={45B6180B-DCAB-4093-8EE8-6164457517F0} | [PreInstalls.Kahuna2] | CDGUID={5D32B85D-6503-4c4d-8BE1-D5CD9E0F5181} | 1={45B6180B-DCAB-4093-8EE8-6164457517F0} | 2={19E1E220-E757-43bd-AC1A-EC095CB8A667} | 3={F38FA38A-7E5A-4209-88ED-4DE21CD20EEF} | [PreInstalls.Kahuna3] | CDGUID={C6C44651-7C66-4b11-92E8-17565D3D22DD} | 1={45B6180B-DCAB-4093-8EE8-6164457517F0} | 2={15B9DC72-73F9-4d99-9E28-848D66DA8D99} | 3={F38FA38A-7E5A-4209-88ED-4DE21CD20EEF} | 4={0FABD3D7-3036-4e78-B29D-58957ADB0A12} | [PreInstalls.Kahuna4] | CDGUID={5E1494D4-3562-4FFB-B35C-600F80F6934C} | 1={45B6180B-DCAB-4093-8EE8-6164457517F0} | 2={15B9DC72-73F9-4d99-9E28-848D66DA8D99} | 3={A1062847-0846-427A-92A1-BB8251A91E91} | [PreInstalls.Kahuna5] | CDGUID={0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D} | 1={A1062847-0846-427A-92A1-BB8251A91E91} | 2={4C04DF1B-6A39-4299-9DD1-1FA60000266E} | 3={AAC4FC36-8F89-4587-8DD3-EBC57C83374D} | [PreInstalls.Kahuna6] | CDGUID={D0420D64-8D33-4374-A2B2-9225C7925CA6} | 1={A1062847-0846-427A-92A1-BB8251A91E91} | 2={4C04DF1B-6A39-4299-9DD1-1FA60000266E} | 3={AAC4FC36-8F89-4587-8DD3-EBC57C83374D} | [PreInstalls.Kahuna7] | CDGUID={32498B7B-E1F3-4ad5-A23B-F26414E94BE0} | 1={342C7C88-D335-4bc2-8CF1-281857629CE2} | 2={ABA2B37F-AB88-486e-870A-52454A23FEE0} | 3={BA2D9411-DBB4-43e4-9421-780413650A67} | [SystemRequirements] | Overide=No | AdminRightRequired=1 | RunIfFailureAsynch= | RunIfFailureSynch= | RunIfFailureSynchTimeout= | RunIfWarningAsynch= | RunIfWarningSynch= | RunIfWarningSynchTimeout= | OSList=410,490,500,501 | MaxOS= | MinSysDisk=300 | RecSysDisk=681 | MinDisk=1001 | RecDisk=1051 | MinRAM=120 | RecRAM=120 | MinMHZ=233 | RecMHZ=233 | MinCPU=5 | RecCPU=6 | InstallSpace=168 | MinDisplay=800x600 | RecDisplay=800x600 | MinColors=16 | RecColors=16 | MinIE=5.00.2919.6306 | RecIE=5.00.2919.6306 | WarnProductTypeList=3 | BlockProductTypeList=3 | SectionList=DeviceManagement.pl83,DeviceFunction.pl83,eSupport,FullDPApp,CustomerExperience | [SystemRequirements.Min] | TurnCueOn=%sourcepath%setup\hpzgat01.exe -gate CUE -on | TurnCueOff=%sourcepath%setup\hpzgat01.exe -gate CUE -off | SysReqPlugIn=%sourcepath%setup\hpzchk01.exe | AdminRightRequired=1 | OSList=410,490,500,501 | SectionList=DeviceManagement.pl83,DeviceFunction.pl83,eSupport,SimpleDPApp,CustomerExperience | MinDisk=300 | RecDisk=300 | Default=Recommended | Express=yes | AlwaysShowOption=No | InstallSpace=168 | [OSBlock.400] | launchbase=Setup\ | 1=hpzchk01.exe | [Run1] | launchbase=Setup\ | 1=hpzpnp01.exe | 2=hpzpsc01.exe -OSUP | 3=hpzrein01.exe | 4=hpzwup01.exe | 5=hpzshl01.exe -m ICEPreShield,HPSecurity | 6=hpzshl01.exe -m ICEPreShield,HPSecurity,DelayedReboot | 7=hpzcdl01.exe -storesourcepath | [Run2] | launchbase=Setup\ | qualifier=%os% | 1=hpzopt01.exe /forceminimum | 2=hpznop01.exe -PostRegisteredMessage WM_REINITIALIZE_PROGRESS_BITMAPS | 3=hpznop01.exe -PostRegisteredMessage WM_REREAD_INSTALL_SPACE | 4=hpzwis01.exe | 5=[Run.Prescrub] | 6=hpzshl01.exe -m Printer | 7=[Run.SetRecovery] | 8=hpznop01.exe | 9=hpzsui01.exe | [Run3] | launchbase=Setup\ | qualifier=%OS% | 1=[OSPatchesICE1] | 2=[OSPatchesICE2] | 3=hpzprl01.exe -m PreloadICEEngineToGUIDFolder | 4=[InstallProduct] | 5=[Run.CommitProduct] | 6=hpzmsi01.exe -commit | 7=Hpzshl01.exe -m HPQTRA08 | 8=Hpzshl01.exe -m CloseIZApps -gate CUE | 9=[eSupport] | 10=[CustomerExperience] | 11=[DeviceManagement.pl83] | 12=[DeviceFunction.pl83] | 13=hpzmsi01.exe -m ImageZoneExpress -gate CUE -runifoff | 14=hpznop01.exe | 15=hpzarp01.exe | 16=[Run.CommitFull] | 17=hpzwis01.exe -fixme | 18=hpzprl01.exe -inf -m PreloadProductDrivers | 19=hpzpnp01.exe -clean | [Uninstall] | launchbase=%sourcepath%Setup\ | 1=hpzscr01.exe -datfile %ProductScrubberDatfile% -nocopytotemp | [Prescrub.CPE] | launchbase=%sourcepath%Setup\ | SkipOnReinstall=SW | [MSI.FX] | Filename=netfx.msi | RefCount=No | Logfilename=%Temp%hpzFx_Log.txt | CopyToTemp=netfx.msi,netfx1.cab | [MSI.FXLangPack] | Filename=Langpacks\%lang%\langpack.msi | RefCount=No | Logfilename=%Temp%hpzFx%lang%_Log.txt | CopyToTemp=Langpacks\%lang%\langpack.msi,Langpacks\%lang%\langpac1.cab | [MSI.FXLangPack.0x9] | Filename=None.msi | RefCount=No | UI=No | CopyToTemp= | IgnoreReturnCode=Yes | [MSI.FXLangPack.0x1] | Filename=None.msi | RefCount=No | UI=No | CopyToTemp= | IgnoreReturnCode=Yes | [MSI.FXLangPack.0xd] | Filename=None.msi | RefCount=No | UI=Yes | CopyToTemp= | IgnoreReturnCode=Yes | [NetFx] | 1=StopMSIService | 2=Core | 3=LangPack | [NetFx.StopMSIService] | 1=%sourcepath%setup\hpzwis01.exe -stop | [NetFx.Core] | RegValueToLookFor=OCM | RegKeyToLookFor=SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322 | RegValueShouldBeEqualTo=1 | 1=%sourcepath%setup\hpzmsi01.exe -m FX | [NetFx.LangPack] | Qualifier=%PrimaryLangQualifier% | RegValueToLookFor=OCM | RegKeyToLookFor=SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\%langid% | RegValueShouldBeEqualTo=1 | 1=%sourcepath%setup\hpzmsi01.exe -m FXLangPack | [NetFx.LangPack.0x9] | 1=%sourcepath%setup\hpznop01.exe | [NetFx.LangPack.0xa] | RegKeyToLookFor=SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\3082 | [Setup.Text] | hpznfx01.exe=Installing Microsoft .NET Framework | hpzdxs01.exe=Installing Microsoft DirectX 9.0 | HPZpsc01.exe=Searching for installed applications | HPZchk01.exe=Checking System Requirements | HPZwis01.exe=Updating Windows Installer Service | HPZpnp01.exe=Waiting for Plug and Play | HPZscr01.exe=Uninstalling | HPZwrp01.exe=Installing Additional Software | HPZarp01.exe=Creating Add/Remove Programs entries | HPZrcv01.exe=Setting Recovery Point | HPZdui01.exe=Connecting device | HPZshl01.exe=Inspecting system | HPZopt01.exe=Waiting for user input | HPZsui01.exe=Waiting for user input | HPZrein01.exe=Waiting for user input | HPZtim01.exe=Waiting for user input | [Setup.Text.0x804] | hpznfx01.exe=正在安装 Microsoft .NET Framework | hpzdxs01.exe=正在安装 Microsoft DirectX 9.0 | HPZpsc01.exe=查找已安装的应用程序 | HPZchk01.exe=检查系统需求 | HPZwis01.exe=更新 Windows Installer 服务 | HPZpnp01.exe=检查硬件 | HPZscr01.exe=卸载 | HPZwrp01.exe=安装其他软件 | HPZarp01.exe=创建“添加/删除程序”项目 | HPZrcv01.exe=设置还原点 | HPZdui01.exe=连接设备 | HPZshl01.exe=检查系统 | HPZopt01.exe=等待用户输入 | HPZsui01.exe=等待用户输入 | HPZrein01.exe=等待用户输入 | HPZtim01.exe=等待用户输入 | [Setup.Text.0x404] | hpznfx01.exe=杆 Microsoft .NET Framework | hpzdxs01.exe=杆 Microsoft DirectX 9.0 | HPZpsc01.exe=穓碝杆莱ノ祘Α | HPZchk01.exe=浪琩╰参惠― | HPZwis01.exe=ど Windows Installer 狝叭 | HPZpnp01.exe=浪琩祑砰 | HPZscr01.exe=秆埃杆い | HPZwrp01.exe=杆ㄤ硁砰 | HPZarp01.exe=ミ穝糤/簿埃祘Α兜ヘ | HPZrcv01.exe=砞﹚確翴 | HPZdui01.exe=硈钡杆竚 | HPZshl01.exe=盎代╰参 | HPZopt01.exe=单ㄏノ块 | HPZsui01.exe=单ㄏノ块 | HPZrein01.exe=单ㄏノ块 | HPZtim01.exe=单ㄏノ块 | [Setup.Text.0x5] | hpznfx01.exe=Instaluje se Microsoft .NET Framework | hpzdxs01.exe=Instaluje se Microsoft DirectX 9.0 | HPZpsc01.exe=Vyhled醰醤 nainstalovan齝h aplikac | HPZchk01.exe=Kontrola po瀉davk na syst閙 | HPZwis01.exe=Aktualizace slu瀊y Windows Installer | HPZpnp01.exe=Kontrola hardwaru | HPZscr01.exe=Odinstalace | HPZwrp01.exe=Instalace dal氻ho softwaru | HPZarp01.exe=Vytv狲en polo瀍k v panelu P鴌dat nebo odebrat programy | HPZrcv01.exe=Nastaven bodu obnoven | HPZdui01.exe=P鴌pojen zazen | HPZshl01.exe=Kontrola syst閙u | HPZopt01.exe=萫k醤 na vstup od u瀒vatele | HPZsui01.exe=萫k醤 na vstup od u瀒vatele | HPZrein01.exe=萫k醤 na vstup od u瀒vatele | HPZtim01.exe=萫k醤 na vstup od u瀒vatele | [Setup.Text.0x6] | hpznfx01.exe=Installerer Microsoft .NET Framework | hpzdxs01.exe=Installerer Microsoft DirectX 9.0 | HPZpsc01.exe=S鴊er efter allerede installerede programmer | HPZchk01.exe=Unders鴊er systemkrav | HPZwis01.exe=Opdaterer tjenesten Windows Installer | HPZpnp01.exe=Unders鴊er hardware | HPZscr01.exe=Fjerner | HPZwrp01.exe=Installerer yderligere software | HPZarp01.exe=Opretter poster i Tilf鴍/fjern programmer | HPZrcv01.exe=Indstiller gendannelsespunkt | HPZdui01.exe=Tilslutter enhed | HPZshl01.exe=Unders鴊er system | HPZopt01.exe=Venter p brugerinput | HPZsui01.exe=Venter p brugerinput | HPZrein01.exe=Venter p brugerinput | HPZtim01.exe=Venter p brugerinput | [Setup.Text.0x7] | hpznfx01.exe=Microsoft .NET Framework wird installiert | hpzdxs01.exe=Microsoft DirectX 9.0 wird installiert | HPZpsc01.exe=Installierte Anwendungen werden gesucht | HPZchk01.exe=Systemanforderungen werden gepr黤t | HPZwis01.exe=Windows-Installationsdienst wird aktualisiert | HPZpnp01.exe=Hardware wird gepr黤t | HPZscr01.exe=Deinstallieren | HPZwrp01.exe=Weitere Software wird installiert | HPZarp01.exe=Eintr鋑e zum Hinzuf黦en/Entfernen von Programmen werden erstellt | HPZrcv01.exe=Wiederherstellungsdaten werden gespeichert | HPZdui01.exe=Ger鋞 wird verbunden | HPZshl01.exe=System wird untersucht | HPZopt01.exe=Warten auf Benutzereingabe | HPZsui01.exe=Warten auf Benutzereingabe | HPZrein01.exe=Warten auf Benutzereingabe | HPZtim01.exe=Warten auf Benutzereingabe | [Setup.Text.0x8] | hpznfx01.exe=陪赆糗篝狍 Microsoft .NET Framework | hpzdxs01.exe=陪赆糗篝狍 Microsoft DirectX 9.0 | HPZpsc01.exe=另徭摁珞 邈赆翦篝珈蓓 弼狁祜泾 | HPZchk01.exe=鸽邈黠 豉 狃衢艮箦 麸 篚篝揿狒矧 | HPZwis01.exe=另徕荑扉箸 翮 躔珩弩哚 Windows Installer | HPZpnp01.exe=鸽邈黠 蹼殛稞 | HPZscr01.exe=梳糗胥珞 邈赆糗篝狍珧 | HPZwrp01.exe=陪赆糗篝狍 瘃桢麸 腼汩箪殛稞 | HPZarp01.exe=溺扉秕胥哚 赆翎鼯褶箦 汩 翮 弼狁祜戕 "旭矬栳鲠唏弩 旭镢襻祆荇" | HPZrcv01.exe=像轶禳 箸戾唢 犴荜翮箸 | HPZdui01.exe=育礓弩 篚箨艴掾 | HPZshl01.exe=蓬蒴狍 篚篝揿狒矧 | HPZopt01.exe=另犰镯 彘筢泫戕 狃 麸 黢摅翮 | HPZsui01.exe=另犰镯 彘筢泫戕 狃 麸 黢摅翮 | HPZrein01.exe=另犰镯 彘筢泫戕 狃 麸 黢摅翮 | HPZtim01.exe=另犰镯 彘筢泫戕 狃 麸 黢摅翮 | [Setup.Text.0x9] | hpznfx01.exe=Installing Microsoft .NET Framework | hpzdxs01.exe=Installing Microsoft DirectX 9.0 | HPZpsc01.exe=Searching for installed applications | HPZchk01.exe=Checking System Requirements | HPZwis01.exe=Updating Windows Installer Service | HPZpnp01.exe=Checking hardware | HPZscr01.exe=Uninstalling | HPZwrp01.exe=Installing Additional Software | HPZarp01.exe=Creating Add/Remove Programs entries | HPZrcv01.exe=Setting Recovery Point | HPZdui01.exe=Connecting device | HPZshl01.exe=Inspecting system | HPZopt01.exe=Waiting for user input | HPZsui01.exe=Waiting for user input | HPZrein01.exe=Waiting for user input | HPZtim01.exe=Waiting for user input | [Setup.Text.0xa] | hpznfx01.exe=Instalando Microsoft .NET Framework | hpzdxs01.exe=Instalando Microsoft DirectX 9.0 | HPZpsc01.exe=Buscando aplicaciones instaladas | HPZchk01.exe=Comprobando los requisitos del sistema | HPZwis01.exe=Actualizando el servicio Windows Installer | HPZpnp01.exe=Comprobando el hardware | HPZscr01.exe=Desinstalando | HPZwrp01.exe=Instalando software adicional | HPZarp01.exe=Creando entradas para Agregar o quitar programas | HPZrcv01.exe=Estableciendo punto de recuperaci髇 | HPZdui01.exe=Conectando dispositivo | HPZshl01.exe=Inspeccionando el sistema | HPZopt01.exe=Esperando datos del usuario | HPZsui01.exe=Esperando datos del usuario | HPZrein01.exe=Esperando datos del usuario | HPZtim01.exe=Esperando datos del usuario | [Setup.Text.0xb] | hpznfx01.exe=Ohjelma asentaa Microsoft .NET Framework -ohjelmaa | hpzdxs01.exe=Ohjelma asentaa Microsoft DirectX 9.0 -ohjelmaa | HPZpsc01.exe=Etsit滗n asennettuja sovelluksia | HPZchk01.exe=Tarkastetaan j鋜jestelm鋠aatimuksia | HPZwis01.exe=P鋓vitet滗n Windows Installer -palvelua | HPZpnp01.exe=Tarkastetaan laitteistoa | HPZscr01.exe=Asennusta poistetaan | HPZwrp01.exe=Asennetaan muita ohjelmia | HPZarp01.exe=Luodaan Lis滗 tai poista sovellus -ikkunan tietoja | HPZrcv01.exe=M滗ritet滗n palautuspistett | HPZdui01.exe=Kytket滗n laitetta | HPZshl01.exe=Tarkastetaan j鋜jestelm滗 | HPZopt01.exe=Odotetaan k鋣tt鋔鋘 sy鰐ett | HPZsui01.exe=Odotetaan k鋣tt鋔鋘 sy鰐ett | HPZrein01.exe=Odotetaan k鋣tt鋔鋘 sy鰐ett | HPZtim01.exe=Odotetaan k鋣tt鋔鋘 sy鰐ett | [Setup.Text.0xc] | hpznfx01.exe=Installation de Microsoft .NET Framework | hpzdxs01.exe=Installation de Microsoft DirectX 9.0 | HPZpsc01.exe=Recherche des applications install閑s | HPZchk01.exe=V閞ification de la configuration syst鑝e requise | HPZwis01.exe=Mise jour du service Windows Installer | HPZpnp01.exe=V閞ification du mat閞iel | HPZscr01.exe=D閟installation | HPZwrp01.exe=Installation de logiciel suppl閙entaire | HPZarp01.exe=Cr閍tion d'entr閑s dans la bo顃e de dialogue Ajout/Suppression de programmes | HPZrcv01.exe=D閒inition du point de r閏up閞ation | HPZdui01.exe=Connexion du p閞iph閞ique | HPZshl01.exe=Inspection du syst鑝e | HPZopt01.exe=Attente d'une intervention de l'utilisateur | HPZsui01.exe=Attente d'une intervention de l'utilisateur | HPZrein01.exe=Attente d'une intervention de l'utilisateur | HPZtim01.exe=Attente d'une intervention de l'utilisateur | [Setup.Text.0xe] | hpznfx01.exe=Microsoft .NET Framework telep韙閟e | hpzdxs01.exe=Microsoft DirectX 9.0 telep韙閟e | HPZpsc01.exe=Telep韙ett alkalmaz醩ok keres閟e | HPZchk01.exe=Rendszerk鰒etelm閚yek ellen鮮z閟e | HPZwis01.exe=Windows telep韙鮯zolg醠tat醩 friss韙閟e | HPZpnp01.exe=Hardver ellen鮮z閟e | HPZscr01.exe=Elt醰ol韙醩 | HPZwrp01.exe=Tov醔bi programok telep韙閟e | HPZarp01.exe=Elem l閠rehoz醩a a Programok telep韙閟e/t鰎l閟e r閟zben | HPZrcv01.exe=Helyre醠l韙醩i pont be醠l韙醩a | HPZdui01.exe=Kapcsol骴醩 az eszk鰖h鰖 | HPZshl01.exe=Rendszer elemz閟e | HPZopt01.exe=V醨akoz醩 felhaszn醠骾 adatbevitelre | HPZsui01.exe=V醨akoz醩 felhaszn醠骾 adatbevitelre | HPZrein01.exe=V醨akoz醩 felhaszn醠骾 adatbevitelre | HPZtim01.exe=V醨akoz醩 felhaszn醠骾 adatbevitelre | [Setup.Text.0x10] | hpznfx01.exe=Installazione di Microsoft .NET Framework | hpzdxs01.exe=Installazione di Microsoft DirectX 9.0 | HPZpsc01.exe=Ricerca delle applicazioni installate | HPZchk01.exe=Verifica dei requisiti di sistema | HPZwis01.exe=Aggiornamento del servizio Windows Installer | HPZpnp01.exe=Verifica dell'hardware | HPZscr01.exe=Disinstallazione | HPZwrp01.exe=Installazione del software supplementare | HPZarp01.exe=Creazione delle voci di Installazione applicazioni | HPZrcv01.exe=Impostazione del punto di ripristino | HPZdui01.exe=Collegamento della periferica | HPZshl01.exe=Analisi del sistema | HPZopt01.exe=Attesa input utente | HPZsui01.exe=Attesa input utente | HPZrein01.exe=Attesa input utente | HPZtim01.exe=Attesa input utente | [Setup.Text.0x11] | hpznfx01.exe=Microsoft .NET Framework 傪僀儞僗僩乕儖偟偰偄傑偡 | hpzdxs01.exe=Microsoft DirectX 9.0 傪僀儞僗僩乕儖偟偰偄傑偡 | HPZpsc01.exe=僀儞僗僩乕儖偝傟偰偄傞傾僾儕働乕僔儑儞傪専嶕偟偰偄傑偡 | HPZchk01.exe=僔僗僥儉昁梫忦審偺`僃僢僋拞 | HPZwis01.exe=Windows 僀儞僗僩乕儔 僒乕價僗偺峏怴拞 | HPZpnp01.exe=僴乕僪僂僃傾偺`僃僢僋拞 | HPZscr01.exe=傾儞僀儞僗僩乕儖拞 | HPZwrp01.exe=偦偺懠偺\僼僩僂僃傾傪僀儞僗僩乕儖偟偰偄傑偡 | HPZarp01.exe=捛壛乛嶍彍僾儘僌儔儉 僄儞僩儕傪嶌惉偟偰偄傑偡 | HPZrcv01.exe=夞暅億僀儞僩偺愝掕拞 | HPZdui01.exe=僨僶僀僗偺愙懕拞 | HPZshl01.exe=僔僗僥儉専嵏拞 | HPZopt01.exe=儐乕僓乕偐傜偺擖椡傪懸偭偰偄傑偡 | HPZsui01.exe=儐乕僓乕偐傜偺擖椡傪懸偭偰偄傑偡 | HPZrein01.exe=儐乕僓乕偐傜偺擖椡傪懸偭偰偄傑偡 | HPZtim01.exe=儐乕僓乕偐傜偺擖椡傪懸偭偰偄傑偡 | [Setup.Text.0x12] | hpznfx01.exe=Microsoft .NET Framework 汲摹 | hpzdxs01.exe=Microsoft DirectX 9.0 汲摹 | HPZpsc01.exe=汲摹茄 览侩 橇肺弊伐阑 茫绰 吝 | HPZchk01.exe=矫胶袍 夸备 荤亲 犬牢 吝 | HPZwis01.exe=Windows 汲摹 辑厚胶 诀单捞飘窍绰 吝 | HPZpnp01.exe=窍靛傀绢甫 八荤窍绰 吝 | HPZscr01.exe=力芭 吝 | HPZwrp01.exe=眠啊 家橇飘傀绢 汲摹 吝 | HPZarp01.exe=橇肺弊伐 亲格 眠啊/力芭 父靛绰 吝 | HPZrcv01.exe=汗备 器牢飘 汲沥 吝 | HPZdui01.exe=厘摹 楷搬 吝 | HPZshl01.exe=矫胶袍 八荤 吝 | HPZopt01.exe=荤侩磊 涝仿 措扁 吝 | HPZsui01.exe=荤侩磊 涝仿 措扁 吝 | HPZrein01.exe=荤侩磊 涝仿 措扁 吝 | HPZtim01.exe=荤侩磊 涝仿 措扁 吝 | [Setup.Text.0x13] | hpznfx01.exe='Microsoft .NET Framework' installeren | hpzdxs01.exe='Microsoft DirectX 9.0' installeren | HPZpsc01.exe=Bezig met zoeken naar ge飊stalleerde toepassingen | HPZchk01.exe=Bezig met controleren van systeemvereisten | HPZwis01.exe=Bezig met bijwerken van Windows Installer-service | HPZpnp01.exe=Bezig met controleren van hardware | HPZscr01.exe=Bezig met ongedaan maken van installatie | HPZwrp01.exe=Bezig met installeren van aanvullende software | HPZarp01.exe=Bezig met aanmaken van items voor Software | HPZrcv01.exe=Bezig met maken van herstelpunt | HPZdui01.exe=Bezig met aansluiten van apparaat | HPZshl01.exe=Bezig met systeemcontrole | HPZopt01.exe=Wachten op invoer van gebruiker | HPZsui01.exe=Wachten op invoer van gebruiker | HPZrein01.exe=Wachten op invoer van gebruiker | HPZtim01.exe=Wachten op invoer van gebruiker | [Setup.Text.0x14] | hpznfx01.exe=Installerer 'Microsoft .NET Framework' | hpzdxs01.exe=Installerer 'Microsoft DirectX 9.0' | HPZpsc01.exe=S鴎er etter installerte programmer | HPZchk01.exe=Kontrollerer systemkrav | HPZwis01.exe=Oppdaterer Windows-installeringstjeneste | HPZpnp01.exe=Kontrollerer maskinvare | HPZscr01.exe=Avinstallerer | HPZwrp01.exe=Installerer tilleggsprogramvare | HPZarp01.exe=Oppretter oppf鴕inger for Legg til / fjern programmer | HPZrcv01.exe=Angir gjenopprettingspunkt | HPZdui01.exe=Kobler til enhet | HPZshl01.exe=Inspiserer system | HPZopt01.exe=Venter p brukerinndata | HPZsui01.exe=Venter p brukerinndata | HPZrein01.exe=Venter p brukerinndata | HPZtim01.exe=Venter p brukerinndata | [Setup.Text.0x15] | hpznfx01.exe=Instalacja 'Microsoft .NET Framework' | hpzdxs01.exe=Instalacja 'Microsoft DirectX 9.0' | HPZpsc01.exe=Trwa wyszukiwanie zainstalowanych aplikacji | HPZchk01.exe=Trwa sprawdzanie wymaga systemowych | HPZwis01.exe=Trwa aktualizowanie us硊gi Instalator Windows | HPZpnp01.exe=Trwa sprawdzanie sprz阾u | HPZscr01.exe=Trwa odinstalowywanie | HPZwrp01.exe=Trwa instalowanie dodatkowego oprogramowania | HPZarp01.exe=Trwa tworzenie wpis體 aplikacji Dodaj/Usu programy | HPZrcv01.exe=Trwa ustawianie punktu odzyskiwania danych | HPZdui01.exe=Trwa pod彻czanie urz筪zenia | HPZshl01.exe=Trwa inspekcja systemu | HPZopt01.exe=Trwa oczekiwanie na wprowadzenie danych przez u縴tkownika | HPZsui01.exe=Trwa oczekiwanie na wprowadzenie danych przez u縴tkownika | HPZrein01.exe=Trwa oczekiwanie na wprowadzenie danych przez u縴tkownika | HPZtim01.exe=Trwa oczekiwanie na wprowadzenie danych przez u縴tkownika | [Setup.Text.0x16] | hpznfx01.exe=Instalando o Microsoft .NET Framework | hpzdxs01.exe=Instalando o Microsoft DirectX 9.0 | HPZpsc01.exe=Procurando aplicativos instalados | HPZchk01.exe=Verificando exig阯cias do sistema | HPZwis01.exe=Atualizando o servi鏾 Windows Installer | HPZpnp01.exe=Verificando hardware | HPZscr01.exe=Desinstalando | HPZwrp01.exe=Instalando software adicional | HPZarp01.exe=Criando entradas em Adicionar ou Remover Programas | HPZrcv01.exe=Definindo ponto de recupera玢o | HPZdui01.exe=Conectando dispositivo | HPZshl01.exe=Inspecionando sistema | HPZopt01.exe=Aguardando entrada do usu醨io | HPZsui01.exe=Aguardando entrada do usu醨io | HPZrein01.exe=Aguardando entrada do usu醨io | HPZtim01.exe=Aguardando entrada do usu醨io | [Setup.Text.0x19] | hpznfx01.exe=玉蜞眍怅 Microsoft .NET Framework | hpzdxs01.exe=玉蜞眍怅 Microsoft DirectX 9.0 | HPZpsc01.exe=项桉 篑蜞眍怆屙睇 镳桦铈屙栝 | HPZchk01.exe=橡钼屦赅 蝠遽钼囗栝 耔耱屐 | HPZwis01.exe=吾眍怆屙桢 耠箧猁 篑蜞眍怅 Windows | HPZpnp01.exe=橡钼屦赅 囡镟疣蝽钽 钺羼镥麇龛 | HPZscr01.exe=愉嚯屙桢 | HPZwrp01.exe=玉蜞眍怅 漕镱腠栩咫钽 镳钽疣祆眍泐 钺羼镥麇龛 | HPZarp01.exe=杨玟囗桢 玎镨皴 铌礤 玉蜞眍怅 箐嚯屙桢 镳钽疣祆 | HPZrcv01.exe=玉蜞眍怅 蝾麝 忸耨蜞眍怆屙 | HPZdui01.exe=杨邃桧屙桢 篑蝠铋耱忸 | HPZshl01.exe=橡钼屦赅 耔耱屐 | HPZopt01.exe=捂桎囗桢 溴轳蜮栝 镱朦珙忄蝈 | HPZsui01.exe=捂桎囗桢 溴轳蜮栝 镱朦珙忄蝈 | HPZrein01.exe=捂桎囗桢 溴轳蜮栝 镱朦珙忄蝈 | HPZtim01.exe=捂桎囗桢 溴轳蜮栝 镱朦珙忄蝈 | [Setup.Text.0x1d] | hpznfx01.exe=Installerar Microsoft .NET Framework | hpzdxs01.exe=Installerar Microsoft DirectX 9.0 | HPZpsc01.exe=S鰇er efter installerade program | HPZchk01.exe=Kontrollerar systemkrav | HPZwis01.exe=Uppdaterar tj鋘sten Windows Installer | HPZpnp01.exe=Kontrollerar maskinvara | HPZscr01.exe=Avinstallerar | HPZwrp01.exe=Installerar ytterligare programvara | HPZarp01.exe=Skapa poster f鰎 L鋑g till/Ta bort program | HPZrcv01.exe=Skapar 錿erst鋖lningspunkt | HPZdui01.exe=Ansluter enhet | HPZshl01.exe=Kontrollerar system | HPZopt01.exe=V鋘tar p anv鋘darindata | HPZsui01.exe=V鋘tar p anv鋘darindata | HPZrein01.exe=V鋘tar p anv鋘darindata | HPZtim01.exe=V鋘tar p anv鋘darindata | [Setup.Text.0x1f] | hpznfx01.exe=Microsoft .NET Framework Y黭leniyor | hpzdxs01.exe=Microsoft DirectX 9.0 Y黭leniyor | HPZpsc01.exe=Y黭l uygulamalar aran齳or | HPZchk01.exe=Sistem Gereksinimleri Kontrol Ediliyor | HPZwis01.exe=Windows Y黭leyici Hizmeti G黱celle⺶iriliyor | HPZpnp01.exe=Donan齧 kontrol ediliyor | HPZscr01.exe=Y黭leme kald齬齦齳or | HPZwrp01.exe=Ek Yaz齦齧 Y黭leniyor | HPZarp01.exe=Program Ekle/Kald齬 girieri olu⺶uruluyor | HPZrcv01.exe=Geri D鰊 Noktas Ayarlan齳or | HPZdui01.exe=Ayg齮 ba餷an齳or | HPZshl01.exe=Sistem denetleniyor | HPZopt01.exe=Kullan齝 giri㱮 bekleniyor | HPZsui01.exe=Kullan齝 giri㱮 bekleniyor | HPZrein01.exe=Kullan齝 giri㱮 bekleniyor | HPZtim01.exe=Kullan齝 giri㱮 bekleniyor | [MSI] | Launchbase=msiexec.exe | InstallDir=%ProgramFiles%%Manufacturer%\ | [MSI.SelfInstallingPortMonitor] | InstallDir=%System% | Filename=%sourcepath%setup\SIPM\HP_Standard_Port_Monitor.msi | RefCount=No | UI=No | IgnoreNewerVersion=No | SkipIfSilent=No | SkipOnReinstall=DRV | Logfilename=%Temp%%DIVISION%MSI_PortMonitor.log | TRANSFORMS=SIPM\%langid%.MST | [Recovery.LogAnalysis] | CollectLogs=Yes | [Recovery.Startup] | 1=%Recovery%setup\hpzrcv01.exe -f ..\%autorunName% -recover | [Recovery.Recover] | 1=%Recovery%setup\hpzscr01.exe -datfile .\%ProductScrubberDatfile% -d MsiUninstaller -unattended -forcereboot | [Recovery.SetupQuit] | launchbase=%sourcepath%Setup\ | 1=hpzrcv01.exe -unsetrecovery | [Uninstall.ERROR_FAILURE_CLEANUP] | launchbase=%sourcepath%Setup\ | 1=hpzrcv01.exe -recover -logs | [Recovery.MSIOnly.Startup] | 1=%recovery%setup\hpzrcv01.exe -f ..\%autorunName% -recover MSIOnly -logs | [Recovery.MSIOnly.Recover] | SWOnly=Yes | 1=%recovery%setup\hpzscr01.exe -datfile %MsiRollbackDatFile% -unattended -forcereboot | [Recovery.MSIOnly.Error_Failure_Cleanup] | 1=hpzrcv01.exe -recover MSIOnly -logs | [Run.SetRecovery] | launchbase=%sourcepath%setup\ | 1=hpzprl01.exe -m PreloadRecoveryMechanism | 2=hpzrcv01.exe -setrecovery | [Run.CommitProduct] | launchbase=%sourcepath%setup\ | 1=hpzmsi01.exe -commit | 2=..\%setupName% -commitGuid %CDGuid% | 3=hpzrcv01.exe -setrecovery MSIOnly | [Run.CommitFull] | launchbase=%sourcepath%setup\ | 1=hpzmsi01.exe -commit | 2=hpzrcv01.exe -unsetrecovery | [FilesThatForceReboot] | 1=mscoree.dll | 2=MICROS~1.NET\FRAMEW~1\V11~1.432 | 3=Microsoft.NET\Framework\v1.1.4322 | [WUP] | SecondsToWaitForConnection=30 | SecondsToWaitForDownloadComplete=600 | [Shield.ICEPreShield] | 1=SynTPEnh | 2=QTTask | 3=.NETUninstall | 4=CommonAdminTools | 5=MsiExec | 6=PlugPlay | 7=LocalSoftware | 8=LocalSystem | 9=EnumRegKey | 10=Config.Msi | 11=ICE RegKey | 12=ClassesRoot | 13=softpubDll | 14=wintrustDll | 15=initpkiDll | 16=dssenhDll | 17=rsaenhDll | 18=gpkcspDll | 19=sccbaseDll | 20=slbcspDll | 21=cryptdlgDll | 22=DevicePathRegValue | [Shield.DevicePathRegValue.501] | Manufacturer=Microsoft | IssueType=RegData | Condition=Missing | Action=Autofix | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion | Value=DevicePath | BlockIfFail=Yes | Data=%SystemRoot%\inf | ReplaceWith=%SystemRoot%\inf | Type=EXPAND_SZ | [Shield.DevicePathRegValue.500] | Manufacturer=Microsoft | IssueType=RegData | Condition=Missing | Action=Autofix | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion | Value=DevicePath | BlockIfFail=Yes | Data=%SystemRoot%\inf | ReplaceWith=%SystemRoot%\inf | Type=EXPAND_SZ | [Shield.DevicePathRegValue.490] | Manufacturer=Microsoft | IssueType=RegData | Condition=Missing | Action=Autofix | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion | Value=DevicePath | BlockIfFail=Yes | Data=%windows%inf | ReplaceWith=%Windows%inf | [Shield.DevicePathRegValue.410] | Manufacturer=Microsoft | IssueType=RegData | Condition=Missing | Action=Autofix | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion | Value=DevicePath | BlockIfFail=Yes | Data=%windows%inf | ReplaceWith=%Windows%inf | [Shield.CloseIZApps] | 1=hpqselsk | 2=hpqcopy | 3=hpqgalry | 4=hpqiscfg | 5=hpqimvac | 6=hpqpos | 7=hpqvapa | [Shield.SynTPEnh] | IssueType=Process | MaxVersion=0x0005000000000893 | MinVersion=0x0005000000000893 | Manufacturer=HP | Action=Autofix | BlockIfFail=Yes | [Shield.QTTask] | IssueType=Process | MaxVersion=0x0006000100000000 | MinVersion=0x0000000000000000 | Manufacturer=Apple | Action=Autofix | BlockIfFail=Yes | [Shield..NETUninstall] | IssueType=RebootFile | Manufacturer=Microsoft | Action=Autofix | 1=mscoree.dll | 2=MICROS~1.NET\FRAMEW~1\V11~1.432 | 3=Microsoft.NET\Framework\v1.1.4322 | Return=Reboot | BlockIfFail=No | [Shield.CommonAdminTools] | Manufacturer=Microsoft | IssueType=RegData | Condition=Contains | Action=Autofix | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | Value=Common Administrative Tools | Data=<Common Administrative Tools>.All Users\ | ReplaceWith=%ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools | Type=EXPAND_SZ | BlockIfFail=Yes | [Shield.MsiExec] | IssueType=Service | ServiceName=MSIServer | Manufacturer=Microsoft | Action=FIX | Condition=DISABLED | DisplayName=Windows Installer | BlockIfFail=Yes | [Shield.PlugPlay] | IssueType=Service | ServiceName=PlugPlay | Manufacturer=Microsoft | Action=FIX | Condition=STOPPED | DisplayName=Plug and Play | BlockIfFail=Yes | [Shield.LocalSoftware.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=NotWriteable | Key=HKEY_LOCAL_MACHINE\SOFTWARE | DisplayName=LocalSoftware | BlockIfFail=Yes | Recurse=No | OverwriteDacl=No | SetOnlyIfInvalid=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | CheckCreatedKey=Yes | [Shield.LocalSoftware.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=NotWriteable | Key=HKEY_LOCAL_MACHINE\SOFTWARE | DisplayName=LocalSoftware | BlockIfFail=Yes | Recurse=No | OverwriteDacl=No | SetOnlyIfInvalid=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | CheckCreatedKey=Yes | [Shield.LocalSystem.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=NotWriteable | Key=HKEY_LOCAL_MACHINE\SYSTEM | DisplayName=LocalSystem | BlockIfFail=Yes | Recurse=No | OverwriteDacl=No | SetOnlyIfInvalid=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | [Shield.LocalSystem.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=NotWriteable | Key=HKEY_LOCAL_MACHINE\SYSTEM | DisplayName=LocalSystem | BlockIfFail=Yes | Recurse=No | OverwriteDacl=No | SetOnlyIfInvalid=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | [Shield.EnumRegKey.500] | IssueType=RegKey | Manufacturer=Microsoft | DisplayName=Enum | Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=SystemAccess | SetAccess=SystemAccess | Timeout=10 | [Shield.EnumRegKey.501] | IssueType=RegKey | Manufacturer=Microsoft | DisplayName=Enum | Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=SystemAccess | SetAccess=SystemAccess | Timeout=10 | [Shield.Config.Msi] | IssueType=Folder | Manufacturer=Microsoft Corporation | FolderName=%WindowsDrive%Config.Msi | Action=AUTOFIX | Condition=~EXIST | HIDDEN=Y | [Shield.ICE RegKey] | IssueType=RegKey | Manufacturer=HP | DisplayName=ICE | Key=HKEY_LOCAL_MACHINE\SOFTWARE\ICE | Condition=NotWriteable | Action=Autofix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | Timeout=10 | [Shield.ClassesRoot.500] | IssueType=RegKey | Manufacturer=Microsoft | DisplayName=HKEY_CLASSES_ROOT | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Classes | Condition=NotWriteable | Action=Autofix | BlockIfFail=Yes | Recurse=No | OverwriteDacl=No | SetOnlyIfInvalid=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | CheckCreatedKey=Yes | [Shield.ClassesRoot.501] | IssueType=RegKey | Manufacturer=Microsoft | DisplayName=HKEY_CLASSES_ROOT | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Classes | Condition=NotWriteable | Action=Autofix | BlockIfFail=Yes | Recurse=No | OverwriteDacl=No | SetOnlyIfInvalid=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | CheckCreatedKey=Yes | [Shield.hpqselsk.410] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqselsk.490] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqcopy.410] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqcopy.490] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqgalry.410] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqgalry.490] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqiscfg.410] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Instant Share | BlockIfFail=Yes | [Shield.hpqiscfg.490] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Instant Share | BlockIfFail=Yes | [Shield.hpqimvac.410] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqimvac.490] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqpos.410] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqpos.490] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqvapa.410] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.hpqvapa.490] | IssueType=Process | Manufacturer=HP | Action=FIX | Condition=Exist | DisplayName=HP Image Zone | BlockIfFail=Yes | [Shield.DXQVPFix] | 1=QVP32 | [Shield.QVP32] | Manufacturer=Microsoft | IssueType=RegData | Condition=Contains | Action=Autofix | Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Value=DXDllRegExe | Data=dxdllreg.exe | ReplaceWith=%system%dxdllreg.exe | BlockIfFail=Yes | [Shield.CompositeDev] | 1=USBInf | 2=certclas | 3=USBCCGP | [Shield.USBCheck] | 1=USBInf | 2=USBPrint | 3=USBStor | 4=USBScan | 5=NTPrint | 6=certclas | 7=USBCCGP | [Shield.Printer] | 1=PrintSpooler | 2=ReadOnlyPNFs | 3=USBPrint | 4=NTPrint | 5=certclas | 6=PrintCoinstaller | 8=USBCCGP | [Shield.PnP.Printer] | 1=USBPrint | [Shield.MassStorage] | 1=Roxio | 2=USBStor | 3=certclas | 4=hpusbfd | 6=USBCCGP | [Shield.PnP.MassStorage] | 1=USBStor | [Shield.Scanner] | 1=ReadOnlyPNFs | 2=USBScan | 3=certclas | 5=USBCCGP | [Shield.PnP.Scanner] | 