Venligst tjek af logfil

-- Hent FixWareout fra et af disse links:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

-- Gem filen på dit Skrivebord og dobbeltklik på den. Klik Next -> Install og check, at der er et flueben i "Run fixit" - klik herefter på Finish. Fixet vil nu starte, og du skal blot følge instruktionerne. Du vil blive bedt om at genstarte din computer - gør venligst det. Genstarten vil tage lidt længere tid end normalt...

-- Når dit system genstarter skal du fortsat følge den vejledning, der gives på skærmen. Når fixet er færdigt vil der åbnes en log (report.txt), som du skal gemme og lægge herind i næste post.

-- Lav også en ny log med Hijackthis, som du lægger herind til check.

Nye logs...


Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINDOWS\System32\dmgbu.exe will be moved to C:\WINDOWS\temp\dmgbu.ren at reboot.
C:\WINDOWS\System32\cskme.exe will be moved to C:\WINDOWS\temp\cskme.ren at reboot.

»»»»» System restarted
Reg Entries that were deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xedocne"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23plhps"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "mgcppp"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tesvaf"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32refaselif"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "ubgmd"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "golmedi"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd"
...
Random Runs removed from HKLM
"dmgbu.exe"=-
...
"C:\Documents and Settings\Tomas\1.dat"  Deleted
"C:\Documents and Settings\Tomas\2.dat"  Deleted
"C:\Documents and Settings\Tomas\3.dat"  Deleted
C:\WINDOWS\System32\close.bmp  Deleted
C:\WINDOWS\System32\dating.bmp  Deleted
C:\WINDOWS\System32\gambling.bmp  Deleted
C:\WINDOWS\System32\insurance.bmp  Deleted
C:\WINDOWS\System32\pharmacy.bmp  Deleted
C:\WINDOWS\System32\spyware.bmp  Deleted
C:\WINDOWS\System32\winctrl16.exe  Deleted
C:\WINDOWS\System32\winctrl32.exe  Deleted
C:\WINDOWS\System32\winctrl64.exe  Deleted
C:\WINDOWS\System32\xxx.bmp  Deleted

»»»»» Misc files.

»»»»» Checking for older varients.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»

PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.

This WILL/CAN also list Legit Files, Submit them at Virustotal
Search five digit cs, dm kd and jb files.
»»»»» 
»»»»» Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\vptray.exe"
"PopUpKiller"="C:\\Program Files\\PopUp Killer\\PopUpKiller.EXE"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"bhoserv"="init32.exe"
"DCC_send"="Preliminary.exe"
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Uint32"="_ctcp.exe"
"ActionScr"="KeywordFinder.exe"
"34763"="ERTYDF.exe"

Hosts file was reset, If you use a custom hosts file please replace it


****************************************************************************'

Logfile of HijackThis v1.99.1
Scan saved at 15:25:06, on 09-02-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tomas\Desktop\hjt.exe

R3 - URLSearchHook: (no name) - {D91978CF-8F34-3883-CD51-156B03EEC371} - WTFCTF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [bhoserv] init32.exe
O4 - HKLM\..\Run: [DCC_send] Preliminary.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uint32] _ctcp.exe
O4 - HKCU\..\Run: [ActionScr] KeywordFinder.exe
O4 - HKCU\..\Run: [34763] ERTYDF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Home Prefix:
O13 - Mosaic Prefix:
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A24B0371-57EA-4E3A-BC00-82838C993F50}: NameServer = 85.255.116.110,85.255.112.202
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADA9E015-4DB8-4E00-B574-A189861B6246}: NameServer = 85.255.116.110,85.255.112.202
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: System - {D7B78A18-C4C0-4F15-96BA-AC4F717B22CC} - C:\WINDOWS\system32\system32.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Det hjalp en del på det. Prøv nu dette:

