Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Browser redirect and multiple mshta processes

(In Progress)
(!)

mike2956's Avatar
mike2956 mike2956 is offline
Computer Specs
Member with 32 posts.
THREAD STARTER
 
Join Date: Dec 2010
Experience: Intermediate
11-Dec-2010, 10:22 AM #46
Sorry on re reading your instructions there are a couple of things I want to be clear about.

I am not sure what you mean by "also select the autostarts tab & do the same there" where is the autostarts tab and should I do "the same" before or after I run GMER?

Should I rebot between running GMER and OTS?

Incidentally I had an interesting problem pasting the phrase "also select the autostarts tab & do the same there". when I did so the first time the window locked up and task manager showed that iexplorer was using 98% of CPU. The only way I could normalise this was to end the application!?

Having tried twice (ctrl V and rt click paste) I pasted it into word, re cut and paste it, no problem!

Mike


mike2956's Avatar
mike2956 mike2956 is offline
Computer Specs
Member with 32 posts.
THREAD STARTER
 
Join Date: Dec 2010
Experience: Intermediate
11-Dec-2010, 10:41 AM #47
Sorry but on re reading your instructions I have some further queries

Where is the autostarts tab
What is it that I should do there
Should I do it before I run GMER
Should I reboot between GMER and OTS

Thanks

Mike
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Dec-2010, 12:03 PM #48
the nas sofware should be fine so ignor ethat

The autostart ta is in GMER

once gmer is started it should run a quick scan automatically.
When that scan finished at the top press the >>>> beside rootkits & the menu expands and you should see a rootkit tab & an autostarts tab
forst select rootkit tabs & run run afull scan
when that finishes, copy & paste the bresults. Then seelct autostarts & press scan & save results to paste back here
It doesn't need to reboot in betweeen gmer & OTS but it won't do any harm

Both will just give logs & won't do any automaticic fixing
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue

Last edited by dvk01; 11-Dec-2010 at 12:13 PM..
mike2956's Avatar
mike2956 mike2956 is offline
Computer Specs
Member with 32 posts.
THREAD STARTER
 
Join Date: Dec 2010
Experience: Intermediate
11-Dec-2010, 01:22 PM #49
Hmm....... Using sifferent PC to post this.

We never hve had GMER run successfully an this time is no exception. It scans away happily then just stops.

Previous twice it stopped on C:\M17300 whatever that is. searched but could not find.

This time it has stopped on C:\WINDOWS\System32\winlogon.exe and has been there a good 5 minutes.

Whats to do should I reboot and start again?

Mike
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Dec-2010, 01:38 PM #50
reboot, forget the gmer then if it won't run & just run OTS
mike2956's Avatar
mike2956 mike2956 is offline
Computer Specs
Member with 32 posts.
THREAD STARTER
 
Join Date: Dec 2010
Experience: Intermediate
11-Dec-2010, 03:00 PM #51
OK. Here is log from OTS.

Mike

Code:
OTS logfile created on: 11/12/2010 18:14:48 - Run 1
OTS by OldTimer - Version 3.1.40.1     Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115.03 Gb Total Space | 34.11 Gb Free Space | 29.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 115.03 Gb Total Space | 27.00 Gb Free Space | 23.47% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MIKES-COMPUTER
Current User Name: Mike
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - All]
ots.exe -> C:\Documents and Settings\Mike\Desktop\OTS.exe -> [2010/12/11 17:00:32 | 000,642,048 | ---- | M] (OldTimer Tools)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2010/09/15 04:50:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
spoolsv.exe -> C:\WINDOWS\system32\spoolsv.exe -> [2010/08/17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2010/06/15 15:33:44 | 000,141,624 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2010/06/15 15:33:36 | 000,540,472 | ---- | M] (Apple Inc.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2010/05/18 15:35:14 | 000,345,376 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.)
services.exe -> C:\WINDOWS\system32\services.exe -> [2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\system32\wbem\wmiprvse.exe -> [2009/02/06 10:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation)
datacardmonitor.exe -> C:\Program Files\Virgin Mobile\Broadband Home\DataCardMonitor.exe -> [2008/07/21 15:29:30 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.)
swas.exe -> C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe -> [2008/04/15 19:55:02 | 001,449,984 | ---- | M] ()
wscntfy.exe -> C:\WINDOWS\system32\wscntfy.exe -> [2008/04/14 03:42:42 | 000,013,824 | ---- | M] (Microsoft Corporation)
winlogon.exe -> C:\WINDOWS\system32\winlogon.exe -> [2008/04/14 03:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation)
smss.exe -> C:\WINDOWS\system32\smss.exe -> [2008/04/14 03:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [RPCSS] -> [2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rpcss.dll [RpcSs] -> [2009/02/09 12:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [NETWORKSERVICE] -> [2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\dnsrslvr.dll [Dnscache] -> [2008/04/14 03:41:54 | 000,045,568 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [NETSVCS] -> [2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\appmgmts.dll [AppMgmt] -> [2008/04/14 03:41:50 | 000,167,936 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\audiosrv.dll [AudioSrv] -> [2008/04/14 03:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\qmgr.dll [BITS] -> [2008/04/14 00:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\browser.dll [Browser] -> [2008/04/14 03:41:52 | 000,077,824 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\cryptsvc.dll [CryptSvc] -> [2008/04/14 03:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\dhcpcsvc.dll [Dhcp] -> [2008/04/14 03:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\dmserver.dll [dmserver] -> [2008/04/14 03:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.)
-> C:\WINDOWS\system32\ersvc.dll [ERSvc] -> [2008/04/14 03:41:54 | 000,023,040 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\es.dll [EventSystem] -> [2008/07/07 20:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\shsvcs.dll [FastUserSwitchingCompatibility] -> [2008/04/14 03:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [helpsvc] -> [2008/04/14 00:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\System32\hidserv.dll [HidServ] -> File not found
-> C:\WINDOWS\system32\kmsvc.dll [hkmsvc] -> [2008/04/14 03:41:58 | 000,061,440 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\srvsvc.dll [lanmanserver] -> [2010/08/27 05:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wkssvc.dll [lanmanworkstation] -> [2009/06/10 06:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\msgsvc.dll [Messenger] -> [2008/04/14 03:42:00 | 000,033,792 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\qagentrt.dll [napagent] -> [2008/04/14 03:42:04 | 000,291,328 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\netman.dll [Netman] -> [2008/04/14 03:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\mswsock.dll [Nla] -> [2008/06/20 17:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ntmssvc.dll [NtmsSvc] -> [2008/04/14 03:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rasauto.dll [RasAuto] -> [2008/04/14 03:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rasmans.dll [RasMan] -> [2008/04/14 03:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\mprdim.dll [RemoteAccess] -> [2008/04/14 03:41:58 | 000,053,248 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\schedsvc.dll [Schedule] -> [2008/04/14 00:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\seclogon.dll [seclogon] -> [2008/04/14 03:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\sens.dll [SENS] -> [2008/04/14 03:42:06 | 000,039,424 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ipnathlp.dll [SharedAccess] -> [2008/04/14 03:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\shsvcs.dll [ShellHWDetection] -> [2008/04/14 03:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\srsvc.dll [srservice] -> [2008/04/14 00:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\tapisrv.dll [TapiSrv] -> [2008/04/14 03:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\shsvcs.dll [Themes] -> [2008/04/14 03:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\trkwks.dll [TrkWks] -> [2008/04/14 03:42:08 | 000,090,112 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\w32time.dll [W32Time] -> [2008/04/14 03:42:10 | 000,175,104 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wbem\wmisvc.dll [winmgmt] -> [2008/04/14 00:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\advapi32.dll [Wmi] -> [2009/02/09 12:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wscsvc.dll [wscsvc] -> [2008/04/14 03:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wuauserv.dll [wuauserv] -> [2008/04/14 00:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wzcsvc.dll [WZCSVC] -> [2008/04/14 03:51:44 | 000,483,840 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\xmlprov.dll [xmlprov] -> [2008/04/14 03:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE] -> [2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\alrsvc.dll [Alerter] -> [2008/04/14 03:41:50 | 000,017,408 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\lmhsvc.dll [LmHosts] -> [2008/04/14 03:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\regsvc.dll [RemoteRegistry] -> [2008/04/14 03:42:06 | 000,059,904 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/14 03:42:08 | 000,071,680 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\upnphost.dll [upnphost] -> [2008/04/14 03:42:10 | 000,185,856 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\webclnt.dll [WebClient] -> [2008/04/14 03:42:10 | 000,068,096 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE] -> [2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\alrsvc.dll [Alerter] -> [2008/04/14 03:41:50 | 000,017,408 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\lmhsvc.dll [LmHosts] -> [2008/04/14 03:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\regsvc.dll [RemoteRegistry] -> [2008/04/14 03:42:06 | 000,059,904 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/14 03:42:08 | 000,071,680 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\upnphost.dll [upnphost] -> [2008/04/14 03:42:10 | 000,185,856 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\webclnt.dll [WebClient] -> [2008/04/14 03:42:10 | 000,068,096 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [IMGSVC] -> [2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wiaservc.dll [stisvc] -> [2008/04/14 03:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [DCOMLAUNCH] -> [2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rpcss.dll [DcomLaunch] -> [2009/02/09 12:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\termsrv.dll [TermService] -> [2008/04/14 00:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [AKAMAI] -> [2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll [Akamai] -> [2010/12/07 23:46:03 | 003,020,888 | ---- | M] ()
lsass.exe -> C:\WINDOWS\system32\lsass.exe -> [2008/04/14 03:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
ctfmon.exe -> C:\WINDOWS\system32\ctfmon.exe -> [2008/04/14 03:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
csrss.exe -> C:\WINDOWS\system32\csrss.exe -> [2008/04/14 03:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation)
alg.exe -> C:\WINDOWS\system32\alg.exe -> [2008/04/14 03:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation)
swasdrivermanagementplugin.exe -> C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe -> [2008/01/31 18:06:40 | 001,060,864 | ---- | M] ()
ndassvc.exe -> C:\Program Files\NDAS\System\ndassvc.exe -> [2007/11/27 17:06:54 | 000,237,032 | ---- | M] (XIMETA, Inc.)
ndasmgmt.exe -> C:\Program Files\NDAS\System\ndasmgmt.exe -> [2007/11/27 17:06:54 | 000,236,520 | ---- | M] (XIMETA, Inc.)
s3trayp.exe -> C:\WINDOWS\system32\S3Trayp.exe -> [2007/06/11 11:15:40 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.)
vttimer.exe -> C:\WINDOWS\system32\VTTimer.exe -> [2006/09/21 16:36:18 | 000,053,248 | ---- | M] (S3 Graphics, Inc.)
smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> [2005/05/20 01:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.)
vptray.exe -> C:\Program Files\Symantec AntiVirus\VPTray.exe -> [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation)
rtvscan.exe -> C:\Program Files\Symantec AntiVirus\Rtvscan.exe -> [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation)
defwatch.exe -> C:\Program Files\Symantec AntiVirus\DefWatch.exe -> [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation)
ccsetmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation)
ccevtmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation)
eeventmanager.exe -> C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe -> [2005/04/08 14:09:42 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation)
 
[Modules - All]
ots.exe -> C:\Documents and Settings\Mike\Desktop\OTS.exe -> [2010/12/11 17:00:32 | 000,642,048 | ---- | M] (OldTimer Tools)
urlmon.dll -> C:\WINDOWS\system32\urlmon.dll -> [2010/09/10 05:58:08 | 001,210,880 | ---- | M] (Microsoft Corporation)
iertutil.dll -> C:\WINDOWS\system32\iertutil.dll -> [2010/09/10 05:58:06 | 001,986,560 | ---- | M] (Microsoft Corporation)
ieframe.dll -> C:\WINDOWS\system32\ieframe.dll -> [2010/09/10 05:58:05 | 011,080,192 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
rpcrt4.dll -> C:\WINDOWS\system32\rpcrt4.dll -> [2010/08/16 08:45:00 | 000,590,848 | ---- | M] (Microsoft Corporation)
shell32.dll -> C:\WINDOWS\system32\shell32.dll -> [2010/07/27 06:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
ole32.dll -> C:\WINDOWS\system32\ole32.dll -> [2010/07/16 12:05:55 | 001,288,192 | ---- | M] (Microsoft Corporation)
shlwapi.dll -> C:\WINDOWS\system32\shlwapi.dll -> [2009/12/08 09:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation)
secur32.dll -> C:\WINDOWS\system32\secur32.dll -> [2009/06/25 08:25:26 | 000,056,832 | ---- | M] (Microsoft Corporation)
kernel32.dll -> C:\WINDOWS\system32\kernel32.dll -> [2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation)
ntdll.dll -> C:\WINDOWS\system32\ntdll.dll -> [2009/02/09 12:10:48 | 000,714,752 | ---- | M] (Microsoft Corporation)
advapi32.dll -> C:\WINDOWS\system32\advapi32.dll -> [2009/02/09 12:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation)
gdi32.dll -> C:\WINDOWS\system32\gdi32.dll -> [2008/10/23 12:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation)
winspool.drv -> C:\WINDOWS\system32\winspool.drv -> [2008/04/14 03:42:46 | 000,146,432 | ---- | M] (Microsoft Corporation)
user32.dll -> C:\WINDOWS\system32\user32.dll -> [2008/04/14 03:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation)
uxtheme.dll -> C:\WINDOWS\system32\uxtheme.dll -> [2008/04/14 03:42:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
winmm.dll -> C:\WINDOWS\system32\winmm.dll -> [2008/04/14 03:42:10 | 000,176,128 | ---- | M] (Microsoft Corporation)
wldap32.dll -> C:\WINDOWS\system32\wldap32.dll -> [2008/04/14 03:42:10 | 000,172,032 | ---- | M] (Microsoft Corporation)
version.dll -> C:\WINDOWS\system32\version.dll -> [2008/04/14 03:42:10 | 000,018,944 | ---- | M] (Microsoft Corporation)
setupapi.dll -> C:\WINDOWS\system32\setupapi.dll -> [2008/04/14 03:42:06 | 000,985,088 | ---- | M] (Microsoft Corporation)
samlib.dll -> C:\WINDOWS\system32\samlib.dll -> [2008/04/14 03:42:06 | 000,064,000 | ---- | M] (Microsoft Corporation)
oleaut32.dll -> C:\WINDOWS\system32\oleaut32.dll -> [2008/04/14 03:42:04 | 000,551,936 | ---- | M] (Microsoft Corporation)
ntmarta.dll -> C:\WINDOWS\system32\ntmarta.dll -> [2008/04/14 03:42:04 | 000,118,784 | ---- | M] (Microsoft Corporation)
olepro32.dll -> C:\WINDOWS\system32\olepro32.dll -> [2008/04/14 03:42:04 | 000,084,992 | ---- | M] (Microsoft Corporation)
psapi.dll -> C:\WINDOWS\system32\psapi.dll -> [2008/04/14 03:42:04 | 000,023,040 | ---- | M] (Microsoft Corporation)
msvcrt.dll -> C:\WINDOWS\system32\msvcrt.dll -> [2008/04/14 03:42:02 | 000,343,040 | ---- | M] (Microsoft Corporation)
mslbui.dll -> C:\WINDOWS\system32\mslbui.dll -> [2008/04/14 03:42:02 | 000,025,088 | ---- | M] (Microsoft Corporation)
msctf.dll -> C:\WINDOWS\system32\MSCTF.dll -> [2008/04/14 03:42:00 | 000,297,984 | ---- | M] (Microsoft Corporation)
msimg32.dll -> C:\WINDOWS\system32\msimg32.dll -> [2008/04/14 03:42:00 | 000,004,608 | ---- | M] (Microsoft Corporation)
mpr.dll -> C:\WINDOWS\system32\mpr.dll -> [2008/04/14 03:41:58 | 000,059,904 | ---- | M] (Microsoft Corporation)
imm32.dll -> C:\WINDOWS\system32\imm32.dll -> [2008/04/14 03:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation)
comres.dll -> C:\WINDOWS\system32\comres.dll -> [2008/04/14 03:41:52 | 000,792,064 | ---- | M] (Microsoft Corporation)
comdlg32.dll -> C:\WINDOWS\system32\comdlg32.dll -> [2008/04/14 03:41:52 | 000,276,992 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/14 03:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation)
msctfime.ime -> C:\WINDOWS\system32\MSCTFIME.IME -> [2008/04/14 03:40:08 | 000,177,152 | ---- | M] (Microsoft Corporation)
srclient.dll -> C:\WINDOWS\system32\srclient.dll -> [2008/04/14 00:12:07 | 000,067,584 | ---- | M] (Microsoft Corporation)
clbcatq.dll -> C:\WINDOWS\system32\clbcatq.dll -> [2008/04/14 00:11:50 | 000,498,688 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\system32\framedyn.dll -> [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
(Akamai) Akamai NetSession Interface [Auto | Running] -> c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll -> [2010/12/07 23:46:03 | 003,020,888 | ---- | M] ()
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.)
(SWAS_Core) SyncThru Web Admin Service [Auto | Running] -> C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe -> [2008/04/15 19:55:02 | 001,449,984 | ---- | M] ()
(SWAS_Srv_DriverManagement) SyncThru Web Admin Service Driver Management [Auto | Running] -> C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe -> [2008/01/31 18:06:40 | 001,060,864 | ---- | M] ()
(ndassvc) NDAS Service [Auto | Running] -> C:\Program Files\NDAS\System\ndassvc.exe -> [2007/11/27 17:06:54 | 000,237,032 | ---- | M] (XIMETA, Inc.)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation)
(SavRoam) SavRoam [On_Demand | Stopped] -> C:\Program Files\Symantec AntiVirus\SavRoam.exe -> [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec)
(Symantec AntiVirus) Symantec AntiVirus [Auto | Running] -> C:\Program Files\Symantec AntiVirus\Rtvscan.exe -> [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation)
(DefWatch) Symantec AntiVirus Definition Watcher [Auto | Running] -> C:\Program Files\Symantec AntiVirus\DefWatch.exe -> [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation)
(ccPwdSvc) Symantec Password Validation [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -> [2005/04/08 15:54:50 | 000,083,568 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation)
(SNDSrvc) Symantec Network Drivers Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation)
(SPBBCSvc) Symantec SPBBCSvc [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation)
 