1=USBScan | [Shield.Camera] | 1=ReadOnlyPNFs | 2=certclas | [Shield.PnPFiles] | 1=USBInf | 2=certclas | 3=USBCCGP | [Shield.USBInf.410] | DisplayName=USB.inf | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usb.inf | DriverSysName=%windows%system32\drivers\usbhub.sys | SectionToInstall=UniversalHCD.Dev | MinVersion=0 | DriverSysMinVersion=4000A000007CE | Manufacturer=Microsoft | [Shield.USBInf.490] | DisplayName=USB.inf | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usb.inf | DriverSysName=%windows%system32\drivers\usbhub.sys | SectionToInstall=UniversalHCD.Dev | MinVersion=0 | DriverSysMinVersion=4005A0BB80000 | Manufacturer=Microsoft | [Shield.USBCCGP.490] | DisplayName=USB.inf | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usb.inf | DriverSysName=%windows%system32\drivers\usbccgp.sys | SectionToInstall=StandardHub.Dev | MinVersion=0 | DriverSysMinVersion=4005A0BB80000 | Manufacturer=Microsoft | [Shield.USBInf.500] | DisplayName=USB | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usb.inf | DriverSysName=usbhub.sys | SectionToInstall=Composite.Dev.NT | MinVersion=5000008870001 | DriverSysMinVersion=5000008850001 | Manufacturer=Microsoft | [Shield.USBInf.501] | DisplayName=USB | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usb.inf | DriverSysName=usbccgp.sys | SectionToInstall=Composite.Dev.NT | MinVersion=500010A280000 | DriverSysMinVersion=500010A280000 | Manufacturer=Microsoft | [Shield.USBPrint.490] | DisplayName=USBPrint | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usb.inf | DriverSysName=%windows%system32\drivers\usbprint.sys | SectionToInstall=UniversalHCD.Dev | MinVersion=0 | DriverSysMinVersion=4005A0BB80000 | Manufacturer=Microsoft | [Shield.USBPrint.500] | DisplayName=USBPrint | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usbprint.inf | DriverSysName=usbprint.sys | SectionToInstall=USBPRINT_Inst.NT | MinVersion=5000008870001 | DriverSysMinVersion=5000008740001 | Manufacturer=Microsoft | [Shield.USBPrint.501] | DisplayName=USBPrint | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usbprint.inf | DriverSysName=usbprint.sys | SectionToInstall=USBPRINT_Inst.NT | MinVersion=500010A280000 | DriverSysMinVersion=500010A280000 | Manufacturer=Microsoft | [Shield.NTPrint.500] | DisplayName=NTPrint | IssueType=SystemDriver | Condition=~Exists | DriverInfName=ntprint.inf | DriverSysName= | SectionToInstall= | MinVersion=0 | Manufacturer=Microsoft | [Shield.NTPrint.501] | DisplayName=NTPrint | IssueType=SystemDriver | Condition=~Exists | DriverInfName=ntprint.inf | DriverSysName= | SectionToInstall= | MinVersion=0 | Manufacturer=Microsoft | [Shield.certclas.500] | DisplayName=Certclas.inf | IssueType=SystemDriver | Condition=~Exists | DriverInfName=certclas.inf | DriverSysName= | SectionToInstall= | MinVersion=5000008870001 | Manufacturer=Microsoft | [Shield.CertClas.501] | DisplayName=Certclas.inf | IssueType=SystemDriver | Condition=~Exists | DriverInfName=Certclas.inf | DriverSysName= | SectionToInstall= | MinVersion=5000109E70000 | Manufacturer=Microsoft | [Shield.USBStor.500] | DisplayName=USBStor | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usbstor.inf | DriverSysName=usbstor.sys | SectionToInstall=USBSTOR_BULK.NT | MinVersion=5000008870001 | DriverSysMinVersion=50000085A0001 | Manufacturer=Microsoft | [Shield.USBStor.501] | DisplayName=USBStor | IssueType=SystemDriver | Condition=~Exists | DriverInfName=usbstor.inf | DriverSysName=usbstor.sys | SectionToInstall=USBSTOR_BULK.NT | MinVersion=500010A280000 | DriverSysMinVersion=500010A280000 | Manufacturer=Microsoft | [Shield.USBScan.490] | DisplayName=USBScan.inf | IssueType=SystemDriver | Condition=~Exists | DriverInfName=sti.inf | DriverSysName=%windows%system32\drivers\usbscan.sys | SectionToInstall=StillImageSetup | MinVersion=0 | DriverSysMinVersion=4005A0BB80000 | Manufacturer=Microsoft | [Shield.USBScan.500] | DisplayName=USBScan | IssueType=SystemDriver | Condition=~Exists | DriverInfName=sti.inf | DriverSysName=usbscan.sys | SectionToInstall=STI.USBSection | MinVersion=5000008870001 | DriverSysMinVersion=5000008670001 | Manufacturer=Microsoft | [Shield.USBScan.501] | DisplayName=USBScan | IssueType=SystemDriver | Condition=~Exists | DriverInfName=sti.inf | DriverSysName=usbscan.sys | SectionToInstall=STI.USBSection | MinVersion=500010A280000 | DriverSysMinVersion=500010A280000 | Manufacturer=Microsoft | [Shield.PrintCoinstaller.500] | Manufacturer=Microsoft | IssueType=RegData | Condition=Missing | Action=Autofix | Key=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318} | Value=Installer32 | BlockIfFail=Yes | Data=ntprint.dll,ClassInstall32 | ReplaceWith=ntprint.dll,ClassInstall32 | [Shield.PrintCoinstaller.501] | Manufacturer=Microsoft | IssueType=RegData | Condition=Missing | Action=Autofix | Key=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318} | Value=Installer32 | BlockIfFail=Yes | Data=ntprint.dll,ClassInstall32 | ReplaceWith=ntprint.dll,ClassInstall32 | [Shield.PrintSpooler] | IssueType=Service | ServiceName=Spooler | Manufacturer=Microsoft | Action=FIX | Condition=STOPPED | DisplayName=Print Spooler | BlockIfFail=Yes | [Shield.hpusbfd] | Manufacturer=Hewlett-Packard | IssueType=RegData | Condition=Contains | Action=Autofix | Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000} | Value=UpperFilter | Data=hpusbfd | Type=MULTI_SZ | ReplaceWith=* | BlockIfFail=Yes | [Shield.Roxio.500] | IssueType=File | Manufacturer=Roxio | MaxVersion=0x0002000000000046 | MinVersion=0x0002000000000046 | Action=STOP | Condition=EXIST | DisplayName=Easy CD Creator 5 | BlockIfFail=Yes | FileName=%system%drivers\PrtSeqRd.sys | SpecialText=Shield.Roxio.Text | [Shield.Roxio.501] | IssueType=File | Manufacturer=Roxio | MaxVersion=0x0002000000000046 | MinVersion=0x0002000000000046 | Action=STOP | Condition=EXIST | DisplayName=Easy CD Creator 5 | FileName=%system%drivers\PrtSeqRd.sys | BlockIfFail=Yes | SpecialText=Shield.Roxio.Text | [Shield.Firewalls] | 1=Smc | 2=Zapro | 3=Ccapp | 4=BlackIce | 5=MpfAgent | 6=Ca | 7=ccEvtMgr | 8=SndSrvc | 9=ccProxy | 10=ccPwdSvc | 11=ccSetMgr | [Shield.Smc.500] | IssueType=Service | ServiceName=SmcService | DisplayName=Sygate Security Agent: Firewall | Manufacturer=Sygate Technologies | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.Smc.501] | IssueType=Service | ServiceName=SmcService | DisplayName=Sygate Security Agent: Firewall | Manufacturer=Sygate Technologies | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.Zapro.500] | IssueType=Service | ServiceName=vsmon | DisplayName=Zone Alarm TrueVector Internet Monitor | Manufacturer=Broderbund | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.Zapro.501] | IssueType=Service | ServiceName=vsmon | DisplayName=Zone Alarm TrueVector Internet Monitor | Manufacturer=Broderbund | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.Ccapp.500] | IssueType=Service | ServiceName=Symantec Core LC | DisplayName=Symantec Core LC: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.Ccapp.501] | IssueType=Service | ServiceName=Symantec Core LC | DisplayName=Symantec Core LC: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.BlackIce.500] | IssueType=Service | ServiceName=BlackICE | DisplayName=BlackICE: Firewall | Manufacturer=Internet Security Systems | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.BlackIce.501] | IssueType=Service | ServiceName=BlackICE | DisplayName=BlackICE: Firewall | Manufacturer=Internet Security Systems | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.MpfAgent.500] | IssueType=Service | ServiceName=MpfService | DisplayName=McAfee Personal Firewall Service | Manufacturer=McAfee Security | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.MpfAgent.501] | IssueType=Service | ServiceName=MpfService | DisplayName=McAfee Personal Firewall Service | Manufacturer=McAfee Security | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.ccEvtMgr.500] | IssueType=Service | ServiceName=ccEvtMgr | DisplayName=Symantec Event Manager: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.ccEvtMgr.501] | IssueType=Service | ServiceName=ccEvtMgr | DisplayName=Symantec Event Manager: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.SndSrvc.500] | IssueType=Service | ServiceName=SndSrvc | DisplayName=Symantec Network Drivers Service : Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.SndSrvc.501] | IssueType=Service | ServiceName=SndSrvc | DisplayName=Symantec Network Drivers Service : Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.ccProxy.500] | IssueType=Service | ServiceName=ccProxy | DisplayName=Symantec Network Proxy: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.ccProxy.501] | IssueType=Service | ServiceName=ccProxy | DisplayName=Symantec Network Proxy: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.ccPwdSvc.500] | IssueType=Service | ServiceName=ccPwdSvc | DisplayName=Symantec Password Validation: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.ccPwdSvc.501] | IssueType=Service | ServiceName=ccPwdSvc | DisplayName=Symantec Password Validation: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.ccSetMgr.500] | IssueType=Service | ServiceName=ccSetMgr | DisplayName=Symantec Settings Manager: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.ccSetMgr.501] | IssueType=Service | ServiceName=ccSetMgr | DisplayName=Symantec Settings Manager: Firewall | Manufacturer=Symantec | Action=NoFix | Condition=Running | SpecialText=Shield.Firewalls.Text | [Shield.Smc.410] | IssueType=Process | DisplayName=Sygate Security Agent: Firewall | Manufacturer=Sygate Technologies | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.Smc.490] | IssueType=Process | DisplayName=Sygate Security Agent: Firewall | Manufacturer=Sygate Technologies | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.Zapro.410] | IssueType=Process | DisplayName=Zone Alarm Pro Firewall | Manufacturer=Broderbund | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.Zapro.490] | IssueType=Process | DisplayName=Zone Alarm Pro Firewall | Manufacturer=Broderbund | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.Ccapp.410] | IssueType=Process | DisplayName=Symantec Core LC: Firewall | Manufacturer=Symantec | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.Ccapp.490] | IssueType=Process | DisplayName=Symantec Core LC: Firewall | Manufacturer=Symantec | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.BlackIce.410] | IssueType=Process | DisplayName=BlackICE: Firewall | Manufacturer=Internet Security Systems | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.BlackIce.490] | IssueType=Process | DisplayName=BlackICE: Firewall | Manufacturer=Internet Security Systems | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.MpfAgent.410] | IssueType=Process | DisplayName=McAfee Personal Firewall Service | Manufacturer=McAfee Security | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.MpfAgent.490] | IssueType=Process | DisplayName=McAfee Personal Firewall Service | Manufacturer=McAfee Security | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.Ca.410] | IssueType=Process | DisplayName=EZ Firewall | Manufacturer=eTrust | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.Ca.490] | IssueType=Process | DisplayName=EZ Firewall | Manufacturer=eTrust | Action=NoFix | SpecialText=Shield.Firewalls.Text | [Shield.HPSecurity] | 1=HP RegKey | 2=Hewlett-Packard RegKey | 3=Hewlett Packard RegKey | 4=LEAD Technologies RegKey | [Shield.HP RegKey.500] | IssueType=RegKey | Manufacturer=HP | DisplayName=HP | Key=HKEY_LOCAL_MACHINE\SOFTWARE\HP | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | Timeout=10 | [Shield.HP RegKey.501] | IssueType=RegKey | Manufacturer=HP | DisplayName=HP | Key=HKEY_LOCAL_MACHINE\SOFTWARE\HP | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | Timeout=10 | [Shield.Hewlett-Packard RegKey.500] | IssueType=RegKey | Manufacturer=HP | DisplayName=Hewlett-Packard | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | Timeout=10 | [Shield.Hewlett-Packard RegKey.501] | IssueType=RegKey | Manufacturer=HP | DisplayName=Hewlett-Packard | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | Timeout=10 | [Shield.Hewlett Packard RegKey.500] | IssueType=RegKey | Manufacturer=HP | DisplayName=Hewlett Packard | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett Packard | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | Timeout=10 | [Shield.Hewlett Packard RegKey.501] | IssueType=RegKey | Manufacturer=HP | DisplayName=Hewlett Packard | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett Packard | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | Timeout=10 | [Shield.LEAD Technologies RegKey.500] | IssueType=RegKey | Manufacturer=HP | DisplayName=LEAD Technologies, Inc. | Key=HKEY_LOCAL_MACHINE\SOFTWARE\LEAD Technologies, Inc. | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | Timeout=10 | [Shield.LEAD Technologies RegKey.501] | IssueType=RegKey | Manufacturer=HP | DisplayName=LEAD Technologies, Inc. | Key=HKEY_LOCAL_MACHINE\SOFTWARE\LEAD Technologies, Inc. | Condition=NotWriteable | Action=AutoFix | BlockIfFail=Yes | Recurse=Yes | OverwriteDacl=Yes | CheckAccess=CommonSidList | SetAccess=CommonSidList | Timeout=10 | [Shield.CommonSidList] | S-1-5-32-544=0x000f003f | S-1-5-18=0x000f003f | S-1-5-32-545=0x00020019 | [Shield.SystemAccess] | S-1-1-0=0x00020019 | S-1-5-18=0x000f003f | [Shield.ReadOnlyPNFs.500] | IssueType=File | launchbase=%sourcepath%setup\ | Manufacturer=Microsoft | DisplayName=Read Only PNF files | Action=Autofix | FileName=%system%attrib.exe | Condition=Exists | 1=hpzwrp01.exe -m SetPnfAttrib | [Shield.ReadOnlyPNFs.501] | IssueType=File | launchbase=%sourcepath%setup\ | Manufacturer=Microsoft | DisplayName=Read Only PNF files | Action=Autofix | FileName=%system%attrib.exe | Condition=Exists | 1=hpzwrp01.exe -m SetPnfAttrib | [SetPnfAttrib] | Open=%system%attrib -r %windows%inf\oem*.pnf | [Shield.DelayedReboot] | 1=CheckForFiles | [Shield.CheckForFiles] | IssueType=RebootFile | Manufacturer=HP | Action=Autofix | 1=Digital Imaging | 2=system32\hpz | 3=system\hpz | 4=hpf | 5=%division% | 6=twain_32\hpsj | Return=Reboot | BlockIfFail=No | result=Reboot | [Shield.DelayedRebootCUE] | 1=CUECheckForFiles | [Shield.CUECheckForFiles] | IssueType=RebootFile | Manufacturer=HP | Action=Autofix | 1=Digital Imaging | Return=Reboot | BlockIfFail=No | result=Reboot | [Shield.CryptSvc.501] | IssueType=Service | ServiceName=Cryptsvc | Manufacturer=Microsoft | Action=AUTOFIX | Condition=STOPPED | DisplayName=Windows Cryptographic Service | BlockIfFail=Yes | [Shield.softpubDll.