1-Results of system analysis
Kaspersky Virus Removal Tool 11.0.0.1245 (database released 18/08/2011; 20:42)
List of processes
File name PID Description Copyright MD5 Information
c:\program files\avg\avg9\avgtray.exe
Script: Quarantine, Delete, BC delete, Terminate 924 AVG Tray Monitor Copyright © 2011 AVG Technologies CZ, s.r.o. ?? 2023.34 kb, rsAh,
created: 16.07.2010 13:32:51,
modified: 15.03.2011 09:13:53
Command line:
"C:\Program Files\AVG\AVG9\avgtray.exe"
Detected:69, recognized as trusted 69
Module name Handle Description Copyright MD5 Used by processes
C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
Script: Quarantine, Delete, BC delete 1888550912 MFCDLL Shared Library - Retail Version © Microsoft Corporation. All rights reserved. -- 924
C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
Script: Quarantine, Delete, BC delete 1899364352 MFC Language Specific Resources © Microsoft Corporation. All rights reserved. -- 924
Modules detected:580, recognized as trusted 578
Kernel Space Modules Viewer
Module Base address Size in memory Description Manufacturer
C:\Windows\System32\Drivers\dump_atapi.sys
Script: Quarantine, Delete, BC delete 86DD4000 008000 (32768)
C:\Windows\System32\Drivers\dump_dumpata.sys
Script: Quarantine, Delete, BC delete 8BBF4000 00B000 (45056)
C:\Users\user\AppData\Local\Temp\kxldapob.sys
Script: Quarantine, Delete, BC delete ADE4C000 019000 (102400)
Modules detected - 156, recognized as trusted - 153
Services
Service Description Status File Group Dependencies
Detected - 134, recognized as trusted - 134
Drivers
Service Description Status File Group Dependencies
blbdrive
Driver: Unload, Delete, Disable, BC delete blbdrive Not started C:\Windows\system32\drivers\blbdrive.sys
Script: Quarantine, Delete, BC delete
catchme
Driver: Unload, Delete, Disable, BC delete catchme Not started C:\Users\user\AppData\Local\Temp\catchme.sys
Script: Quarantine, Delete, BC delete Base
IpInIp
Driver: Unload, Delete, Disable, BC delete IP in IP Tunnel Driver Not started C:\Windows\system32\DRIVERS\ipinip.sys
Script: Quarantine, Delete, BC delete Tcpip
NwlnkFlt
Driver: Unload, Delete, Disable, BC delete IPX Traffic Filter Driver Not started C:\Windows\system32\DRIVERS\nwlnkflt.sys
Script: Quarantine, Delete, BC delete NwlnkFwd
NwlnkFwd
Driver: Unload, Delete, Disable, BC delete IPX Traffic Forwarder Driver Not started C:\Windows\system32\DRIVERS\nwlnkfwd.sys
Script: Quarantine, Delete, BC delete
SABProcEnum
Driver: Unload, Delete, Disable, BC delete SABProcEnum Not started C:\Program Files\Internet Explorer\SABProcEnum.sys
Script: Quarantine, Delete, BC delete
Detected - 237, recognized as trusted - 231
Autoruns
File name Status Startup method Description
C:\Users\user\AppData\Local\Temp\_uninst_46903274.bat
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_46903274.lnk,
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeCell.LNK
Script: Quarantine, Delete, BC delete Active File in Autoruns folder C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeCell.LNK,
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Script: Quarantine, Delete, BC delete Active File in Autoruns folder C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk,
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Script: Quarantine, Delete, BC delete Active File in Autoruns folder C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk,
C:\WindowsSystem32\IoLogMsg.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid, EventMessageFile
C:\Windows\System32\appmgmts.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll
Delete
C:\Windows\System32\igmpv2.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
C:\Windows\System32\ipbootp.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
C:\Windows\System32\iprip2.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
C:\Windows\System32\ws03res.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP, EventMessageFile
C:\Windows\system32\psxss.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
progman.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, shell
Delete
rdpclip
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms
Delete
vgafix.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon
Delete
vgaoem.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon
Delete
vgasys.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon
Delete
Autoruns items detected - 665, recognized as trusted - 649
Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)
File name Type Description Manufacturer CLSID
C:\Program Files\AVG\AVG8\avgssie.dll
Script: Quarantine, Delete, BC delete BHO {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Delete
Extension module {2670000A-7350-4f3c-8081-5663EE0C6C49}
Delete
Extension module {92780B25-18CC-41C8-B9BE-3C9C571A8263}
Delete
Elements detected - 14, recognized as trusted - 11
Windows Explorer extension modules
File name Destination Description Manufacturer CLSID
IE User Assist {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}
Delete
lnkfile {00020d75-0000-0000-c000-000000000046}