[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\Mike\LOCALS~1\Temp\catchme.sys -> File not found
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101210.002\NAVEX15.SYS -> [2010/12/09 09:00:00 | 001,360,248 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101210.002\NAVENG.SYS -> [2010/12/09 09:00:00 | 000,086,136 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010/10/18 08:14:40 | 000,371,248 | ---- | M] (Symantec Corporation)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2010/06/29 15:57:07 | 000,036,352 | ---- | M] ()
(NPF) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\npf.sys -> [2009/02/08 11:12:50 | 000,034,064 | ---- | M] (CACE Technologies)
(aec6710D) aec6710D [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\aec6710d.sys -> [2009/01/04 11:59:41 | 000,009,248 | ---- | M] (Microsoft Corporation)
(StarOpen) StarOpen [File_System | System | Running] -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2008/08/25 23:19:40 | 000,005,632 | ---- | M] ()
(hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ewusbmdm.sys -> [2008/05/05 17:42:18 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.)
(Changer) Changer [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\changer.sys -> [2008/04/13 23:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation)
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\lbrtfdc.sys -> [2008/04/13 23:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 20:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(61883) 61883 Unit Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\61883.sys -> [2008/04/13 18:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation)
(Avc) AVC Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\avc.sys -> [2008/04/13 18:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation)
(MSDV) Microsoft DV Camera and VCR [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\msdv.sys -> [2008/04/13 18:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation)
(ndasscsi) NDAS SCSI Miniport Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ndasscsi.sys -> [2007/11/27 17:06:58 | 000,187,240 | ---- | M] (XIMETA, Inc.)
(ndasfat) NDAS FAT [File_System | System | Running] -> C:\WINDOWS\system32\drivers\ndasfat.sys -> [2007/11/27 17:06:56 | 000,372,584 | ---- | M] (XIMETA, Inc.)
(ndasbus) NDAS Bus Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ndasbus.sys -> [2007/11/27 17:06:56 | 000,075,752 | ---- | M] (XIMETA, Inc.)
(lfsfilt) Lean File Sharing [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\lfsfilt.sys -> [2007/11/27 17:06:54 | 000,254,440 | ---- | M] (XIMETA, Inc.)
(lpx) LPX Protocol [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\lpx.sys -> [2007/11/27 17:06:54 | 000,062,056 | ---- | M] (XIMETA, Inc.)
(S3GIGP) S3GIGP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\S3gIGPm.sys -> [2007/07/23 14:54:54 | 000,714,240 | R--- | M] (S3 Graphics Co., Ltd.)
(WinDriver6) WinDriver6 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\windrvr6.sys -> [2006/10/16 19:19:22 | 000,194,362 | ---- | M] (Jungo)
(S3G700) S3G700 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s3g700m.sys -> [2005/10/15 04:19:56 | 000,792,576 | R--- | M] (S3 Graphics Co., Ltd.)
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ADIHdAud.sys -> [2005/10/05 09:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.)
(ss_mdm) SAMSUNG Mobile USB Modem 1.0 Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdm.sys -> [2005/08/30 16:59:00 | 000,094,000 | ---- | M] (MCCI)
(ss_mdfl) SAMSUNG Mobile USB Modem 1.0 Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdfl.sys -> [2005/08/30 16:58:56 | 000,008,304 | ---- | M] (MCCI)
(ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_bus.sys -> [2005/08/30 16:57:18 | 000,058,320 | ---- | M] (MCCI)
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2005/08/11 05:49:28 | 000,393,088 | R--- | M] (Sensaura)
(SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Program Files\Symantec\SYMEVENT.SYS -> [2005/04/01 20:36:04 | 000,123,200 | ---- | M] (Symantec Corporation)
(SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys -> [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation)
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> C:\Program Files\Symantec AntiVirus\Savrtpel.sys -> [2005/02/04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation)
(SAVRT) SAVRT [Kernel | System | Running] -> C:\Program Files\Symantec AntiVirus\savrt.sys -> [2005/02/04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hdaudio.sys -> [2004/10/27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider)
(AsIO) AsIO [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AsIO.sys -> [2004/10/15 01:52:28 | 000,004,962 | R--- | M] ()
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ASACPI.sys -> [2004/08/14 10:56:20 | 000,005,810 | R--- | M] ()
(Ser2pl) MAT Serial port driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ser2pl.sys -> [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.)
(FTSER2K) SEMC DSS-20 SyncStation Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ftser2k.sys -> [2003/02/24 09:36:14 | 000,050,396 | ---- | M] (FTDI Ltd.)
(FTLUND) Lundinova Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ftlund.sys -> [2003/02/24 09:36:12 | 000,006,828 | ---- | M] (FTDI Ltd.)
(FTDIBUS) SEMC DSS-20 SyncStation Serial Converter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ftdibus.sys -> [2003/02/21 10:25:22 | 000,019,153 | ---- | M] (FTDI Ltd.)
(SiSV) SiSV [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\sisv.sys -> [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation)
 