-- Hent AVG Anti-Spyware herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1.htm
Installer og opdater programmet. Vent med at scanne.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.
R3 - URLSearchHook: (no name) - {D91978CF-8F34-3883-CD51-156B03EEC371} - WTFCTF.dll (file missing)
O4 - HKLM\..\Run: [bhoserv] init32.exe
O4 - HKLM\..\Run: [DCC_send] Preliminary.exe
O4 - HKCU\..\Run: [Uint32] _ctcp.exe
O4 - HKCU\..\Run: [ActionScr] KeywordFinder.exe
O4 - HKCU\..\Run: [34763] ERTYDF.exe
O13 - Home Prefix:
O13 - Mosaic Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A24B0371-57EA-4E3A-BC00-82838C993F50}: NameServer = 85.255.116.110,85.255.112.202
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADA9E015-4DB8-4E00-B574-A189861B6246}: NameServer = 85.255.116.110,85.255.112.202
O21 - SSODL: System - {D7B78A18-C4C0-4F15-96BA-AC4F717B22CC} - C:\WINDOWS\system32\system32.dll (file missing)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Du skal nu til at slette. Som indledning hertil skal du have slået "Udvidet filvisning" til:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-- Prøv herefter at søge på disse filer, og slet dem, hvis du kan finde dem:
init32.exe
Preliminary.exe
_ctcp.exe
KeywordFinder.exe
ERTYDF.exe
C:\WINDOWS\system32\system32.dll

-- Kør en fuld scanning med AVG Anti-Spyware, og lad den slette det, den finder. Programmet laver en lille log, som du skal kopiere herind i dit næste svar.

-- Genstart til normal tilstand, lav en ny HJT-log, som du sender herind til check.

Hej igen. Her er nye logs:

ogfile of HijackThis v1.99.1
Scan saved at 22:02:31, on 13-02-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Tomas\My Documents\Logfiler'\hjt.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [DCC_send] Preliminary.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uint32] _ctcp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Der er faktisk noget skidt tilbage endnu... Prøv derfor følgende:

Hent Oldtimer's WinPFind3 herfra:
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe

Dobbeltklik på WinPFind3u, som du hentede, og klik på Extract. Så udpakkes programmet i en særskilt mappe. Gå ind i denne mappe, og dobbeltklik på WinPFind3U.exe. Sæt så flueben og prikker på følgende måde:

Processes: Non-Microsoft
Win32 Services: Non-Microsoft
Driver Services: Non-Microsoft
Registry:  Non-Microsoft
Files Created Within: 30 Days, Non-Microsoft Only
Files Modified Within: 30 Days, Non-Microsoft Only
File String Search: Non-Microsoft

Klik herefter på "Run Scan". Efter noget tid vil der dukke en logfil op, som du gerne må paste herind. Muligvis vil loggen være så lang, at den ikke kan være i en enkelt post. Så må du lægge den ind i flere dele.

Ny log ( har været borte fra pc'en et par dage - derfor først log nu)

WinPFind3 logfile created on: 25-02-2007 14:48:23
WinPFind3U by OldTimer - Version 1.0.19    Folder = C:\Documents and Settings\Tomas\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

523760 Kb Total Physical Memory | 198476 Kb Available Physical Memory | 37,89% Memory free
1539324 Kb Paging File | 1230452 Kb Available in Paging File | 79,93% Paging File free
Paging file location(s): D:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 120045680 Kb Total Space | 1889156 Kb Free Space | 1,57% Space Free
Drive D: | 199141375 Kb Total Space | 4767603 Kb Free Space | 2,39% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded



[Files - Created Within 30 days]
Eksperten  Sikkerhed  Virus  Venligst tjek af logfil.htm -> %UserDesktop%\Eksperten  Sikkerhed  Virus  Venligst tjek af logfil.htm ->  [Ver =  | Size = 56770 bytes | Created Date = 25-02-2007 14:44:33 | Attr =    ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe ->  [Ver =  | Size = 344908 bytes | Created Date = 25-02-2007 14:44:56 | Attr =    ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 25-02-2007 08:56:54 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 25-02-2007 08:56:54 | Attr =  H ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 13-02-2007 20:50:57 | Attr =    ]