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB} | DisplayName=softpub.dll | BlockIfFail=Yes | 1=regsvr32 /s softpub.dll | [Shield.softpubDll.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB} | DisplayName=softpub.dll | BlockIfFail=Yes | 1=regsvr32 /s softpub.dll | [Shield.wintrustDll.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15 | DisplayName=wintrust.dll | BlockIfFail=Yes | 1=regsvr32 /s wintrust.dll | [Shield.wintrustDll.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15 | DisplayName=wintrust.dll | BlockIfFail=Yes | 1=regsvr32 /s wintrust.dll | [Shield.initpkiDll.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_CLASSES_ROOT\CLSID\{7444C717-39BF-11D1-8CD9-00C04FC29D45}\ProgID | DisplayName=initpki.dll | BlockIfFail=Yes | 1=regsvr32 /s initpki.dll | [Shield.initpkiDll.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_CLASSES_ROOT\CLSID\{7444C717-39BF-11D1-8CD9-00C04FC29D45}\ProgID | DisplayName=initpki.dll | BlockIfFail=Yes | 1=regsvr32 /s initpki.dll | [Shield.dssenhDll.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider | DisplayName=dssenh.dll | BlockIfFail=Yes | 1=regsvr32 /s dssenh.dll | [Shield.dssenhDll.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider | DisplayName=dssenh.dll | BlockIfFail=Yes | 1=regsvr32 /s dssenh.dll | [Shield.rsaenhDll.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0 | DisplayName=rsaenh.dll | BlockIfFail=Yes | 1=regsvr32 /s rsaenh.dll | [Shield.rsaenhDll.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0 | DisplayName=rsaenh.dll | BlockIfFail=Yes | 1=regsvr32 /s rsaenh.dll | [Shield.gpkcspDll.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0 | DisplayName=gpkcsp.dll | BlockIfFail=Yes | 1=regsvr32 /s gpkcsp.dll | [Shield.gpkcspDll.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0 | DisplayName=gpkcsp.dll | BlockIfFail=Yes | 1=regsvr32 /s gpkcsp.dll | [Shield.sccbaseDll.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\\Infineon SICRYPT Base Smart Card CSP | DisplayName=sccbase.dll | BlockIfFail=Yes | 1=regsvr32 /s sccbase.dll | [Shield.slbcspDll.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Schlumberger Cryptographic Service Provider | DisplayName=slbcsp.dll | BlockIfFail=Yes | 1=regsvr32 /s slbcsp.dll | [Shield.slbcspDll.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Schlumberger Cryptographic Service Provider | DisplayName=slbcsp.dll | BlockIfFail=Yes | 1=regsvr32 /s slbcsp.dll | [Shield.cryptdlgDll.500] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1 | DisplayName=cryptdlg.dll | BlockIfFail=Yes | 1=regsvr32 /s cryptdlg.dll | [Shield.cryptdlgDll.501] | Manufacturer=Microsoft | IssueType=RegKey | Action=Autofix | Condition=~Exist | Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1 | DisplayName=cryptdlg.dll | BlockIfFail=Yes | 1=regsvr32 /s cryptdlg.dll | [Shield.Roxio.Text.0x404] | 1=杆祘Α籔セ硁砰ぃ甧 | 2=眤ゲ斗秆埃杆┪ど祘Α杆膥尿 | 3=璶秆埃杆祘Α叫 Windows [北] い [穝糤/簿埃祘Α] | 4=狦眤匡拒ど祘Α叫硑砐 http://www.roxio.com/en/support/ecdc/ecdc_...M更ど | 5=叫絋粄祘Αど┪秆埃杆礛 [刚] 膥尿杆 | [Shield.Firewalls.Text.0X404] | 1=筿福盎代Τň鲤硁砰 | 2=膥尿秈︽˙艼玡叫氨ノ硁砰ň鲤HP 杆硁砰盎代呼隔杆竚ЧΘ杆眤Ω币ノ硁砰ň鲤 | 3=Τ闽既氨ノ硁砰ň鲤よΑ叫把\眤硁砰ň鲤ゅン弧 | 4=惠冈灿戈癟 (珹ň鲤氨ノ玂臔眤╰参)叫硑砐 http://www.hp.com/support 匡拒眤玻珇礛穓碝 "network installation with firewalls" (ㄏノň鲤呼隔杆) | [Shield.Roxio.Text.0x804] | 1=安装的此程序与本软件不兼容。 | 2=您必须卸载或升级此程序,才能继续安装。 | 3=要卸载此程序,请转到 Windows 控制面板中的“添加/删除程序”。 | 4=如果您选择升级此程序,请访问 http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml 注册并下载升级程序。 | 5=请确保该程序已升级或卸载,然后单击“重试”继续安装。 | [Shield.Firewalls.Text.0x804] | 1=在计算机上检测到防火墙软件。 | 2=继续之前,请先禁用软件防火墙,这样 HP 安装软件才能检测到网络上的设备。您可以在完成安装后启用软件防火墙。 | 3=有关如何暂时禁用防火墙软件的信息,请参阅软件防火墙文档。 | 4=有关详细信息,例如如何在禁用防火墙时对系统进行保护,请访问 http://www.hp.com/support,选择您的产品并搜索“network installation with firewalls”(带有防火墙的网络安装)。 | [Shield.Roxio.Text.0x405] | 1=Tento program je nainstalov醤 a nen se softwarem kompatibiln. | 2=Ne bude mo瀗 pokra鑟vat v instalaci, mus韙e tento program odinstalovat nebo aktualizovat. | 3=Chcete-li tento program odinstalovat, p鴈jd靦e v syst閙u Windows na Ovl醖ac panely a vyberte polo瀔u P鴌dat nebo odebrat programy. | 4=Pokud se rozhodnete tento program aktualizovat, m鶠ete si aktualizaci st醜nout a registrovat na str醤ce http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml. | 5=Zkontrolujte, zda je progr醡 aktualizov醤 nebo odinstalov醤. Pot pokra鑥jte v instalaci klepnut韒 na tla桧tko Opakovat. | [Shield.Firewalls.Text.0X405] | 1=Na tomto po桧ta鑙 byl rozpozn醤 software bezpe鑞ostn br醤y. | 2=P鴈d pokra鑟v醤韒 zaka瀟e software bezpe鑞ostn br醤y, aby instala鑞 software HP mohl rozpoznat zazen v s韙i. Po dokon鑕n instalace m鶠ete software bezpe鑞ostn br醤y povolit. | 3=Informace o do鑑sn閙 zak醶醤 softwaru bezpe鑞ostn br醤y najdete v pru鑓e k tomuto softwaru. | 4=Dal氻 informace v鑕tn pokyn, jak chr醤it syst閙, pokud je bezpe鑞ostn br醤a zak醶醤a, najdete na webov str醤ce http://www.hp.com/support. Zvolte sv鵭 produkt a hledejte 刬nstalaci s韙 s bezpe鑞ostn韒i br醤ami". | [Shield.Roxio.Text.0x406] | 1=Dette program er installeret og er inkompatibel med denne software. | 2=Du skal enten fjerne eller opgradere programmet, f鴕 du forts鎡ter denne installation. | 3=舃n kontrolpanelet i Windows, og v鎙g Tilf鴍/fjern programmer for at fjerne programmet. | 4=Hvis du v鎙ger at opgradere det p錱鎙dende program, skal du bes鴊e http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml for at registrere og hente opgraderingen. | 5=Kontroller, at programmet er opgraderet eller fjernet, og klik derefter p Fors鴊 igen for at forts鎡te installationen. | [Shield.Firewalls.Text.0X406] | 1=Der blev fundet firewall-software p denne computer. | 2=Deaktiver firewall-softwaren, f鴕 du forts鎡ter, s HP-installationsprogrammet kan finde enheden p netv鎟ket. Du kan aktivere firewall-softwaren efter installationen. | 3=Se dokumentationen til firewall-softwaren for at f oplysninger om, hvordan den imidlertid kan deaktiveres. | 4=Hvis du 鴑sker flere oplysninger, bl.a. om hvordan du kan beskytte systemet, n錼 firewall'en er deaktiveret, skal du klikke ind p: http://www.hp.com/support og v鎙ge det p錱鎙dende produkt og s鴊e efter "netv鎟ksinstallationer med firewalls". | [Shield.Roxio.Text.0x407] | 1=Diese Anwendung ist installiert und mit dieser Software inkompatibel. | 2=Bevor Sie mit der Installation fortfahren, m黶sen Sie diese Anwendung entweder deinstallieren oder aktualisieren. | 3=Die Anwendung kann in der Windows-Systemsteuerung unter 'Software' deinstalliert werden. | 4=Wenn Sie diese Anwendung aktualisieren m鯿hten, besuchen Sie http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml f黵 die Registrierung und den Download der neuesten Version. | 5=Stellen Sie sicher, dass die Anwendung aktualisiert oder deinstalliert wurde, und klicken Sie anschlie遝nd auf 'Wiederholen', um die Installation fortzusetzen. | [Shield.Firewalls.Text.0X407] | 1=Auf diesem Computer ist Firewall-Software vorhanden. | 2=Deaktvieren Sie die Firewall-Software, bevor Sie fortfahren, damit die HP Installationssoftware das Ger鋞 auf dem Netzwerk erkennen kann. Sie k鰊nen die Firewall-Software nach der Installation erneut aktivieren. | 3=Informationen zur vor黚ergehenden Deaktivierung der Firewall-Software finden Sie in der zugeh鰎igen Dokumentation. | 4=Weitere Informationen 黚er Schutzm鰃lichkeiten f黵 Ihr System bei deaktivierter Firewall finden Sie unter: http://www.hp.com/support. W鋒len Sie Ihr Produkt, und suchen Sie anschlie遝nd nach "Netzwerkinstallation mit Firewalls". | [Shield.Roxio.Text.0x408] | 1=燥 瘃襻祆 狨酎 蓣彘 邈赆翎篝徼暹 赆 溴 暹磲 篚焘狒 戾 狨酎 麸 腼汩箪殛. | 2=旭蒺彘 暹翦 磲 赆翎胥摅弭 翮 邈赆糗篝狍 暹翦 磲 犴徕徼爝箦翦 狨酎 麸 瘃襻祆 瘃轫 篚礤鬟箦翦 狨艮 翮 邈赆糗篝狍. | 3=瞄 磲 赆翎胥摅弭 翮 邈赆糗篝狍 狨麸 麸 瘃镢褴祆狒矧, 痃汜唔弭 篝 "Add/Remove Programs" ("旭矬栳鲠唏弩 瘃镢襻祆荇") 篝镯 羞磲赆 咫葶黠. | 4=跑 屦殡蓊弭 磲 犴徕徼爝箦翦 狨酎 麸 瘃襻祆, 屦轶赍鲨暹翦 麸 http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml 汩 磲 邈泷狯暹翦 赆 磲 瘃徙灬麸痫檗箦翦 朕 翮 犴徕荑扉箸. | 5=洛忉轾桢唪  蓣彘 瘃徙灬麸痫殓桢 犴徕荑扉箸 赆糗胥珞 邈赆糗篝狍珧 麸 瘃镢褴祆狒矧 赆 蒺彘翎 贶眙 觌殛 篝珥 屦殡镢 "硼犴茈瑛" 汩 磲 篚礤鬟箦翦 翮 邈赆糗篝狍. | [Shield.Firewalls.Text.0X408] | 1=另轺礤珀 腼汩箪殛 翦喵秕 瘃矬翎筮狎 箦 狨酎 麸 躔镫镢轶艮. | 2=琉屙羼泔痫檗篝 麸 腼汩箪殛 翦喵秕 瘃矬翎筮狎 瘃轫 篚礤鬟箦翦 翦 麸 腼汩箪殛 邈赆糗篝狍珧 HP 磲 祓锺暹 磲 犴轺礤彘 翮 篚箨艴 篝 溥牯躏. 甜锺暹翦 磲 屙羼泔痫檗箦翦 麸 腼汩箪殛 翦喵秕 瘃矬翎筮狎 狯稞 镫镪腌聩桢 邈赆糗篝狍. | 3=腻唪 翮 翦觎珩啭箸 麸 翦喵秕 瘃矬翎筮狎 腼汩箪殛稞 汩 痣珩秭锺咤 篦弭殛 戾 翮 瘃矬轫 狃屙羼泔痫哏筠 麸. | 4=瞄 疱耖篌羼弪 痣珩秭锺咤, 篚祓羼殡犰忉盹燧盹 麸 赳秕 瘃矬翎筮狎 麸 篚篝揿狒 筢 犴 麸 翦喵矧 瘃矬翎筮狎 暹磲 狃屙羼泔痫殓燧盹, 屦轶赍鲨暹翦 翮 溟妪桴眢: http://www.hp.com/support, 屦殡蓊翦 麸 瘃嵇 筢 赆 瘃徙灬麸痫檗篝 犴徭摁珞 麸 "network installation with firewalls" (邈赆糗篝狍 篝 溥牯躏 戾 翦喵矧 瘃矬翎筮狎). | [Shield.Roxio.Text.0x409] | 1=This program is installed and is incompatible with this software. | 2=You must either uninstall or upgrade this program before continuing this installation. | 3=To uninstall this program, go to Add/Remove Programs in the Windows Control Panel. | 4=If you choose to upgrade this program, visit http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml to register and download the upgrade. | 5=Ensure the program is upgraded or uninstalled and then click Retry to continue installation. | [Shield.Firewalls.Text.0X409] | 1=Firewall software has been detected on this computer. | 2=Disable the software firewall before continuing so the HP installation software can detect the device on the network.You can enable the software firewall after completing the installation. | 3=See your software firewall documentation for information about how to temporarily disable it. | 4=For more information, including how to protect your system when the firewall is disabled visit: http://www.hp.com/support choose your product and search for "network installation with firewalls". | [Shield.Roxio.Text.0x40a] | 1=El programa est instalado y es compatible con este software. | 2=Antes de continuar con la instalaci髇, debe desinstalar o actualizar este programa. | 3=Para desinstalar este programa, vaya a Agregar o quitar programas en el Panel de control de Windows. | 4=Si decide actualizar el programa, visite http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml para registrarse y descargar la actualizaci髇. | 5=Aseg鷕ese de que el programa est actualizado o desinstalado y, a continuaci髇, haga clic en Reintentar para continuar con la instalaci髇. | [Shield.Firewalls.Text.0X40a] | 1=Se ha detectado software de servidor de seguridad en este equipo. | 2=Antes de continuar, desactive el servidor de seguridad de software para que el software de instalaci髇 de HP pueda detectar el dispositivo en la red. Puede activar el servidor de seguridad de software una vez terminada la instalaci髇. | 3=Consulte la documentaci髇 del servidor de seguridad de software para obtener informaci髇 sobre c髆o desactivarlo temporalmente. | 4=Si necesita m醩 informaci髇, incluido c髆o proteger el sistema cuando el servidor de seguridad est desactivado, visite http://www.hp.com/support, elija el producto y busque "instalaci髇 en redes con servidores de seguridad". | [Shield.Roxio.Text.0x40b] | 1=T鋗 ohjelma on asennettu, eik se ole yhteensopiva ohjelmiston kanssa. | 2=Sinun on poistettava tai p鋓vitett鋠 ohjelma, ennen kuin jatkat asentamista. | 3=Voit poistaa ohjelman valitsemalla Windowsin Ohjauspaneelista Lis滗 tai poista sovellus. | 4=Jos p滗t鋞 p鋓vitt滗 t鋗鋘 ohjelman, rekister鰅 ja lataa p鋓vitys osoitteessa http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml. | 5=Varmista, ett ohjelma on p鋓vitetty tai poistettu. Jatka sitten asennusta valitsemalla Yrit uudelleen. | [Shield.Firewalls.Text.0X40b] | 1=Tietokoneessa on havaittu palomuuriohjelmisto. | 2=Poista palomuuriohjelmisto k鋣t鰏t ennen jatkamista, jotta HP:n asennusohjelma pystyy tunnistamaan verkossa olevan laitteen. Voit ottaa palomuuriohjelmiston uudelleen k鋣tt鲻n, kun asennus on valmis. | 3=Katso ohjelmiston k鋣tt鰋ppaista ohjeet palomuuriohjelmiston v鋖iaikaisesta k鋣t鰏t poistamisesta. | 4=Lis鋞ietoja (esimerkiksi tietoja j鋜jestelm鋘 suojaamisesta, kun palomuuri ei ole k鋣t鰏s) on osoitteessa http://www.hp.com/support. Valitse tuotteesi ja etsi tietoa verkkoasennuksesta j鋜jestelm滗n, jossa on palomuuri. | [Shield.Roxio.Text.0x40c] | 1=Ce programme est install mais n'est pas compatible avec ce logiciel. | 2=Vous devez d閟installer ou mettre niveau ce programme pour poursuivre l'installation. | 3=Pour d閟installer ce programme, ouvrez la fen阾re Ajout/Suppression de programmes du Panneau de configuration Windows. | 4=Si vous choisissez de mettre niveau ce programme, visitez http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml pour enregistrer et t閘閏harger la mise niveau. | 5=V閞ifiez que le programme est mis niveau ou d閟install, puis cliquez sur R閑ssayer pour poursuivre l'installation. | [Shield.Firewalls.Text.0X40c] | 1=Un logiciel pare-feu a 閠 d閠ect sur cet ordinateur. | 2=D閟activez le pare-feu logiciel avant de poursuivre afin que le logiciel d'installation HP puisse d閠ecter le p閞iph閞ique sur le r閟eau. Une fois l'installation termin閑, vous pouvez activer nouveau le pare-feu. | 3=Pour obtenir des informations sur la d閟activation temporaire du pare-feu, reportez-vous la documentation de ce dernier. | 4=Pour plus d'informations, y compris sur la protection de votre syst鑝e lorsque le pare-feu est d閟activ, visitez le site d'assistance http://www.hp.com/support, s閘ectionnez votre produit, puis lancez une recherche sur "installation en r閟eau avec pare-feu". | [Shield.Roxio.Text.0x40E] | 1=Ez a program telep韙ve van, 閟 nem kompatibilis ezzel a szoftverrel. | 2=A telep韙閟 folytat醩a el鮰t el kell t醰ol韙ania vagy friss韙enie kell a szoftvert. | 3=A program elt醰ol韙醩醜oz v醠assza a Vez閞l鮬ult Programok telep韙閟e/t鰎l閟e lehet鮯間閠. | 4=Ha a program friss韙閟e mellett d鰊t, akkor l醫ogassa meg a http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml oldalt, 閟 regisztr醕i ut醤 t鰈tse le a friss韙閟t. | 5=Gy鮶鮠j鰊 meg r髄a, hogy a program friss韙ve van vagy el lett t醰ol韙va, majd a telep韙閟 folytat醩醜oz nyomja meg az 趈ra gombot. | [Shield.Firewalls.Text.0X40E] | 1=A sz醡韙骻閜en t鹺falprogram tal醠hat. | 2=A folytat醩 el鮰t kapcsolja ki a t鹺falprogramot annak 閞dek閎en, hogy a HP telep韙鮬rogramja megtal醠ja az eszk鰖t a h醠髗aton. A telep韙閟 befejez閟e ut醤 visszakapcsolhatja a t鹺falprogramot. | 3=Az ideiglenes kikapcsol醩 m骴j醰al kapcsolatban olvassa el a t鹺falprogram dokument醕i骿醫. | 4=Tov醔bi inform醕i髃閞t (a kikapcsolt t鹺fal melletti rendszerv閐elemr鮨 is) l醫ogassa meg a http://www.hp.com/support c韒 oldalt, v醠assza ki a term閗閠, 閟 keresse meg a "network installation with firewalls" (h醠髗ati telep韙閟 t鹺falakkal) c韒 r閟zt. | [Shield.Roxio.Text.0x410] | 1=Questo programma installato e non compatibile con il software. | 2= necessario disinstallare o aggiornare il programma prima di continuare l'installazione. | 3=Per disinstallare il programma, scegliere Installazione applicazioni nel Pannello di controllo di Windows. | 4=Se si sceglie di aggiornare questo programma, visitare http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml per registrarsi e scaricare l'aggiornamento. | 5=Verificare che il programma sia aggiornato e fare clic su Riprova per continuare l'installazione. | [Shield.Firewalls.Text.0X410] | 1=Il software del firewall stato rilevato sul computer. | 2=Disattivare il firewall prima di continuare in modo che il software di installazione HP possa rilevare la periferica sulla rete. Sar possibile attivare il firewall al termine dell'installazione. | 3=Consultare la documentazione del firewall per informazioni su come disattivarlo temporaneamente. | 4=Per ulteriori informazioni, compreso come proteggere il sistema quando il firewall disabilitato, visitare: http://www.hp.com/support, scegliere il prodotto e cercare l'argomento "installazione di rete con i firewall". | [Shield.Roxio.Text.0x11] | 1=僀儞僗僩乕儖偟偨僾儘僌儔儉偼丄偙偺\僼僩僂僃傾偵弨嫆偟偰偄傑偣傫丅 | 2=僀儞僗僩乕儖傪懕峴偡傞慜偵丄偙偺僾儘僌儔儉傪傾儞僀儞僗僩乕儖傑偨偼峏怴偡傞昁梫偑偁傝傑偡丅 | 3=Windows 僐儞僩儘乕儖僷僱儖偺 [傾僾儕働乕僔儑儞偺捛壛偲嶍彍] 傪巊偭偰丄僾儘僌儔儉傪傾儞僀儞僗僩乕儖偟傑偡丅 | 4=僾儘僌儔儉傪峏怴偡傞応崌偼丄http://www.roxio.com/en/support/ecdc/ecdc_plat_535_updt.jhtml 偵搊榐偟偰丄峏怴傪僟僂儞儘乕僪偟傑偡丅 | 5=僾儘僌儔儉偺峏怴傑偨偼傾儞僀儞僗僩乕儖偺姰椆傪妋擣偟偨屻 丄[嵞帋峴] 傪僋儕僢僋偟偰僀儞僗僩乕儖傪懕峴偟傑偡丅 | [Shield.Firewalls.Text.0X11] | 1=偙偺僐儞僺儏乕僞偵偼僼傽僀傾僂僅乕儖 \僼僩僂僃傾偑専弌偝傟偰偄傑偡丅 | 2=嶌嬈傪恑傔傞慜偵\僼僩僂僃傾 僼傽僀傾僂僅乕儖傪僆僼偵偟傑偡丅偙偆偡傞偙偲偱丄偙偺 HP 僀儞僗僩乕儖 \僼僩僂僃傾偑僱僢僩儚乕僋忋偺僨僶僀僗傪専弌偱偒傞傛偆偵側傝傑偡丅\僼僩僂僃傾 僼傽僀傾僂僅乕儖偼僀儞僗僩乕儖姰椆屻偵僆儞偵偟傑偡丅 | 3=\僼僩僂僃傾 僼傽僀傾僂僅乕儖傪堦帪揑偵僆僼偵偡傞曽朄偵偮偄偰偼丄\僼僩僂僃傾 僼傽僀傾僂僅乕儖偺儅僯儏傾儖傪嶲徠偟偰偔偩偝偄丅 | 4=僼傽僀傾僂僅乕儖偑柍岠偵側偭偨応崌偺僔僗僥儉偺曐岇曽朄側偳偺徻嵶偵偮偄偰偼丄http://www.hp.com/support 偵傾僋僙僗偟偰丄惢昳柤傪慖傃 "network installation with firewalls" (僼傽僀傾僂僅乕儖晅偒僱僢僩儚乕僋 僀儞僗僩儗乕僔儑儞)偱専嶕偟偰偔偩偝偄丅 | [Shield.Roxio.Text.0x12] | 1=橇肺弊伐捞 汲摹登绊 捞 家橇飘傀绢客 龋券登瘤 臼嚼聪促. | 2=汲摹甫 拌加窍妨搁 橇肺弊伐阑 力芭窍芭唱 诀弊饭捞靛秦具 钦聪促. | 3=橇肺弊伐阑 力芭窍妨搁 Windows 力绢魄狼 [橇肺弊伐 眠啊/力芭]肺 癌聪促. | 4=橇肺弊伐阑 诀弊饭捞弊窍档废 急琶窍搁 http://www.roxio.com/en/support/ecdc/ecdc_...35_updt.jhtml甫 凯绢 殿废窍绊 诀弊饭捞靛甫 促款肺靛钦聪促. | 5=橇肺弊伐捞 诀弊饭捞靛登芭唱 力芭登菌绰瘤 犬牢茄 饶 [促矫 矫档]甫 喘矾 汲摹甫 拌加窍绞矫坷. | [Shield.Firewalls.Text.0X12] | 1=规拳寒 家橇飘傀绢啊 捞 哪腔磐俊辑 八祸登菌嚼聪促. | 2=拌加窍妨搁 家橇飘傀绢 规拳寒 荤侩阑 吝窜窍咯 HP 汲摹 家橇飘傀绢俊辑 匙飘况农惑狼 厘摹甫 八祸且 荐 乐档废 窍绞矫坷. 