[Registry - All]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC176...t/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC176...t/srchasst.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1 -> 
HKEY_USERS\.DEFAULT\: "ProxyOverride" -> <local> -> 
HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=127.0.0.1:5577 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1 -> 
HKEY_USERS\S-1-5-18\: "ProxyOverride" -> <local> -> 
HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=127.0.0.1:5577 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\] > -> -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\: Main\\"Page_Transitions" -> 1 -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\: Main\\"Start Page" -> http://www.scan.co.uk/ -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 72 E7 B9 25 EE 15 CB 01  [binary data] -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\system32\ieframe.dll [Microsoft Url Search Hook] -> [2010/09/10 05:58:05 | 011,080,192 | ---- | M] (Microsoft Corporation)
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\: "ProxyOverride" -> *.local;<local> -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Program Files\Real\RealPlayer\browserrecord [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2008/03/15 21:05:23 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/09/02 00:09:00 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2010/04/11 00:01:46 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions -> [2008/06/26 20:20:13 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions\home2@tomtom.com -> [2008/06/26 20:20:13 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/12/11 10:01:44 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/03/15 21:05:23 | 000,370,296 | ---- | M] (RealPlayer)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2010/11/20 18:47:44 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2010/11/20 18:47:44 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Address] -> [2010/04/16 16:09:05 | 001,025,024 | ---- | M] (Microsoft Corporation)
ShellBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Links] -> [2010/07/27 06:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Address] -> [2010/04/16 16:09:05 | 001,025,024 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Links] -> [2010/07/27 06:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{F2CF5485-4E02-4F68-819C-B92DE9277049}" [HKLM] -> C:\WINDOWS\system32\ieframe.dll [&Links] -> [2010/09/10 05:58:05 | 011,080,192 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation)
"DataCardMonitor" -> C:\Program Files\Virgin Mobile\Broadband Home\DataCardMonitor.exe [C:\Program Files\Virgin Mobile\Broadband Home\DataCardMonitor.exe] -> [2008/07/21 15:29:30 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.)
"EEventManager" -> C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe [C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe] -> [2005/04/08 14:09:42 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2010/06/15 15:33:44 | 000,141,624 | ---- | M] (Apple Inc.)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2010/03/18 21:16:10 | 000,421,888 | ---- | M] (Apple Inc.)
"S3Trayp" -> C:\WINDOWS\System32\S3Trayp.exe [S3trayp.exe] -> [2007/06/11 11:15:40 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.)
"SoundMAXPnP" -> C:\Program Files\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2005/05/20 01:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Common Files\Java\Java Update\jusched.exe ["C:\Program Files\Common Files\Java\Java Update\jusched.exe"] -> [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.)
"vptray" -> C:\Program Files\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation)
"VTTimer" -> C:\WINDOWS\System32\VTTimer.exe [VTTimer.exe] -> [2006/09/21 16:36:18 | 000,053,248 | ---- | M] (S3 Graphics, Inc.)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"CTFMON.EXE" -> C:\WINDOWS\system32\ctfmon.exe [C:\WINDOWS\system32\CTFMON.EXE] -> [2008/04/14 03:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"CTFMON.EXE" -> C:\WINDOWS\system32\ctfmon.exe [C:\WINDOWS\system32\CTFMON.EXE] -> [2008/04/14 03:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"{24C4E14A-76E2-82F4-60F0-D7298167A66A}" -> C:\Documents and Settings\Mike\Application Data\Monu\ciru.exe ["C:\Documents and Settings\Mike\Application Data\Monu\ciru.exe"] -> File not found
"ctfmon.exe" -> C:\WINDOWS\system32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] -> [2008/04/14 03:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Free Internet Window Washer" -> C:\Program Files\Free Internet Window Washer\Clearpch.exe [C:\PROGRA~1\FREEIN~1\Clearpch.exe -Start] -> [2007/08/29 14:47:34 | 001,504,256 | ---- | M] ()
"TomTomHOME.exe" -> C:\Program Files\TomTom HOME 2\HOMERunner.exe ["C:\Program Files\TomTom HOME 2\HOMERunner.exe"] -> [2008/05/06 08:42:14 | 000,202,088 | ---- | M] (TomTom)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk -> C:\Program Files\NDAS\System\ndasmgmt.exe -> [2007/11/27 17:06:54 | 000,236,520 | ---- | M] (XIMETA, Inc.)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Mike Startup Folder > -> C:\Documents and Settings\Mike\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
\\"NoSetActiveDesktop" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
\\"NoSetActiveDesktop" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [0] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
\\"NoSetActiveDesktop" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [0] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
\\"NoSetActiveDesktop" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2010/08/22 13:57:16 | 010,354,512 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2010/08/22 13:57:16 | 010,354,512 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 13:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 22:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 00:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 00:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 22:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 22:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\ -> 
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB}\\"Exec" [HKLM] ->  [Reg Error: Key error.] -> File not found
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB}\\"HotIcon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB}\\"Icon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB}\\"MenuStatusBar" [HKLM] ->  [Reg Error: Key error.] -> File not found
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB}\\"MenuText" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 22:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/control...ext=%s&mime=%s -> 
Extension\.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Error: Value error.] -> [2001/01/30 13:56:24 | 000,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7538 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7544 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7544 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7543 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{1663ed61-23eb-11d2-b92f-008048fdd814} [HKLM] -> http://rack1.expertagent.co.uk/asp/ScriptX.cab [MeadCo ScriptX] -> 
{31435657-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/downlo...8f/wvc1dmo.cab [Reg Error: Key error.] -> 
{66D393D5-4D80-497C-9F4F-F3839E090202} [HKLM] -> http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab [PlayerOCX Control] -> 
{73888E2B-FF04-416C-8847-984D7FC4507F} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_22] -> 
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [HKLM] -> http://tools.ebayimg.com/eps/wl/acti..._v1-0-29-0.cab [EPUImageControl Class] -> 
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] -> 
{D27CDB6E-0000-0000-0000-000000000000} [HKLM] -> http://fpdownload2.macromedia.com/ge...sh/swflash.cab [Reg Error: Key error.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/ge...sh/swflash.cab [Shockwave Flash Object] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] ->  [Reg Error: Value error.] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
{E8F628B5-259A-4734-97EE-BA914D7BE941} [HKLM] -> http://driveragent.com/files/driveragent.cab [Driver Agent ActiveX Control] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 208.67.222.222 208.67.220.220 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5E517EEC-6457-48FC-8B73-B7C737EA5E23}\\DhcpNameServer -> 208.67.222.222 208.67.220.220   (VIA Rhine II Fast Ethernet Adapter) -> 
{5E517EEC-6457-48FC-8B73-B7C737EA5E23}\\NameServer -> 8.8.8.8,8.8.4.4   (VIA Rhine II Fast Ethernet Adapter) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 03:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2008/04/14 03:42:26 | 000,514,560 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> C:\WINDOWS\System32\shell32.dll -> [2010/07/27 06:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
Control_RunDLL "sysdm.cpl" -> C:\WINDOWS\System32\sysdm.cpl -> [2008/04/14 03:42:42 | 000,300,544 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
crypt32chain -> C:\WINDOWS\System32\crypt32.dll -> [2008/04/14 03:41:52 | 000,599,040 | ---- | M] (Microsoft Corporation)
cryptnet -> C:\WINDOWS\System32\cryptnet.dll -> [2008/04/14 03:41:52 | 000,064,512 | ---- | M] (Microsoft Corporation)
cscdll -> C:\WINDOWS\System32\cscdll.dll -> [2008/04/14 03:41:52 | 000,101,888 | ---- | M] (Microsoft Corporation)
dimsntfy -> C:\WINDOWS\system32\dimsntfy.dll -> [2008/04/14 03:41:54 | 000,019,456 | ---- | M] (Microsoft Corporation)
NavLogon -> C:\WINDOWS\system32\NavLogon.dll -> [2005/04/17 12:30:56 | 000,043,712 | ---- | M] (Symantec Corporation)
ScCertProp -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/14 03:42:10 | 000,092,672 | ---- | M] (Microsoft Corporation)
Schedule -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/14 03:42:10 | 000,092,672 | ---- | M] (Microsoft Corporation)
sclgntfy -> C:\WINDOWS\System32\sclgntfy.dll -> [2008/04/14 03:42:06 | 000,020,480 | ---- | M] (Microsoft Corporation)
SensLogn -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/14 03:42:10 | 000,092,672 | ---- | M] (Microsoft Corporation)
termsrv -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/14 03:42:10 | 000,092,672 | ---- | M] (Microsoft Corporation)
wlballoon -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/14 03:42:10 | 000,092,672 | ---- | M] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [CDBurn] -> [2010/07/27 06:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
"{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [PostBootReminder] -> [2010/07/27 06:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\system32\stobject.dll [SysTray] -> [2008/04/14 03:42:08 | 000,121,856 | ---- | M] (Microsoft Corporation)
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\system32\webcheck.dll [WebCheck] -> [2009/03/08 03:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Browseui preloader] -> [2010/04/16 16:09:05 | 001,025,024 | ---- | M] (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Component Categories cache daemon] -> [2010/04/16 16:09:05 | 001,025,024 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> C:\WINDOWS\System32\shell32.dll [] -> [2010/07/27 06:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll -> C:\WINDOWS\System32\msapsspc.dll -> [2008/04/14 03:42:00 | 000,086,016 | ---- | M] (Microsoft Corporation)
schannel.dll -> C:\WINDOWS\System32\schannel.dll -> [2010/06/30 12:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation)
digest.dll -> C:\WINDOWS\System32\digest.dll -> [2008/04/14 03:41:54 | 000,068,608 | ---- | M] (Microsoft Corporation)
msnsspc.dll -> C:\WINDOWS\System32\msnsspc.dll -> [2008/04/14 03:42:02 | 000,290,816 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 14:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> C:\WINDOWS\System32\kerberos.dll -> [2009/06/25 08:25:26 | 000,301,568 | ---- | M] (Microsoft Corporation)
msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 14:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
schannel -> C:\WINDOWS\System32\schannel.dll -> [2010/06/30 12:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation)
wdigest -> C:\WINDOWS\System32\wdigest.dll -> [2009/06/25 08:25:26 | 000,054,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 22:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 00:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 22:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 00:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service] -> [2010/05/18 15:35:14 | 000,345,376 | ---- | M] (Apple Inc.)
"C:\Program Files\FileZilla\filezilla.exe" -> C:\Program Files\FileZilla\filezilla.exe [C:\Program Files\FileZilla\filezilla.exe:*:Enabled:FileZilla] -> [2004/03/04 13:25:35 | 000,460,800 | ---- | M] ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" -> C:\Program Files\Google\Google Earth\client\googleearth.exe [C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth] -> [2010/09/01 18:32:34 | 000,069,632 | ---- | M] (Google)
"C:\Program Files\InterCasino $$$\Casino.exe" -> C:\Program Files\InterCasino $$$\Casino.exe [C:\Program Files\InterCasino $$$\Casino.exe:*:Enabled:Casino] -> [2009/09/28 20:38:24 | 000,085,824 | ---- | M] (WagerLogic Inc)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/06/15 15:33:40 | 010,358,072 | ---- | M] (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2010/09/15 04:50:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Look@LAN\LookAtHost.exe" -> C:\Program Files\Look@LAN\LookAtHost.exe [C:\Program Files\Look@LAN\LookAtHost.exe:*:Enabled:Look@HOST] -> [2003/06/18 12:00:18 | 000,335,360 | ---- | M] (Carlo Medas)
"C:\Program Files\Look@LAN\LookAtLan.exe" -> C:\Program Files\Look@LAN\LookAtLan.exe [C:\Program Files\Look@LAN\LookAtLan.exe:*:Enabled:Look@LAN] -> [2006/01/15 14:14:04 | 000,869,376 | ---- | M] (Carlo Medas)
"C:\Program Files\WinPcap\rpcapd.exe" -> C:\Program Files\WinPcap\rpcapd.exe [C:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon] -> [2009/02/08 11:12:50 | 000,092,792 | ---- | M] (CACE Technologies)
"C:\WINDOWS\system32\mmc.exe" -> C:\WINDOWS\System32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console] -> [2008/04/14 03:42:26 | 001,414,656 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/12/23 20:13:51 | 000,000,000 | ---- | M] ()
F:\AUTOEXEC.BAT [] -> F:\AUTOEXEC.BAT [ NTFS ] -> [2005/11/25 11:03:29 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Program Files\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2010/11/20 18:37:14 | 000,278,528 | ---- | M] (Sun Microsystems, Inc.)
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Vector Graphics Rendering (VML); IsInstalled: 01 00 00 00  [binary data]] -> File not found
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] ->  [ComponentID: NetShow; IsInstalled: 1] -> 
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] ->  [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] -> 
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> 
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding for Java; IsInstalled: 1] -> File not found
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Uniscribe; IsInstalled: 1] -> File not found
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Advanced Authoring; IsInstalled: 1] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00  [binary data]] -> 
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.8; IsInstalled: 1] -> File not found
{5056b317-8d4c-43ee-8543-b9d1e234b8f4} [HKLM] -> Reg Error: Key error. [(default): Security Update for Windows XP (KB923789); IsInstalled: 1] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] -> 
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] -> 
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [StubPath] ->  [(default): Web Folders; IsInstalled: 1] -> 
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Address Book 6; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop Update; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] -> 
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> 
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found
{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{B508B3F1-A24A-32C0-B310-85786919EF28} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Task Scheduler; IsInstalled: 1] -> File not found
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00  [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx [(default): Macromedia Shockwave Flash; IsInstalled: 1] -> [2010/11/11 11:30:45 | 006,071,760 | R--- | M] (Adobe Systems, Inc.)
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00  [binary data]] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): Internet Explorer Version Update; IsInstalled: 1] -> 
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Windows Media Player; IsInstalled: 0] -> 
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> 
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 0] -> 
< ActiveX StubPath [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{4b218e3e-bc98-4770-93d3-2731b9329278} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
InitiallyClear [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 
AcroRd32.exe -> C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> [2007/05/11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated)
amdcpu.exe -> C:\Program Files\AMD\Athlon 64 Processor Driver\amdcpu.exe [C:\Program Files\AMD\Athlon 64 Processor Driver\amdcpu.exe] -> File not found
AutoRout.exe -> C:\Program Files\Microsoft AutoRoute\AutoRout.exe [C:\Program Files\Microsoft AutoRoute\AutoRout.exe] -> [2005/09/12 12:45:41 | 004,434,808 | ---- | M] (Microsoft Corporation)
BackItUp.EXE -> C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe [C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe] -> [2005/02/10 18:36:12 | 005,734,400 | ---- | M] (Ahead Software AG)
bckgzm.exe -> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe [C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe] -> [2001/08/23 12:00:00 | 000,042,577 | ---- | M] (Microsoft Corporation)
ccApp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe [C:\Program Files\Common Files\Symantec Shared\ccApp.exe] -> [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation)
chkrzm.exe -> C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe [C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe] -> [2001/08/23 12:00:00 | 000,042,575 | ---- | M] (Microsoft Corporation)
cmmgr32.exe -> C:\WINDOWS\System32\cmmgr32.exe [C:\WINDOWS\system32\cmmgr32.exe] -> File not found
combofix.exe -> C:\Documents and Settings\Mike\Desktop\mike2956.exe [C:\Documents and Settings\Mike\Desktop\mike2956.exe] -> [2010/12/11 09:51:07 | 003,988,311 | R--- | M] ()
CONF.EXE -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe] -> [2008/04/14 00:12:15 | 001,032,192 | ---- | M] (Microsoft Corporation)
D: -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
dialer.exe -> C:\Program Files\Windows NT\dialer.exe [C:\Program Files\Windows NT\dialer.exe] -> [2008/04/14 00:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation)
DirPrn.exe -> C:\Program Files\Karen's Power Tools\Directory Printer\DirPrn.exe [C:\Program Files\Karen's Power Tools\Directory Printer\DirPrn.exe] -> [2007/10/30 18:52:12 | 000,910,832 | ---- | M] (Karen Kenworthy)
EasyHtml.exe -> C:\Program Files\ToniArts\EasyHtml\EasyHtml.exe [C:\Program Files\ToniArts\EasyHtml\EasyHtml.exe] -> [1999/08/04 02:06:42 | 002,220,032 | ---- | M] (ToniArts)
ECOPY.EXE -> C:\Program Files\epson\Creativity Suite\Copy Utility\ECOPY.EXE [C:\Program Files\EPSON\Creativity Suite\Copy Utility\ECOPY.exe] -> [2004/10/08 00:00:02 | 000,716,800 | ---- | M] (SEIKO EPSON CORP.)
ecs_setup.exe -> C:\Program Files\Sony Ericsson\Communications Suite\ecs_setup.exe [C:\Program Files\Sony Ericsson\Communications Suite\ecs_setup.exe] -> File not found
EFileManager.exe -> C:\Program Files\epson\Creativity Suite\File Manager\EFileManager.exe [C:\Program Files\EPSON\Creativity Suite\File Manager\EFileManager.exe] -> [2004/11/15 15:15:20 | 000,282,624 | ---- | M] (SEIKO EPSON CORPORATION)
EImageClip.exe -> C:\Program Files\epson\Creativity Suite\Image Clip Palette\EImageClip.exe [C:\Program Files\EPSON\Creativity Suite\Image Clip Palette\EImageClip.exe] -> [2004/10/15 11:37:16 | 000,258,048 | ---- | M] ()
Escndv.exe -> C:\WINDOWS\twain_32\escndv\escndv.exe [C:\WINDOWS\twain_32\escndv\Escndv.exe] -> [2005/02/22 00:00:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORP.)
F: -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
HijackThis.exe -> C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe [C:\Program Files\Trend Micro\HiJackThis\hijackthis.exe] -> [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.)
hrtzzm.exe -> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2001/08/23 12:00:00 | 000,042,573 | ---- | M] (Microsoft Corporation)
hypertrm.exe -> C:\Program Files\Windows NT\hypertrm.exe ["C:\Program Files\Windows NT\hypertrm.exe"] -> [2001/08/23 12:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.)
ImageDrive.exe -> C:\Program Files\Ahead\ImageDrive\ImageDrive.exe [C:\Program Files\Ahead\ImageDrive\ImageDrive.exe] -> [2004/11/30 12:31:36 | 000,893,016 | ---- | M] (Ahead Software AG)
ImageReady.exe -> C:\Program Files\Adobe\Photoshop 7.0\ImageReady.exe [C:\Program Files\Adobe\Photoshop 7.0\ImageReady.exe] -> [2002/04/04 00:04:10 | 013,336,651 | ---- | M] (Adobe Systems Incorporated)
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe] -> [2010/06/15 15:33:40 | 010,358,072 | ---- | M] (Apple Inc.)
javaws.exe -> C:\Program Files\Java\jre6\bin\javaws.exe [C:\Program Files\Java\jre6\bin\javaws.exe] -> [2010/09/15 04:50:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
LUALL.EXE -> C:\Program Files\Symantec\LiveUpdate\LUALL.EXE [C:\Program Files\Symantec\LiveUpdate\LUALL.EXE] -> [2005/03/31 17:32:24 | 002,541,200 | ---- | M] (Symantec Corporation)
mbam.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe] -> [2010/11/29 17:42:14 | 000,963,976 | ---- | M] (Malwarebytes Corporation)
migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008/04/14 03:42:26 | 000,245,248 | ---- | M] (Microsoft Corporation)
MiraFoto ->  [C:\WINDOWS\twain_32\Foto2_00\MiraFoto] -> File not found
moviemk.exe -> C:\Program Files\Movie Maker\moviemk.exe [C:\Program Files\Movie Maker\moviemk.exe] -> [2010/06/18 13:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation)
msimn.exe -> C:\Program Files\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008/04/14 00:12:28 | 000,060,416 | -HS- | M] (Microsoft Corporation)
MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
NCoverEd.exe -> C:\Program Files\Ahead\CoverDesigner\CoverDes.exe [C:\Program Files\Ahead\CoverDesigner\CoverDes.exe] -> [2005/02/01 13:31:20 | 002,412,544 | ---- | M] (Nero AG)
ndasbind.exe -> C:\Program Files\NDAS\System\ndasbind.exe [C:\Program Files\NDAS\System\ndasbind.exe] -> [2007/11/27 17:06:52 | 000,176,616 | ---- | M] (XIMETA, Inc.)
ndasmgmt.exe -> C:\Program Files\NDAS\System\ndasmgmt.exe [C:\Program Files\NDAS\System\ndasmgmt.exe] -> [2007/11/27 17:06:54 | 000,236,520 | ---- | M] (XIMETA, Inc.)
nero.exe -> C:\Program Files\Ahead\Nero\nero.exe [C:\Program Files\Ahead\nero\nero.exe] -> [2005/03/03 16:33:29 | 015,376,451 | ---- | M] (Ahead Software AG)
NeroMediaHome.exe -> C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe [C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe] -> [2005/02/12 10:49:44 | 002,646,016 | ---- | M] (Ahead Software AG)
NeroMediaPlayer.exe -> C:\Program Files\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe [C:\Program Files\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe] -> [2005/02/04 11:57:27 | 001,150,976 | ---- | M] (Ahead software)
NeroStartSmart.exe -> C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe [C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe] -> [2005/01/21 19:12:40 | 004,714,582 | ---- | M] (Ahead Software AG)
NeroVision.EXE -> C:\Program Files\Ahead\NeroVision\NeroVision.exe [C:\Program Files\Ahead\NeroVision\NeroVision.exe] -> [2005/02/17 17:39:11 | 000,434,176 | ---- | M] (Nero AG)
pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009/12/16 18:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation)
Photoshop.exe -> C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe [C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe] -> [2007/12/26 13:46:59 | 015,900,672 | ---- | M] (Adobe Systems, Incorporated)
PictureViewer.exe -> C:\Program Files\QuickTime\PictureViewer.exe [C:\Program Files\QuickTime\PictureViewer.exe] -> [2010/03/18 21:16:06 | 000,557,056 | ---- | M] (Apple Inc.)
pinball.exe -> C:\Program Files\Windows NT\Pinball\pinball.exe [C:\Program Files\Windows NT\Pinball\pinball.exe] -> [2008/04/14 00:12:31 | 000,281,088 | ---- | M] (Cinematronics)
PTProfiler.exe -> C:\Program Files\Karen's Power Tools\Computer Profiler\PTProfiler.exe [C:\Program Files\Karen's Power Tools\Computer Profiler\PTProfiler.exe] -> [2007/10/27 23:03:56 | 000,562,672 | ---- | M] (Karen Kenworthy)
QuickTimePlayer.exe -> C:\Program Files\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe] -> [2010/03/18 22:50:08 | 001,230,128 | ---- | M] (Apple Inc.)
RealPlay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe] -> [2008/03/15 21:05:15 | 000,214,560 | ---- | M] (RealNetworks, Inc.)
Recode.exe -> C:\Program Files\Ahead\Nero Recode\Recode.exe [C:\Program Files\Ahead\Nero Recode\Recode.exe] -> [2005/02/09 16:31:34 | 011,186,264 | ---- | M] (Ahead Software AG)
rnxproc.exe -> C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe [C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe] -> [2008/03/15 21:05:14 | 000,058,952 | ---- | M] (RealNetworks, Inc.)
rvsezm.exe -> C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe] -> [2001/08/23 12:00:00 | 000,042,574 | ---- | M] (Microsoft Corporation)
setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ShowTime.EXE -> C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe [C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe] -> [2005/02/18 16:43:00 | 003,203,072 | ---- | M] (Ahead software AG)
shvlzm.exe -> C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe [C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe] -> [2001/08/23 12:00:00 | 000,042,573 | ---- | M] (Microsoft Corporation)
smax4.exe -> C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [C:\Program Files\Analog Devices\SoundMAX\smax4.exe] -> [2005/09/07 15:35:36 | 000,716,800 | ---- | M] (Analog Devices, Inc.)
smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2005/05/20 01:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.)
smax4wiz.exe -> C:\Program Files\Analog Devices\SoundMAX\SMax4Wiz.exe [C:\Program Files\Analog Devices\SoundMAX\smax4wiz.exe] -> [2005/07/26 09:29:08 | 000,815,104 | ---- | M] (Analog Devices, Inc.)
SMaxCore -> C:\Program Files\Analog Devices\Core [C:\Program Files\Analog Devices\Core] -> [2007/12/24 00:15:51 | 000,000,000 | ---D | M]
smwdmif.dll -> C:\Program Files\Analog Devices\Core\smwdmif.dll [C:\Program Files\Analog Devices\Core\smwdmif.dll] -> [2005/10/05 09:28:14 | 000,290,816 | R--- | M] (Analog Devices, Inc.)
SoundMAX -> C:\Program Files\Analog Devices\SoundMAX [C:\Program Files\Analog Devices\SoundMAX] -> [2007/12/24 00:30:16 | 000,000,000 | ---D | M]
Sprint.exe -> C:\Program Files\ABBYY FineReader 6.0 Sprint\Sprint.exe [C:\Program Files\ABBYY FineReader 6.0 Sprint\Sprint.exe] -> [2005/03/03 17:22:04 | 000,995,328 | ---- | M] (ABBYY (BIT Software))
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Update.exe -> C:\Program Files\ASUS\AsusUpdate\Update.exe [C:\Program Files\ASUS\ASUSUpdate\Update.exe] -> [2007/12/04 15:22:52 | 001,421,312 | ---- | M] (ASUSTek Computer Inc.)
VIRGIN MOBILE BROADBAND HOME.exe -> C:\Program Files\Virgin Mobile\Broadband Home\VIRGIN MOBILE BROADBAND HOME.exe [C:\Program Files\Virgin Mobile\Broadband Home\VIRGIN MOBILE BROADBAND HOME.exe] -> [2010/02/05 21:58:21 | 000,053,248 | ---- | M] ()
VPC32.exe -> C:\Program Files\Symantec AntiVirus\\VPC32.exe [C:\Program Files\Symantec AntiVirus\\VPC32.exe] -> [2005/04/17 12:30:46 | 000,268,480 | ---- | M] ()
vptray.exe -> C:\Program Files\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation)
wab.exe -> C:\Program Files\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008/04/14 00:12:38 | 000,046,080 | ---- | M] (Microsoft Corporation)
wabmig.exe -> C:\Program Files\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008/04/14 00:12:39 | 000,030,208 | ---- | M] (Microsoft Corporation)
winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
WinRAR.exe -> C:\Program Files\WinRAR\WinRAR.exe [C:\Program Files\WinRAR\WinRAR.exe] -> [2010/03/15 10:26:37 | 001,039,360 | ---- | M] ()
WMPBurn.exe -> C:\Program Files\Ahead\WMPBurn\WMPBurn.exe [C:\Program Files\Ahead\WMPBurn\WMPBurn.exe] -> [2004/01/08 16:19:24 | 001,265,664 | ---- | M] (Ahead Software AG)
WNPMGR32.exe -> C:\Program Files\Intel\Netport\Wnpmgr32.exe [C:\Program Files\Intel\Netport\WNPMGR32.exe] -> [2001/01/11 06:48:42 | 000,606,208 | ---- | M] (Intel Corporation)
WORDPAD.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2010/07/12 12:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation)
WRITE.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2010/07/12 12:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation)
XPSViewer.exe -> C:\WINDOWS\System32\XPSViewer\XPSViewer.exe ["C:\WINDOWS\system32\XPSViewer\XPSViewer.exe"] -> [2008/07/29 20:26:06 | 000,301,568 | ---- | M] (Microsoft Corporation)
xtndpc.exe -> C:\Program Files\XTNDConnect PC\xtndpc.exe [C:\Program Files\XTNDConnect PC\xtndpc.exe] -> [2003/09/03 17:15:40 | 000,229,376 | ---- | M] (Extended Systems)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> 
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Program Files\Common Files\System\Ole DB\oledb32.dll [Microsoft Data Link] -> [2008/04/14 00:12:02 | 000,487,424 | ---- | M] (Microsoft Corporation)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Program Files\Outlook Express\wabfind.dll [For &People...] -> [2008/04/14 00:12:08 | 000,032,768 | ---- | M] (Microsoft Corporation)
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" [HKLM] -> C:\WINDOWS\system32\AcSignIcon.dll [AutoCAD Digital Signatures Icon Overlay Handler] -> [2010/07/24 23:02:03 | 000,043,232 | ---- | M] (Autodesk, Inc.)
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] ->  [Display Panning CPL Extension] -> File not found
"{4B392032-A759-43ED-9469-377C80A4472D}" [HKLM] -> C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll [Autodesk Dgn File Preview] -> [2010/07/24 23:01:36 | 000,017,632 | ---- | M] (Autodesk)
"{5800AD5B-72C1-477B-9A08-CA112DF06D97}" [HKLM] -> C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [AutoCAD DWG InfoTip Handler] -> [2010/07/24 23:01:36 | 000,131,296 | ---- | M] (Autodesk)
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Shell extensions for file compression] -> File not found
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" [HKLM] -> C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> [2005/01/21 14:34:06 | 001,511,424 | ---- | M] (Nero AG)
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Encryption Context Menu] -> File not found
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> [2001/08/23 12:00:00 | 000,044,544 | ---- | M] (Hilgraeve, Inc.)
"{8A0BC933-7552-42E2-A228-3BE055777227}" [HKLM] -> C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [AutoCAD DWG Column Handler] -> [2010/07/24 23:01:36 | 000,131,296 | ---- | M] (Autodesk)