[Files - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 09-02-2007 15:06:36 | Attr = RHS]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 54272 bytes | Modified Date = 25-02-2007 13:44:42 | Attr =    ]
ESBK.mb -> %AllUsersDocuments%\ESBK.mb ->  [Ver =  | Size = 2933760 bytes | Modified Date = 22-02-2007 13:56:12 | Attr = R  ]
ESBK.mbb -> %AllUsersDocuments%\ESBK.mbb ->  [Ver =  | Size = 4080640 bytes | Modified Date = 22-02-2007 13:56:12 | Attr = R  ]
Eksperten  Sikkerhed  Virus  Venligst tjek af logfil.htm -> %UserDesktop%\Eksperten  Sikkerhed  Virus  Venligst tjek af logfil.htm ->  [Ver =  | Size = 56770 bytes | Modified Date = 25-02-2007 14:44:44 | Attr =    ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe ->  [Ver =  | Size = 344908 bytes | Modified Date = 25-02-2007 14:45:06 | Attr =    ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 25-02-2007 13:09:18 | Attr =  S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 15-02-2007 15:54:26 | Attr =    ]
lexstat.ini -> %SystemRoot%\lexstat.ini ->  [Ver =  | Size = 362 bytes | Modified Date = 22-02-2007 13:32:08 | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 25-02-2007 13:52:26 | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 25-02-2007 08:56:56 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 25-02-2007 08:56:56 | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 09-02-2007 15:06:36 | Attr =    ]
Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 9216 bytes | Modified Date = 13-02-2007 20:49:26 | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 599 bytes | Modified Date = 09-02-2007 15:06:36 | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 25-02-2007 13:09:48 | Attr =    ]
MxlW2k.sys -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.116 | Size = 28256 bytes | Modified Date = 25-02-2007 12:47:02 | Attr =    ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
UPX! , UPX0 ,  -> %SystemRoot%\glousb.dll ->  [Ver =  | Size = 25600 bytes | Modified Date = 25-08-2004 14:43:22 | Attr =    ]
UPX! , UPX0 ,  -> %SystemRoot%\iaxclient.dll ->  [Ver =  | Size = 92245 bytes | Modified Date = 25-08-2004 14:43:22 | Attr =    ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , aspack ,  -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 6.810-1005 | Size = 965632 bytes | Modified Date = 05-02-2004 20:02:46 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\actskn43.ocx ->  [Ver = 4, 3, 0, 0 | Size = 222208 bytes | Modified Date = 25-08-2004 14:43:20 | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 23-08-2001 13:00:00 | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\DivX.dll -> DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Modified Date = 26-10-2004 23:38:24 | Attr =    ]
PEC2 ,  -> %System32%\HREF.OCX -> xFX JumpStart [Ver = 1.00.0018 | Size = 19968 bytes | Modified Date = 13-08-2001 21:59:12 | Attr =    ]
PEC2 ,  -> %System32%\Line3D.ocx -> xFX JumpStart [Ver = 1.00.0008 | Size = 11264 bytes | Modified Date = 14-08-2001 00:26:44 | Attr =    ]
UPX! , aspack , SAHAgent , UPX0 ,  -> %System32%\pav.sig ->  [Ver =  | Size = 6435075 bytes | Modified Date = 05-02-2004 19:04:26 | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 23-08-2001 13:00:00 | Attr =    ]
PEC2 ,  -> %System32%\xFXSysTray.ocx -> xFX JumpStart [Ver = 1.00.0028 | Size = 13824 bytes | Modified Date = 13-08-2001 22:22:30 | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 23-08-2001 13:00:00 | Attr =    ]
PTech ,  -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04-08-2004 06:41:38 | Attr =    ]