Delete
Color Control Panel Applet {b2c761c6-29bc-4f19-9251-e6195265baf1}
Delete
Add New Hardware {7A979262-40CE-46ff-AEEE-7884AC3B6136}
Delete
Get Programs Online {3e7efb4c-faf1-453d-89eb-56026875ef90}
Delete
Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Delete
ActiveDirectory Folder {1b24a030-9b20-49bc-97ac-1be4426f9e59}
Delete
ActiveDirectory Folder {34449847-FD14-4fc8-A75A-7432F5181EFB}
Delete
Sam Account Folder {C8494E42-ACDD-4739-B0FB-217361E4894F}
Delete
Sam Account Folder {E29F9716-5C08-4FCD-955A-119FDB5A522D}
Delete
Control Panel command object for Start menu {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
Delete
Default Programs command object for Start menu {E44E5D18-0652-4508-A4E2-8A090067BCB0}
Delete
Folder Options {6dfd7c5c-2451-11d3-a299-00c04f8ef6af}
Delete
Explorer Query Band {2C2577C2-63A7-40e3-9B7F-586602617ECB}
Delete
View Available Networks {38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}
Delete
Contacts folder {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
Delete
Windows Firewall {4026492f-2f69-46b8-b9bf-5654fc07e423}
Delete
Problem Reports and Solutions {fcfeecae-ee1b-4849-ae50-685dcf7717ec}
Delete
iSCSI Initiator {a304259d-52b8-4526-8b1a-a1d6cecc8243}
Delete
.cab or .zip files {911051fa-c21c-4246-b470-070cd8df6dc4}
Delete
Windows Search Shell Service {da67b8ad-e81b-4c70-9b91b417b5e33527}
Delete
Microsoft.ScannersAndCameras {00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}
Delete
Windows Sidebar Properties {37efd44d-ef8d-41b1-940d-96973a50e9e0}
Delete
Windows Features {67718415-c450-4f3c-bf8a-b487642dc39b}
Delete
Windows Defender {d8559eb9-20c0-410e-beda-7ed416aecc2a}
Delete
Mobility Center Control Panel {5ea4f148-308c-46d7-98a9-49041b1dd468}
Delete
User Accounts {7A9D77BD-5403-11d2-8785-2E0420524153}
Delete
AVG Find Extension {9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
Delete
Elements detected - 285, recognized as trusted - 257
Printing system extensions (print monitors, providers)
File name Type Name Description Manufacturer
C:\Users\user\AppData\Local\Temp\8D6.tmp
Script: Quarantine, Delete, BC delete Provider
Elements detected - 8, recognized as trusted - 7
Task Scheduler jobs
File name Job name Job status Description Manufacturer
Elements detected - 3, recognized as trusted - 3
SPI/LSP settings
Namespace providers (NSP) Provider Status EXE file Description GUID
Detected - 6, recognized as trusted - 6
Transport protocol providers (TSP, LSP) Provider EXE file Description
Detected - 18, recognized as trusted - 18
Results of automatic SPI settings check LSP settings checked. No errors detected
TCP/UDP ports
Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [940] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
10110 LISTENING 0.0.0.0 0 [3040] c:\program files\avg\avg9\avgemc.exe
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [620] c:\windows\system32\wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [1076] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [1124] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [676] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49156 LISTENING 0.0.0.0 0 [664] c:\windows\system32\services.exe
Script: Quarantine, Delete, BC delete, Terminate
50093 CLOSE_WAIT 91.213.208.37 80 [1656] c:\program files\lavasoft\ad-aware\aawservice.exe
Script: Quarantine, Delete, BC delete, Terminate
50217 CLOSE_WAIT 72.14.204.101 80 [1396] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
123 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [1124] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [1124] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1460] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49642 LISTENING -- -- [1124] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
54299 LISTENING -- -- [4396] c:\program files\internet explorer\iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate
55223 LISTENING -- -- [4456] c:\program files\internet explorer\iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate
58806 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58807 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
62909 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
Downloaded Program Files (DPF)
File name Description Manufacturer CLSID Source URL
Elements detected - 8, recognized as trusted - 8
Control Panel Applets (CPL)
File name Description Manufacturer
Elements detected - 24, recognized as trusted - 24
Active Setup
File name Description Manufacturer CLSID
Elements detected - 10, recognized as trusted - 10
HOSTS file
Hosts file record
127.0.0.1 localhost
Clear Hosts file
Protocols and handlers
File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
C:\Program Files\AVG\AVG8\avgpp.dll
Script: Quarantine, Delete, BC delete Handler (linkscanner: ExPLabs.com Pluggable Protocol) {F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
Delete
Elements detected - 17, recognized as trusted - 13
Suspicious objects
File Description Type
--------------------------------------------------------------------------------