"{A5110426-177D-4e08-AB3F-785F10B4439C}" [HKLM] -> C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll [My Phones] -> [2004/09/28 14:05:06 | 000,319,488 | R--- | M] (Sony Ericsson Mobile Communications AB)
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" [HKLM] -> C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll [Autodesk Drawing Preview] -> [2010/07/24 23:01:38 | 000,017,632 | ---- | M] (Autodesk, Inc.)
"{B327765E-D724-4347-8B16-78AE18552FC3}" [HKLM] -> C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> [2005/01/21 14:34:06 | 001,511,424 | ---- | M] (Nero AG)
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [2010/03/15 10:28:22 | 000,141,824 | ---- | M] ()
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> [2010/06/15 15:33:44 | 000,123,704 | ---- | M] (Apple Inc.)
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}" [HKLM] -> Reg Error: Key error. [Microsoft Browser Architecture] -> File not found
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" [HKLM] -> C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [LDVP Shell Extensions] -> [2005/04/17 12:31:16 | 000,045,760 | ---- | M] (Symantec Corporation)
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> [2008/03/15 21:05:16 | 000,063,040 | ---- | M] (RealNetworks, Inc.)
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" [HKLM] -> Reg Error: Key error. [IE User Assist] -> File not found
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
0 -> [Key] -> 
0 -> FriendlyName = My Current Home Page -> 
0 -> Source = About:Home -> 
0 -> SubscribedURL = About:Home -> 
< Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> 
BackupWallPaper -> C:\WINDOWS\Web\Wallpaper\Bliss.bmp -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 15:06:48 | 000,113,664 | ---- | M] (Adobe Systems, Inc.)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
High Definition Audio Property Page Shortcut hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2010/06/15 15:33:44 | 000,141,624 | ---- | M] (Apple Inc.)
NBJ hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Ahead\Nero BackItUp\NBJ.exe -> [2005/02/10 17:00:54 | 001,937,408 | ---- | M] (Ahead Software AG)
NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/03/18 21:16:10 | 000,421,888 | ---- | M] (Apple Inc.)
SoundMAX hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Analog Devices\SoundMAX\Smax4.exe -> [2005/09/07 15:35:36 | 000,716,800 | ---- | M] (Analog Devices, Inc.)
SoundMAXPnP hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> [2005/05/20 01:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.)
WATCHPNP_Samsung hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/14 03:42:44 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 14:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/14 03:40:52 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2001/08/23 12:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/14 00:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010/06/17 14:03:00 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2001/08/23 12:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2001/08/23 12:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/14 03:42:44 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/14 03:41:56 | 000,755,200 | ---- | M] (Intel Corporation)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/18 22:50:08 | 000,800,048 | ---- | M] (Apple Inc.)
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{0540F132-FD03-4120-9B98-6559FE3F4F20} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} [HKLM] -> C:\Program Files\Virtual Earth 3D\SentinelVirtualEarth3D.dll [SentinelVE3D Class] -> [2007/11/13 10:33:58 | 000,123,912 | ---- | M] (Microsoft Corporation.)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{1B1B260C-2D5A-47DD-AA70-BA2396E00D81} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support\SymXPep2.dll [SymXPep2_Collector Class] -> [2007/12/25 18:29:34 | 000,357,768 | ---- | M] (Symantec Corporation)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3451DEDE-631F-421c-8127-FD793AFC6CC8} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\SymAData.dll [ActiveDataInfo Class] -> [2007/11/16 14:06:28 | 000,177,552 | ---- | M] (Symantec Corporation)
{34F12AFD-E9B5-492A-85D2-40FA4535BE83} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\nprdtinf.dll [AxProdInfoCtl Class] -> [2007/11/16 14:06:20 | 000,333,176 | R--- | M] (Symantec Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/18 22:50:08 | 000,800,048 | ---- | M] (Apple Inc.)
{44990200-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll [Symantec SmartIssue] -> [2007/11/16 14:06:30 | 001,156,496 | ---- | M] (Symantec, Inc.)
{44990301-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll [Symantec Script Runner Class] -> [2007/11/16 14:06:30 | 000,578,960 | ---- | M] (Symantec, Inc.)
{44990400-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{44990500-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\ssctrlln.dll [Symantec Listener Control] -> [2007/11/16 14:06:26 | 001,340,816 | ---- | M] (Symantec, Inc.)
{44990600-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [Symantec RemoteControl Class] -> [2007/11/16 14:06:22 | 000,501,136 | ---- | M] (Symantec Corporation)
{44990701-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll [SprtCtlBrowse Class] -> [2007/11/16 14:06:26 | 000,173,456 | ---- | M] (Symantec, Inc.)
{44990801-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll [SprtWMIControl Class] -> [2007/11/16 14:06:26 | 000,091,536 | ---- | M] (Symantec, Inc.)
{44990900-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlss.dll [Symantec ScreenShot Class] -> [2007/11/16 14:06:30 | 000,206,224 | ---- | M] (Symantec, Inc.)
{44990a00-3c9d-426d-81df-aab636fa4345} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{44990b00-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll [Symantec Configuration Class] -> [2007/11/16 14:06:28 | 000,292,240 | ---- | M] (Symantec, Inc.)
{44990b0a-3c9d-426d-81df-aab636fa4345} [HKLM] -> Reg Error: Key error. [Handler for ElevationHelper Class] -> File not found
{44990b0b-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\sshelper.exe [Symantec User Helper Class] -> [2007/11/16 14:06:22 | 000,071,056 | ---- | M] (Symantec, Inc.)
{44990b0c-3c9d-426d-81df-aab636fa4345} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll [Symantec Elevation Helper Class] -> [2007/11/16 14:06:28 | 000,292,240 | ---- | M] (Symantec, Inc.)
{4536918A-95A8-498F-B542-CB906C561A43} [HKLM] -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/10/16 15:23:55 | 000,219,288 | ---- | M] (Google Inc.)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/09/15 04:50:40 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{A860F368-DD62-4474-8178-C585F6B48422} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll [PSFactoryBuffer] -> [2007/11/16 14:06:28 | 000,075,152 | ---- | M] (Symantec Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2008/10/14 21:29:50 | 000,632,168 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/09/15 04:50:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/09/15 04:50:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2010/03/18 22:50:08 | 000,800,048 | ---- | M] (Apple Inc.)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> C:\WINDOWS\system32\rmoc3260.dll [RealPlayer G2 Control] -> [2008/03/15 21:05:20 | 000,185,944 | ---- | M] (RealNetworks, Inc.)
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx [Shockwave Flash Object] -> [2010/11/11 11:30:45 | 006,071,760 | R--- | M] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2010/06/15 15:33:36 | 000,111,416 | ---- | M] (Apple Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll [Microsoft Silverlight] -> [2010/09/16 21:24:06 | 001,023,816 | ---- | M] ( Microsoft Corporation)
{E25E440E-E206-4b9e-9CF5-FAC9779E0EEE} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll [ControlInstaller Class] -> [2007/11/16 14:06:28 | 000,075,152 | ---- | M] (Symantec Corporation)
{F9152AEC-3462-4632-8087-EEE3C3CDDA24} [HKLM] -> C:\Program Files\Google\Google Earth\plugin\ie\5.2.1.1588\plugin_ax.dll [GEPluginCoClass Object] -> [2010/09/01 18:34:54 | 005,220,864 | ---- | M] (Google)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/18 22:50:08 | 000,800,048 | ---- | M] (Apple Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/03/15 21:05:23 | 000,370,296 | ---- | M] (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx [Shockwave Flash Object] -> [2010/11/11 11:30:45 | 006,071,760 | R--- | M] (Adobe Systems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/18 22:50:08 | 000,800,048 | ---- | M] (Apple Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{238F6F83-B8B4-11CF-8771-00A024541EE3} [HKLM] -> C:\Program Files\Citrix\ICA Client\Wfica.ocx [Citrix ICA Client] -> [2008/08/16 16:44:44 | 000,587,096 | ---- | M] (Citrix Systems, Inc.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/03/15 21:05:23 | 000,370,296 | ---- | M] (RealPlayer)
{377B5106-3B4E-4A2D-8520-8767590CAC86} [HKLM] -> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\NPSVG3.dll [SVG Document] -> [2005/04/14 20:24:22 | 000,321,192 | ---- | M] (Adobe Systems Incorporated)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/18 22:50:08 | 000,800,048 | ---- | M] (Apple Inc.)
{4536918A-95A8-498F-B542-CB906C561A43} [HKLM] -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/10/16 15:23:55 | 000,219,288 | ---- | M] (Google Inc.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{69D72956-317C-44BD-B369-8E44D4EF9801} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BD96C556-65A3-11D0-983A-00C04FC29E36} [HKLM] -> C:\Program Files\Common Files\System\msadc\msadco.dll [RDS.DataSpace] -> [2008/04/14 00:11:58 | 000,143,360 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2008/10/14 21:29:50 | 000,632,168 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/09/15 04:50:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/09/15 04:50:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [HKLM] -> C:\WINDOWS\system32\rmoc3260.dll [RealPlayer G2 Control] -> [2008/03/15 21:05:20 | 000,185,944 | ---- | M] (RealNetworks, Inc.)
{D27CDB6E-AE6D-11CF-96B8-444553512000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx [Shockwave Flash Object] -> [2010/11/11 11:30:45 | 006,071,760 | R--- | M] (Adobe Systems, Inc.)
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [HKLM] -> C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx [QuickTimeCheck Class] -> [2010/03/18 22:50:08 | 000,136,496 | ---- | M] (Apple Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll [Microsoft Silverlight] -> [2010/09/16 21:24:06 | 001,023,816 | ---- | M] ( Microsoft Corporation)
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{EC0403E0-9158-4CF8-A2B6-3C62C3B9B6B7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F9152AEC-3462-4632-8087-EEE3C3CDDA24} [HKLM] -> C:\Program Files\Google\Google Earth\plugin\ie\5.2.1.1588\plugin_ax.dll [GEPluginCoClass Object] -> [2010/09/01 18:34:54 | 005,220,864 | ---- | M] (Google)
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
HidServ -> C:\WINDOWS\System32\hidserv.dll -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKLM] -> No CLSID value
msdaipp: [HKLM] -> No CLSID value
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
klmdb.sys -> Reg Error: Value error.
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
klmdb.sys -> Reg Error: Value error.
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" ->  [1] -> File not found
\\"AntiVirusDisableNotify" ->  [0] -> File not found
\\"FirewallDisableNotify" ->  [0] -> File not found
\\"UpdatesDisableNotify" ->  [0] -> File not found
\\"AntiVirusOverride" ->  [0] -> File not found
\\"FirewallOverride" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
\Monitoring\SymantecAntiVirus\\"DisableMonitoring" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
< System Restore User Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore -> 
"DisableSR" -> 0 -> 
< System Restore File Filter Service > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr -> 
"Start" -> 0 -> 
< System Restore Service > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService -> 
"Start" -> 2 -> 
< Windows Firewall Group Policy Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> 
< Windows DomainProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
< Windows DomainProfile GloballyOpenPorts Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
\\"139:TCP" ->  [139:TCP:*:Enabled:@xpsp2res.dll,-22004] -> File not found
\\"445:TCP" ->  [445:TCP:*:Enabled:@xpsp2res.dll,-22005] -> File not found
\\"137:UDP" ->  [137:UDP:*:Enabled:@xpsp2res.dll,-22001] -> File not found
\\"138:UDP" ->  [138:UDP:*:Enabled:@xpsp2res.dll,-22002] -> File not found
< Windows StandardProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [1] -> File not found
\\"DoNotAllowExceptions" ->  [0] -> File not found
\\"DisableNotifications" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
< Windows StandardProfile GloballyOpenPorts Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
\\"1900:UDP" ->  [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
\\"2869:TCP" ->  [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
\\"67:UDP" ->  [67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service] -> File not found
\\"139:TCP" ->  [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
\\"445:TCP" ->  [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
\\"137:UDP" ->  [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
\\"138:UDP" ->  [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
\\"1035:TCP" ->  [1035:TCP:*:Enabled:Akamai NetSession Interface] -> File not found
\\"5000:UDP" ->  [5000:UDP:*:Enabled:Akamai NetSession Interface] -> File not found
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> 
*BootExecute* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute -> 
autocheck autochk * ->  -> File not found
*MultiFile Done* -> -> 
"ExcludeFromKnownDlls" ->  [binary data] -> 
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> 
\Windows -> \Windows -> [2010/12/11 10:01:49 | 000,000,000 | ---D | M]
\RPC Control ->  -> File not found
*MultiFile Done* -> -> 
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> 
"ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2008/04/14 03:42:16 | 000,389,120 | ---- | M] (Microsoft Corporation)
"TEMP" -> C:\WINDOWS\Temp -> [2010/12/11 18:09:20 | 000,000,000 | ---D | M]
"TMP" -> C:\WINDOWS\Temp -> [2010/12/11 18:09:20 | 000,000,000 | ---D | M]
"windir" -> C:\WINDOWS -> [2010/12/11 10:01:49 | 000,000,000 | ---D | M]
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> 
%SystemRoot%\system32 -> C:\WINDOWS\system32 -> [2010/12/11 18:10:44 | 000,000,000 | ---D | M]
%SystemRoot% -> C:\WINDOWS -> [2010/12/11 10:01:49 | 000,000,000 | ---D | M]
%SystemRoot%\system32\wbem -> C:\WINDOWS\system32\wbem -> [2010/12/07 22:28:09 | 000,000,000 | ---D | M]
C:\Program Files\Samsung\Samsung PC Studio 3 -> C:\Program Files\Samsung\Samsung PC Studio 3 -> [2008/08/25 23:19:41 | 000,000,000 | ---D | M]
C:\WINDOWS\system32\WindowsPowerShell\v1.0 -> C:\WINDOWS\system32\windowspowershell\v1.0 -> [2010/06/27 13:34:52 | 000,000,000 | ---D | M]
C:\Program Files\QuickTime\QTSystem -> C:\Program Files\QuickTime\QTSystem -> [2010/07/15 18:22:58 | 000,000,000 | ---D | M]
C:\Program Files\Overlook Fing 1.4\bin -> C:\Program Files\Overlook Fing 1.4\bin -> [2010/09/04 00:17:17 | 000,000,000 | ---D | M]
*MultiFile Done* -> -> 
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> 
.COM ->  -> File not found
.EXE ->  -> File not found
.BAT ->  -> File not found
.CMD ->  -> File not found
.VBS ->  -> File not found
.VBE ->  -> File not found
.JS ->  -> File not found
.JSE ->  -> File not found
.WSF ->  -> File not found
.WSH ->  -> File not found
.PSC1 ->  -> File not found
*MultiFile Done* -> -> 
< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> 
< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> 
"advapi32" -> C:\WINDOWS\System32\advapi32.dll -> [2009/02/09 12:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation)
"comdlg32" -> C:\WINDOWS\System32\comdlg32.dll -> [2008/04/14 03:41:52 | 000,276,992 | ---- | M] (Microsoft Corporation)
"DllDirectory" -> C:\WINDOWS\system32 -> [2010/12/11 18:10:44 | 000,000,000 | ---D | M]
"gdi32" -> C:\WINDOWS\System32\gdi32.dll -> [2008/10/23 12:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation)
"imagehlp" -> C:\WINDOWS\System32\imagehlp.dll -> [2008/04/14 03:41:56 | 000,144,384 | ---- | M] (Microsoft Corporation)
"kernel32" -> C:\WINDOWS\System32\kernel32.dll -> [2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation)
"lz32" -> C:\WINDOWS\System32\lz32.dll -> [2001/08/23 12:00:00 | 000,002,560 | ---- | M] (Microsoft Corporation)
"ole32" -> C:\WINDOWS\System32\ole32.dll -> [2010/07/16 12:05:55 | 001,288,192 | ---- | M] (Microsoft Corporation)
"oleaut32" -> C:\WINDOWS\System32\oleaut32.dll -> [2008/04/14 03:42:04 | 000,551,936 | ---- | M] (Microsoft Corporation)
"olecli32" -> C:\WINDOWS\System32\olecli32.dll -> [2008/04/14 03:42:04 | 000,074,752 | ---- | M] (Microsoft Corporation)
"olecnv32" -> C:\WINDOWS\System32\olecnv32.dll -> [2008/04/14 03:42:04 | 000,037,376 | ---- | M] (Microsoft Corporation)
"olesvr32" -> C:\WINDOWS\System32\olesvr32.dll -> [2001/08/23 12:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation)
"olethk32" -> C:\WINDOWS\System32\olethk32.dll -> [2001/08/23 12:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation)
"rpcrt4" -> C:\WINDOWS\System32\rpcrt4.dll -> [2010/08/16 08:45:00 | 000,590,848 | ---- | M] (Microsoft Corporation)
"shell32" -> C:\WINDOWS\System32\shell32.dll -> [2010/07/27 06:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
"url" -> C:\WINDOWS\System32\url.dll -> [2009/03/08 03:34:28 | 000,105,984 | ---- | M] (Microsoft Corporation)
"urlmon" -> C:\WINDOWS\System32\urlmon.dll -> [2010/09/10 05:58:08 | 001,210,880 | ---- | M] (Microsoft Corporation)
"user32" -> C:\WINDOWS\System32\user32.dll -> [2008/04/14 03:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation)
"version" -> C:\WINDOWS\System32\version.dll -> [2008/04/14 03:42:10 | 000,018,944 | ---- | M] (Microsoft Corporation)
"wininet" -> C:\WINDOWS\System32\wininet.dll -> [2010/09/10 05:58:08 | 000,916,480 | ---- | M] (Microsoft Corporation)
"wldap32" -> C:\WINDOWS\System32\wldap32.dll -> [2008/04/14 03:42:10 | 000,172,032 | ---- | M] (Microsoft Corporation)
< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC -> 
"CommonFilesDir" -> C:\Program Files\Common Files -> [2010/12/11 10:00:33 | 000,000,000 | ---D | M]
"ProgramFilesDir" -> C:\Program Files -> [2010/12/10 22:29:55 | 000,000,000 | R--D | M]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/14 03:42:42 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> C:\Program Files\Bonjour\mdnsNSP.dll -> [2010/05/18 15:35:14 | 000,152,864 | ---- | M] (Apple Inc.)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{04B9AC25-2440-4368-8355-DA7303A133FC} -> TBO Advanced Chart Pattern Recognition
{0CB9668D-F979-4F31-B8B8-67FE90F929F8} -> Bonjour
{19ADA2D0-D577-11D2-A14E-08002BE4D8DC} -> MiraFoto
{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B} -> Cool & Quiet
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{1F45C0EC-17A4-4EE9-874D-A88757BD6C09} -> CapMan
{20C45B32-5AB6-46A4-94EF-58950CAF05E5} -> EPSON Attach To Email
{20D4A895-748C-4D88-871C-FDB1695B0169} -> Platform
{26A24AE4-039D-4CA4-87B4-2F83216019FF} -> Java(TM) 6 Update 22
{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64} -> EPSON Scan Assistant
{314F6D08-A8B7-11D8-8446-0050BA1D384D} -> EPSON Image Clip Palette
{3248F0A8-6813-11D6-A77B-00B0D0150000} -> J2SE Runtime Environment 5.0
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D} -> Sony Ericsson OCS
{3D9892BB-A751-4E48-ADC8-E4289956CE1D} -> QuickTime
{41F630B6-3A1C-40E0-8AD6-83C39C5B99E3} -> SyncThru Web Admin Service
{4286E640-B5FB-11DF-AC4B-005056C00008} -> Google Earth
{4588138D-4194-41F9-BAD7-8CB886C9AD4F} -> Sony Ericsson Mobile Networking Wizard
{45A66726-69BC-466B-A7A4-12FCBA4883D7} -> HiJackThis
{48F22622-1CC2-4A83-9C1E-644DD96F832D} -> EPSON Event Manager
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{4FB0FB47-8F1D-4339-8BE9-39819362AE05} -> Sony Ericsson Image Editor
{50F824C8-2CF6-4b6a-B272-359996E433C2} -> Citrix Endpoint Analysis Plugin
{5783F2D7-9028-0409-0000-0060B0CE6BBA} -> DWG TrueView 2011
{587178E7-B1DF-494E-9838-FA4DD36E873C} -> ASUSUpdate
{58FA5D40-E35A-47ED-8AFA-68CCC758559E} -> Garmin MapSource
{5A633ED0-E5D7-4D65-AB8D-53ED43510284} -> Symantec AntiVirus
{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E} -> Garmin USB Drivers
{67EDD823-135A-4D59-87BD-950616D6E857} -> EPSON Copy Utility 3
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{738B6229-A2BF-49BB-92C6-5328F49DAACD} -> NDAS Software 3.20.1528
{75B4F73F-4EB1-4126-AE4B-639F3CE6E411} -> Sony Ericsson Mobile Phone Monitor
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7AA828F3-BD67-495E-9742-BD9C3F196E78} -> PC Suite
{7AB3A249-FB81-416B-917A-A2A10E74C503} -> iTunes
{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90} -> WebEx Support Manager for Internet Explorer
{83E9FDFD-B4E9-4FB7-A767-8339664CDE96} -> Sony Ericsson MMS Home Studio
{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B} -> Microsoft AutoRoute 2006
{85991ED2-010C-4930-96FA-52F43C2CE98A} -> Apple Mobile Device Support
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8D20B4D7-3422-4099-9332-39F27E617A6F} -> Autodesk Design Review 2011
{8DD641C2-FFEC-4AED-A339-88BACFC60C39} -> Sony Ericsson Sound Editor
{900A92BA-19EF-4A34-86CF-7B6C85BDD971} -> VC_MergeModuleToMSI
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{949DBB22-2FB7-4de1-804C-23D495A988D8} -> CuteFTP 8 Home
{9743AF47-B746-4324-B4C4-512E67D04370} -> Symantec Technical Support Web Controls
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb -> Internet Explorer (Enable DEP)
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AC76BA86-7AD7-1033-7B44-A81300000003} -> Adobe Reader 8.1.6
{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} -> ABBYY FineReader 6.0 Sprint
{B2D328BE-45AD-4D92-96F9-2151490A203E} -> Apple Application Support
{B8BC806D-0703-11D4-BB23-006008676AF8} -> Sony Ericsson Communications Suite
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C151CE54-E7EA-4804-854B-F515368B0798} -> Athlon 64 Processor Driver
{C4A4722E-79F9-417C-BD72-8D359A090C97} -> Samsung PC Studio 3
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D5CF3710-211B-11D4-B9B9-00105AE05C5D} -> XTNDConnect PC
{D642ACC5-F7E9-48F3-A7EE-B49C5447A10E} -> Samsung PC Studio 3
{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2} -> Virtual Earth 3D (Beta)
{E86BC406-944E-41F6-ADE6-2C136734C96B} -> EPSON File Manager
{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76} -> Citrix XenApp Web Plugin
{F00B1D05-AB7C-4E0A-87A0-CC25D82D7F1D} -> Sony Ericsson File Manager
{F0A37341-D692-11D4-A984-009027EC0A9C} -> SoundMAX
{F2CE6BD0-54CD-4A53-BBB5-409D74B28EDD} -> Sony Ericsson Sync Station
{F7338FA3-DAB5-49B2-900D-0AFB5760C166} -> PC Probe II
{F8DF73E6-97CC-4950-96FC-0022EA737497} -> SyncThru Web Admin Service Driver Management
{FB4A5F2C-01AD-420E-9569-0CF5431C3638} -> 3D Home Designer Deluxe
49CF605F02C7954F4E139D18828DE298CD59217C -> Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0 -> Adobe Photoshop 7.0
Adobe SVG Viewer -> Adobe SVG Viewer 3.0
Advanced IP Scanner v1.5 -> Advanced IP Scanner v1.5
Autodesk Design Review 2011 -> Autodesk Design Review 2011
AviSynth -> AviSynth 2.5
CutePDF Writer Installation -> CutePDF Writer 2.7
Desktop Lawyer -> Desktop Lawyer
DVD Decrypter -> DVD Decrypter (Remove Only)
DVD Shrink_is1 -> DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1 -> DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0
DVDFab Express_is1 -> DVDFab Express 2.9.8.3
DWG TrueView 2011 -> DWG TrueView 2011
EasyHtml -> EasyHtml
EPSON Scanner -> EPSON Scan
EXIF Date Changer_is1 -> EXIF Date Changer v1.1
ExpressRip -> Express Rip
FileZilla -> FileZilla (remove only)
Free DVD Decrypter_is1 -> Free DVD Decrypter version 1.3
Free Internet Window Washer -> Free Internet Window Washer
Free IP Scanner -> Free IP Scanner
FTDICOMM -> SEMC DSS-20 SyncStation Driver
HijackThis -> HijackThis 1.99.1
IBP10_is1 -> IBP 10.0.1
ie8 -> Windows Internet Explorer 8
ImgBurn -> ImgBurn
InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5} -> EPSON Attach To Email
InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} -> VIA Platform Device Manager
InstallShield_{FB4A5F2C-01AD-420E-9569-0CF5431C3638} -> 3D Home Designer Deluxe Edition
Intel NetportExpress Software -> Intel NetportExpress Software
InterCasinoV9EnglishUSD -> InterCasino
Karen's Computer Profiler -> Karen's Computer Profiler
Karen's Directory Printer -> Karen's Directory Printer
LiveUpdate -> LiveUpdate 2.6 (Symantec Corporation)
Look@LAN_1.0 -> Look@LAN 2.50 Build 35
Magic DVD Copier_is1 -> Magic DVD Copier Version 4.9.3
Magic DVD Ripper_is1 -> Magic DVD Ripper V5.4.2
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
NeroMultiInstaller!UninstallKey -> Nero Suite
No-IP.com DUC -> No-IP.com DUC (remove only)
Overlook Fing 1.4 ->  Overlook Fing
PC Magazine DiskAction 2_is1 -> PC Magazine DiskAction v2.3.1
Perf3490P_3590P User's Guide -> Perf3490P_3590P User's Guide
RealPlayer 6.0 -> RealPlayer
SAMSUNG CDMA Modem -> SAMSUNG CDMA Modem Driver Set
Samsung ML-7300 PCL 6 -> Samsung ML-7300 Driver
SAMSUNG Mobile Composite Device -> SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver -> Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem -> SAMSUNG Mobile USB Modem Software
SAMSUNG Mobile USB Modem 1.0 -> SAMSUNG Mobile USB Modem 1.0 Software
Switch -> Switch Sound File Converter
T610-616-630-637 USB-Handset Manager -> T610-616-630-637 USB-Handset Manager
TightVNC_is1 -> TightVNC 1.3.10
TomTom HOME -> TomTom HOME
Uninstall_is1 -> Uninstall 1.0.0.1
VIA Chrome9 HC IGP Display -> VIA/S3G Display Driver 6.14.10.0071
VIA Chrome9 HC IGP Family Display -> VIA Chrome9 HC IGP Family Display
VIA/S3G DeltaChrome IGP Win2K/XP/Server2003 Display -> VIA/S3G Display Driver
VIRGIN MOBILE BROADBAND HOME -> VIRGIN MOBILE BROADBAND HOME
VN_VUIns_Rhine_VIA -> VIA Rhine-Family Fast Ethernet Adapter
WavePad -> WavePad Sound Editor
winpcap-overlook -> winpcap-overlook 4.02
WinRAR archiver -> WinRAR archiver
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
System [ Error ] 10/12/2010 18:24:27 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7034 -> Description = The Symantec Event Manager service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 10/12/2010 18:24:27 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7034 -> Description = The SyncThru Web Admin Service Driver Management service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 10/12/2010 18:24:27 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7034 -> Description = The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 10/12/2010 18:24:27 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7034 -> Description = The NDAS Service service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 10/12/2010 18:24:27 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7034 -> Description = The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 10/12/2010 18:25:06 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7011 -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.
System [ Error ] 10/12/2010 18:33:35 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   aec6710D
System [ Error ] 11/12/2010 05:32:28 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   aec6710D
System [ Error ] 11/12/2010 10:03:39 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   aec6710D
System [ Error ] 11/12/2010 14:06:58 Computer Name = MIKES-COMPUTER | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   aec6710D
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Documents and Settings\Mike\Desktop\OTS.exe -> [2010/12/11 17:00:28 | 000,642,048 | ---- | C] (OldTimer Tools)
 RECYCLER -> C:\RECYCLER -> [2010/12/11 13:39:09 | 000,000,000 | -HSD | C]
 mike2956 -> C:\mike2956 -> [2010/12/11 09:54:16 | 000,000,000 | ---D | C]
 rsit -> C:\rsit -> [2010/12/10 14:16:51 | 000,000,000 | ---D | C]
 delete -> C:\Documents and Settings\Mike\Desktop\delete -> [2010/12/08 16:41:24 | 000,000,000 | ---D | C]
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010/12/07 23:49:36 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/12/07 23:49:36 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/12/07 23:49:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2010/12/07 23:49:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 Sun -> C:\Documents and Settings\LocalService\Application Data\Sun -> [2010/12/07 21:00:44 | 000,000,000 | ---D | C]
 Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2010/12/07 12:37:32 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2010/12/07 12:31:03 | 000,000,000 | ---D | C]
 cmdcons -> C:\cmdcons -> [2010/12/06 21:07:52 | 000,000,000 | RHSD | C]
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/12/06 21:03:44 | 000,212,480 | ---- | C] (SteelWerX)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/12/06 21:03:44 | 000,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/12/06 21:03:44 | 000,136,704 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/12/06 21:03:44 | 000,031,232 | ---- | C] (NirSoft)
 ERDNT -> C:\WINDOWS\ERDNT -> [2010/12/06 21:03:27 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2010/12/06 21:02:17 | 000,000,000 | ---D | C]
 NyDtpHFB -> C:\Documents and Settings\Mike\Desktop\NyDtpHFB -> [2010/12/06 10:42:59 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2010/12/05 23:14:58 | 000,000,000 | ---D | C]
 {00032D85-7853-429E-AF5A-DB8CCDA19A17} -> C:\Documents and Settings\Mike\Local Settings\Application Data\{00032D85-7853-429E-AF5A-DB8CCDA19A17} -> [2010/12/04 02:18:32 | 000,000,000 | ---D | C]
 test.exe -> C:\Documents and Settings\Mike\Desktop\test.exe -> [2010/12/04 01:23:18 | 000,045,568 | ---- | C] (Microsoft Corporation)
 ftser2k.sys -> C:\WINDOWS\System32\drivers\ftser2k.sys -> [2010/11/17 12:30:36 | 000,050,396 | ---- | C] (FTDI Ltd.)
 ftserui2.dll -> C:\WINDOWS\System32\ftserui2.dll -> [2010/11/17 12:30:36 | 000,048,631 | ---- | C] (FTDI Ltd.)
 ftlund.sys -> C:\WINDOWS\System32\drivers\ftlund.sys -> [2010/11/17 12:30:36 | 000,006,828 | ---- | C] (FTDI Ltd.)
 lbrtfdc.sys -> C:\WINDOWS\System32\drivers\lbrtfdc.sys -> [2010/09/15 21:41:19 | 000,034,688 | ---- | C] (Toshiba Corp.)
 lbrtfdc.sys -> C:\WINDOWS\System32\dllcache\lbrtfdc.sys -> [2010/09/15 21:41:19 | 000,034,688 | ---- | C] (Toshiba Corp.)
 i2omgmt.sys -> C:\WINDOWS\System32\dllcache\i2omgmt.sys -> [2010/09/15 21:41:18 | 000,008,576 | ---- | C] (Microsoft Corporation)
 fetnd5.sys -> C:\WINDOWS\System32\dllcache\fetnd5.sys -> [2010/09/15 21:41:05 | 000,027,165 | ---- | C] (VIA Technologies, Inc.              )
 changer.sys -> C:\WINDOWS\System32\drivers\changer.sys -> [2010/09/15 21:41:04 | 000,008,192 | ---- | C] (Microsoft Corporation)
 changer.sys -> C:\WINDOWS\System32\dllcache\changer.sys -> [2010/09/15 21:41:04 | 000,008,192 | ---- | C] (Microsoft Corporation)
 MiniWebControl.ocx -> C:\WINDOWS\System32\MiniWebControl.ocx -> [2010/09/14 00:05:59 | 000,035,840 | ---- | C] (Cryptologic Inc.)
 pcouffin.sys -> C:\Documents and Settings\Mike\Application Data\pcouffin.sys -> [2008/04/25 21:46:35 | 000,047,360 | ---- | C] (VSO Software)
 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\Documents and Settings\Mike\My Documents\*.tmp files -> C:\Documents and Settings\Mike\My Documents\*.tmp -> 
 