< End of report >

Du bliver nødt til at lave en ny log med winpfind, idet du ikke har haft den indstillet helt som jeg angav. Du mangler derfor følgende dele i loggen:

Processes: Non-Microsoft
Win32 Services: Non-Microsoft
Driver Services: Non-Microsoft
Registry:  Non-Microsoft

Tak for hjælpen. Her er en ny log efter dine anvisninger:

WinPFind3 logfile created on: 26-02-2007 20:46:44
WinPFind3U by OldTimer - Version 1.0.19    Folder = C:\Documents and Settings\Tomas\My Documents\Logfiler'\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

523760 Kb Total Physical Memory | 231860 Kb Available Physical Memory | 44,27% Memory free
1539324 Kb Paging File | 1283076 Kb Available in Paging File | 83,35% Paging File free
Paging file location(s): D:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 120045680 Kb Total Space | 985252 Kb Free Space | 0,82% Space Free
Drive D: | 199141375 Kb Total Space | 5903007 Kb Free Space | 2,96% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 13-02-2007 21:41:00 | Attr =    ]
defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 21-05-2003 01:22:36 | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_08\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Modified Date = 26-07-2006 02:03:14 | Attr =    ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 18-08-2003 15:37:10 | Attr =    ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 18-08-2003 15:32:56 | Attr =    ]
lxbkbmgr.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 19-08-2003 15:38:42 | Attr =    ]
lxbkbmon.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 19-08-2003 16:00:40 | Attr =    ]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 29-10-2003 15:57:58 | Attr =    ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 06-10-2003 13:16:00 | Attr =    ]
popupkiller.exe -> %ProgramFiles%\PopUp Killer\PopUpKiller.EXE -> xFX JumpStart [Ver = 1.43.0001 | Size = 105984 bytes | Modified Date = 06-11-2001 21:18:06 | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 13-09-2005 16:17:34 | Attr =    ]
vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 21-05-2003 01:21:18 | Attr =    ]
winpfind3u.exe -> %UserDocuments%\Logfiler'\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.19.0 | Size = 310784 bytes | Modified Date = 25-02-2007 19:40:22 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 21-05-2003 01:22:36 | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04-08-2004 08:56:48 | Attr =    ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 411920 bytes | Modified Date = 30-03-2005 15:46:56 | Attr =    ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 18-08-2003 15:37:10 | Attr =    ]
(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 21-05-2003 01:27:46 | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 06-10-2003 13:16:00 | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(AvFlt) Antivirus Filter Driver [File_System | On_Demand | Stopped] -> %System32%\drivers\av5flt.sys -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 4096 bytes | Modified Date = 28-09-2006 15:13:34 | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05-09-2006 17:03:16 | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> %System32%\drivers\DcCam.sys -> Eastman Kodak Company [Ver = 1.7.0614.0 | Size = 37150 bytes | Modified Date = 16-06-2005 13:41:02 | Attr =    ]
(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> %System32%\drivers\DcFpoint.sys -> Eastman Kodak Company [Ver = 1.6.0331.0 | Size = 61564 bytes | Modified Date = 31-03-2005 06:47:42 | Attr =    ]
(DCFS2K) Kodak DCFS2K Driver [Kernel | Auto | Running] -> %System32%\drivers\DCFS2k.sys -> Eastman Kodak Company [Ver = 1.0.4100.7 | Size = 38673 bytes | Modified Date = 31-03-2005 06:47:48 | Attr =    ]
(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\DcLps.sys -> Eastman Kodak Company [Ver = 1.6.0331.0 | Size = 8022 bytes | Modified Date = 31-03-2005 06:47:50 | Attr =    ]
(DcPTP) DcPTP [Kernel | On_Demand | Stopped] -> %System32%\drivers\DcPtp.sys -> Eastman Kodak Company [Ver = 1.6.0331.0 | Size = 70262 bytes | Modified Date = 31-03-2005 06:47:56 | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Running] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04-08-2004 07:07:18 | Attr =    ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04-08-2004 07:07:16 | Attr =    ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 23-08-2001 13:00:00 | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(Exportit) Exportit [Kernel | System | Stopped] -> %System32%\drivers\ExportIt.sys -> Eastman Kodak Company [Ver = 1.0.8900.9 | Size = 152081 bytes | Modified Date = 31-03-2005 07:00:08 | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.116 | Size = 28256 bytes | Modified Date = 26-02-2007 13:19:32 | Attr =    ]