汲摹甫 付模 饶俊 家橇飘傀绢 规拳寒阑 荤侩窍档废 汲沥且 荐 乐嚼聪促. | 3=老矫利牢 荤侩 吝窜俊 措茄 沥焊绰 秦寸 规拳寒 家橇飘傀绢狼 包访 巩辑甫 曼炼窍绞矫坷. | 4=规拳寒阑 荤侩窍瘤 臼阑 锭 矫胶袍阑 焊龋窍绰 规过 殿俊 措茄 磊技茄 沥焊绰 http://www.hp.com/support俊辑 秦寸 力前阑 急琶茄 促澜 "network installation with firewalls"(规拳寒捞 乐绰 匙飘况农 汲摹)甫 八祸窍绞矫坷. | [Shield.Roxio.Text.0x413] | 1=Dette programmet er installert og er inkompatibelt med denne programvaren. | 2=Du m enten avinstallere eller oppgradere dette programmet f鴕 du fortsetter installasjonen. | 3=G til Legg til / fjern programmer i Kontrollpanel i Windows for avinstallere programmet. | 4=Hvis du velger oppgradere dette programmet, g錼 du til http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml for registrere deg og laste ned oppgraderingen. | 5=Kontroller at programmet er oppgradert eller avinstallert, og klikk deretter p Pr鴙 p nytt for fortsette installasjonen. | [Shield.Firewalls.Text.0X413] | 1=Det er funnet brannmurprogramvare p denne datamaskinen. | 2=Deaktiver programvarebrannmuren f鴕 du fortsetter, slik at installeringsprogramvaren fra HP kan finne enheten p nettverket. Du kan aktivere programvarebrannmuren etter at installeringen er fullf鴕t. | 3=Se dokumentasjonen for programvarebrannmuren for f informasjon om hvordan du deaktiverer den midlertidig. | 4=Hvis du vil ha mer informasjon, inkludert hvordan du beskytter systemet ditt mens brannmuren er deaktivert, g til: http://www.hp.com/support. Velg produktet ditt, og s鴎 etter "nettverksinstallering med brannmurer". | [Shield.Roxio.Text.0x415] | 1=Program ten zosta zainstalowany i nie jest on zgodny z tym oprogramowaniem. | 2=Program ten nale縴 odinstalowa albo zaktualizowa przed kontynuacj instalacji. | 3=Aby odinstalowa ten program, przejd do opcji Dodaj/Usu programy w panelu sterowania Windows. | 4=Je縠li program ma zosta zaktualizowany, odwied http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml, aby zarejestrowa i pobra aktualizacj oprogramowania. | 5=Sprawd, czy program zosta zaktualizowany lub odinstalowany, a nast阷nie kliknij przycisk Pon體 pr骲, aby kontynuowa instalacj. | [Shield.Firewalls.Text.0X415] | 1=Wykryto programow zapor firewall na tym komputerze. | 2=Przed kontynuowaniem wy彻cz programow zapor firewall, tak aby oprogramowanie instalacyjne HP mog硂 wykry urz筪zenie w sieci. Po zako馽zeniu instalacji mo縩a ponownie w彻czy programow zapor firewall. | 3=Informacje na temat wy彻czenia tymczasowego programowej zapory firewall mo縩a znale熸 w dokumentacji tego oprogramowania. | 4=Wi阠ej informacji na temat zabezpieczenia systemu z wy彻czon zapor firewall mo縩a znale熸 na stronie: http://www.hp.com/support. Nale縴 wybra urz筪zenie i wpisa tekst do wyszukania: "instalacja sieciowa w systemach z zaporami firewall. | [Shield.Roxio.Text.0x416] | 1=O programa est instalado e incompat韛el com o software. | 2=Voc deve desinstalar ou atualizar o programa antes de continuar com a instala玢o. | 3=Para desinstalar o programa, v para Adicionar ou Remover Programas no Painel de Controle do Windows. | 4=Se optar por atualizar o programa, visite http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml para se registrar e fazer o download da atualiza玢o. | 5=Verifique se o programa foi atualizado ou desinstalado e clique em Repetir para continuar com a instala玢o. | [Shield.Firewalls.Text.0X416] | 1=O software de firewall foi detectado neste computador. | 2=Desative o firewall de software antes de continuar, para que o software de instala玢o HP possa detectar o dispositivo na rede. Voc pode ativar o firewall de software ap髎 concluir a instala玢o. | 3=Consulte a documenta玢o do firewall de software para obter informa珲es sobre como desativ-lo temporariamente. | 4=Para obter mais informa珲es, inclusive sobre como proteger o sistema quando o firewall for desativado, visite: http://www.hp.com/support. Escolha o produto e procure por "instala玢o em uma rede com firewalls". | [Shield.Roxio.Text.0x419] | 1=蒡 镳钽疣祆 篑蜞眍怆屙 礤耦忪羼蜩爨 溧眄 镳钽疣祆睇 钺羼镥麇龛屐. | 2=襄疱 镳钿铍驽龛屐 铋 篑蜞眍怅 礤钺躅滂祛 箐嚯栩 桦 钺眍忤螯  镳钽疣祆. | 3=昨钺 箐嚯栩  镳钽疣祆, 恹徨痂蝈 玉蜞眍怅 箐嚯屙桢 镳钽疣祆 磬 镟礤腓 箫疣怆屙 Windows. | 4=篷腓 恹 疱腓 钺眍忤螯  镳钽疣祆, 镱皴蜩蝈 http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml, 黩钺 玎疱汨耱痂痤忄螯 玎沭箸栩  钺眍怆屙桢. | 5=吾眍忤蝈 桦 箐嚯栩  镳钽疣祆 磬骒栩 觏铒牦 项怛铕栩, 黩钺 镳钿铍骅螯 篑蜞眍怅. | [Shield.Firewalls.Text.0X419] | 1=袜 觐祜蝈疱 钺磬痼驽 镳钽疣祆睇 狃囗潇囿. | 2=橡彐溴 麇 镳钿铍骅螯, 铗觌栩 镳钽疣祆睇 狃囗潇囿, 黩钺 镳钽疣祆 篑蜞眍怅 HP 耢钽豚 钺磬痼骅螯 篑蝠铋耱忸 皴蜩. 橡钽疣祆睇 狃囗潇囿 祛骓 狍溴 怅膻麒螯 镱耠 玎忮瘌屙 篑蜞眍怅. | 3=碾 镱塍麇龛 桧纛痨圉梃 蝾, 赅 怵屐屙眍 铗觌栩 镳钽疣祆睇 狃囗潇囿, 耢. 铗眍 礤祗 漕牦戾眚圉棹. | 4=碾 镱塍麇龛 漕镱腠栩咫铋 桧纛痨圉梃, 蝾 麒耠 玎蝈 耔耱屐 镳 铗觌屙眍 狃囗潇囿, 镱皴蜩蝈 耱疣龛鲶 http://www.hp.com/support, 恹徨痂蝈 眢骓 镳钿箨 恹镱腠栩 镱桉 镱 麴噻 "network installation with firewalls". | [Shield.Roxio.Text.0x41d] | 1=Programmet har installerats men 鋜 inte kompatibelt med den h鋜 programvaran. | 2=Du m錽te avinstallera eller uppdatera programmet innan du forts鋞ter med installationen. | 3=Du avinstallerar programmet genom att g till L鋑g till/ta bort program i Kontrollpanelen i Windows. | 4=Om du v鋖jer att uppdatera programmet g錼 du http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml f鰎 att registrera dig och h鋗ta uppdateringen. | 5=Kontrollera att du uppdaterat eller avinstallerat programmet och klicka p F鰎s鰇 igen s forts鋞ter installationen . | [Shield.Firewalls.Text.0X41d] | 1=Brandv鋑gsprogramvara har uppt鋍kts p datorn. | 2=Avaktivera brandv鋑gen innan du forts鋞ter s att HP-installationen kan uppt鋍ka enheten p n鋞verket. Du kan aktivera brandv鋑gen igen n鋜 du har slutf鰎t installationen. | 3=Mer information om hur du tempor鋜t avaktiverar brandv鋑gen finns i programdokumentationen. | 4=Mer information om hur du skyddar datorn n鋜 brandv鋑gen 鋜 avaktiverad finns p webbsidan: http://www.hp.com/support. V鋖j produkt och s鰇 efter "n鋞verksinstallation med brandv鋑gar". | [Shield.Roxio.Text.0x41F] | 1=Bu program y黭l ve bu yaz齦齧la uyumlu de餴l. | 2=Y黭leme iemine devam etmeden 鰊ce bu program kald齬mal veya y黭seltmelisiniz. | 3=Bu program kald齬mak i鏸n, Windows Denetim Masas'nda Program Ekle/Kald齬'a gidin. | 4=Bu program y黭seltmeyi se鏴rseniz, http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml sitesini ziyaret ederek kay齮 olun ve y黭seltme s黵黰黱 indirin. | 5=Program齨 y黭seltildi餴nden veya kald齬齦d齨dan emin olun ve y黭lemeye devam etmek i鏸n Yeniden Dene'yi t齥lat齨. | [Shield.Firewalls.Text.0X41F] | 1=Bu bilgisayarda g黺enlik duvar yaz齦齧 alg齦and. | 2=Devam etmeden 鰊ce, HP y黭leme yaz齦齧齨齨 a 鼁erindeki ayg齮 alg齦ayabilmesi i鏸n yaz齦齧 g黺enlik duvar齨 devre d b齬ak齨. Y黭leme iemini tamamlad齥tan sonra g黺enlik duvar齨 yeniden etkinle⺶irebilirsiniz. | 3=Yaz齦齧 g黺enlik duvar齨 ge鏸ci olarak devre d b齬akma konusunda bilgi almak i鏸n ilgili belgelere bak齨. | 4=G黺enlik duvar devre d oldu饀nda sisteminizi nas齦 koruyaca瘕n齴 gibi di餰r bilgiler almak i鏸n, http://www.hp.com/support adresini ziyaret edin, 黵黱黱鼁 se鏸n ve 揼黺enlik duvar olan a餫 y黭leme yapma" konusunu aray齨. | [shield.roxio.text] | 1=[%lang%] This program is installed and is incompatible with this software. | 2=[%lang%] You must either uninstall or upgrade this program before continuing this installation. | 3=[%lang%] To uninstall this program, go to Add/Remove Programs in the Windows Control Panel. | 4=[%lang%] If you choose to upgrade this program, visit http://www.roxio.com/en/support/ecdc/ecdc_..._535_updt.jhtml to register and download the upgrade. | 5=[%lang%] Ensure the program is upgraded or uninstalled and then click Retry to continue installation. | [Shield.Firewalls.Text] | 1=[%lang%] Firewall software has been detected on this computer. | 2=[%lang%] Disable the software firewall before continuing so the HP installation software can detect the device on the network.You can enable the software firewall after completing the installation. | 3=[%lang%] See your software firewall documentation for information about how to temporarily disable it. | 4=[%lang%] For more information, including how to protect your system when the firewall is disabled visit: http://www.hp.com/support choose your product and search for "network installation with firewalls". | [DirectX] | Version=0x0004000900000384 | [setup.bitmap.text.0x404] | 1=稰谅眤匡潦 HP 玻珇 | 2=度眖竚獽恨瞶眤┮Τ HP 玻珇... | 3=HP  - ㄏ︹眒翧ネ笆 | 4=е硉盡穨弧 - 硓筁棵辊呼隔┪筿杠眔 | 5=爹 HP - 盢眤玻珇祇揣程 | [setup.bitmap.CUE.text.0x404] | 1=稰谅眤匡潦 HP 玻珇 | 2=度眖竚獽恨瞶眤┮Τ HP 玻珇... | 3=淮肞籹计 | 4=ㄌら戳闽龄竚㎝よΑ淮肞穓碝眤瓜 | 5=笆確糤眏眤 | 6=獽倍ノ - ぃ惠璶更ン | 7=ㄌ眤惠―贺ぃへ | 8=虏虫よ獽絛セノㄓ籹ら句籔承種盡 | 9=ㄏノ笆计┏玂臔眤 | 10=HP  - ㄏ︹眒翧ネ笆 | 11=е硉盡穨弧 - 硓筁棵辊呼隔┪筿杠眔 | 12=爹 HP - 盢眤玻珇祇揣程 | 13=秆ノ - ㄏノ棵辊旧凝 | [setup.bitmap.IZE.text.0x404] | 1=稰谅眤匡潦 HP 玻珇 | 2=度眖竚獽恨瞶眤┮Τ HP 玻珇... | 3=Τ虏て眤`癸┮笆 | 4=ㄌ闽龄ら戳㎝よΑт眤瓜 | 5=笆確┪琌ㄏノΩЧΘ笆確\矪瞶 | 6=獽倍ノ - ぃ惠璶更ン | 7=ㄌ眤惠―贺ぃへ | 8=纗茂肚癳倒癬だㄉ | 9=HP  - ㄏ︹眒翧ネ笆 | 10=е硉盡穨弧 - 硓筁棵辊呼隔┪筿杠眔 | 11=爹 HP - 盢眤玻珇祇揣程 | [setup.bitmap.text] | 1=[%lang%] Thank you for choosing HP. | 2=[%lang%] Only one place to go to manage all your HP products... | 3=[%lang%] HP Supplies - rich, vivid colors that last. | 4=[%lang%] Fast, expert help - onscreen, web or phone. | 5=[%lang%] Sign up with HP - get the most from your products. | [setup.bitmap.CUE.text] | 1=[%lang%] Thank you for choosing HP. | 2=[%lang%] Only one place to go to manage all your HP products... | 3=[%lang%] Digital photos made EASY | 4=[%lang%] Easily find your pictures by date, keyword, place and more | 5=[%lang%] Fix and enhance your photos automatically. | 6=[%lang%] Hassle free photo sharing - no downloading attachments. | 7=[%lang%] Print the photos you want in a variety of sizes | 8=[%lang%] Easy templates for cards, calendars, and much more! | 9=[%lang%] Safeguard your photos with automatic digital negatives! | 10=[%lang%] HP Supplies - rich, vivid colors that last. | 11=[%lang%] Fast, expert help - onscreen, web or phone. | 12=[%lang%] Sign up with HP - get the most from your products. | 13=[%lang%] Learn more to do more - take the onscreen tour. | [setup.bitmap.IZE.text] | 1=[%lang%] HP'yi se鐃i餴niz i鏸n te㧐kk黵 ederiz. | 2=[%lang%] T黰 HP 黵黱lerinizi y鰊etebilece餴niz tek yer... | 3=[%lang%] Foto餽aflara yapt齥lar齨齴 basitle⺶irmek 鼁ere tasarland | 4=[%lang%] Foto餽aflar anahtar s鰖ce, tarihe ya da ba⺧a 鰈琰tlere g鰎e hemen bulun | 5=[%lang%] Foto餽aflar齨齴 kendiniz onar齨 ya da i㱮 Otomatik Onarma 鰖elli餴ne b齬ak齨. | 6=[%lang%] Kolay foto餽af paylam - ek g鰊dermeye ve almaya son. | 7=[%lang%] Foto餽aflar齨齴 istedi餴niz boyutta bas齨 | 8=[%lang%] Alb黰 sayfalar齨齴 kaydederek yazd齬齨 ve dostlar齨齴a g鰊derin. | 9=[%lang%] HP sarf malzemeleri - parlak ve canl kal齝 renkler. | 10=[%lang%] H齴l ve uzman yard齧 - ekranda, web 鼁erinde ve telefon ile. | 11=[%lang%] HP'ye kay齮 olun - 黵黱黱鼁den en y黭sek verimi al齨. | [setup.bitmap.text.0x804] | 1=感谢您选购 HP 产品。 | 2=集中管理所有的 HP 产品... | 3=HP 耗材 - 色彩丰富生动,历久弥新。 | 4=快捷、专业的帮助 - 可随时查阅联机帮助、或通过网络或电话获得支持。 | 5=注册到 HP - 充分利用您的产品。 | [setup.bitmap.CUE.text.0x804] | 1=感谢您选购 HP 产品。 | 2=集中管理所有的 HP 产品... | 3=轻松制作数码照片 | 4=按日期、关键字、地点等条件轻松查找图片 | 5=自动修复照片并增强效果。 | 6=轻松共享照片 - 再也不用下载附件。 | 7=打印各种尺寸的照片 | 8=明信片、日历等多种简易模板! | 9=自动使用数字底片保护您的照片! | 10=HP 耗材 - 色彩丰富生动,历久弥新。 | 11=快捷、专业的帮助 - 可随时查阅联机帮助、或通过网络或电话获得支持。 | 12=注册到 HP - 充分利用您的产品。 | 13=了解更多 - 使用屏幕上的产品简介。 | [setup.bitmap.IZE.text.0x804] | 1=感谢您选购 HP 产品。 | 2=集中管理所有的 HP 产品... | 3=简化对照片的处理过程 | 4=按关键字、日期等条件轻松查找图片 | 5=手动修复照片,或者单击一下“自动修复”,让它替您完成。 | 6=轻松共享照片 - 再也不用下载附件。 | 7=打印各种尺寸的照片 | 8=保存相册页,进行打印或发送给亲友。 | 9=HP 耗材 - 色彩丰富生动,历久弥新。 | 10=快捷、专业的帮助 - 可随时查阅联机帮助、或通过网络或电话获得支持。 | 11=注册到 HP - 充分利用您的产品。 | [setup.bitmap.text.0x5] | 1=D靕ujeme v醡, 瀍 jste si vybrali spole鑞ost Hewlett-Packard. | 2=V歟chny produkty HP lze dit z jedin閔o m韘ta... | 3=Spot鴈bn materi醠 HP - jasn a 瀒v barvy, kter vydr烅. | 4=Rychl, profesion醠n n醦ov靌a na obrazovce, na webu nebo po telefonu. | 5=Zaregistrujte se u spole鑞osti HP - vyu瀒jte sv produkty co nejl閜e. | [setup.bitmap.CUE.text.0x5] | 1=D靕ujeme v醡, 瀍 jste si vybrali spole鑞ost Hewlett-Packard. | 2=V歟chny produkty HP lze dit z jedin閔o m韘ta... | 3=SNADN digit醠n fotografov醤 | 4=Fotografie lze snadno vyhledat pomoc data, kl龛ov閔o slova, m韘ta a dal氻ch atribut. | 5=Fotografie lze automaticky upravit. | 6=Konec zmatk p鴌 sd韑en fotografi - ji nen t鴈ba stahovat plohy. | 7=V齜靣 fotografi pro tisk i velikost v齮isk je nyn zcela na v醩. | 8=Se 歛blonami je tvorba pohlednic a kalend狲 hra鑛ou. | 9=Fotografie budou v bezpe桧 d韐y automatick齧 digit醠n韒 negativ鵰. | 10=Spot鴈bn materi醠 HP - jasn a 瀒v barvy, kter vydr烅. | 11=Rychl, profesion醠n n醦ov靌a na obrazovce, na webu nebo po telefonu. | 12=Zaregistrujte se u spole鑞osti HP - vyu瀒jte sv produkty co nejl閜e. | 13=Zjist靦e dal氻 informace - v靚ujte p醨 minut kurzu na obrazovce. | [setup.bitmap.IZE.text.0x5] | 1=D靕ujeme v醡, 瀍 jste si vybrali spole鑞ost Hewlett-Packard. | 2=V歟chny produkty HP lze dit z jedin閔o m韘ta... | 3=C韑em je zjednodu歩t 鑙nnosti, kter s foto