[Files/Folders - Modified Within 90 Days]
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/12/11 18:10:44 | 000,435,260 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/12/11 18:10:44 | 000,068,156 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/12/11 18:06:00 | 000,000,880 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/11 18:05:51 | 000,002,048 | --S- | M] ()
 OTS.exe -> C:\Documents and Settings\Mike\Desktop\OTS.exe -> [2010/12/11 17:00:32 | 000,642,048 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/12/11 16:29:00 | 000,000,884 | ---- | M] ()
 kryli67m.exe -> C:\Documents and Settings\Mike\Desktop\kryli67m.exe -> [2010/12/11 13:50:28 | 000,296,448 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/12/11 10:01:44 | 000,000,027 | ---- | M] ()
 mike2956.exe -> C:\Documents and Settings\Mike\Desktop\mike2956.exe -> [2010/12/11 09:51:07 | 003,988,311 | R--- | M] ()
 RSIT.exe -> C:\Documents and Settings\Mike\Desktop\RSIT.exe -> [2010/12/10 14:16:39 | 000,339,991 | ---- | M] ()
 Susan Egg balance calc.xls -> C:\Documents and Settings\Mike\My Documents\Susan Egg balance calc.xls -> [2010/12/10 13:55:05 | 000,014,336 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/12/09 18:57:01 | 000,000,284 | ---- | M] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010/12/09 13:28:42 | 000,000,116 | ---- | M] ()
 Phone 10 12 09.pbf -> C:\Documents and Settings\Mike\My Documents\Phone 10 12 09.pbf -> [2010/12/09 11:07:01 | 000,014,911 | ---- | M] ()
 Section 38 Cookridge Ave proposed B.doc -> C:\Documents and Settings\Mike\My Documents\Section 38 Cookridge Ave proposed B.doc -> [2010/12/09 11:05:51 | 000,044,544 | ---- | M] ()
 Section 38 Cookridge Ave proposed A.doc -> C:\Documents and Settings\Mike\My Documents\Section 38 Cookridge Ave proposed A.doc -> [2010/12/09 11:02:56 | 000,043,520 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/12/09 10:07:29 | 000,014,848 | ---- | M] ()
 Section 38 Cookridge ave as existing.doc -> C:\Documents and Settings\Mike\My Documents\Section 38 Cookridge ave as existing.doc -> [2010/12/08 23:05:12 | 000,032,768 | ---- | M] ()
 delete.zip -> C:\Documents and Settings\Mike\Desktop\delete.zip -> [2010/12/08 16:40:15 | 000,000,275 | ---- | M] ()
 Granny Grand Susan 2010.doc -> C:\Documents and Settings\Mike\My Documents\Granny Grand Susan 2010.doc -> [2010/12/08 15:39:42 | 000,031,232 | ---- | M] ()
 Screenshot.jpg -> C:\Documents and Settings\Mike\Desktop\Screenshot.jpg -> [2010/12/08 15:14:19 | 000,112,959 | ---- | M] ()
 Screenshot.bmp -> C:\Documents and Settings\Mike\Desktop\Screenshot.bmp -> [2010/12/08 15:11:26 | 001,440,054 | ---- | M] ()
 CF-Submit.htm -> C:\CF-Submit.htm -> [2010/12/08 11:31:54 | 000,001,286 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/07 23:45:35 | 000,322,728 | ---- | M] ()
 Launch Microsoft Office Outlook.lnk -> C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk -> [2010/12/07 22:28:13 | 000,000,792 | ---- | M] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2010/12/07 21:49:59 | 000,000,490 | ---- | M] ()
 tdsskiller.exe -> C:\Documents and Settings\Mike\Desktop\tdsskiller.exe -> [2010/12/07 21:16:48 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO)
 boot.ini -> C:\boot.ini -> [2010/12/06 21:07:57 | 000,000,327 | RHS- | M] ()
 mike2956.exe -> C:\Documents and Settings\Mike\My Documents\mike2956.exe -> [2010/12/06 20:59:19 | 003,985,074 | R--- | M] ()
 HiJackThis.lnk -> C:\Documents and Settings\Mike\Desktop\HiJackThis.lnk -> [2010/12/05 23:14:59 | 000,002,799 | ---- | M] ()
 Ufupanowetu.bin -> C:\WINDOWS\Ufupanowetu.bin -> [2010/12/04 08:00:02 | 000,000,000 | ---- | M] ()
 rkill.com -> C:\Documents and Settings\Mike\Desktop\rkill.com -> [2010/12/04 01:53:18 | 000,660,741 | ---- | M] ()
 shell.reg -> C:\Documents and Settings\Mike\Desktop\shell.reg -> [2010/12/04 01:44:32 | 000,000,228 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/12/03 08:59:18 | 000,002,206 | ---- | M] ()
 Inesse Cepurnaja reference.doc -> C:\Documents and Settings\Mike\My Documents\Inesse Cepurnaja reference.doc -> [2010/12/02 15:34:12 | 000,031,232 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
 Thesis_-_Joel_Callow.pdf -> C:\Documents and Settings\Mike\My Documents\Thesis_-_Joel_Callow.pdf -> [2010/11/27 00:34:04 | 008,732,036 | ---- | M] ()
 ductinglowprofile.pdf -> C:\Documents and Settings\Mike\My Documents\ductinglowprofile.pdf -> [2010/11/26 23:34:18 | 000,255,019 | ---- | M] ()
 Yearplanner_Maker_V2_1.xls -> C:\Documents and Settings\Mike\My Documents\Yearplanner_Maker_V2_1.xls -> [2010/11/25 15:13:16 | 000,121,344 | ---- | M] ()
 Daewoo payment record.xls -> C:\Documents and Settings\Mike\My Documents\Daewoo payment record.xls -> [2010/11/24 16:22:36 | 000,014,848 | ---- | M] ()
 Dawoo insurance.xls -> C:\Documents and Settings\Mike\My Documents\Dawoo insurance.xls -> [2010/11/24 16:16:36 | 000,015,360 | ---- | M] ()
 Leeds hospital fund benefits.xls -> C:\Documents and Settings\Mike\My Documents\Leeds hospital fund benefits.xls -> [2010/11/24 16:16:10 | 000,016,384 | ---- | M] ()
 nana.doc -> C:\Documents and Settings\Mike\My Documents\nana.doc -> [2010/11/19 14:57:40 | 000,026,624 | ---- | M] ()
 Granny Grand Sarah 2010.doc -> C:\Documents and Settings\Mike\My Documents\Granny Grand Sarah 2010.doc -> [2010/11/19 14:57:37 | 000,034,304 | ---- | M] ()
 ~$nana.doc -> C:\Documents and Settings\Mike\My Documents\~$nana.doc -> [2010/11/17 10:21:49 | 000,000,162 | -H-- | M] ()
 218.html -> C:\Documents and Settings\Mike\My Documents\218.html -> [2010/11/15 20:45:26 | 000,030,281 | ---- | M] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/08 01:20:24 | 000,089,088 | ---- | M] ()
 Default.rdp -> C:\Documents and Settings\Mike\My Documents\Default.rdp -> [2010/10/26 13:24:43 | 000,001,854 | -H-- | M] ()
 transact.doc -> C:\Documents and Settings\Mike\My Documents\transact.doc -> [2010/10/26 11:47:25 | 000,024,064 | ---- | M] ()
 optical prescriptions.xls -> C:\Documents and Settings\Mike\My Documents\optical prescriptions.xls -> [2010/10/21 20:49:15 | 000,015,872 | ---- | M] ()
 Gints CV.rtf -> C:\Documents and Settings\Mike\My Documents\Gints CV.rtf -> [2010/10/20 09:29:47 | 000,200,280 | ---- | M] ()
 I Cured My Gout.doc -> C:\Documents and Settings\Mike\My Documents\I Cured My Gout.doc -> [2010/10/17 22:39:49 | 000,174,592 | ---- | M] ()
 Cyprus bag contents.xls -> C:\Documents and Settings\Mike\My Documents\Cyprus bag contents.xls -> [2010/10/17 10:42:10 | 000,016,896 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/16 10:28:50 | 000,001,393 | ---- | M] ()
 Eric expenses.xls -> C:\Documents and Settings\Mike\My Documents\Eric expenses.xls -> [2010/10/13 09:04:15 | 000,019,456 | ---- | M] ()
 Phone 10 10 10.pbf -> C:\Documents and Settings\Mike\My Documents\Phone 10 10 10.pbf -> [2010/10/10 16:28:17 | 000,014,819 | ---- | M] ()
 Kristaps Muravjovs reference.doc -> C:\Documents and Settings\Mike\My Documents\Kristaps Muravjovs reference.doc -> [2010/10/10 16:27:43 | 000,031,232 | ---- | M] ()
 Sergejs Fjodorovs reference.doc -> C:\Documents and Settings\Mike\My Documents\Sergejs Fjodorovs reference.doc -> [2010/10/07 10:59:31 | 000,031,232 | ---- | M] ()
 hosts.20101204-022338.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101204-022338.backup -> [2010/10/04 15:41:03 | 000,420,575 | R--- | M] ()
 FILES LIST.xls -> C:\Documents and Settings\Mike\My Documents\FILES LIST.xls -> [2010/10/03 18:22:55 | 000,036,352 | ---- | M] ()
 brian bill.xls -> C:\Documents and Settings\Mike\My Documents\brian bill.xls -> [2010/10/03 14:23:56 | 000,016,384 | ---- | M] ()
 Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/10/02 22:32:08 | 000,001,915 | ---- | M] ()
 Phone 100921.pbf -> C:\Documents and Settings\Mike\My Documents\Phone 100921.pbf -> [2010/09/21 09:14:07 | 000,014,819 | ---- | M] ()
 mfc42u.dll -> C:\WINDOWS\System32\mfc42u.dll -> [2010/09/18 11:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation)
 mfc42u.dll -> C:\WINDOWS\System32\dllcache\mfc42u.dll -> [2010/09/18 11:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation)
 mfc42.dll -> C:\WINDOWS\System32\mfc42.dll -> [2010/09/18 06:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation)
 mfc42.dll -> C:\WINDOWS\System32\dllcache\mfc42.dll -> [2010/09/18 06:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation)
 mfc40.dll -> C:\WINDOWS\System32\mfc40.dll -> [2010/09/18 06:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation)
 mfc40.dll -> C:\WINDOWS\System32\dllcache\mfc40.dll -> [2010/09/18 06:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation)
 mfc40u.dll -> C:\WINDOWS\System32\mfc40u.dll -> [2010/09/18 06:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation)
 mfc40u.dll -> C:\WINDOWS\System32\dllcache\mfc40u.dll -> [2010/09/18 06:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation)
 Spuwa.dat -> C:\WINDOWS\Spuwa.dat -> [2010/09/15 23:43:18 | 000,000,120 | ---- | M] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/09/15 23:27:09 | 000,000,155 | ---- | M] ()
 hosts.20101004-164103.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101004-164103.backup -> [2010/09/15 22:43:16 | 000,419,339 | R--- | M] ()
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/09/15 04:50:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/09/15 04:50:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2010/09/15 04:50:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010/09/15 04:50:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/09/15 02:29:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
 InterCasino USD.lnk -> C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\InterCasino USD.lnk -> [2010/09/14 00:05:59 | 000,001,617 | ---- | M] ()
 InterCasino USD.lnk -> C:\Documents and Settings\Mike\Desktop\InterCasino USD.lnk -> [2010/09/14 00:05:59 | 000,001,599 | ---- | M] ()
 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\Documents and Settings\Mike\My Documents\*.tmp files -> C:\Documents and Settings\Mike\My Documents\*.tmp -> 
 