(N100) Compaq Ethernet or Fast Ethernet NIC Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\n100325.sys -> Compaq Computer Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 128000 bytes | Modified Date = 17-08-2001 12:11:38 | Attr =    ]
(NAVAP) NAVAP [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -> Symantec Corporation [Ver = 9.1.0.26 | Size = 224256 bytes | Modified Date = 02-05-2003 21:08:18 | Attr =    ]
(NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -> Symantec Corporation [Ver = 9.1.0.26 | Size = 30208 bytes | Modified Date = 02-05-2003 21:08:22 | Attr =    ]
(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070214.020\NAVENG.SYS -> Symantec Corporation [Ver = 20071.1.1.10 | Size = 80472 bytes | Modified Date = 14-02-2007 10:00:00 | Attr =    ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070214.020\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.1.1.10 | Size = 852600 bytes | Modified Date = 14-02-2007 10:00:00 | Attr =    ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 1550043 bytes | Modified Date = 06-10-2003 13:16:00 | Attr =    ]
(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\nvax.sys -> NVIDIA Corporation [Ver = 6.14.0457.0 built by: NVIDIA | Size = 53376 bytes | Modified Date = 22-10-2004 09:38:28 | Attr =    ]
(NVENET) NVIDIA nForce MCP Networking Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\NVENET.sys -> NVIDIA Corporation [Ver = 4.14.01.0281 | Size = 80896 bytes | Modified Date = 23-09-2002 10:37:00 | Attr = R  ]
(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> %System32%\drivers\nvapu.sys -> NVIDIA Corporation [Ver = 6.14.0457.0 built by: NVIDIA | Size = 413824 bytes | Modified Date = 22-10-2004 09:41:46 | Attr =    ]
(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\nv_agp.SYS -> NVIDIA Corporation [Ver = 4.12.01.0278 | Size = 13568 bytes | Modified Date = 06-09-2002 11:24:00 | Attr = R  ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 1, 0, 167 | Size = 13780 bytes | Modified Date = 01-11-2001 10:27:04 | Attr =    ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 23-08-2001 13:00:00 | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.18a | Size = 20576 bytes | Modified Date = 23-09-2004 01:03:00 | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 23-08-2001 13:00:00 | Attr =    ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.2.2.11 | Size = 73496 bytes | Modified Date = 12-03-2005 09:42:26 | Attr =    ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 13-02-2007 21:41:00 | Attr =    ]
DCC_send -> Preliminary.exe -> File not found
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 20-11-2001 05:04:08 | Attr =    ]
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 19-08-2003 15:38:42 | Attr =    ]
mmtask -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 29-10-2003 15:57:58 | Attr =    ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 06-10-2003 13:16:00 | Attr =    ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 06-10-2003 13:16:00 | Attr =    ]
PopUpKiller -> %ProgramFiles%\PopUp Killer\PopUpKiller.EXE -> xFX JumpStart [Ver = 1.43.0001 | Size = 105984 bytes | Modified Date = 06-11-2001 21:18:06 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 13-09-2005 16:17:34 | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_08\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Modified Date = 26-07-2006 02:03:14 | Attr =    ]
vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 21-05-2003 01:21:18 | Attr =    ]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
->  -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Uint32 -> _ctcp.exe -> File not found
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe ->  [Ver = 1.0 | Size = 86016 bytes | Modified Date = 07-05-2002 18:24:32 | Attr =    ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe ->  [Ver = 5, 2, 30, 84 | Size = 176128 bytes | Modified Date = 04-11-2005 14:04:48 | Attr =    ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ->  [Ver =  | Size = 16423 bytes | Modified Date = 13-02-2004 13:12:08 | Attr =    ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 11-02-2003 08:10:00 | Attr =    ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Miniphone -> %SystemRoot%\glophone.exe -> File not found
MsnMsgr -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe -> File not found
Multimedia Codecs -> %System32%\mcc.exe -> File not found
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09-07-2001 09:50:42 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 13-09-2005 16:17:34 | Attr =    ]
< File Associations > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 19-12-2006 22:52:18 | Attr =    ]
exefile [open] -> "%1" %* ->
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\Office10\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 10.0.2609 | Size = 66976 bytes | Modified Date = 13-02-2001 09:59:26 | Attr =    ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\Office10\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 10.0.2609 | Size = 66976 bytes | Modified Date = 13-02-2001 09:59:26 | Attr =    ]
