[code] OTScanIt logfile created on: 11/04/2008 19:27:41 OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Documents and Settings\RUSSELL CLEWS\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 511.00 Mb Total Physical Memory | 118.48 Mb Available Physical Memory | 23.19% Memory free 1.22 Gb Paging File | 0.77 Gb Available in Paging File | 63.37% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.71 Gb Total Space | 87.13 Gb Free Space | 77.99% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 74.51 Gb Total Space | 53.32 Gb Free Space | 71.56% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RCLEWS Current User Name: RUSSELL CLEWS Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 26/01/2008 02:47:02 | Attr = ] lvprcsrv.exe -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 81920 bytes | Modified Date = 28/07/2005 14:37:24 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 15:09:16 | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 10/02/2008 01:06:33 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 13:31:10 | Attr = ] btwdins.exe -> %ProgramFiles%\Sitecom\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 135168 bytes | Modified Date = 14/08/2003 13:19:00 | Attr = ] ioctlsvc.exe -> %SystemRoot%\SYSTEM32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 4, 0, 0 | Size = 53248 bytes | Modified Date = 16/09/2005 17:05:42 | Attr = ] bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 29/08/2003 04:59:24 | Attr = ] pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 26/08/2003 20:47:34 | Attr = ] dsentry.exe -> %SystemRoot%\SYSTEM32\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 13/08/2003 11:27:40 | Attr = ] lvcomsx.exe -> %SystemRoot%\SYSTEM32\LVCOMSX.EXE -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 221184 bytes | Modified Date = 28/07/2005 14:30:36 | Attr = ] cameraassistant.exe -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 389120 bytes | Modified Date = 28/07/2005 14:02:32 | Attr = ] elkctrl.exe -> %SystemRoot%\SYSTEM32\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 01/11/2004 19:22:22 | Attr = ] nbkeyscan.exe -> %ProgramFiles%\Ahead\Nero BackItUp\NBKeyScan.exe -> Ahead Software AG [Ver = 1, 2, 0, 60 | Size = 1757184 bytes | Modified Date = 16/09/2005 17:41:52 | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 03:41:10 | Attr = ] homerunner.exe -> %ProgramFiles%\TomTom HOME 2\HOMERunner.exe -> TomTom [Ver = 2.1.2.121 | Size = 378784 bytes | Modified Date = 31/10/2007 11:19:50 | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 15/11/2007 14:11:04 | Attr = ] dlactrlw.exe -> %SystemRoot%\SYSTEM32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.34a | Size = 127036 bytes | Modified Date = 13/06/2006 06:20:00 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 14/12/2007 04:42:38 | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 10:25:42 | Attr = ] logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 15/11/2007 14:10:54 | Attr = ] btdna.exe -> %ProgramFiles%\DNA\btdna.exe -> BitTorrent, Inc. [Ver = 2.0.0.9123 | Size = 288576 bytes | Modified Date = 31/03/2008 19:58:13 | Attr = ] bttray.exe -> %ProgramFiles%\Sitecom\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 499779 bytes | Modified Date = 01/12/2003 15:28:00 | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 19/02/2006 05:21:22 | Attr = ] sonytray.exe -> %ProgramFiles%\Sony Corporation\Image Transfer\SonyTray.exe -> [Ver = | Size = 73728 bytes | Modified Date = 16/10/2002 20:20:20 | Attr = ] wn121t.exe -> %ProgramFiles%\NETGEAR\WN121T\wn121t.exe -> [Ver = 1, 0, 14, 319 | Size = 1302528 bytes | Modified Date = 23/10/2006 11:30:44 | Attr = ] hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 479232 bytes | Modified Date = 10/02/2006 08:56:12 | Attr = ] hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 19/02/2006 06:24:52 | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 06/04/2008 22:23:31 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 04/04/2008 12:24:38 | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 15:09:16 | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 10/02/2008 01:06:33 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 13:31:10 | Attr = ] (btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sitecom\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 135168 bytes | Modified Date = 14/08/2003 13:19:00 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 26/01/2008 02:47:02 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 26/01/2008 02:47:02 | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 26/01/2008 02:47:02 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 08:56:48 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 04:24:18 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 15/11/2007 14:10:54 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.232 | Size = 3220856 bytes | Modified Date = 10/02/2008 01:06:25 | Attr = ] (LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 26/01/2008 02:47:02 | Attr = ] (LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 81920 bytes | Modified Date = 28/07/2005 14:37:24 | Attr = ] (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 03/03/2003 14:33:40 | Attr = ] (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4501 | Size = 73728 bytes | Modified Date = 30/10/2003 09:06:02 | Attr = ] (PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 4, 0, 0 | Size = 53248 bytes | Modified Date = 16/09/2005 17:05:42 | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 03/03/2006 22:03:10 | Attr = ] (RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> File not found (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 06/04/2008 22:23:31 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ["C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 10:25:42 | Attr = ] BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe [BCMSMMSG.exe] -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 29/08/2003 04:59:24 | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.4.2 | Size = 51048 bytes | Modified Date = 26/01/2008 02:47:22 | Attr = ] DLA -> %SystemRoot%\SYSTEM32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.20.34a | Size = 127036 bytes | Modified Date = 13/06/2006 06:20:00 | Attr = ] DVDSentry -> %SystemRoot%\SYSTEM32\DSentry.exe [C:\WINDOWS\System32\DSentry.exe] -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 13/08/2003 11:27:40 | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 03:41:10 | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 15/11/2007 14:11:04 | Attr = ] LogitechCameraAssistant -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe [C:\Program Files\Logitech\Video\CameraAssistant.exe] -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 389120 bytes | Modified Date = 28/07/2005 14:02:32 | Attr = ] LogitechCameraService(E) -> %SystemRoot%\SYSTEM32\ElkCtrl.exe [C:\WINDOWS\system32\ElkCtrl.exe /automation] -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 01/11/2004 19:22:22 | Attr = ] LogitechVideo[inspector] -> %ProgramFiles%\Logitech\Video\InstallHelper.exe [C:\Program Files\Logitech\Video\InstallHelper.exe /inspect] -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 73728 bytes | Modified Date = 28/07/2005 14:09:50 | Attr = ] LVCOMSX -> %SystemRoot%\SYSTEM32\LVCOMSX.EXE [C:\WINDOWS\system32\LVCOMSX.EXE] -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 221184 bytes | Modified Date = 28/07/2005 14:30:36 | Attr = ] NBKeyScan -> %ProgramFiles%\Ahead\Nero BackItUp\NBKeyScan.exe ["C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe" /devicetype:philips] -> Ahead Software AG [Ver = 1, 2, 0, 60 | Size = 1757184 bytes | Modified Date = 16/09/2005 17:41:52 | Attr = ] NvCplDaemon -> %SystemRoot%\SYSTEM32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.4501 | Size = 4800512 bytes | Modified Date = 30/10/2003 09:06:00 | Attr = ] osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe ["C:\Program Files\Norton AntiVirus\osCheck.exe"] -> Symantec Corporation [Ver = 15.5.0.32 | Size = 718704 bytes | Modified Date = 07/02/2008 07:49:38 | Attr = ] PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe ["C:\Program Files\Dell\Media Experience\PCMService.exe"] -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 26/08/2003 20:47:34 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 15/11/2007 00:43:10 | Attr = ] RegistryMechanic -> %ProgramFiles%\Registry Mechanic\RegMech.exe [C:\Program Files\Registry Mechanic\RegMech.exe /QS] -> PC Tools [Ver = 7.00.1010 | Size = 2483496 bytes | Modified Date = 20/09/2007 18:10:58 | Attr = ] spa_start -> %SystemRoot%\SYSTEM32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll [C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll" DllInit] -> [Ver = 2, 0, 0, 0 | Size = 329216 bytes | Modified Date = 08/04/2008 13:59:42 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 