[Files - No Company Name]
 kryli67m.exe -> C:\Documents and Settings\Mike\Desktop\kryli67m.exe -> [2010/12/11 13:50:27 | 000,296,448 | ---- | C] ()
 RSIT.exe -> C:\Documents and Settings\Mike\Desktop\RSIT.exe -> [2010/12/10 14:16:29 | 000,339,991 | ---- | C] ()
 Phone 10 12 09.pbf -> C:\Documents and Settings\Mike\My Documents\Phone 10 12 09.pbf -> [2010/12/09 11:07:01 | 000,014,911 | ---- | C] ()
 Section 38 Cookridge Ave proposed B.doc -> C:\Documents and Settings\Mike\My Documents\Section 38 Cookridge Ave proposed B.doc -> [2010/12/08 22:31:35 | 000,044,544 | ---- | C] ()
 Section 38 Cookridge Ave proposed A.doc -> C:\Documents and Settings\Mike\My Documents\Section 38 Cookridge Ave proposed A.doc -> [2010/12/08 21:10:51 | 000,043,520 | ---- | C] ()
 delete.zip -> C:\Documents and Settings\Mike\Desktop\delete.zip -> [2010/12/08 16:40:14 | 000,000,275 | ---- | C] ()
 Granny Grand Susan 2010.doc -> C:\Documents and Settings\Mike\My Documents\Granny Grand Susan 2010.doc -> [2010/12/08 15:36:03 | 000,031,232 | ---- | C] ()
 Screenshot.jpg -> C:\Documents and Settings\Mike\Desktop\Screenshot.jpg -> [2010/12/08 15:14:09 | 000,112,959 | ---- | C] ()
 Screenshot.bmp -> C:\Documents and Settings\Mike\Desktop\Screenshot.bmp -> [2010/12/08 15:11:25 | 001,440,054 | ---- | C] ()
 CF-Submit.htm -> C:\CF-Submit.htm -> [2010/12/08 11:31:54 | 000,001,286 | ---- | C] ()
 mike2956.exe -> C:\Documents and Settings\Mike\Desktop\mike2956.exe -> [2010/12/08 09:21:57 | 003,988,311 | R--- | C] ()
 Section 38 Cookridge ave as existing.doc -> C:\Documents and Settings\Mike\My Documents\Section 38 Cookridge ave as existing.doc -> [2010/12/07 23:28:58 | 000,032,768 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2010/12/06 21:07:57 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2010/12/06 21:07:55 | 000,260,272 | RHS- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/12/06 21:03:44 | 000,256,512 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2010/12/06 21:03:44 | 000,098,816 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/12/06 21:03:44 | 000,089,088 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2010/12/06 21:03:44 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2010/12/06 21:03:44 | 000,068,096 | ---- | C] ()
 mike2956.exe -> C:\Documents and Settings\Mike\My Documents\mike2956.exe -> [2010/12/06 20:59:07 | 003,985,074 | R--- | C] ()
 rkill.com -> C:\Documents and Settings\Mike\Desktop\rkill.com -> [2010/12/04 01:53:34 | 000,660,741 | ---- | C] ()
 shell.reg -> C:\Documents and Settings\Mike\Desktop\shell.reg -> [2010/12/04 01:47:59 | 000,000,228 | ---- | C] ()
 Inesse Cepurnaja reference.doc -> C:\Documents and Settings\Mike\My Documents\Inesse Cepurnaja reference.doc -> [2010/12/02 13:51:02 | 000,031,232 | ---- | C] ()
 Thesis_-_Joel_Callow.pdf -> C:\Documents and Settings\Mike\My Documents\Thesis_-_Joel_Callow.pdf -> [2010/11/27 00:34:04 | 008,732,036 | ---- | C] ()
 ductinglowprofile.pdf -> C:\Documents and Settings\Mike\My Documents\ductinglowprofile.pdf -> [2010/11/26 23:34:16 | 000,255,019 | ---- | C] ()
 Susan Egg balance calc.xls -> C:\Documents and Settings\Mike\My Documents\Susan Egg balance calc.xls -> [2010/11/22 17:34:30 | 000,014,336 | ---- | C] ()
 Granny Grand Sarah 2010.doc -> C:\Documents and Settings\Mike\My Documents\Granny Grand Sarah 2010.doc -> [2010/11/19 14:51:23 | 000,034,304 | ---- | C] ()
 ~$nana.doc -> C:\Documents and Settings\Mike\My Documents\~$nana.doc -> [2010/11/17 10:21:49 | 000,000,162 | -H-- | C] ()
 nana.doc -> C:\Documents and Settings\Mike\My Documents\nana.doc -> [2010/11/16 22:14:44 | 000,026,624 | ---- | C] ()
 218.html -> C:\Documents and Settings\Mike\My Documents\218.html -> [2010/11/15 20:45:21 | 000,030,281 | ---- | C] ()
 transact.doc -> C:\Documents and Settings\Mike\My Documents\transact.doc -> [2010/10/26 11:47:24 | 000,024,064 | ---- | C] ()
 Gints CV.rtf -> C:\Documents and Settings\Mike\My Documents\Gints CV.rtf -> [2010/10/20 09:21:26 | 000,200,280 | ---- | C] ()
 I Cured My Gout.doc -> C:\Documents and Settings\Mike\My Documents\I Cured My Gout.doc -> [2010/10/17 22:39:49 | 000,174,592 | ---- | C] ()
 Daewoo payment record.xls -> C:\Documents and Settings\Mike\My Documents\Daewoo payment record.xls -> [2010/10/10 16:48:53 | 000,014,848 | ---- | C] ()
 Phone 10 10 10.pbf -> C:\Documents and Settings\Mike\My Documents\Phone 10 10 10.pbf -> [2010/10/10 16:28:17 | 000,014,819 | ---- | C] ()
 Kristaps Muravjovs reference.doc -> C:\Documents and Settings\Mike\My Documents\Kristaps Muravjovs reference.doc -> [2010/10/10 16:22:53 | 000,031,232 | ---- | C] ()
 Sergejs Fjodorovs reference.doc -> C:\Documents and Settings\Mike\My Documents\Sergejs Fjodorovs reference.doc -> [2010/10/07 10:58:12 | 000,031,232 | ---- | C] ()
 Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/10/02 22:32:08 | 000,001,915 | ---- | C] ()
 Phone 100921.pbf -> C:\Documents and Settings\Mike\My Documents\Phone 100921.pbf -> [2010/09/21 09:06:13 | 000,014,819 | ---- | C] ()
 Spuwa.dat -> C:\WINDOWS\Spuwa.dat -> [2010/09/15 21:42:20 | 000,000,120 | ---- | C] ()
 Ufupanowetu.bin -> C:\WINDOWS\Ufupanowetu.bin -> [2010/09/15 21:42:20 | 000,000,000 | ---- | C] ()
 InterCasino USD.lnk -> C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\InterCasino USD.lnk -> [2010/09/14 00:05:59 | 000,001,617 | ---- | C] ()
 InterCasino USD.lnk -> C:\Documents and Settings\Mike\Desktop\InterCasino USD.lnk -> [2010/09/14 00:05:59 | 000,001,599 | ---- | C] ()
 FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2010/07/25 00:02:46 | 000,440,280 | ---- | C] ()
 atscie.msi -> C:\Documents and Settings\All Users\Application Data\atscie.msi -> [2010/06/26 01:44:19 | 008,892,928 | ---- | C] ()
 Wnpmgr32.INI -> C:\WINDOWS\Wnpmgr32.INI -> [2010/06/24 00:10:21 | 000,000,000 | ---- | C] ()
 Dmiapi.dll -> C:\WINDOWS\System32\Dmiapi.dll -> [2010/06/24 00:01:51 | 000,036,800 | ---- | C] ()
 metaLib.dll -> C:\WINDOWS\System32\metaLib.dll -> [2009/05/29 21:19:50 | 000,417,792 | ---- | C] ()
 pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2009/02/08 11:12:50 | 000,053,299 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/01/15 08:47:43 | 000,000,155 | ---- | C] ()
 scanusds.dll -> C:\WINDOWS\System32\scanusds.dll -> [2009/01/04 12:35:57 | 000,053,248 | ---- | C] ()
 hibit_ser.dll -> C:\WINDOWS\System32\hibit_ser.dll -> [2008/10/26 15:11:49 | 000,204,907 | ---- | C] ()
 LauncherAccess.dt -> C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt -> [2008/08/25 23:19:44 | 000,000,000 | ---- | C] ()
 StarOpen.sys -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2008/08/25 23:17:29 | 000,005,632 | ---- | C] ()
 pcouffin.log -> C:\Documents and Settings\Mike\Application Data\pcouffin.log -> [2008/04/25 21:46:38 | 000,000,034 | ---- | C] ()
 ezpinst.exe -> C:\Documents and Settings\Mike\Application Data\ezpinst.exe -> [2008/04/25 21:46:35 | 000,081,920 | ---- | C] ()
 pcouffin.cat -> C:\Documents and Settings\Mike\Application Data\pcouffin.cat -> [2008/04/25 21:46:35 | 000,007,887 | ---- | C] ()
 pcouffin.inf -> C:\Documents and Settings\Mike\Application Data\pcouffin.inf -> [2008/04/25 21:46:35 | 000,001,144 | ---- | C] ()
 DEBUGSM.INI -> C:\WINDOWS\DEBUGSM.INI -> [2008/04/11 14:47:58 | 000,000,029 | ---- | C] ()
 PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2008/01/03 21:22:47 | 000,000,099 | ---- | C] ()
 CDE P34903590EF.ini -> C:\WINDOWS\CDE P34903590EF.ini -> [2008/01/03 21:20:10 | 000,000,027 | ---- | C] ()
 ph401.dll -> C:\WINDOWS\ph401.dll -> [2007/12/27 16:39:09 | 000,000,058 | ---- | C] ()
 cpwmon2k.dll -> C:\WINDOWS\System32\cpwmon2k.dll -> [2007/12/27 16:17:38 | 000,087,552 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/12/27 13:45:56 | 000,014,848 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007/12/25 22:41:10 | 000,000,116 | ---- | C] ()
 NMOCOD.DLL -> C:\WINDOWS\System32\NMOCOD.DLL -> [2007/12/24 12:31:51 | 000,240,640 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/12/24 12:22:30 | 000,000,490 | ---- | C] ()
 vpc32.INI -> C:\WINDOWS\vpc32.INI -> [2007/12/24 11:52:42 | 000,000,000 | ---- | C] ()
 AsIO.dll -> C:\WINDOWS\System32\AsIO.dll -> [2007/12/24 00:32:48 | 000,024,576 | R--- | C] ()
 AsIO.sys -> C:\WINDOWS\System32\drivers\AsIO.sys -> [2007/12/24 00:32:48 | 000,004,962 | R--- | C] ()
 AsInsHelp64.sys -> C:\WINDOWS\System32\drivers\AsInsHelp64.sys -> [2007/12/24 00:32:46 | 000,005,120 | ---- | C] ()
 AsInsHelp32.sys -> C:\WINDOWS\System32\drivers\AsInsHelp32.sys -> [2007/12/24 00:32:46 | 000,003,328 | ---- | C] ()
 AmdK8.sys -> C:\WINDOWS\System32\drivers\AmdK8.sys -> [2007/12/24 00:14:21 | 000,036,352 | ---- | C] ()
 s3gcil_inv.dll -> C:\WINDOWS\System32\s3gcil_inv.dll -> [2007/12/24 00:13:36 | 002,702,848 | ---- | C] ()
 s3gcil_csr.dll -> C:\WINDOWS\System32\s3gcil_csr.dll -> [2007/12/24 00:13:33 | 001,979,392 | R--- | C] ()
 vuins32.dll -> C:\WINDOWS\System32\vuins32.dll -> [2007/12/24 00:01:51 | 000,061,440 | ---- | C] ()
 vusetup.dll -> C:\WINDOWS\System32\vusetup.dll -> [2007/12/23 23:58:35 | 000,045,056 | ---- | C] ()
 Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2007/12/23 23:57:13 | 000,017,227 | ---- | C] ()
 ASACPI.sys -> C:\WINDOWS\System32\drivers\ASACPI.sys -> [2007/12/23 23:57:13 | 000,005,810 | R--- | C] ()
 ASUSHWIO.SYS -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS -> [2007/12/23 23:57:11 | 000,005,824 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2007/12/23 20:01:33 | 000,004,161 | ---- | C] ()
 sx7.dll -> C:\WINDOWS\System32\sx7.dll -> [2006/06/23 11:16:26 | 000,098,304 | ---- | C] ()
 zlib.dll -> C:\WINDOWS\System32\zlib.dll -> [2005/07/20 10:48:10 | 000,059,904 | ---- | C] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] ()
 ftdiun2k.ini -> C:\WINDOWS\System32\ftdiun2k.ini -> [2002/12/20 15:11:10 | 000,000,092 | ---- | C] ()
 3dg32.dll -> C:\WINDOWS\System32\3dg32.dll -> [1996/05/21 18:13:34 | 000,374,784 | ---- | C] ()
 3dr.ini -> C:\WINDOWS\System32\3dr.ini -> [1996/04/17 08:48:40 | 000,000,250 | ---- | C] ()
 