Main script of analysis
Windows version: Windows Vista Home Premium, Build=6002, SP="Service Pack 2"
System Restore: enabled
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
IAT modification detected: CreateProcessA - 01B60010<>77321C28
IAT modification detected: GetModuleFileNameA - 01B60080<>7736B8DD
IAT modification detected: FreeLibrary - 01B600F0<>77363FA4
IAT modification detected: GetModuleFileNameW - 01B60160<>7736B49E
IAT modification detected: CreateProcessW - 01B601D0<>77321BF3
IAT modification detected: LoadLibraryW - 01B602B0<>77349400
IAT modification detected: LoadLibraryA - 01B60320<>7734957C
IAT modification detected: GetProcAddress - 01B60390<>7736925B
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=137B00)
Kernel ntkrnlpa.exe found in memory at address 82007000
SDT = 8213EB00
KiST = 820B386C (391)
Functions checked: 391, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
CmpCallCallBacks = 00000000
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking of IRP handlers
Driver loaded successfully
Checking - complete
Latent loading of libraries through AppInit_DLLs suspected: "avgrsstx.dll"
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Disable HDD autorun
>> Disable autorun from network drives
>> Disable CD/DVD autorun
>> Disable removable media autorun
>> Windows Explorer - show extensions of known file types
System Analysis in progress
System Analysis - complete
Script commands
Add commands to script:Blocking hooks using Anti-RootkitEnable AVZGuardOperations with AVZPM (true=enable,false=disable)BootCleaner - import list of deleted filesBootCleaner - import allRegistry cleanup after deleting filesExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizardBootCleaner - activateRebootInsert template for QuarantineFile() - quarantining fileInsert template for BC_QrFile() - quarantining file via BootCleanerInsert template for DeleteFile() - deleting fileInsert template for DelCLSID() - deleting CLSID item from registryAdditional operations:Performance tweaking: disable service TermService (Terminal Services)Performance tweaking: disable service SSDPSRV (SSDP Discovery)Performance tweaking: disable service Schedule (Task Scheduler)Security tweaking: disable CD autorunSecurity tweaking: disable administrative sharesSecurity tweaking: disable anonymous user accessSecurity: disable sending Remote Assistant queries--------------------------------------------------------------------------------
File list
2-
<?xml version="1.0" encoding="WINDOWS-1251"?>
<!-- AVZ XML Report -->
-<AVZ CompHash="9EE30112FDD78C7256F66D165817DC44" MainDBDate="12/30/1899" IsSRDisabled="False" IsAdmin="True" IsWow64="False" Session="" ProfileDir="C:\Users\user" OS_CSDV="Service Pack 2" BootMode="0" OS_Build="6002" OS_MiVer="0" OS_MjVer="6" WinDir="C:\Windows\" LogDate="19.08.2011 11:33:26" Version="4.35"> -<PROCESS> <ITEM MD5="035A4DC0EA6506F422EBF388DE9EE720" ChageDate="15.03.2011 09:13:53" CreateDate="16.07.2010 13:32:51" Attr="rsAh" Size="2071904" CmdLine=""C:\Program Files\AVG\AVG9\avgtray.exe" " Hidden="0" LegalCopyright="Copyright © 2011 AVG Technologies CZ, s.r.o." Descr="AVG Tray Monitor" CheckResult="0" File="c:\program files\avg\avg9\avgtray.exe" PID="924"/> </PROCESS> -<DLL> <ITEM MD5="E2C48CD0132D4D1DC7D0DF9A6BEF686A" ChageDate="22.06.2011 09:07:08" CreateDate="22.06.2011 09:07:08" Attr="rsAh" Size="1093120" Hidden="0" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="MFCDLL Shared Library - Retail Version" CheckResult="-1" File="C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL" UsedBy="924"/> <ITEM MD5="28A09777D2D952122567A8A82F1A2C7B" ChageDate="22.06.2011 09:07:33" CreateDate="22.06.2011 09:07:33" Attr="rsAh" Size="57344" Hidden="0" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="MFC Language Specific Resources" CheckResult="-1" File="C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL" UsedBy="924"/> </DLL> -<KERNELOBJ> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_atapi.sys" MemSize="008000" Base="86DD4000"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_dumpata.sys" MemSize="00B000" Base="8BBF4000"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Users\user\AppData\Local\Temp\kxldapob.sys" MemSize="019000" Base="ADE4C000"/> </KERNELOBJ> <Service> </Service> -<Drivers> <ITEM CheckResult="-1" File="C:\Windows\system32\drivers\blbdrive.sys" State="1" Type="1" Name="blbdrive"/> <ITEM CheckResult="-1" File="C:\Users\user\AppData\Local\Temp\catchme.sys" State="1" Type="1" Name="catchme"/> <ITEM CheckResult="-1" File="C:\Windows\system32\DRIVERS\ipinip.sys" State="1" Type="1" Name="IpInIp"/> <ITEM CheckResult="-1" File="C:\Windows\system32\DRIVERS\nwlnkflt.sys" State="1" Type="1" Name="NwlnkFlt"/> <ITEM CheckResult="-1" File="C:\Windows\system32\DRIVERS\nwlnkfwd.sys" State="1" Type="1" Name="NwlnkFwd"/> <ITEM CheckResult="-1" File="C:\Program Files\Internet Explorer\SABProcEnum.sys" State="1" Type="1" Name="SABProcEnum"/> </Drivers> -<AUTORUN> <ITEM