14/12/2007 04:42:38 | Attr = ] TomTomHOME.exe -> %ProgramFiles%\TomTom HOME 2\HOMERunner.exe ["C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s] -> TomTom [Ver = 2.1.2.121 | Size = 378784 bytes | Modified Date = 31/10/2007 11:19:50 | Attr = ] UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 19/08/2003 02:01:00 | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> BitTorrent, Inc. [Ver = 2.0.0.9123 | Size = 288576 bytes | Modified Date = 31/03/2008 19:58:13 | Attr = ] LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe ["C:\Program Files\Logitech\Video\ManifestEngine.exe" boot] -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 18/01/2005 18:07:54 | Attr = ] NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe ["C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"] -> Ahead Software AG [Ver = 1, 2, 0, 60 | Size = 1961984 bytes | Modified Date = 16/09/2005 17:41:26 | Attr = ] Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.0.0.216 | Size = 25370152 bytes | Modified Date = 05/02/2007 18:35:20 | Attr = ] < Run [HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\] > -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> BitTorrent, Inc. [Ver = 2.0.0.9123 | Size = 288576 bytes | Modified Date = 31/03/2008 19:58:13 | Attr = ] LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe ["C:\Program Files\Logitech\Video\ManifestEngine.exe" boot] -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 18/01/2005 18:07:54 | Attr = ] NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe ["C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"] -> Ahead Software AG [Ver = 1, 2, 0, 60 | Size = 1961984 bytes | Modified Date = 16/09/2005 17:41:26 | Attr = ] Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.0.0.216 | Size = 25370152 bytes | Modified Date = 05/02/2007 18:35:20 | Attr = ] < Administrator.RCLEWS Startup Folder > -> C:\Documents and Settings\Administrator.RCLEWS\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\BTTray.lnk -> %ProgramFiles%\Sitecom\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 499779 bytes | Modified Date = 01/12/2003 15:28:00 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 19/02/2006 05:21:22 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 73728 bytes | Modified Date = 10/02/2006 08:56:20 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Image Transfer.lnk -> %ProgramFiles%\Sony Corporation\Image Transfer\SonyTray.exe -> [Ver = | Size = 73728 bytes | Modified Date = 16/10/2002 20:20:20 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 2.30.04 | Size = 196608 bytes | Modified Date = 28/01/2006 20:54:52 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WN121T Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WN121T\wn121t.exe -> [Ver = 1, 0, 14, 319 | Size = 1302528 bytes | Modified Date = 23/10/2006 11:30:44 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < KATALIN HALMOSI Startup Folder > -> C:\Documents and Settings\KATALIN HALMOSI\Start Menu\Programs\Startup -> < RUSSELL CLEWS Startup Folder > -> C:\Documents and Settings\RUSSELL CLEWS\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 20/10/2005 12:04:08 | Attr = ] -> %UserProfile%\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe -> Leader Technologies [Ver = 3,0,0,0 | Size = 225280 bytes | Modified Date = 02/03/2004 18:02:07 | Attr = ] < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {fbeb8a05-beee-4442-804e-409d6c4515e9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [CDBurn] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 13:29:58 | Attr = ] {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\khfEUnLb.dll [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006] > -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> khfEUnLb -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006] > -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.euro.dell.com/countries/uk/enu/gen/default.htm -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.euro.dell.com/countries/uk/enu/gen/default.htm -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.euro.dell.com/countries/uk/enu/gen/default.htm -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.euro.dell.com/countries/uk/enu/gen/default.htm -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.euro.dell.com/countries/uk/enu/gen/default.htm -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\] > -> -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: Main\\Default_Page_URL -> http://www.euro.dell.com/countries/uk/enu/gen/default.htm -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: Main\\Start Page -> http://www.google.co.uk/ -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\: ProxyOverride -> 127.0.0.1 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> memberservices_tesco.net [https] -> Trusted sites -> register_tesco.net [https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\] > -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> memberservices_tesco.net [https] -> Trusted sites -> register_tesco.net [https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\] > -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {001165C1-A640-11D7-9FD9-0080481ADA61} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [MetaProducts Inquiry Helper] -> File not found {2536463C-A7C3-4EAB-AF46-F4AA8B9114CF} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\pmnkICUm.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 315632 bytes | Modified Date = 08/04/2008 20:17:18 | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.34a | Size = 110652 bytes | Modified Date = 13/06/2006 06:20:00 | Attr = ] {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 06/04/2008 22:26:11 | Attr = ] {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\khfEUnLb.dll [Reg Error: Value does not exist or could not be read.] -> File not found {6FC407C9-D009-4360-A39F-04E511AD001C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRIASmM.dll [Reg Error: Value does not exist or could not be read.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 14/12/2007 04:42:36 | Attr = ] {8d24faca-8ec6-3230-18f3-4cb2e937b6e5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll [superiorads browser optimizer] -> [Ver = 2, 0, 0, 0 | Size = 329216 bytes | Modified Date = 08/04/2008 13:59:42 | Attr = ] {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 03/02/2005 18:07:08 | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\] > -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{968631B6-4729-440D-9BF4-251F5593EC9A} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C5F7A735-70F1-477F-8C36-6FF3C736017B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\] > -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{968631B6-4729-440D-9BF4-251F5593EC9A} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C5F7A735-70F1-477F-8C36-6FF3C736017B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Send To &Bluetooth -> %ProgramFiles%\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 29/05/2003 13:53:00 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKEY_LOCAL_MACHINE] -> [BT Yahoo! Sidebar] -> File not found CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKEY_LOCAL_MACHINE] -> [BT Yahoo! Sidebar] -> File not found CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\] > -> HKEY_USERS\S-1-5-21-2255378475-2752751042-105498522-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> Send To &Bluetooth -> %ProgramFiles%\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 29/05/2003 13:53:00 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> Tesco -> IEAK -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3E1EBEF3-F3EE-4B88-9CC1-43911567E4CB} -> (1394 Net Adapter) -> {3E560D6D-C6C3-40F6-BB08-AC075DFA9F44} -> () -> {419C8E17-6D3D-476A-8C70-49BA26124390} -> () -> {87ED0753-0D8A-4B71-9007-B86F5F0FDF9D} -> (Intel(R) PRO/100 VE Network Connection) -> {BED7ABB8-48D1-414B-8635-78D0C72FC1B4} -> () -> {C3C1BD5E-332E-4E32-9591-5B27334F52DB} -> () -> {F9093819-B2CB-4971-85D9-8B8F6CC5B345} -> (NETGEAR WN121T Wireless USB 2.0 