#4 crazyd

crazyd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 15 October 2008 - 08:37 PM

Hi thanks for replying to my post.Couples of things i got the reports OTveiwIT which i copy and paste below.However i didnt get to scann the computer Kaspersky Online Scanner i dont know why but i have also posted the error message so maybe you can tell me what to do.Also i have uninstall my anti-virus AVG8(Free) to try to use the Kasperky should i install it back.Another thing is you said if you dont relpy in 24hrs to send you a PM can you tell me what is a PM plz.Thank you.

OTviewIT Logs
OTveiwIT
OTViewIt logfile created on: 10/15/2008 9:16:51 PM - Run 4
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Administrator\Desktop\log
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 510.20 Mb Available Physical Memory | 49.90% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 21.93 Gb Free Space | 56.15% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 27.87 Gb Free Space | 71.35% Space Free | Partition Type: NTFS
Drive E: | 154.76 Gb Total Space | 112.87 Gb Free Space | 72.93% Space Free | Partition Type: NTFS
Drive F: | 469.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 614.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HEAVEN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/08/30 19:03:45 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/08/30 19:03:45 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/09/20 04:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2008/09/27 17:14:53 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2004/08/03 12:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2007/02/07 22:04:50 | 00,239,104 | R--- | M] () -- C:\heap41a\svchost.exe
[2006/08/14 08:00:04 | 16,050,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2004/12/13 21:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2005/10/26 11:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[2007/04/03 18:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
[2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/05/21 07:00:22 | 00,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
[2007/09/20 10:35:10 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[2005/06/08 11:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
[2007/09/20 10:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
[2007/09/20 10:35:40 | 01,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[2005/08/10 02:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
[2006/02/24 06:58:14 | 00,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
[2006/08/31 19:33:02 | 00,115,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2004/08/03 12:56:52 | 03,148,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2003/08/06 08:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
[2004/12/13 21:36:08 | 00,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe
[2008/10/11 16:58:57 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\log\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/27 16:06:06 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/09/23 02:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/08/30 19:03:45 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/09/23 02:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/11/13 20:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/09/20 04:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2007/09/20 10:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2003/07/28 07:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/09/27 17:14:53 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/04/30 04:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus [Boot | Running])
[2004/04/30 04:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi [Boot | Running])
[2004/08/03 10:59:44 | 00,095,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2006/08/30 19:03:45 | 01,681,920 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2006/08/30 19:11:04 | 00,168,576 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW [On_Demand | Running])
[2007/03/05 15:51:24 | 00,034,576 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
[2007/03/05 16:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])
[2007/03/05 15:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT [On_Demand | Stopped])
[2007/03/05 16:01:18 | 00,039,184 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb [On_Demand | Running])
[2006/09/19 16:20:04 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
[2007/03/05 15:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum [Boot | Running])
[2007/03/05 15:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2006/09/19 16:19:58 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2006/09/19 16:20:06 | 00,274,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2006/09/19 16:20:02 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])
[2006/11/22 08:41:18 | 00,022,416 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
[2006/09/19 11:54:16 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/08/15 08:41:16 | 04,368,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/09/19 17:19:58 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/09/19 16:20:06 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2001/08/23 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2006/11/10 04:45:42 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31bus.sys -- (SE31bus [On_Demand | Running])
[2006/11/10 04:45:50 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mdfl.sys -- (SE31mdfl [On_Demand | Running])
[2006/11/10 04:45:52 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mdm.sys -- (SE31mdm [On_Demand | Running])
[2006/11/10 04:45:56 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mgmt.sys -- (SE31mgmt [On_Demand | Running])
[2006/11/10 04:46:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se31nd5.sys -- (se31nd5 [On_Demand | Running])
[2006/11/10 04:46:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31obex.sys -- (SE31obex [On_Demand | Running])
[2006/11/10 04:46:12 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se31unic.sys -- (se31unic [On_Demand | Running])
[2006/09/19 11:52:53 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/09/27 17:02:05 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/05 15:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm [On_Demand | Running])
[2007/03/05 15:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
[2006/02/20 12:59:28 | 00,058,288 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus [On_Demand | Stopped])
[2006/02/20 12:59:32 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl [On_Demand | Stopped])
[2006/02/20 12:59:34 | 00,094,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm [On_Demand | Stopped])
[2006/02/20 12:59:34 | 00,085,408 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt [On_Demand | Stopped])
[2006/02/20 12:59:36 | 00,083,344 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"provider"=MSN

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.google.com
"Start Page"=about:blank

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.google.com
"Start Page"=about:blank

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.google.com
"Start Page"=about:blank

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.google.com
"Start Page"=about:blank

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"provider"=MSN

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (781 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (HKLM) -- C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" (HKLM) -- C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions (Sony Ericsson Mobile Communications AB)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"Vistadrv"=C:\WINDOWS\system32\vsdrv.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)
"Comrade.exe"=C:\Program Files\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"L08AXLRD_5793187"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m (Microsoft Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)
"Comrade.exe"=C:\Program Files\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"L08AXLRD_5793187"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m (Microsoft Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PackNoVs"="C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (Home)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PackNoVs"="C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (Home)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"=rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (Microsoft Corporation)
"nlpo_02"=cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (Microsoft Corporation)
"nlpo_03"=rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (Microsoft Corporation)
"nlpo_04"=cmd.exe /c md "%SystemRoot%\System32\dllcache" (Microsoft Corporation)
"nlpo_05"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (Microsoft Corporation)
"nlpo_06"=rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (Microsoft Corporation)
"nlpo_07"=rundll32 advpack.dll,LaunchINFSection nlite.inf,S (Microsoft Corporation)
"PackNoVs"="C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (Home)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"=rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (Microsoft Corporation)
"nlpo_02"=cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (Microsoft Corporation)
"nlpo_03"=rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (Microsoft Corporation)
"nlpo_04"=cmd.exe /c md "%SystemRoot%\System32\dllcache" (Microsoft Corporation)
"nlpo_05"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (Microsoft Corporation)
"nlpo_06"=rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (Microsoft Corporation)
"nlpo_07"=rundll32 advpack.dll,LaunchINFSection nlite.inf,S (Microsoft Corporation)
"PackNoVs"="C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (Home)

========== (O4) Startup Folders ==========

[2008/09/27 16:06:01 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[2007/04/02 10:36:54 | 00,657,168 | ---- | M] (IVT Corporation.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoRemoteRecursiveEvents"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"status"=present
"winlogon"=C:\heap41a\svchost.exe -- [2007/02/07 22:04:50 | 00,239,104 | R--- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"verbosestatus"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"SetVisualStyle"=C:\WINDOWS\Resources\Themes\Crystal Clear Aero\Crystal Clear Aero.mss -- File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"SetVisualStyle"=C:\WINDOWS\Resources\Themes\Crystal Clear Aero\Crystal Clear Aero.mss -- File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"SetVisualStyle"=C:\WINDOWS\Resources\Themes\Crystal Clear Aero\Crystal Clear Aero.mss -- File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"SetVisualStyle"=C:\WINDOWS\Resources\Themes\Crystal Clear Aero\Crystal Clear Aero.mss -- File not found