MD5="EF3D52CB72319BCBAEE0DD42DC78102F" ChageDate="19.08.2011 08:44:27" CreateDate="19.08.2011 08:44:27" Attr="rsAh" Size="360" CheckResult="-1" File="C:\Users\user\AppData\Local\Temp\_uninst_46903274.bat" Type="LNK" X3="" X2="C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_46903274.lnk" X1="C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" Enabled="1"/> <ITEM MD5="EE2806115EA2DCF09A999B802BDC7F6C" ChageDate="13.08.2007 09:44:54" CreateDate="13.08.2007 09:44:54" Attr="rsAh" Size="136" CheckResult="-1" File="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeCell.LNK" Type="FILE" X3="" X2="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeCell.LNK" X1="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\" Enabled="1"/> <ITEM MD5="3445F5DC2958D760AF93147BD77E79E0" ChageDate="02.11.2006 08:50:41" CreateDate="03.08.2007 17:38:25" Attr="rsAh" Size="258" CheckResult="-1" File="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk" Type="FILE" X3="" X2="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk" X1="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\" Enabled="1"/> <ITEM MD5="306651F625C0094DCF5E16EC32358014" ChageDate="02.11.2006 08:50:41" CreateDate="03.08.2007 17:38:25" Attr="rsAh" Size="240" CheckResult="-1" File="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk" Type="FILE" X3="" X2="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk" X1="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\" Enabled="1"/> <ITEM CheckResult="-1" File="C:\WindowsSystem32\IoLogMsg.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\appmgmts.dll" Type="REG" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\igmpv2.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\ipbootp.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\iprip2.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\ws03res.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\system32\psxss.exe" Type="REG" X3="Posix" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="progman.exe" Type="REG" X3="shell" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="rdpclip" Type="REG" X3="StartupPrograms" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="vgafix.fon" Type="REG" X3="fixedfon.fon" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="vgaoem.fon" Type="REG" X3="oemfonts.fon" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="vgasys.fon" Type="REG" X3="fonts.fon" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> </AUTORUN> -<BHO> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files\AVG\AVG8\avgssie.dll" Enabled="1" CLSID="{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" BHOType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{2670000A-7350-4f3c-8081-5663EE0C6C49}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" BHOType="3"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{92780B25-18CC-41C8-B9BE-3C9C571A8263}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" BHOType="3"/> </BHO> -<ExplorerExt> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="IE User Assist" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{00020d75-0000-0000-c000-000000000046}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="lnkfile" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{b2c761c6-29bc-4f19-9251-e6195265baf1}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Color Control Panel Applet" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{7A979262-40CE-46ff-AEEE-7884AC3B6136}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Add New Hardware" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{3e7efb4c-faf1-453d-89eb-56026875ef90}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Get Programs Online" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Taskbar and Start Menu" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{1b24a030-9b20-49bc-97ac-1be4426f9e59}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="ActiveDirectory Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{34449847-FD14-4fc8-A75A-7432F5181EFB}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="ActiveDirectory Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{C8494E42-ACDD-4739-B0FB-217361E4894F}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Sam Account Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E29F9716-5C08-4FCD-955A-119FDB5A522D}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Sam Account Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Control Panel command object for Start menu" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E44E5D18-0652-4508-A4E2-8A090067BCB0}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Default Programs command object for Start menu" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Folder Options" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{2C2577C2-63A7-40e3-9B7F-586602617ECB}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Explorer Query Band" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="View Available Networks" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Contacts folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{4026492f-2f69-46b8-b9bf-5654fc07e423}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Firewall" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Problem Reports and Solutions" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{a304259d-52b8-4526-8b1a-a1d6cecc8243}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="iSCSI Initiator" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{911051fa-c21c-4246-b470-070cd8df6dc4}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName=".cab or .zip files" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{da67b8ad-e81b-4c70-9b91b417b5e33527}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Search Shell Service" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Microsoft.ScannersAndCameras" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{37efd44d-ef8d-41b1-940d-96973a50e9e0}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Sidebar Properties" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{67718415-c450-4f3c-bf8a-b487642dc39b}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Features" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{d8559eb9-20c0-410e-beda-7ed416aecc2a}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Defender" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{5ea4f148-308c-46d7-98a9-49041b1dd468}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Mobility Center Control Panel" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="User Accounts" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="AVG Find Extension" ExtType="1"/> </ExplorerExt> -<PrintEXT> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Users\user\AppData\Local\Temp\8D6.tmp" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers"/> </PrintEXT> <TaskScheduler> </TaskScheduler> -<SPI> <ITEM MD5="D1A84F7D4CAFCFE2A32149FF418056E5" ChageDate="19.01.2008 03:35:38" CreateDate="04.04.2009 13:07:54" Attr="rsAh" Size="48128" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Network Location Awareness 2" CheckResult="-1" File="C:\Windows\system32\NLAapi.dll" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" SPIType="1"/> <ITEM MD5="FC62A635063B762E1C3C60EA77279378" ChageDate="19.01.2008 03:35:35" CreateDate="04.04.2009 13:08:12" Attr="rsAh" Size="50176" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="E-mail Naming Shim Provider" CheckResult="-1" File="C:\Windows\system32\napinsp.dll" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" SPIType="1"/> <ITEM MD5="690D41DF1D555F96D4898A0F54EBA065" ChageDate="19.01.2008 03:36:07" CreateDate="04.04.2009 13:08:23" Attr="rsAh" Size="62464" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" SPIType="1"/> <ITEM MD5="690D41DF1D555F96D4898A0F54EBA065" ChageDate="19.01.2008 03:36:07" CreateDate="04.04.2009 13:08:23" Attr="rsAh" Size="62464" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" SPIType="1"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\System32\mswsock.dll" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" SPIType="1"/> <ITEM MD5="C411C80F90D6732380352B98B37BBD53" ChageDate="11.04.2009 02:28:25" CreateDate="07.11.2009 09:31:54" Attr="rsAh" Size="19968" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="LDAP RnR Provider DLL" CheckResult="-1" File="C:\Windows\System32\winrnr.dll" SPINaim="NTDS" SPIType="1"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{646A3344-F31F-4EE7-993F-DE95A709D38D}] SEQPACKET 2" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{646A3344-F31F-4EE7-993F-DE95A709D38D}] DATAGRAM 2" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C914F8D6-15E6-4CB5-9F67-2BE3664FBF4C}] SEQPACKET 1" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C914F8D6-15E6-4CB5-9F67-2BE3664FBF4C}] DATAGRAM 1" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{207D390A-AFA5-4E9B-ADCA-B999981B3E38}] SEQPACKET 0" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{207D390A-AFA5-4E9B-ADCA-B999981B3E38}] DATAGRAM 0" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{646A3344-F31F-4EE7-993F-DE95A709D38D}] SEQPACKET 3" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{646A3344-F31F-4EE7-993F-DE95A709D38D}] DATAGRAM 3" SPIType="3"/> </SPI> <DPF> </DPF> <CPL> </CPL> <ActiveSetup> </ActiveSetup> -<HOSTS> <ITEM Line="127.0.0.1 localhost"/> </HOSTS> -<ProtocolExt> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files\AVG\AVG8\avgpp.dll" Enabled="1" CLSID="{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" RegKey="SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner"/> </ProtocolExt> -<IPU> <ITEM X2="Terminal Services" X1="TermService" Code="1"/> <ITEM X2="SSDP Discovery" X1="SSDPSRV" Code="1"/> <ITEM X2="Task Scheduler" X1="Schedule" Code="1"/> <ITEM Code="2"/> <ITEM Code="3"/> <ITEM Code="5"/> <ITEM X1="-1" Code="8"/> </IPU> -<WIZARD-TSW> <ITEM Fixed="0" Level="3" ID="58"/> <ITEM Fixed="0" Level="3" ID="59"/> <ITEM Fixed="0" Level="1" ID="60"/> <ITEM Fixed="0" Level="2" ID="61"/> <ITEM Fixed="0" Level="1" ID="66"/> </WIZARD-TSW> </AVZ>