Adapter) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bw+0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw+0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw-0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw00:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw00s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw-0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw10:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw10s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw20:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw20s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw30:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw30s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw40:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw40s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw50:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw50s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw60:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw60s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw70:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw70s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw80:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw80s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw90:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bw90s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwa0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwa0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwb0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwb0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwc0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwc0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwd0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwd0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwe0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwe0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwf0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwf0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwg0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwg0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwh0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwh0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwi0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwi0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwj0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwj0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwk0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwk0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwl0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwl0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwm0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwm0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwn0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwn0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwo0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwo0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwp0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwp0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwq0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwq0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwr0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwr0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bws0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bws0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwt0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwt0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwu0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwu0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwv0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwv0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bww0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bww0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwx0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwx0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwy0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwy0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwz0:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] bwz0s:{94328adf-bc87-44df-9037-5b02f866e8d3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value offline-8876480:{94328ADF-BC87-44DF-9037-5B02F866E8D3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 12/01/2007 13:50:48 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file:///C:/WINDOWS/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> NTLSignup[HKEY_LOCAL_MACHINE] -> https://register.tesco.net/tesco/NTLSignup.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Internet Explorer/BTOW Shared Files/btwebcontrol.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Internet Explorer/BTOW Shared Files/btwebcontrol.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NTLSignup.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NTLSignup.dll\\.Owner -> NTLSignup -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NTLSignup.dll\\NTLSignup -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 08:56:43 | Attr = ] C:\WINDOWS\system32\pmnkICUm.dll -> %SystemRoot%\SYSTEM32\pmnkICUm.dll -> [Ver = | Size = 315632 bytes | Modified Date = 08/04/2008 20:17:18 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 18:49:30 | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 08:56:43 | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 15:21:15 | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 05:37:50 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 08:56:44 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 08:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 08:56:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18649 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 08:56:42 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 08:56:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Harmony Remote\HarmonyClient -> C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe -> C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe [C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 13:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE [C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe -> C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe [C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 08:56:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eSignal\winsig.exe -> C:\Program Files\eSignal\winsig.exe [C:\Program Files\eSignal\winsig.exe:*:Enabled:eSignal] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe -> C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe [C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sony Ericsson\Mobile\DXP SyncML.exe -> C:\Program Files\Sony Ericsson\Mobile\DXP SyncML.exe [C:\Program Files\Sony Ericsson\Mobile\DXP SyncML.exe:*:Enabled:DXP SyncML Module] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\fxsclnt.exe -> C:\WINDOWS\SYSTEM32\fxsclnt.exe [C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console] -> Microsoft Corporation [Ver = 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 04/08/2004 08:56:49 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16640 (vista_gdr.080213-1606) | Size = 625664 bytes | Modified Date = 29/02/2008 09:55:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 29/01/2006 14:11:45 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sony Ericsson\Update Service\ma3platform.exe -> C:\Program Files\Sony Ericsson\Update Service\ma3platform.exe [C:\Program Files\Sony Ericsson\Update Service\ma3platform.exe:*:Enabled:ma3platform] -> [Ver = | Size = 3739648 bytes | Modified Date = 20/01/2007 12:18:47 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Morpheus\Morpheus.exe -> C:\Program Files\Morpheus\Morpheus.exe [C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Harmony Remote\HarmonyClient -> C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe -> C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe [C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SatelliteTVforPC\2006\Elite\SatelliteTVforPC.exe -> C:\Program Files\SatelliteTVforPC\2006\Elite\SatelliteTVforPC.exe [C:\Program Files\SatelliteTVforPC\2006\Elite\SatelliteTVforPC.exe:*:Enabled:SatelliteTVforPC] -> SatelliteTVtoPC.com [Ver = 4.07.0008 | Size = 110592 bytes | Modified Date = 15/08/2006 17:45:27 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TVAnts\Tvants.exe -> C:\Program Files\TVAnts\Tvants.exe [C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts] -> Zhejiang University [Ver = 1.0.0.58 | Size = 1814528 bytes | Modified Date = 07/06/2006 11:35:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplayer.exe -> C:\Program Files\Real\RealPlayer\realplayer.exe [C:\Program Files\Real\RealPlayer\realplayer.exe:*:Enabled:RealPlayer] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe -> C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe [C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe:*:Disabled:DXP SyncML Module] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 13:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe -> C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe [C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Disabled:mRouterRuntime Module] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe -> C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe [C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 08/02/2008 22:32:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitDownload\BitDownload.exe -> C:\Program Files\BitDownload\BitDownload.exe [C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3B0.tmp\ossproxy.exe -> C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3B0.tmp\ossproxy.exe [C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3B0.