[File - Lop Check]
 Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk -> [2010/07/24 23:02:31 | 000,000,000 | ---D | M]
 DeskSoft -> C:\Documents and Settings\All Users\Application Data\DeskSoft -> [2008/08/15 23:28:07 | 000,000,000 | ---D | M]
 GARMIN -> C:\Documents and Settings\All Users\Application Data\GARMIN -> [2010/04/12 23:55:43 | 000,000,000 | ---D | M]
 GlobalSCAPE -> C:\Documents and Settings\All Users\Application Data\GlobalSCAPE -> [2009/08/25 22:56:15 | 000,000,000 | ---D | M]
 Karen's Power Tools -> C:\Documents and Settings\All Users\Application Data\Karen's Power Tools -> [2007/12/27 17:01:08 | 000,000,000 | ---D | M]
 My Pictures -> C:\Documents and Settings\All Users\Application Data\My Pictures -> [2009/10/31 18:12:05 | 000,000,000 | ---D | M]
 NCH Swift Sound -> C:\Documents and Settings\All Users\Application Data\NCH Swift Sound -> [2009/11/19 11:03:19 | 000,000,000 | ---D | M]
 Overlook -> C:\Documents and Settings\All Users\Application Data\Overlook -> [2010/09/04 00:16:52 | 000,000,000 | ---D | M]
 PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [2008/02/02 00:50:34 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2010/06/29 23:01:34 | 000,000,000 | ---D | M]
 vsosdk -> C:\Documents and Settings\All Users\Application Data\vsosdk -> [2010/02/09 10:50:57 | 000,000,000 | ---D | M]
 {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/07/15 18:26:30 | 000,000,000 | ---D | M]
 {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/11/19 21:45:41 | 000,000,000 | ---D | M]
 {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/05/22 11:32:28 | 000,000,000 | ---D | M]
 Autodesk -> C:\Documents and Settings\Mike\Application Data\Autodesk -> [2010/07/24 23:03:11 | 000,000,000 | ---D | M]
 AutoTransfer -> C:\Documents and Settings\Mike\Application Data\AutoTransfer -> [2008/06/15 12:59:24 | 000,000,000 | ---D | M]
 Citrix -> C:\Documents and Settings\Mike\Application Data\Citrix -> [2010/07/10 09:46:25 | 000,000,000 | ---D | M]
 DeskSoft -> C:\Documents and Settings\Mike\Application Data\DeskSoft -> [2008/12/18 23:42:11 | 000,000,000 | ---D | M]
 ElevatedDiagnostics -> C:\Documents and Settings\Mike\Application Data\ElevatedDiagnostics -> [2010/06/27 13:23:10 | 000,000,000 | ---D | M]
 EPSON -> C:\Documents and Settings\Mike\Application Data\EPSON -> [2008/04/17 09:20:55 | 000,000,000 | ---D | M]
 GARMIN -> C:\Documents and Settings\Mike\Application Data\GARMIN -> [2010/04/13 00:26:37 | 000,000,000 | ---D | M]
 GlobalSCAPE -> C:\Documents and Settings\Mike\Application Data\GlobalSCAPE -> [2009/08/25 22:56:15 | 000,000,000 | ---D | M]
 IBP -> C:\Documents and Settings\Mike\Application Data\IBP -> [2010/04/21 01:11:46 | 000,000,000 | ---D | M]
 ICAClient -> C:\Documents and Settings\Mike\Application Data\ICAClient -> [2010/07/10 10:45:58 | 000,000,000 | ---D | M]
 ImgBurn -> C:\Documents and Settings\Mike\Application Data\ImgBurn -> [2008/12/29 23:50:23 | 000,000,000 | ---D | M]
 InterTrust -> C:\Documents and Settings\Mike\Application Data\InterTrust -> [2007/12/24 11:07:14 | 000,000,000 | ---D | M]
 MobileAction -> C:\Documents and Settings\Mike\Application Data\MobileAction -> [2007/12/27 17:20:22 | 000,000,000 | ---D | M]
 NCH Swift Sound -> C:\Documents and Settings\Mike\Application Data\NCH Swift Sound -> [2009/11/19 11:02:28 | 000,000,000 | ---D | M]
 NeoDownloader -> C:\Documents and Settings\Mike\Application Data\NeoDownloader -> [2007/12/27 17:11:42 | 000,000,000 | ---D | M]
 Netscape -> C:\Documents and Settings\Mike\Application Data\Netscape -> [2010/07/10 09:46:25 | 000,000,000 | ---D | M]
 Overlook -> C:\Documents and Settings\Mike\Application Data\Overlook -> [2010/09/04 00:22:50 | 000,000,000 | ---D | M]
 PC Magazine Utilities -> C:\Documents and Settings\Mike\Application Data\PC Magazine Utilities -> [2007/12/27 14:09:29 | 000,000,000 | ---D | M]
 RipIt4Me -> C:\Documents and Settings\Mike\Application Data\RipIt4Me -> [2010/01/26 15:59:21 | 000,000,000 | ---D | M]
 Samsung -> C:\Documents and Settings\Mike\Application Data\Samsung -> [2008/08/25 23:21:31 | 000,000,000 | ---D | M]
 TomTom -> C:\Documents and Settings\Mike\Application Data\TomTom -> [2008/01/10 11:06:47 | 000,000,000 | ---D | M]
 Uniblue -> C:\Documents and Settings\Mike\Application Data\Uniblue -> [2008/02/11 15:56:47 | 000,000,000 | ---D | M]
 Vso -> C:\Documents and Settings\Mike\Application Data\Vso -> [2009/12/04 23:42:29 | 000,000,000 | ---D | M]
 