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"NoSMConfigurePrograms"=1
"NoSaveSettings"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2006/09/27 16:45:28 | 00,544,032 | ---- | M] (Microsoft Corporation)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/12 21:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2006/09/27 16:45:28 | 00,544,032 | ---- | M] (Microsoft Corporation)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/13 21:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 06:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 06:06:34 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/12 21:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2008/09/24 03:06:11 | 00,720,896 | R--- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}: Button: Encarta Search Bar -- %CommonProgramFiles%\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL [2007/05/21 07:00:20 | 00,293,656 | ---- | M] (Microsoft Corporation)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: &FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-436374069-2111687655-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/05/23 13:55:06 | 01,368,064 | ---- | M] (FlashGet.com)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/09/19 11:54:42 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/07/31 10:54:30 | 04,617,720 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2006/09/19 16:20:48 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1223156724781 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1223155816406 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{395B4DC2-3392-4E29-B4DF-6DDD5C636F3B} (Servers: | Description: )
{A3BA15FD-FFAF-4CAC-8D25-8F717F64F8E2} (Servers: | Description: )
{C5AA9435-089E-4729-B18D-E96A922DA7E0} (Servers: | Description: )
{C70320F1-C262-49FC-BF68-1CB33B4A1F7D} (Servers: | Description: Sony Ericsson Device 049 USB Ethernet Emulation (NDIS 5))

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/09/24 03:04:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 17:43:36 | 00,000,024 | ---- | M] () -- D:\autoexec.bat -- [ NTFS ]

autorun.inf [[autorun] | open=setup.exe | icon=setup.exe,0 | [Version] | CDGuid={3819891A-030B-4a4e-98ED-B28A649E48AB} | SoftwareGuid= | InfrastructureDatabaseList=hpfmdl05.dat | LanguagesInthisCD=nld,enu,fra,deu,ita,ptb,esn | DefaultLanguageInThisRelease=enu | DIVISION=hpf | ICE_REV=05 | FIRST_IO_REVISION=12 | LAST_IO_REVISION=12 | VCD_FILEVER=14 | Manufacturer=HP | RegistryManufacturer=Hewlett-Packard | ProductSeries=Deskjet 3900 series | Pre-Install=%ProgramFiles%%Manufacturer% | SilentInstall=No | InvalidPathCharacters=$%#& | PreloadICEEngineToGUIDFolder=%sourcepath%hpzprl01.dat | PreloadRecoveryMechanism=%sourcepath%hpzprl02.dat | PreloadRestingPad=%sourcepath%hpzprl03.dat | UI_03=Yes | UI_20=Yes | UI_21=Yes | UI_25=No | UI_30=Yes | UI_50=Yes | UI_80=No,NoDeviceConnected | UI_250=Yes | UI_260=Yes | NetworkFinishUI=Yes | NetworkWelcomeUI=Yes | RegistryRebootLocation=DigitalImaging\Install | PreloadICEEngineToInstallDir=%sourcepath%hpqprl01.dat | PreloadMarsToUninstallFolder=%sourcepath%hpqprl03.dat | SoftwareKey=HP Photo & Imaging | Provider=HP | FIRST_CA_REVISION=1 | LAST_CA_REVISION=1 | CheckForCUEInstallFolder=Yes | PreloadProductDrivers=hpfprl01.dat,hpfprl02.dat | PreloadDeskjetSW=hpfprl04.dat | ConnectivityPlugin=%sourcepath%setup\hpzdui01.exe | UsingDeviceDiscovery=Yes | SHORTCUTCHECKBOX=Yes | STARTUP=Yes | SHORTCUT=Yes | Log=1 | MaxPathForCD=150 | MaxInstallDirLength=80 | DriverVer=05/23/2005, 3900.05.05.04 | [Strings] | %Preload%=%InstallDir%Digital Imaging\%CDGuid%\ | %ICETemp%=%ProgramFiles%%ICETempInPF%\ | %ICETempInPF%=%Manufacturer%\Temp\%CDGuid% | %Recovery%=%ICETemp% | %RecoveryInPF%=%ICETempInPF% | %ProductScrubberDatfile%=hpfscr05.dat | %autorunlocation%=. | %setupName%=hpzsetup.exe | %MSIRollbackDatFile%=hpzmsirb.dat | %CUEVersion%=5.0 | %CUEDivision%=hpf | %{3819891A-030B-4a4e-98ED-B28A649E48AB}%=%InstallDir%Digital Imaging\%CDGuid%\Product | %DeviceFunctionPL83%={677BD78E-7BA5-4ff2-8FEB-13A4235D19B9} | %DeviceManagementPL83%={92809620-7EE3-47a3-B2E0-C0A6853C6923} | %SimpleDPAppGUID%={84299C21-01C6-4a3d-8790-C1A1DEB9D959} | %SimpleDPApp_ICE_REV%=07 | %DeviceManagementGUID%={F2075322-392C-466e-83DF-EA60A13B8EB3} | %DeviceManagement_ICE_REV%=01 | %DeviceFunctionGUID%={349F25FE-D3D2-49e9-96C8-AB45BD71E05A} | %DeviceFunction_ICE_REV%=02 | %CreativeProjectsContentGUID%={EBE188EE-A7BF-46e3-A4AD-B9ED7E737BC4} | %CreativeProjectsContent_ICE_REV%=03 | %DocumentViewerGUID%={90BD92EA-CFE7-4783-97A9-5EF0CBF6CBA9} | %DocumentViewer_ICE_REV%=04 | %eSupportGUID%={129F934F-59CC-4461-8F09-204FEEC78FFF} | %eSupport_ICE_REV%=05 | %CustomerExperienceGUID%={798101B1-24F9-4a07-8152-65F3A3A9BC31} | %CustomerExperience_ICE_REV%=06 | %RemotePrintGUID%={A61FF77A-CF6A-456d-8ED1-395A3FA982A1} | %RemotePrint_ICE_REV%=08 | %FullDPAppGUID%={1A65E29E-5BAF-4452-A111-3290AED6BDBC} | %FullDPApp_ICE_REV%=09 | [SUI.OPTIN] | Qualifier=%LangQualifier% | LaunchBase=%sourcepath%setup\ | 1=hpzgat01.exe -on -gate MARS -f %datfile% | [SUI.OPTOUT] | Qualifier=%LangQualifier% | LaunchBase=%sourcepath%setup\ | 1=hpzgat01.exe -off -gate MARS -f %datfile% | [SUI] | Opt-In_Default=ON | [LanguageMap] | 0x0409=enu | 0x0404=cht | 0x0804=chs | 0x0405=csy | 0x0406=dan | 0x0407=deu | 0x0408=ell | 0x040a=esn | 0x040b=fin | 0x040c=fra | 0x040e=hun | 0x0410=ita | 0x0411=jpn | 0x0412=kor | 0x0413=nld | 0x0414=nob | 0x0415=plk | 0x0416=ptb | 0x0419=rus | 0x041d=sve | 0x041f=trk | 0x0c04=cht | 0x1004=chs | 0x1404=cht | 0x0813=nld | 0x0809=enu | 0x0c09=enu | 0x1009=enu | 0x1409=enu | 0x1809=enu | 0x1c09=enu | 0x2009=enu | 0x2409=enu | 0x2809=enu | 0x2c09=enu | 0x080c=fra | 0x0c0c=fra | 0x100c=fra | 0x140c=fra | 0x180c=fra | 0x0456=esn | 0x0807=deu | 0x0c07=deu | 0x1007=deu | 0x1407=deu | 0x0810=ita | 0x0812=kor | 0x0c0a=esn | 0x080a=esn | 0x100a=esn | 0x140a=esn | 0x180a=esn | 0x1c0a=esn | 0x200a=esn | 0x240a=esn | 0x280a=esn | 0x2c0a=esn | 0x300a=esn | 0x340a=esn | 0x380a=esn | 0x3c0a=esn | 0x400a=esn | 0x440a=esn | 0x480a=esn | 0x4c0a=esn | 0x500a=esn | 0x042d=esn | 0x0403=esn | 0x081d=sve | 0x0422=rus | 0x0816=ptb | 0x040d=heb | 0x041e=xxx | 0x0401=ara | 0x0801=ara | 0x0c01=ara | 0x1001=ara | 0x1401=ara | 0x1801=ara | 0x1c01=ara | 0x2001=ara | 0x2401=ara | 0x2801=ara | 0x2c01=ara | 0x3001=ara | 0x3401=ara | 0x3801=ara | 0x3c01=ara | 0x4001=ara | [TwoLetterLanguageMap] | ara=ar | cht=zh | chs=zh | csy=cs | dan=da | deu=de | ell=el | enu=en | esn=es | fin=fi | fra=fr | heb=he | hun=hu | ita=it | jpn=ja | kor=ko | nld=nl | nob=no | plk=pl | ptb=pt | rus=ru | sve=sv | trk=tr | [PreInstalls] | 1=Kahuna1 | 2=Kahuna2 | 3=Kahuna3 | 4=Kahuna4 | 5=Kahuna5 | 6=Kahuna6 | 7=Kahuna7 | [PreInstalls.Kahuna1] | CDGUID={5D22B85D-6503-4c4d-8BE1-D5CD9E0F5181} | 1={7AB63E68-A8E2-49EF-A575-CCEC39F66312} | 2={45B6180B-DCAB-4093-8EE8-6164457517F0} | [PreInstalls.Kahuna2] | CDGUID={5D32B85D-6503-4c4d-8BE1-D5CD9E0F5181} | 1={45B6180B-DCAB-4093-8EE8-6164457517F0} | 2={19E1E220-E757-43bd-AC1A-EC095CB8A667} | 3={F38FA38A-7E5A-4209-88ED-4DE21CD20EEF} | [PreInstalls.Kahuna3] | CDGUID={C6C44651-7C66-4b11-92E8-17565D3D22DD} | 1={45B6180B-DCAB-4093-8EE8-6164457517F0} | 2={15B9DC72-73F9-4d99-9E28-848D66DA8D99} | 3={F38FA38A-7E5A-4209-88ED-4DE21CD20EEF} | 4={0FABD3D7-3036-4e78-B29D-58957ADB0A12} | [PreInstalls.Kahuna4] | CDGUID={5E1494D4-3562-4FFB-B35C-600F80F6934C} | 1={45B6180B-DCAB-4093-8EE8-6164457517F0} | 2={15B9DC72-73F9-4d99-9E28-848D66DA8D99} | 3={A1062847-0846-427A-92A1-BB8251A91E91} | [PreInstalls.Kahuna5] | CDGUID={0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D} | 1={A1062847-0846-427A-92A1-BB8251A91E91} | 2={4C04DF1B-6A39-4299-9DD1-1FA60000266E} | 3={AAC4FC36-8F89-4587-8DD3-EBC57C83374D} | [PreInstalls.Kahuna6] | CDGUID={D0420D64-8D33-4374-A2B2-9225C7925CA6} | 1={A1062847-0846-427A-92A1-BB8251A91E91} | 2={4C04DF1B-6A39-4299-9DD1-1FA60000266E} | 3={AAC4FC36-8F89-4587-8DD3-EBC57C83374D} | [PreInstalls.Kahuna7] | CDGUID={32498B7B-E1F3-4ad5-A23B-F26414E94BE0} | 1={342C7C88-D335-4bc2-8CF1-281857629CE2} | 2={ABA2B37F-AB88-486e-870A-52454A23FEE0} | 3={BA2D9411-DBB4-43e4-9421-780413650A67} | [SystemRequirements] | Overide=No | AdminRightRequired=1 | RunIfFailureAsynch= | RunIfFailureSynch= | RunIfFailureSynchTimeout= | RunIfWarningAsynch= | RunIfWarningSynch= | RunIfWarningSynchTimeout= | OSList=410,490,500,501 | MaxOS= | MinSysDisk=300 | RecSysDisk=681 | MinDisk=1001 | RecDisk=1051 | MinRAM=120 | RecRAM=120 | MinMHZ=233 | RecMHZ=233 | MinCPU=5 | RecCPU=6 | InstallSpace=168 | MinDisplay=800x600 | RecDisplay=800x600 | MinColors=16 | RecColors=16 | MinIE=5.00.2919.6306 | RecIE=5.00.2919.6306 | WarnProductTypeList=3 | BlockProductTypeList=3 | SectionList=DeviceManagement.pl83,DeviceFunction.pl83,eSupport,FullDPApp,CustomerExperience | [SystemRequirements.Min] | TurnCueOn=%sourcepath%setup\hpzgat01.exe -gate CUE -on | TurnCueOff=%sourcepath%setup\hpzgat01.exe -gate CUE -off | SysReqPlugIn=%sourcepath%setup\hpzchk01.exe | AdminRightRequired=1 | OSList=410,490,500,501 | SectionList=DeviceManagement.pl83,DeviceFunction.pl83,eSupport,SimpleDPApp,CustomerExperience | MinDisk=300 | RecDisk=300 | Default=Recommended | Express=yes | AlwaysShowOption=No | InstallSpace=168 | [OSBlock.400] | launchbase=Setup\ | 1=hpzchk01.exe | [Run1] | launchbase=Setup\ | 1=hpzpnp01.exe | 2=hpzpsc01.exe -OSUP | 3=hpzrein01.exe | 4=hpzwup01.exe | 5=hpzshl01.exe -m ICEPreShield,HPSecurity | 6=hpzshl01.exe -m ICEPreShield,HPSecurity,DelayedReboot | 7=hpzcdl01.exe -storesourcepath | [Run2] | launchbase=Setup\ | qualifier=%os% | 1=hpzopt01.exe /forceminimum | 2=hpznop01.exe -PostRegisteredMessage WM_REINITIALIZE_PROGRESS_BITMAPS | 3=hpznop01.exe -PostRegisteredMessage WM_REREAD_INSTALL_SPACE | 4=hpzwis01.exe | 5=[Run.Prescrub] | 6=hpzshl01.exe -m Printer | 7=[Run.SetRecovery] | 8=hpznop01.exe | 9=hpzsui01.exe | [Run3] | launchbase=Setup\ | qualifier=%OS% | 1=[OSPatchesICE1] | 2=[OSPatchesICE2] | 3=hpzprl01.exe -m PreloadICEEngineToGUIDFolder | 4=[InstallProduct] | 5=[Run.CommitProduct] | 6=hpzmsi01.exe -commit | 7=Hpzshl01.exe -m HPQTRA08 | 8=Hpzshl01.exe -m CloseIZApps -gate CUE | 9=[eSupport] | 10=[CustomerExperience] | 11=[DeviceManagement.pl83] | 12=[DeviceFunction.pl83] | 13=hpzmsi01.exe -m ImageZoneExpress -gate CUE -runifoff | 14=hpznop01.exe | 15=hpzarp01.exe | 16=[Run.CommitFull] | 17=hpzwis01.exe -fixme | 18=hpzprl01.exe -inf -m PreloadProductDrivers | 19=hpzpnp01.exe -clean | [Uninstall] | launchbase=%sourcepath%Setup\ | 1=hpzscr01.exe -datfile %ProductScrubberDatfile% -nocopytotemp | [Prescrub.CPE] | launchbase=%sourcepath%Setup\ | SkipOnReinstall=SW | [MSI.FX] | Filename=netfx.msi | RefCount=No | Logfilename=%Temp%hpzFx_Log.txt | CopyToTemp=netfx.msi,netfx1.cab | [MSI.FXLangPack] | Filename=Langpacks\%lang%\langpack.msi | RefCount=No | Logfilename=%Temp%hpzFx%lang%_Log.txt | CopyToTemp=Langpacks\%lang%\langpack.msi,Langpacks\%lang%\langpac1.cab | [MSI.FXLangPack.0x9] | Filename=None.msi | RefCount=No | UI=No | CopyToTemp= | IgnoreReturnCode=Yes | [MSI.FXLangPack.0x1] | Filename=None.msi | RefCount=No | UI=No | CopyToTemp= | IgnoreReturnCode=Yes | [MSI.FXLangPack.0xd] | Filename=None.msi | RefCount=No | UI=Yes | CopyToTemp= | IgnoreReturnCode=Yes | [NetFx] | 1=StopMSIService | 2=Core | 3=LangPack | [NetFx.StopMSIService] | 1=%sourcepath%setup\hpzwis01.exe -stop | [NetFx.Core] | RegValueToLookFor=OCM | RegKeyToLookFor=SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322 | RegValueShouldBeEqualTo=1 | 1=%sourcepath%setup\hpzmsi01.exe -m FX | [NetFx.LangPack] | Qualifier=%PrimaryLangQualifier% | RegValueToLookFor=OCM | RegKeyToLookFor=SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\%langid% | RegValueShouldBeEqualTo=1 | 1=%sourcepath%setup\hpzmsi01.exe -m FXLangPack | [NetFx.LangPack.0x9] | 1=%sourcepath%setup\hpznop01.exe | [NetFx.LangPack.0xa] | RegKeyToLookFor=SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\3082 | [Setup.Text] | hpznfx01.exe=Installing Microsoft .NET Framework | hpzdxs01.exe=Installing Microsoft DirectX 9.0 | HPZpsc01.exe=Searching for installed applications | HPZchk01.exe=Checking System Requirements | HPZwis01.exe=Updating Windows Installer Service | HPZpnp01.exe=Waiting for Plug and Play | HPZscr01.exe=Uninstalling | HPZwrp01.exe=Installing Additional Software | HPZarp01.exe=Creating Add/Remove Programs entries | HPZrcv01.exe=Setting Recovery Point | HPZdui01.exe=Connecting device | HPZshl01.exe=Inspecting system | HPZopt01.exe=Waiting for user input | HPZsui01.exe=Waiting for user input | HPZrein01.exe=Waiting for user input | HPZtim01.exe=Waiting for user input | [Setup.Text.0x804] | hpznfx01.exe=正在安装 Microsoft .NET Framework | hpzdxs01.exe=正在安装 Microsoft DirectX 9.0 | HPZpsc01.exe=查找已安装的应用程序 | HPZchk01.exe=检查系统需求 | HPZwis01.exe=更新 Windows Installer 服务 | HPZpnp01.exe=检查硬件 | HPZscr01.exe=卸载 | HPZwrp01.exe=安装其他软件 | HPZarp01.exe=创建“添加/删除程序”项目 | HPZrcv01.exe=设置还原点 | HPZdui01.exe=连接设备 | HPZshl01.exe=检查系统 | HPZopt01.exe=等待用户输入 | HPZsui01.exe=等待用户输入 | HPZrein01.exe=等待用户输入 | HPZtim01.exe=等待用户输入 | [Setup.Text.0x404] | hpznfx01.exe=杆 Microsoft .NET Framework | hpzdxs01.exe=杆 Microsoft DirectX 9.0 | HPZpsc01.exe=穓碝杆莱ノ祘Α | HPZchk01.exe=浪琩╰参惠― | HPZwis01.exe=ど Windows Installer 狝叭 | HPZpnp01.exe=浪琩祑砰 | HPZscr01.exe=秆埃杆い | HPZwrp01.exe=杆ㄤ硁砰 | HPZarp01.exe=ミ穝糤/簿埃祘Α兜ヘ | HPZrcv01.exe=砞﹚確翴 | HPZdui01.exe=硈钡杆竚 | HPZshl01.exe=盎代╰参 | HPZopt01.exe=单ㄏノ块 | HPZsui01.exe=单ㄏノ块 | HPZrein01.exe=单ㄏノ块 | HPZtim01.exe=单ㄏノ块 | [Setup.Text.0x5] | hpznfx01.exe=Instaluje se Microsoft .NET Framework | hpzdxs01.exe=Instaluje se Microsoft DirectX 9.0 | HPZpsc01.exe=Vyhled醰醤 nainstalovan齝h aplikac | HPZchk01.exe=Kontrola po瀉davk na syst閙 | HPZwis01.exe=Aktualizace slu瀊y Windows Installer | HPZpnp01.exe=Kontrola hardwaru | HPZscr01.exe=Odinstalace | HPZwrp01.exe=Instalace dal氻ho softwaru | HPZarp01.exe=Vytv狲en polo瀍k v panelu P鴌dat nebo odebrat programy | HPZrcv01.exe=Nastaven bodu obnoven | HPZdui01.exe=P鴌pojen zazen | HPZshl01.exe=Kontrola syst閙u | HPZopt01.exe=萫k醤 na vstup od u瀒vatele | HPZsui01.exe=萫k醤 na vstup od u瀒vatele | HPZrein01.exe=萫k醤 na vstup od u瀒vatele | HPZtim01.exe=萫k醤 na vstup od u瀒vatele | [Setup.Text.0x6] | hpznfx01.exe=Installerer Microsoft .NET Framework | hpzdxs01.exe=Installerer Microsoft DirectX 9.0 | HPZpsc01.exe=S鴊er efter allerede installerede programmer | HPZchk01.exe=Unders鴊er systemkrav | HPZwis01.exe=Opdaterer tjenesten Windows Installer | HPZpnp01.exe=Unders鴊er hardware | HPZscr01.exe=Fjerner | HPZwrp01.exe=Installerer yderligere software | HPZarp01.exe=Opretter poster i Tilf鴍/fjern programmer | HPZrcv01.exe=Indstiller gendannelsespunkt | HPZdui01.exe=Tilslutter enhed | HPZshl01.exe=Unders鴊er system | HPZopt01.exe=Venter p brugerinput | HPZsui01.exe=Venter p brugerinput | HPZrein01.exe=Venter p brugerinput | HPZtim01.exe=Venter p brugerinput | [Setup.Text.0x7] | hpznfx01.exe=Microsoft .NET Framework wird installiert | hpzdxs01.exe=Microsoft DirectX 9.0 wird installiert | HPZpsc01.exe=Installierte Anwendungen werden gesucht | HPZchk01.exe=Systemanforderungen werden gepr黤t | HPZwis01.exe=Windows-Installationsdienst wird aktualisiert | HPZpnp01.exe=Hardware wird gepr黤t | HPZscr01.exe=Deinstallieren | HPZwrp01.exe=Weitere Software wird installiert | HPZarp01.exe=Eintr鋑e zum Hinzuf黦en/Entfernen von Programmen werden erstellt | HPZrcv01.exe=Wiederherstellungsdaten werden gespeichert | HPZdui01.exe=Ger鋞 wird verbunden | HPZshl01.exe=System wird untersucht | HPZopt01.exe=Warten auf Benutzereingabe | HPZsui01.exe=Warten auf Benutzereingabe | HPZrein01.exe=Warten auf Benutzereingabe | HPZtim01.exe=Warten auf Benutzereingabe | [Setup.Text.0x8] | hpznfx01.exe=陪赆糗篝狍 Microsoft .NET Framework | hpzdxs01.exe=陪赆糗篝狍 Microsoft DirectX 9.0 | HPZpsc01.exe=另徭摁珞 邈赆翦篝珈蓓 弼狁祜泾 | HPZchk01.exe=鸽邈黠 豉 狃衢艮箦 麸 篚篝揿狒矧 | HPZwis01.exe=另徕荑扉箸 翮 躔珩弩哚 Windows Installer | HPZpnp01.exe=鸽邈黠 蹼殛稞 | HPZscr01.exe=梳糗胥珞 邈赆糗篝狍珧 | HPZwrp01.exe=陪赆糗篝狍 瘃桢麸 腼汩箪殛稞 | HPZarp01.exe=溺扉秕胥哚 赆翎鼯褶箦 汩 翮 弼狁祜戕 "旭矬栳鲠唏弩 旭镢襻祆荇" | HPZrcv01.exe=像轶禳 箸戾唢 犴荜翮箸 | HPZdui01.exe=育礓弩 篚箨艴掾 | HPZshl01.exe=蓬蒴狍 篚篝揿狒矧 | HPZopt01.exe=另犰镯 彘筢泫戕 狃 麸 黢摅翮 | HPZsui01.exe=另犰镯 彘筢泫戕 狃 麸 黢摅翮 | HPZrein01.exe=另犰镯 彘筢泫戕 狃 麸 黢摅翮 | HPZtim01.exe=另犰镯 彘筢泫戕 狃 麸 黢摅翮 | [Setup.Text.0x9] | hpznfx01.exe=Installing Microsoft .NET Framework | hpzdxs01.exe=Installing Microsoft DirectX 9.0 | HPZpsc01.exe=Searching for installed applications | HPZchk01.exe=Checking System Requirements | HPZwis01.exe=Updating Windows Installer Service | HPZpnp01.exe=Checking hardware | HPZscr01.exe=Uninstalling | HPZwrp01.exe=Installing Additional Software | HPZarp01.exe=Creating Add/Remove Programs entries | HPZrcv01.exe=Setting Recovery Point | HPZdui01.exe=Connecting device | HPZshl01.exe=Inspecting system | HPZopt01.exe=Waiting for user input | HPZsui01.exe=Waiting for user input | HPZrein01.exe=Waiting for user input | HPZtim01.exe=Waiting for user input | [Setup.Text.0xa] | hpznfx01.exe=Instalando Microsoft .NET Framework | hpzdxs01.exe=Instalando Microsoft DirectX 9.0 | HPZpsc01.exe=Buscando aplicaciones instaladas | HPZchk01.exe=Comprobando los requisitos del sistema | HPZwis01.exe=Actualizando el servicio Windows Installer | HPZpnp01.exe=Comprobando el hardware | HPZscr01.exe=Desinstalando | HPZwrp01.exe=Instalando software adicional | HPZarp01.exe=Creando entradas para Agregar o quitar programas | HPZrcv01.exe=Estableciendo punto de recuperaci髇 | HPZdui01.exe=Conectando dispositivo | HPZshl01.exe=Inspeccionando el sistema | HPZopt01.exe=Esperando datos del usuario | HPZsui01.exe=Esperando datos del usuario | HPZrein01.exe=Esperando datos del usuario | HPZtim01.exe=Esperando datos del usuario | [Setup.Text.0xb] | hpznfx01.exe=Ohjelma asentaa Microsoft .NET Framework -ohjelmaa | hpzdxs01.exe=Ohjelma asentaa Microsoft DirectX 9.0 -ohjelmaa | HPZpsc01.exe=Etsit滗n asennettuja sovelluksia | HPZchk01.exe=Tarkastetaan j鋜jestelm鋠aatimuksia | HPZwis01.exe=P鋓vitet滗n Windows Installer -palvelua | HPZpnp01.exe=Tarkastetaan laitteistoa | HPZscr01.exe=Asennusta poistetaan | HPZwrp01.exe=Asennetaan muita ohjelmia | HPZarp01.exe=Luodaan Lis滗 tai poista sovellus -ikkunan tietoja | HPZrcv01.exe=M滗ritet滗n palautuspistett | HPZdui01.exe=Kytket滗n laitetta | HPZshl01.exe=Tarkastetaan j鋜jestelm滗 | HPZopt01.exe=Odotetaan k鋣tt鋔鋘 sy鰐ett | HPZsui01.exe=Odotetaan k鋣tt鋔鋘 sy鰐ett | HPZrein01.exe=Odotetaan k鋣tt鋔鋘 sy鰐ett | HPZtim01.exe=Odotetaan k鋣tt鋔鋘 sy鰐ett | [Setup.Text.0xc] | hpznfx01.exe=Installation de Microsoft .NET Framework | hpzdxs01.exe=Installation de Microsoft DirectX 9.0 | HPZpsc01.exe=Recherche des applications install閑s | HPZchk01.exe=V閞ification de la configuration syst鑝e requise | HPZwis01.exe=Mise jour du service Windows Installer | HPZpnp01.exe=V閞ification du mat閞iel | HPZscr01.exe=D閟installation | HPZwrp01.exe=Installation de logiciel suppl閙entaire | HPZarp01.exe=Cr閍tion d'entr閑s dans la bo顃e de dialogue Ajout/Suppression de programmes | HPZrcv01.exe=D閒inition du point de r閏up閞ation | HPZdui01.exe=Connexion du p閞iph閞ique | HPZshl01.exe=Inspection du syst鑝e | HPZopt01.exe=Attente d'une intervention de l'utilisateur | HPZsui01.exe=Attente d'une intervention de l'utilisateur | HPZrein01.exe=Attente d'une intervention de l'utilisateur | HPZtim01.exe=Attente d'une intervention de l'utilisateur | [