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> BitTorrent, Inc. [Ver = 2.0.0.9123 | Size = 288576 bytes | Modified Date = 31/03/2008 19:58:13 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3D2.tmp\ossproxy.exe -> C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3D2.tmp\ossproxy.exe [C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\~os3D2.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\LMI411.tmp\lmi_rescue.exe -> C:\WINDOWS\LMI411.tmp\lmi_rescue.exe [C:\WINDOWS\LMI411.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\WZSE0.TMP\SymNRT.exe -> C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\WZSE0.TMP\SymNRT.exe [C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 15/11/2007 14:10:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free.] -> Skype Technologies S.A. [Ver = 3.0.0.216 | Size = 25370152 bytes | Modified Date = 05/02/2007 18:35:20 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{87ED0753-0D8A-4B71-9007-B86F5F0FDF9D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{3E1EBEF3-F3EE-4B88-9CC1-43911567E4CB} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FC9F923B-D0AE-4A6A-BDCB-2BF12AC5FDBD} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{0C197A3C-8F2A-4C47-9364-9A8664F25563} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 08:56:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 08:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> (binary data) -> [Files/Folders - Created Within 90 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 10/04/2008 23:57:03 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 07/04/2008 18:02:56 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535891968 bytes | Created Date = 09/04/2008 19:12:17 | Attr = HS] OEMSettings -> %SystemDrive%\OEMSettings -> [Folder | Created Date = 31/03/2008 20:20:49 | Attr = ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 06/03/2008 00:24:04 | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 06/03/2008 21:41:11 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Created Date = 10/03/2008 20:27:50 | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/03/2008 00:24:04 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 06/03/2008 21:41:11 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 10/03/2008 20:27:50 | Attr = H ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 10/04/2008 22:05:17 | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 08/04/2008 20:54:26 | Attr = ] coh_mon.cat -> %SystemRoot%\System32\drivers\coh_mon.cat -> [Ver = | Size = 10537 bytes | Created Date = 15/01/2008 18:54:42 | Attr = ] COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf -> [Ver = | Size = 706 bytes | Created Date = 15/01/2008 14:28:00 | Attr = ] COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23904 bytes | Created Date = 13/01/2008 03:32:00 | Attr = ] RimSerial.sys -> %SystemRoot%\System32\drivers\RimSerial.sys -> Research in Motion Ltd [Ver = 2.1.0.4 | Size = 26496 bytes | Created Date = 22/03/2008 21:40:54 | Attr = R ] srtsp.cat -> %SystemRoot%\System32\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Created Date = 01/02/2008 23:55:22 | Attr = ] srtsp.inf -> %SystemRoot%\System32\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Created Date = 04/02/2008 21:27:50 | Attr = ] srtsp.sys -> %SystemRoot%\System32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 279088 bytes | Created Date = 01/02/2008 02:51:16 | Attr = ] srtspl.cat -> %SystemRoot%\System32\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Created Date = 01/02/2008 23:55:22 | Attr = ] srtspl.inf -> %SystemRoot%\System32\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Created Date = 04/02/2008 21:27:50 | Attr = ] srtspl.sys -> %SystemRoot%\System32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 317616 bytes | Created Date = 01/02/2008 02:51:16 | Attr = ] srtspx.cat -> %SystemRoot%\System32\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Created Date = 01/02/2008 23:55:22 | Attr = ] srtspx.inf -> %SystemRoot%\System32\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Created Date = 04/02/2008 21:27:50 | Attr = ] srtspx.sys -> %SystemRoot%\System32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 43696 bytes | Created Date = 01/02/2008 02:51:16 | Attr = ] symdns.sys -> %SystemRoot%\System32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 13616 bytes | Created Date = 05/02/2008 20:34:44 | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10563 bytes | Created Date = 06/04/2008 22:18:22 | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 06/04/2008 22:18:22 | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.3.2 | Size = 123952 bytes | Created Date = 06/04/2008 22:18:22 | Attr = ] symfw.sys -> %SystemRoot%\System32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 96432 bytes | Created Date = 05/02/2008 20:34:44 | Attr = ] symids.sys -> %SystemRoot%\System32\drivers\symids.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 38576 bytes | Created Date = 05/02/2008 20:34:44 | Attr = ] SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 31408 bytes | Created Date = 06/02/2008 22:43:54 | Attr = ] symndis.sys -> %SystemRoot%\System32\drivers\symndis.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 37424 bytes | Created Date = 05/02/2008 20:34:44 | Attr = ] symndisv.sys -> %SystemRoot%\System32\drivers\symndisv.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 41008 bytes | Created Date = 05/02/2008 20:34:44 | Attr = ] SymRedir.cat -> %SystemRoot%\System32\drivers\SymRedir.cat -> [Ver = | Size = 13021 bytes | Created Date = 06/02/2008 22:43:54 | Attr = ] SymRedir.inf -> %SystemRoot%\System32\drivers\SymRedir.inf -> [Ver = | Size = 1612 bytes | Created Date = 05/02/2008 20:34:44 | Attr = ] symredrv.sys -> %SystemRoot%\System32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 22320 bytes | Created Date = 05/02/2008 20:34:44 | Attr = ] symtdi.sys -> %SystemRoot%\System32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 188464 bytes | Created Date = 05/02/2008 20:34:44 | Attr = ] BcJkmnnn.ini -> %SystemRoot%\System32\BcJkmnnn.ini -> [Ver = | Size = 6880 bytes | Created Date = 21/03/2008 20:41:35 | Attr = HS] edNTDcfe.ini -> %SystemRoot%\System32\edNTDcfe.ini -> [Ver = | Size = 6379 bytes | Created Date = 07/04/2008 07:00:36 | Attr = HS] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 24/02/2008 12:45:33 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Created Date = 24/02/2008 12:45:34 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 24/02/2008 12:45:33 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Created Date = 24/02/2008 12:45:34 | Attr = ] jjTuutwa.ini -> %SystemRoot%\System32\jjTuutwa.ini -> [Ver = | Size = 6642 bytes | Created Date = 06/04/2008 21:09:29 | Attr = HS] MmSAIRqr.ini -> %SystemRoot%\System32\MmSAIRqr.ini -> [Ver = | Size = 6480 bytes | Created Date = 06/04/2008 22:19:01 | Attr = HS] MmSAIRqr.ini2 -> %SystemRoot%\System32\MmSAIRqr.ini2 -> [Ver = | Size = 6480 bytes | Created Date = 10/04/2008 22:08:10 | Attr = HS] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 127 bytes | Created Date = 09/04/2008 19:26:38 | Attr = ] mUCIknmp.ini -> %SystemRoot%\System32\mUCIknmp.ini -> [Ver = | Size = 6682 bytes | Created Date = 08/04/2008 20:17:21 | Attr = HS] mUCIknmp.ini2 -> %SystemRoot%\System32\mUCIknmp.ini2 -> [Ver = | Size = 6812 bytes | Created Date = 08/04/2008 20:17:23 | Attr = HS] onpooUtv.ini -> %SystemRoot%\System32\onpooUtv.ini -> [Ver = | Size = 6362 bytes | Created Date = 08/04/2008 21:47:40 | Attr = HS] onpooUtv.ini2 -> %SystemRoot%\System32\onpooUtv.ini2 -> [Ver = | Size = 6362 bytes | Created Date = 08/04/2008 21:47:47 | Attr = HS] oYxxxGgh.ini -> %SystemRoot%\System32\oYxxxGgh.ini -> [Ver = | Size = 551 bytes | Created Date = 07/04/2008 17:42:08 | Attr = HS] pmnkICUm.dll -> %SystemRoot%\System32\pmnkICUm.dll -> [Ver = | Size = 315632 bytes | Created Date = 08/04/2008 20:17:11 | Attr = ] RCIllUvw.ini -> %SystemRoot%\System32\RCIllUvw.ini -> [Ver = | Size = 6449 bytes | Created Date = 22/03/2008 21:27:03 | Attr = HS] rightonadz-uninst.exe -> %SystemRoot%\System32\rightonadz-uninst.exe -> [Ver = | Size = 42428 bytes | Created Date = 15/03/2008 09:02:09 | Attr = ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.3.3 | Size = 60800 bytes | Created Date = 06/04/2008 22:18:23 | Attr = ] superiorads-uninst.exe -> %SystemRoot%\System32\superiorads-uninst.exe -> [Ver = | Size = 40730 bytes | Created Date = 03/03/2008 21:08:13 | Attr = ] SymNeti.dll -> %SystemRoot%\System32\SymNeti.dll -> Symantec Corporation [Ver = 8.0.1.18 | Size = 579464 bytes | Created Date = 06/02/2008 22:43:54 | Attr = ] SymRedir.dll -> %SystemRoot%\System32\SymRedir.dll -> Symantec Corporation [Ver = 8.0.1.18 | Size = 207240 bytes | Created Date = 06/02/2008 22:43:54 | Attr = ] vtUoopno.dll -> %SystemRoot%\System32\vtUoopno.dll -> [Ver = | Size = 315632 bytes | Created Date = 08/04/2008 21:47:29 | Attr = ] VwHRYcfe.ini -> %SystemRoot%\System32\VwHRYcfe.ini -> [Ver = | Size = 6631 bytes | Created Date = 06/04/2008 09:35:19 | Attr = HS] WGOWyJjl.ini -> %SystemRoot%\System32\WGOWyJjl.ini -> [Ver = | Size = 6468 bytes | Created Date = 31/03/2008 20:02:51 | Attr = HS] wxwEdMoq.ini -> %SystemRoot%\System32\wxwEdMoq.ini -> [Ver = | Size = 6591 bytes | Created Date = 06/04/2008 14:35:16 | Attr = HS] YJPpWvut.ini -> %SystemRoot%\System32\YJPpWvut.ini -> [Ver = | Size = 6605 bytes | Created Date = 05/04/2008 11:39:57 | Attr = HS] {8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll -> %SystemRoot%\System32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll -> [Ver = 2, 0, 0, 0 | Size = 329216 bytes | Created Date = 08/04/2008 13:59:42 | Attr = ] {8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll-uninst.exe -> %SystemRoot%\System32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll-uninst.exe -> [Ver = | Size = 63882 bytes | Created Date = 08/04/2008 20:16:13 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 07/04/2008 18:03:27 | Attr = ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ftpcache -> %SystemRoot%\ftpcache -> [Folder | Created Date = 22/03/2008 20:45:35 | Attr = HS] hpqins09.dat -> %SystemRoot%\hpqins09.dat -> [Ver = | Size = 94215 bytes | Created Date = 18/01/2008 21:27:22 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 11/03/2008 20:39:24 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 09/04/2008 19:42:01 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 09/04/2008 19:42:01 | Attr = H ] _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Created Date = 10/03/2008 21:30:03 | Attr = ] Norton AntiVirus - Run Full System Scan - RUSSELL CLEWS.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - RUSSELL CLEWS.job -> [Ver = | Size = 572 bytes | Created Date = 06/04/2008 22:30:56 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 08/04/2008 20:53:03 | Attr = ] InstallShield -> %AllUsersProfile%\Application Data\InstallShield -> [Folder | Created Date = 22/03/2008 22:14:18 | Attr = ] Roxio -> %AllUsersProfile%\Application Data\Roxio -> [Folder | Created Date = 22/03/2008 21:51:54 | Attr = ] Sonic -> %AllUsersProfile%\Application Data\Sonic -> [Folder | Created Date = 18/01/2008 21:30:55 | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Created Date = 06/04/2008 22:16:37 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 03/03/2008 20:33:50 | Attr = ] BitTorrent -> %AppData%\BitTorrent -> [Folder | Created Date = 14/03/2008 20:39:28 | Attr = ] DNA -> %AppData%\DNA -> [Folder | Created Date = 14/03/2008 20:39:10 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 08/04/2008 20:55:59 | Attr = ] Image Zone Express -> %AppData%\Image Zone Express -> [Folder | Created Date = 18/01/2008 21:23:31 | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Created Date = 24/02/2008 12:45:58 | Attr = ] MetaProducts -> %AppData%\MetaProducts -> [Folder | Created Date = 20/01/2008 16:34:45 | Attr = ] Roxio -> %AppData%\Roxio -> [Folder | Created Date = 22/03/2008 22:37:16 | Attr = ] DNA -> %UserProfile%\Local Settings\Application Data\DNA -> [Folder | Created Date = 14/03/2008 20:39:12 | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 136 bytes | Created Date = 18/01/2008 21:33:33 | Attr = ] HP -> %UserProfile%\Local Settings\Application Data\HP -> [Folder | Created Date = 18/01/2008 21:33:38 | Attr = ] IsolatedStorage -> %UserProfile%\Local Settings\Application Data\IsolatedStorage -> [Folder | Created Date = 18/01/2008 21:33:51 | Attr = ] 1_nap_szabadnap.doc -> %UserProfile%\My Documents\1_nap_szabadnap.doc -> [Ver = | Size = 20992 bytes | Created Date = 30/01/2008 20:27:33 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\1_nap_szabadnap.doc:Zone.Identifier BitDownload -> %UserProfile%\My Documents\BitDownload -> [Folder | Created Date = 03/03/2008 21:06:36 | Attr = ] Card details.wps -> %UserProfile%\My Documents\Card details.wps -> [Ver = | Size = 14336 bytes | Created Date = 14/01/2008 20:08:25 | Attr = ] forditas balazsnak 2008 wine -> %UserProfile%\My Documents\forditas balazsnak 2008 wine -> [Folder | Created Date = 20/01/2008 14:30:22 | Attr = ] Interprint Albums -> %UserProfile%\My Documents\Interprint Albums -> [Folder | Created Date = 05/04/2008 11:19:09 | Attr = ] Job Experience Kati modified.doc -> %UserProfile%\My Documents\Job Experience Kati modified.doc -> [Ver = | Size = 2581 bytes | Created Date = 05/04/2008 22:19:19 | Attr = ] Job Experience Kati.doc -> %UserProfile%\My Documents\Job Experience Kati.doc -> [Ver = | Size = 2611 bytes | Created Date = 30/01/2008 20:25:26 | Attr = ] Kati business card 2.jbc -> %UserProfile%\My Documents\Kati business card 2.jbc -> [Ver = | Size = 757 bytes | Created Date = 09/02/2008 17:07:26 | Attr = ] Kati Business card.jbc -> %UserProfile%\My Documents\Kati Business card.jbc -> [Ver = | Size = 703 bytes | Created Date = 09/02/2008 16:40:50 | Attr = ] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Created Date = 18/01/2008 21:34:22 | Attr = ] My DVDs -> %UserProfile%\My Documents\My DVDs -> [Folder | Created Date = 26/02/2008 20:52:43 | Attr = S] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Created Date = 03/03/2008 20:42:58 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 927 bytes | Created Date = 03/03/2008 20:44:49 | Attr = ] My Skype Content -> %UserProfile%\My Documents\My Skype Content -> [Folder | Created Date = 15/03/2008 18:17:57 | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Created Date = 19/02/2008 12:09:29 | Attr = ] P B Situation.wps -> %UserProfile%\My Documents\P B Situation.wps -> [Ver = | Size = 18944 bytes | Created Date = 30/01/2008 21:17:16 | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 08/04/2008 20:55:02 | Attr = ] NETGEAR WN121T Smart Wizard.lnk -> %AllUsersProfile%\Desktop\NETGEAR WN121T Smart Wizard.lnk -> [Ver = | Size = 1754 bytes | Created Date = 31/03/2008 20:20:32 | Attr = ] Norton AntiVirus.lnk -> %AllUsersProfile%\Desktop\Norton AntiVirus.lnk -> [Ver = | Size = 1963 bytes | Created Date = 06/04/2008 22:27:56 | Attr = ] Router Login.url -> %AllUsersProfile%\Desktop\Router Login.url -> [Ver = | Size = 172 bytes | Created Date = 28/03/2008 20:58:55 | Attr = R ] aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe -> [Ver = | Size = 19871600 bytes | Created Date = 08/04/2008 21:13:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\aaw2007.exe:Zone.Identifier Audacity.lnk -> %UserProfile%\Desktop\Audacity.lnk -> [Ver = | Size = 630 bytes | Created Date = 24/02/2008 13:05:31 | Attr = ] AudioConverter569.exe -> %UserProfile%\Desktop\AudioConverter569.exe -> [Ver = | Size = 8098304 bytes | Created Date = 17/03/2008 22:17:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\AudioConverter569.exe:Zone.Identifier avgas-setup-7.5.1.43-3339.exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe -> [Ver = | Size = 14113576 bytes | Created Date = 08/04/2008 20:51:26 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe:Zone.Identifier ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1695140 bytes | Created Date = 10/04/2008 23:54:26 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 07/04/2008 18:01:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Created Date = 10/04/2008 23:48:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\erunt-setup.exe:Zone.Identifier ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 592 bytes | Created Date = 10/04/2008 23:49:37 | Attr = ] fix.bat -> %UserProfile%\Desktop\fix.bat -> [Ver = | Size = 53 bytes | Created Date = 10/04/2008 21:59:32 | Attr = ] fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 129 bytes | Created Date = 10/04/2008 23:53:18 | Attr = ] FixIEDef.exe -> %UserProfile%\Desktop\FixIEDef.exe -> [Ver = 1.3.10.3351 | Size = 472741 bytes | Created Date = 08/04/2008 20:44:58 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\FixIEDef.