[File - Purity Scan]
 
< End of report >
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Dec-2010, 04:30 PM #52
it looks like only registry entries & combofix was getting confused
Start OTS. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


Code:
[Kill All Processes]
[Unregister Dlls]
[Registry - All]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1
YN -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=127.0.0.1:5577
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1
YN -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=127.0.0.1:5577
< Run [HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "{24C4E14A-76E2-82F4-60F0-D7298167A66A}" -> C:\Documents and Settings\Mike\Application Data\Monu\ciru.exe ["C:\Documents and Settings\Mike\Application Data\Monu\ciru.exe"]
[Files/Folders - Created Within 90 Days]
NY ->  delete -> C:\Documents and Settings\Mike\Desktop\delete
NY ->  NyDtpHFB -> C:\Documents and Settings\Mike\Desktop\NyDtpHFB
NY ->  test.exe -> C:\Documents and Settings\Mike\Desktop\test.exe
NY ->  8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\Documents and Settings\Mike\My Documents\*.tmp files -> C:\Documents and Settings\Mike\My Documents\*.tmp
[Files/Folders - Modified Within 90 Days]
NY ->  kryli67m.exe -> C:\Documents and Settings\Mike\Desktop\kryli67m.exe
NY ->  delete.zip -> C:\Documents and Settings\Mike\Desktop\delete.zip
NY ->  Ufupanowetu.bin -> C:\WINDOWS\Ufupanowetu.bin
[Files - No Company Name]
NY ->  Spuwa.dat -> C:\WINDOWS\Spuwa.dat
NY ->  Ufupanowetu.bin -> C:\WINDOWS\Ufupanowetu.bin
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
mike2956's Avatar
mike2956 mike2956 is offline
Computer Specs
Member with 32 posts.
THREAD STARTER
 
Join Date: Dec 2010
Experience: Intermediate
11-Dec-2010, 04:46 PM #53
Fix run went OK, here is log.

New scan to follow.

Mike

All Processes Killed
[Registry - All]
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Unable to delete registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable .
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer not found.
Registry value HKEY_USERS\S-1-5-21-1935655697-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{24C4E14A-76E2-82F4-60F0-D7298167A66A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24C4E14A-76E2-82F4-60F0-D7298167A66A}\ not found.
[Files/Folders - Created Within 90 Days]
C:\Documents and Settings\Mike\Desktop\delete folder moved successfully.
C:\Documents and Settings\Mike\Desktop\NyDtpHFB folder moved successfully.
C:\Documents and Settings\Mike\Desktop\test.exe moved successfully.
C:\WINDOWS\003285_.tmp deleted successfully.
C:\WINDOWS\DUMP8e55.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\SETE6.tmp deleted successfully.
C:\WINDOWS\SETE9.tmp deleted successfully.
C:\WINDOWS\SETF5.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Mike\My Documents\~WRL0002.tmp deleted successfully.
[Files/Folders - Modified Within 90 Days]
C:\Documents and Settings\Mike\Desktop\kryli67m.exe moved successfully.
C:\Documents and Settings\Mike\Desktop\delete.zip moved successfully.
C:\WINDOWS\Ufupanowetu.bin moved successfully.
[Files - No Company Name]
C:\WINDOWS\Spuwa.dat moved successfully.
File C:\WINDOWS\Ufupanowetu.bin not found!
[Empty Temp Folders]


User: All Users
mike2956's Avatar
mike2956 mike2956 is offline
Computer Specs
Member with 32 posts.
THREAD STARTER
 
Join Date: Dec 2010
Experience: Intermediate
11-Dec-2010, 05:12 PM #54
Here is latest OTS full scan.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
12-Dec-2010, 06:07 AM #55
that looks clear now

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place

Note:
if Combofix doesn't uninstall or you get a can't find combofix message then use this uninstall command instead

"c:\documents and settings\Mike\Desktop\mike2956.exe" /uninstall

then make sure you also delete the version of combofix you renamed in my documents
mike2956's Avatar
mike2956 mike2956 is offline
Computer Specs
Member with 32 posts.
THREAD STARTER
 
Join Date: Dec 2010
Experience: Intermediate
12-Dec-2010, 06:54 AM #56
Thank you very much. Sorry this was such an awkward one for you but we got there in the end.


Mike
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Multiple mshta.exe processes in my task manager imanewguy Virus & Other Malware Removal 3 10-Nov-2010 10:13 AM
All browsers redirect and crash Darkgreendream Virus & Other Malware Removal 1 14-Sep-2010 07:39 PM
TR/Alureon.BP.7 + Browser Redirects tumbaparrot Virus & Other Malware Removal 1 07-Jun-2009 06:57 PM
browser redirect or jump to another page eefje Virus & Other Malware Removal 0 10-May-2009 03:49 PM
Browser Redirects and twext.exe... BriMan777 Virus & Other Malware Removal 1 02-Oct-2008 09:05 AM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