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:55 AM

Posted 15 October 2008 - 10:27 PM

Hello, crazyd.

Hi thanks for replying to my post.Couples of things i got the reports OTveiwIT which i copy and paste below.However i didnt get to scann the computer Kaspersky Online Scanner i dont know why but i have also posted the error message so maybe you can tell me what to do.Also i have uninstall my anti-virus AVG8(Free) to try to use the Kasperky should i install it back.Another thing is you said if you dont relpy in 24hrs to send you a PM can you tell me what is a PM plz.Thank you.


PM stands for personal message. Simply click my name earlier, and choose "Send Message"

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.
  • About 1 in 100 times the computer will not longer be able to boot after running Combofix. This requires experienced hands to restore the system to bootability.
  • There are several malware infections that "target" Combofix. Experienced Helpers are aware of these infections, and take steps to remove them prior to the use of Combofix. If you do not, various things can happen depending on the infection -- from Combofix being unable to run, to the deletion of the folder C:\Windows\System32, requiring a clean install to repair.
  • Combofix makes some rather significant changes to the internals of XP and Vista in order to work. It can therefore be very dangerous!!
  • The real power of Combofix comes not as a general purposed malware remover. It is rather modest in that capacity. Combofix is powerful because it provides to the experienced Helper a convenient and powerful front-end to Scripts. It is because of its scripting strengths, and its unique reporting capabilities, that you see Combofix often recommended. But not because of its abilities as a general malware scanner.
  • Many malware removal experts will not respond to a request for help if they see that Combofix was run by the end-user without supervision. You might find after running Combofix that your system problems are worse, and nobody is willing to help you.
  • There are several general purpose anti-malware utilities where the Author(s) intended the application for general use by end-users without Supervision. Combofix is not one of them, and you would be advised to honor that position taken by its Author.
How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • ComboFix may ask to reboot the machine. If asked, DO NOT REBOOT THE MACHINE YOURSELF!! (Unless you enjoy installing windows :thumbsup: )
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)
In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 crazyd

crazyd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 18 October 2008 - 06:15 AM

Hi i having problems running the combofix. I install the RC but when combofix starts to run i'm not getting any results.I saw on combofix that normal it take bout 10mins to run and double that time if the computer is badly infected so i left it running for about an hour an got no report so i closed it and re-run it and i left it for about 8hours and still no report from combofix...

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:55 AM

Posted 18 October 2008 - 08:16 PM

Hello, crazyd.
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
Go ahead and restart your computer in order to get your desktop back and to ensure ComboFix is completely terminated.

I would like us to run a scan with MalwareBytes' Anti-Malware in Safe Mode
Please download MalwareBytes' Anti-Malware from one of the following mirrors:Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Close MbAM now.
  • Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode. Make sure you choose neither the "Safe Mode with Networking" nor the "Safe Mode with Command Prompt" options. We want simply "Safe Mode".
  • Login with your usual account (not "Administrator")
  • Go to Start -> Malwarebytes' Anti-Malware -> Malwarebytes' Anti-Malware.
  • Once the program has loaded select "Perform Quick Scan", then click Scan.
    Note: Quick is somewhat of a misnomer. The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below) If you are not prompted to restart, restart into normal mode anyway.
  • The log is automatically saved by MbAM and can be viewed by clicking the Logs tab in MbAM.
  • Copy&Paste the entire report in your next reply.
Note: If MbAM encounters a file that is difficult to remove,you will be presented with a prompt. Click OK to to any prompts to let MbAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

In your next reply, please include the following:
  • MbAM's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 crazyd

crazyd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 18 October 2008 - 10:37 PM

Hi Billy i was able to run the MalwareBytes and i have post the log below :thumbsup: ........ But couples of things i dont have any anti virus running on my computer currently so i would like some advice in which one to install or can i reinstall my AVG Free(8)....and also in your next post can you tell me what you think is the problem is with my system....... and also when you ask me to run scans in the future can you tell me what does that that particular scan does so i can have an idea as why it is i am doing that particular scans for...



Malwarebytes' Anti-Malware 1.29
Database version: 1288
Windows 5.1.2600 Service Pack 2

2008-10-18 23:19:54
mbam-log-2008-10-18 (23-19-54).txt

Scan type: Quick Scan
Objects scanned: 46384
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winlogon (Worm.Muha) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\status (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\heap41a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\heap41a\offspring (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\heap41a\svchost.exe (Worm.Muha) -> Quarantined and deleted successfully.
C:\heap41a\2.mp3 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\heap41a\drivelist.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\heap41a\Icon.ico (Trojan.Agent) -> Quarantined and deleted successfully.
C:\heap41a\std.txt (Trojan.Agent) -> Quarantined and deleted successfully.

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:55 AM

Posted 19 October 2008 - 12:36 PM

Hello, crazyd.

But couples of things i dont have any anti virus running on my computer currently so i would like some advice in which one to install or can i reinstall my AVG Free(8)

We had to get rid of the rouges and worms first, but they look pretty much gone, so see bottom of this post ;)

and also in your next post can you tell me what you think is the problem is with my system

You had malware on it LOL. As far as which one specificly I don' t know because the files in question were randomly named.

and also when you ask me to run scans in the future can you tell me what does that that particular scan does so i can have an idea as why it is i am doing that particular scans for...

MbAM is good with rogues. I can't go in to detail on CF.

We need to back up your registry
  • Please download ERUNT and save it to your desktop.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    "Vistadrv"=-
    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlpo_01"=-
    "nlpo_02"=-
    "nlpo_03"=-
    "nlpo_04"=-
    "nlpo_05"=-
    "nlpo_06"=-
    "nlpo_07"=-
    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlpo_01"=-
    "nlpo_02"=-
    "nlpo_03"=-
    "nlpo_04"=-
    "nlpo_05"=-
    "nlpo_06"=-
    "nlpo_07"-
    :files
    C:\WINDOWS\system32\vsdrv.exe
    C:\autorun.inf
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Two good paid for antivirus programs are NOD32 and Bitdefender
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection level. It may also impair the performance of your PC.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 crazyd

crazyd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 20 October 2008 - 03:29 PM

Hi in your last reply you said to run ESET OnlineScan (NOD32) but i was woundering if i should install the anti- virus first and then run the scan or should i run the scan first. Aslo when i run OTMoveIt3 by OldTimer what does the program do??Do it end for it self or do i end it or do i restart my computer.

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:55 AM

Posted 20 October 2008 - 03:53 PM

When you run the program and paste in the script, OTMI3 preforms actions to remove the malware on the machine specified in the script.

Please install the anti-virus first :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 crazyd

crazyd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 21 October 2008 - 08:39 PM

Hi Billy my internet is giving some trouble so i may be able to post the logs until 25th or 26th ok so please bear with me ok. Also i want to find out should i uninstall Malwarebytes' Anti-Malware or should i keep it on and run scans regular.

Hi Billy my internet is giving some trouble so i may be able to post the logs until 25th or 26th ok so please bear with me ok. Also i want to find out should i uninstall Malwarebytes' Anti-Malware or should i keep it on and run scans regular.

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:55 AM

Posted 21 October 2008 - 08:48 PM

Hi Billy my internet is giving some trouble so i may be able to post the logs until 25th or 26th ok so please bear with me ok. Also i want to find out should i uninstall Malwarebytes' Anti-Malware or should i keep it on and run scans regular.

Hi Billy my internet is giving some trouble so i may be able to post the logs until 25th or 26th ok so please bear with me ok. Also i want to find out should i uninstall Malwarebytes' Anti-Malware or should i keep it on and run scans regular.

We'll talk about prevention once the malware's taken care of ;)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 crazyd

crazyd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 23 October 2008 - 08:38 PM

Hi Billy just wanted to get back to you on the logs....I ran the OTmoveIt but once the files have been move the programs isn't responding.Aslo i ran The online scan but it did give me any log but the result were that no threats were found.And finally i have posted the HIJACKThis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31, on 2008-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [L08AXLRD_5793187] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PackNoVs] "C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PackNoVs] "C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [PackNoVs] "C:\WINDOWS\BricoPacks\Crystal Clear\pack-it.exe" --unsetvs (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1223156724781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1223155816406
O17 - HKLM\System\CCS\Services\Tcpip\..\{94025268-EE3D-41B3-9904-520EE0A22123}: NameServer = 196.3.132.1 196.3.132.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 12509 bytes

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:55 AM

Posted 23 October 2008 - 09:15 PM

Hello, crazyd.
Grr... damn thing keeps comin back :thumbsup:

Please run this fix and then post new OTVI logs.

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :processes
    explorer.exe
    :files
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=-
    :commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users