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 10/04/2008 18:51:20 | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 10/04/2008 18:50:34 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier Juicy Business Cards.lnk -> %UserProfile%\Desktop\Juicy Business Cards.lnk -> [Ver = | Size = 653 bytes | Created Date = 02/02/2008 17:12:37 | Attr = ] NAV081550.exe -> %UserProfile%\Desktop\NAV081550.exe -> [Ver = | Size = 65119392 bytes | Created Date = 06/04/2008 17:40:01 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\NAV081550.exe:Zone.Identifier Norton_Removal_Tool.exe -> %UserProfile%\Desktop\Norton_Removal_Tool.exe -> [Ver = | Size = 667648 bytes | Created Date = 06/04/2008 17:55:51 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Norton_Removal_Tool.exe:Zone.Identifier NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Created Date = 10/04/2008 23:49:37 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Created Date = 10/04/2008 22:00:34 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 11/04/2008 19:25:38 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Created Date = 11/04/2008 19:25:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Oval_3D_rc.jpg -> %UserProfile%\Desktop\Oval_3D_rc.jpg -> [Ver = | Size = 20721 bytes | Created Date = 30/01/2008 20:50:07 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Desktop\Oval_3D_rc.jpg:Roxio EMC Stream @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Oval_3D_rc.jpg:Zone.Identifier Panda ActiveScan.url -> %UserProfile%\Desktop\Panda ActiveScan.url -> [Ver = | Size = 141 bytes | Created Date = 08/04/2008 20:47:54 | Attr = ] Resume Adobe Downloads.lnk -> %UserProfile%\Desktop\Resume Adobe Downloads.lnk -> [Ver = | Size = 1717 bytes | Created Date = 11/03/2008 20:56:27 | Attr = ] smitRem -> %UserProfile%\Desktop\smitRem -> [Folder | Created Date = 08/04/2008 21:50:58 | Attr = ] smitRem.exe -> %UserProfile%\Desktop\smitRem.exe -> [Ver = | Size = 383836 bytes | Created Date = 08/04/2008 20:47:07 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\smitRem.exe:Zone.Identifier HP Photosmart Premier Fast Start.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk -> [Ver = | Size = 798 bytes | Created Date = 18/01/2008 21:30:22 | Attr = ] NETGEAR WN121T Smart Wizard.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WN121T Smart Wizard.lnk -> [Ver = | Size = 1770 bytes | Created Date = 31/03/2008 20:20:32 | Attr = ] ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Created Date = 10/04/2008 23:49:41 | Attr = ] Roxio Shared -> %CommonProgramFiles%\Roxio Shared -> [Folder | Created Date = 22/03/2008 21:47:55 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 03/03/2008 20:34:20 | Attr = HS] [Files/Folders - Modified Within 90 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 10/04/2008 23:57:04 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 09/04/2008 19:28:33 | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 07/04/2008 18:02:56 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 08/04/2008 21:22:53 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535891968 bytes | Modified Date = 10/04/2008 22:11:46 | Attr = HS] Netgear -> %SystemDrive%\Netgear -> [Folder | Modified Date = 29/03/2008 08:52:06 | Attr = ] OEMSettings -> %SystemDrive%\OEMSettings -> [Folder | Modified Date = 31/03/2008 20:20:49 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/04/2008 23:49:36 | Attr = R ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 06/03/2008 00:24:04 | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 06/03/2008 21:41:11 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/03/2008 20:27:50 | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/03/2008 00:24:04 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/03/2008 21:41:11 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/03/2008 20:27:50 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/04/2008 22:20:58 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 10/04/2008 22:05:17 | Attr = ] coh_mon.cat -> %SystemRoot%\System32\drivers\coh_mon.cat -> [Ver = | Size = 10537 bytes | Modified Date = 06/03/2008 21:32:09 | Attr = ] COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf -> [Ver = | Size = 706 bytes | Modified Date = 06/03/2008 21:32:09 | Attr = ] COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23904 bytes | Modified Date = 06/03/2008 21:32:09 | Attr = ] srtsp.cat -> %SystemRoot%\System32\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Modified Date = 01/02/2008 23:55:22 | Attr = ] srtsp.inf -> %SystemRoot%\System32\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Modified Date = 04/02/2008 21:27:50 | Attr = ] srtsp.sys -> %SystemRoot%\System32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 279088 bytes | Modified Date = 01/02/2008 02:51:16 | Attr = ] srtspl.cat -> %SystemRoot%\System32\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Modified Date = 01/02/2008 23:55:22 | Attr = ] srtspl.inf -> %SystemRoot%\System32\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Modified Date = 04/02/2008 21:27:50 | Attr = ] srtspl.sys -> %SystemRoot%\System32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 317616 bytes | Modified Date = 01/02/2008 02:51:16 | Attr = ] srtspx.cat -> %SystemRoot%\System32\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Modified Date = 01/02/2008 23:55:22 | Attr = ] srtspx.inf -> %SystemRoot%\System32\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Modified Date = 04/02/2008 21:27:50 | Attr = ] srtspx.sys -> %SystemRoot%\System32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 43696 bytes | Modified Date = 01/02/2008 02:51:16 | Attr = ] symdns.sys -> %SystemRoot%\System32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 13616 bytes | Modified Date = 05/02/2008 20:34:44 | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10563 bytes | Modified Date = 06/04/2008 22:22:52 | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 06/04/2008 22:22:52 | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.3.2 | Size = 123952 bytes | Modified Date = 06/04/2008 22:22:52 | Attr = ] symfw.sys -> %SystemRoot%\System32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 96432 bytes | Modified Date = 05/02/2008 20:34:44 | Attr = ] symids.sys -> %SystemRoot%\System32\drivers\symids.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 38576 bytes | Modified Date = 05/02/2008 20:34:44 | Attr = ] SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 31408 bytes | Modified Date = 06/02/2008 22:43:54 | Attr = ] symndis.sys -> %SystemRoot%\System32\drivers\symndis.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 37424 bytes | Modified Date = 05/02/2008 20:34:44 | Attr = ] symndisv.sys -> %SystemRoot%\System32\drivers\symndisv.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 41008 bytes | Modified Date = 05/02/2008 20:34:44 | Attr = ] SymRedir.cat -> %SystemRoot%\System32\drivers\SymRedir.cat -> [Ver = | Size = 13021 bytes | Modified Date = 06/02/2008 22:43:54 | Attr = ] SymRedir.inf -> %SystemRoot%\System32\drivers\SymRedir.inf -> [Ver = | Size = 1612 bytes | Modified Date = 05/02/2008 20:34:44 | Attr = ] symredrv.sys -> %SystemRoot%\System32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 22320 bytes | Modified Date = 05/02/2008 20:34:44 | Attr = ] symtdi.sys -> %SystemRoot%\System32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 188464 bytes | Modified Date = 05/02/2008 20:34:44 | Attr = ] BcJkmnnn.ini -> %SystemRoot%\System32\BcJkmnnn.ini -> [Ver = | Size = 6880 bytes | Modified Date = 31/03/2008 20:59:16 | Attr = HS] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 08/04/2008 21:49:06 | Attr = ] 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 10/04/2008 22:12:23 | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 09/04/2008 23:51:22 | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 08/04/2008 20:54:26 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 03/03/2008 20:42:34 | Attr = ] edNTDcfe.ini -> %SystemRoot%\System32\edNTDcfe.ini -> [Ver = | Size = 6379 bytes | Modified Date = 07/04/2008 07:01:05 | Attr = HS] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 192976 bytes | Modified Date = 09/04/2008 19:40:37 | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 10/04/2008 18:49:49 | Attr = ] jjTuutwa.ini -> %SystemRoot%\System32\jjTuutwa.ini -> [Ver = | Size = 6642 bytes | Modified Date = 07/04/2008 19:08:33 | Attr = HS] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 20/01/2008 18:35:53 | Attr = ] MmSAIRqr.ini -> %SystemRoot%\System32\MmSAIRqr.ini -> [Ver = | Size = 6480 bytes | Modified Date = 10/04/2008 22:10:13 | Attr = HS] MmSAIRqr.ini2 -> %SystemRoot%\System32\MmSAIRqr.ini2 -> [Ver = | Size = 6480 bytes | Modified Date = 10/04/2008 22:08:10 | Attr = HS] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 127 bytes | Modified Date = 09/04/2008 19:26:38 | Attr = ] mUCIknmp.ini -> %SystemRoot%\System32\mUCIknmp.ini -> [Ver = | Size = 6682 bytes | Modified Date = 11/04/2008 19:26:31 | Attr = HS] mUCIknmp.ini2 -> %SystemRoot%\System32\mUCIknmp.ini2 -> [Ver = | Size = 6812 bytes | Modified Date = 11/04/2008 19:25:47 | Attr = HS] onpooUtv.ini -> %SystemRoot%\System32\onpooUtv.ini -> [Ver = | Size = 6362 bytes | Modified Date = 10/04/2008 18:48:59 | Attr = HS] onpooUtv.ini2 -> %SystemRoot%\System32\onpooUtv.ini2 -> [Ver = | Size = 6362 bytes | Modified Date = 10/04/2008 18:48:59 | Attr = HS] oYxxxGgh.ini -> %SystemRoot%\System32\oYxxxGgh.ini -> [Ver = | Size = 551 bytes | Modified Date = 07/04/2008 19:08:34 | Attr = HS] PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT -> [Ver = | Size = 54280 bytes | Modified Date = 31/03/2008 19:25:28 | Attr = ] PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT -> [Ver = | Size = 384596 bytes | Modified Date = 31/03/2008 19:25:28 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 445630 bytes | Modified Date = 31/03/2008 19:25:28 | Attr = ] pmnkICUm.dll -> %SystemRoot%\System32\pmnkICUm.dll -> [Ver = | Size = 315632 bytes | Modified Date = 08/04/2008 20:17:18 | Attr = ] RCIllUvw.ini -> %SystemRoot%\System32\RCIllUvw.ini -> [Ver = | Size = 6449 bytes | Modified Date = 22/03/2008 22:38:02 | Attr = HS] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 22/03/2008 21:41:06 | Attr = ] rightonadz-uninst.exe -> %SystemRoot%\System32\rightonadz-uninst.exe -> [Ver = | Size = 42428 bytes | Modified Date = 24/03/2008 17:16:21 | Attr = ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.3.3 | Size = 60800 bytes | Modified Date = 06/04/2008 22:22:52 | Attr = ] superiorads-uninst.exe -> %SystemRoot%\System32\superiorads-uninst.exe -> [Ver = | Size = 40730 bytes | Modified Date = 29/03/2008 10:08:44 | Attr = ] SymNeti.dll -> %SystemRoot%\System32\SymNeti.dll -> Symantec Corporation [Ver = 8.0.1.18 | Size = 579464 bytes | Modified Date = 06/02/2008 22:43:54 | Attr = ] SymRedir.dll -> %SystemRoot%\System32\SymRedir.dll -> Symantec Corporation [Ver = 8.0.1.18 | Size = 207240 bytes | Modified Date = 06/02/2008 22:43:54 | Attr = ] vtUoopno.dll -> %SystemRoot%\System32\vtUoopno.dll -> [Ver = | Size = 315632 bytes | Modified Date = 08/04/2008 21:47:34 | Attr = ] VwHRYcfe.ini -> %SystemRoot%\System32\VwHRYcfe.ini -> [Ver = | Size = 6631 bytes | Modified Date = 10/04/2008 18:48:59 | Attr = HS] WGOWyJjl.ini -> %SystemRoot%\System32\WGOWyJjl.ini -> [Ver = | Size = 6468 bytes | Modified Date = 07/04/2008 19:08:33 | Attr = HS] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 10/04/2008 22:13:01 | Attr = ] wxwEdMoq.ini -> %SystemRoot%\System32\wxwEdMoq.ini -> [Ver = | Size = 6591 bytes | Modified Date = 07/04/2008 19:08:33 | Attr = HS] YJPpWvut.ini -> %SystemRoot%\System32\YJPpWvut.ini -> [Ver = | Size = 6605 bytes | Modified Date = 05/04/2008 21:16:19 | Attr = HS] {8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll -> %SystemRoot%\System32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll -> [Ver = 2, 0, 0, 0 | Size = 329216 bytes | Modified Date = 08/04/2008 13:59:42 | Attr = ] {8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll-uninst.exe -> %SystemRoot%\System32\{8aaa8260-cab9-1c5a-d7f5-6f36c674071f}.dll-uninst.exe -> [Ver = | Size = 63882 bytes | Modified Date = 08/04/2008 20:16:13 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/04/2008 23:50:54 | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 10/04/2008 22:11:49 | Attr = S] DelMR.bat -> %SystemRoot%\DelMR.bat -> [Ver = | Size = 146 bytes | Modified Date = 10/03/2008 21:15:52 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 20/01/2008 19:10:43 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 07/04/2008 18:40:05 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 10/04/2008 23:50:41 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 05/04/2008 21:32:50 | Attr = R S] ftpcache -> %SystemRoot%\ftpcache -> [Folder | Modified Date = 22/03/2008 20:45:35 | Attr = HS] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 06/04/2008 18:01:26 | Attr = ] hpqins09.dat -> %SystemRoot%\hpqins09.dat -> [Ver = | Size = 94215 bytes | Modified Date = 18/01/2008 21:32:28 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 09/04/2008 23:50:51 | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 09/04/2008 23:51:29 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 09/04/2008 19:28:35 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 03/02/2008 13:21:23 | Attr = ] Motive -> %SystemRoot%\Motive -> [Folder | Modified Date = 26/03/2008 22:13:21 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 26/03/2008 20:48:56 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 31/03/2008 19:40:03 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/04/2008 19:26:02 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 09/04/2008 19:42:01 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/04/2008 22:18:36 | Attr = H ] SYSTEM -> %SystemRoot%\SYSTEM -> [Folder | Modified Date = 15/03/2008 10:47:20 | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 10/04/2008 23:56:58 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 06/04/2008 22:30:56 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 11/04/2008 18:10:55 | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 640 bytes | Modified Date = 10/03/2008 21:15:54 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 06/04/2008 17:54:13 | Attr = ] WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 08/04/2008 20:28:17 | Attr = ] _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Modified Date = 10/03/2008 21:30:03 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 09/04/2008 22:44:02 | Attr = ] Norton AntiVirus - Run Full System Scan - RUSSELL CLEWS.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - RUSSELL CLEWS.job -> [Ver = | Size = 572 bytes | Modified Date = 08/04/2008 00:03:48 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/04/2008 22:11:58 | Attr = H ] {B0691A6B-340D-4E0B-8C04-9B85F896C7EA}_RCLEWS_RUSSELL CLEWS.job -> %SystemRoot%\tasks\{B0691A6B-340D-4E0B-8C04-9B85F896C7EA}_RCLEWS_RUSSELL CLEWS.job -> [Ver = | Size = 406 bytes | Modified Date = 11/04/2008 10:15:01 | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 09/04/2008 19:24:42 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 09/04/2008 19:24:42 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11096 bytes | Modified Date = 08/09/2006 23:12:09 | Attr = ] CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 12 bytes | Modified Date = 04/02/2005 11:22:47 | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 29/02/2004 14:33:19 | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 772152 bytes | Modified Date = 08/04/2008 20:27:28 | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 772152 bytes | Modified Date = 08/04/2008 20:27:28 | Attr = ] IadHide5.dll -> C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 7.2.0 (Build 157R) | Size = 24613 bytes | Modified Date = 28/01/2006 20:54:52 | Attr = ] 56 C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\RUSSELL CLEWS\Local Settings\Temp\*.tmp -> asmcache.dat -> C:\WINDOWS\Temp\asmcache.dat -> [Ver = | Size = 179 bytes | Modified Date = 08/04/2008 00:08:07 | Attr = ] Perflib_Perfdata_a9c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a9c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/04/2008 22:14:05 | Attr = ] 9 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 05/04/2008 22:32:19 | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 08/04/2008 20:53:03 | Attr = ] InstallShield -> %AllUsersProfile%\Application Data\InstallShield -> [Folder | Modified Date = 22/03/2008 22:14:18 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 10/03/2008 21:28:51 | Attr = S] Napster -> %AllUsersProfile%\Application Data\Napster -> [Folder | Modified Date = 20/01/2008 19:05:45 | Attr = ] Roxio -> %AllUsersProfile%\Application Data\Roxio -> [Folder | Modified Date = 05/04/2008 21:33:20 | Attr = ] Sonic -> %AllUsersProfile%\Application Data\Sonic -> [Folder | Modified Date = 22/03/2008 22:13:06 | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 06/04/2008 22:46:52 | Attr = ] Teleca -> %AllUsersProfile%\Application Data\Teleca -> [Folder | Modified Date = 20/01/2008 19:10:00 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 03/03/2008 20:33:51 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 27/03/2008 20:15:02 | Attr = ] BitTorrent -> %AppData%\BitTorrent -> [Folder | Modified Date = 15/03/2008 10:50:42 | Attr = ] DNA -> %AppData%\DNA -> [Folder | Modified Date = 11/04/2008 19:21:41 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 08/04/2008 20:55:59 | Attr = ] Image Zone Express -> %AppData%\Image Zone Express -> [Folder | Modified Date = 18/01/2008 21:23:34 | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 24/03/2008 17:07:39 | Attr = ] MetaProducts -> %AppData%\MetaProducts -> [Folder | Modified Date = 20/01/2008 16:34:45 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 03/03/2008 20:47:18 | Attr = S] Roxio -> %AppData%\Roxio -> [Folder | Modified Date = 26/03/2008 19:40:56 | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 11/04/2008 19:19:43 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 05/04/2008 22:31:43 | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 10/04/2008 22:20:09 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 225280 bytes | Modified Date = 03/04/2008 18:47:42 | Attr = ] DNA -> %UserProfile%\Local Settings\Application Data\DNA -> [Folder | Modified Date = 14/03/2008 20:39:12 | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 136 bytes | Modified Date = 18/01/2008 21:33:33 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 51096 bytes | Modified Date = 05/04/2008 22:38:00 | Attr = ] HP -> %UserProfile%\Local Settings\Application Data\HP -> [Folder | Modified Date = 18/01/2008 21:33:38 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 758732 bytes | Modified Date = 06/04/2008 22:12:30 | Attr = H ] IsolatedStorage -> %UserProfile%\Local Settings\Application Data\IsolatedStorage -> [Folder | Modified Date = 18/01/2008 21:33:51 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 05/04/2008 19:50:24 | Attr = ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 20/01/2008 19:10:38 | Attr = R ] 1_nap_szabadnap.doc -> %UserProfile%\My Documents\1_nap_szabadnap.doc -> [Ver = | Size = 20992 bytes | Modified Date = 30/01/2008 20:27:33 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\1_nap_szabadnap.doc:Zone.Identifier BitDownload -> %UserProfile%\My Documents\BitDownload -> [Folder | Modified Date = 03/03/2008 21:06:36 | Attr = ] Card details.wps -> %UserProfile%\My Documents\Card details.wps -> [Ver = | Size = 14336 bytes | Modified Date = 14/01/2008 20:08:25 | Attr = ] forditas balazsnak 2008 wine -> %UserProfile%\My Documents\forditas balazsnak 2008 wine -> [Folder | Modified Date = 20/01/2008 14:30:57 | Attr = ] Interprint Albums -> %UserProfile%\My Documents\Interprint Albums -> [Folder | Modified Date = 05/04/2008 11:20:56 | Attr = ] Job Experience Kati modified.doc -> %UserProfile%\My Documents\Job Experience Kati modified.doc -> [Ver = | Size = 2581 bytes | Modified Date = 05/04/2008 22:27:32 | Attr = ] Job Experience Kati.doc -> %UserProfile%\My Documents\Job Experience Kati.doc -> [Ver = | Size = 2611 bytes | Modified Date = 19/02/2008 20:20:57 | Attr = ] Katalin's Documents -> %UserProfile%\My Documents\Katalin's Documents -> [Folder | Modified Date = 31/03/2008 13:06:55 | Attr = ] Kati business card 2.jbc -> %UserProfile%\My Documents\Kati business card 2.jbc -> [Ver = | Size = 757 bytes | Modified Date = 09/02/2008 17:07:26 | Attr = ] Kati Business card.jbc -> %UserProfile%\My Documents\Kati Business card.jbc -> [Ver = | Size = 703 bytes | Modified Date = 09/02/2008 16:40:50 | Attr = ] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Modified Date = 18/01/2008 21:34:23 | Attr = ] My DVDs -> %UserProfile%\My Documents\My DVDs -> [Folder | Modified Date = 26/02/2008 20:56:37 | Attr = S] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 03/03/2008 20:42:58 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 927 bytes | Modified Date = 10/03/2008 20:29:04 | Attr = ] My Skype Content -> %UserProfile%\My Documents\My Skype Content -> [Folder | Modified Date = 15/03/2008 18:17:57 | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 19/02/2008 12:09:29 | Attr = ] P B Situation.wps -> %UserProfile%\My Documents\P B Situation.wps -> [Ver = | Size = 18944 bytes | Modified Date = 30/01/2008 22:14:26 | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 08/04/2008 20:55:02 | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2341 bytes | Modified Date = 07/04/2008 00:18:33 | Attr = ] NETGEAR WN121T Smart Wizard.lnk -> %AllUsersProfile%\Desktop\NETGEAR WN121T Smart Wizard.lnk -> [Ver = | Size = 1754 bytes | Modified Date = 31/03/2008 20:20:32 | Attr = ] Norton AntiVirus.lnk -> %AllUsersProfile%\Desktop\Norton AntiVirus.lnk -> [Ver = | Size = 1963 bytes | Modified Date = 06/04/2008 22:27:56 | Attr = ] aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe -> [Ver = | Size = 19871600 bytes | Modified Date = 08/04/2008 21:13:25 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\aaw2007.exe:Zone.Identifier Audacity.lnk -> %UserProfile%\Desktop\Audacity.lnk -> [Ver = | Size = 630 bytes | Modified Date = 24/02/2008 13:05:31 | Attr = ] AudioConverter569.exe -> %UserProfile%\Desktop\AudioConverter569.exe -> [Ver = | Size = 8098304 bytes | Modified Date = 17/03/2008 22:17:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\AudioConverter569.exe:Zone.Identifier avgas-setup-7.5.1.43-3339.exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe -> [Ver = | Size = 14113576 bytes | Modified Date = 08/04/2008 20:51:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe:Zone.Identifier ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1695140 bytes | Modified Date = 10/04/2008 23:54:26 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 07/04/2008 18:01:45 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier Ebay items -> %UserProfile%\Desktop\Ebay items -> [Folder | Modified Date = 21/01/2008 21:37:16 | Attr = ] EMAIL.lnk -> %UserProfile%\Desktop\EMAIL.lnk -> [Ver = | Size = 2521 bytes | Modified Date = 06/04/2008 09:39:00 | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 10/04/2008 23:48:23 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\erunt-setup.exe:Zone.Identifier ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 592 bytes | Modified Date = 10/04/2008 23:49:37 | Attr = ] fix.bat -> %UserProfile%\Desktop\fix.bat -> [Ver = | Size = 53 bytes | Modified Date = 10/04/2008 21:59:32 | Attr = ] fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 129 bytes | Modified Date = 10/04/2008 23:53:18 | Attr = ] FixIEDef.exe -> %UserProfile%\Desktop\FixIEDef.exe -> [Ver = 1.3.10.3351 | Size = 472741 bytes | Modified Date = 08/04/2008 20:44:58 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\FixIEDef.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 10/04/2008 18:51:20 | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 10/04/2008 18:50:41 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier Juicy Business Cards.lnk -> %UserProfile%\Desktop\Juicy Business Cards.lnk -> [Ver = | Size = 653 bytes | Modified Date = 09/02/2008 16:27:01 | Attr = ] Media -> %UserProfile%\Desktop\Media -> [Folder | Modified Date = 14/03/2008 20:40:30 | Attr = ] NAV081550.exe -> %UserProfile%\Desktop\NAV081550.exe -> [Ver = | Size = 65119392 bytes | Modified Date = 01/04/2008 19:05:52 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\NAV081550.exe:Zone.Identifier Norton_Removal_Tool.exe -> %UserProfile%\Desktop\Norton_Removal_Tool.exe -> [Ver = | Size = 667648 bytes | Modified Date = 06/04/2008 17:56:07 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Norton_Removal_Tool.exe:Zone.Identifier NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Modified Date = 10/04/2008 23:49:37 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Modified Date = 10/04/2008 22:00:35 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 11/04/2008 19:25:39 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Modified Date = 11/04/2008 19:25:12 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Oval_3D_rc.jpg -> %UserProfile%\Desktop\Oval_3D_rc.jpg -> [Ver = | Size = 20721 bytes | Modified Date = 30/01/2008 20:50:07 | Attr = ] @Alternate Data Stream - 76 bytes -> %UserProfile%\Desktop\Oval_3D_rc.jpg:Roxio EMC Stream @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Oval_3D_rc.jpg:Zone.Identifier Panda ActiveScan.url -> %UserProfile%\Desktop\Panda ActiveScan.url -> [Ver = | Size = 141 bytes | Modified Date = 08/04/2008 20:47:54 | Attr = ] Resume Adobe Downloads.lnk -> %UserProfile%\Desktop\Resume Adobe Downloads.lnk -> [Ver = | Size = 1717 bytes | Modified Date = 15/03/2008 17:50:50 | Attr = ] smitRem -> %UserProfile%\Desktop\smitRem -> [Folder | Modified Date = 08/04/2008 21:50:59 | Attr = ] smitRem.exe -> %UserProfile%\Desktop\smitRem.exe -> [Ver = | Size = 383836 bytes | Modified Date = 08/04/2008 20:47:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\smitRem.exe:Zone.Identifier HP Photosmart Premier Fast Start.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk -> [Ver = | Size = 798 bytes | Modified Date = 18/01/2008 21:30:22 | Attr = ] NETGEAR WN121T Smart Wizard.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WN121T Smart Wizard.lnk -> [Ver = | Size = 1770 bytes | Modified Date = 31/03/2008 20:20:32 | Attr = ] ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Modified Date = 10/04/2008 23:49:41 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 11/03/2008 21:06:36 | Attr = ] HP -> %CommonProgramFiles%\HP -> [Folder | Modified Date = 18/01/2008 21:29:52 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 22/03/2008 21:51:40 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 06/04/2008 17:54:13 | Attr = ] Roxio Shared -> %CommonProgramFiles%\Roxio Shared -> [Folder | Modified Date = 05/04/2008 21:34:02 | Attr = ] Sonic Shared -> %CommonProgramFiles%\Sonic Shared -> [Folder | Modified Date = 05/04/2008 21:33:47 | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 08/04/2008 20:20:43 | Attr = ] Teleca Shared -> %CommonProgramFiles%\Teleca Shared -> [Folder | Modified Date = 10/03/2008 21:16:02 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 03/03/2008 20:41:27 | Attr = HS] < End of report > [/code]