http [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 04-08-2004 08:56:56 | Attr =    ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050) | Size = 1494528 bytes | Modified Date = 04-01-2007 14:37:04 | Attr =    ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050) | Size = 3056640 bytes | Modified Date = 04-01-2007 14:36:48 | Attr =    ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 04-08-2004 08:56:58 | Attr =    ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 04-08-2004 08:56:58 | Attr =    ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 04-08-2004 08:56:56 | Attr =    ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 04-08-2004 08:56:58 | Attr =    ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 04-08-2004 08:56:58 | Attr =    ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 04-08-2004 08:56:58 | Attr =    ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 04-08-2004 08:56:58 | Attr =    ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 04-08-2004 08:56:54 | Attr =    ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 04-08-2004 08:56:58 | Attr =    ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 19-12-2006 22:52:18 | Attr =    ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 04-08-2004 08:56:50 | Attr =    ]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} ->  ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} ->  ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} ->  ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28-09-2006 15:13:28 | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL ->  -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\SpecifyDefaultButtons -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Search -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-0000-0000-000000000000} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-0000-0000-000000000001} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-0000-0000-000000000221} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-0000-0000-000000000240} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-0000-8835-3EFF76BF2657} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-0000-BFA1-D7EE6696B865} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-41a3-98CF-00000000168B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-47c5-A90F-2CDE8F7638DB} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-5DFC-5652-1705043F6518} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0000-7EBF-57C6-0BAE047EA682} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0001-0345-2280-0287F27A63EE} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0001-1DBE-075A-39EC04BD88AF} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0001-F7A6-1F38-0204019E355E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0002-0002-0000-000000000000} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0002-53D4-0622-35EA0235778E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0007-5041-4354-0020e48020af} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0008-5041-4354-0020e48020af} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0008-D357-0798-004401965D4A} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0009-1C42-7D61-6CFF050894A7} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0015-BD9C-263A-493001BA0C6C} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-002B-EFE6-6B08-560C01922D3B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0033-C1AC-0E62-0C1F0537605D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-008C-1E65-6AA6-3A270279F027} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-00FA-71ED-4ABA-348801BAA0A9} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-0C95-B1F8-547A-405204D6961A} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-10D6-4e5f-8F7F-29B32C1C0FC4} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-167B-41bc-95FF-86A07B14712C} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-2565-4c5b-A455-A74C8A2247AB} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-5eb9-11d5-9d45-009027c14662} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-623A-11D4-BCDB-005004131771} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-64C4-4a64-9767-895AB4921E41} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-6CB0-410C-8C3D-8FA8D2011D0A} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-6c30-11d8-9363-000ae6309654} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-D9E3-4BC6-A0BD-3D0CA4BE5271} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000000-F183-11D1-BE1C-00000100C596} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0000001D-BA9B-11D2-BDF1-0090272A6D78} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{000000DA-0786-4633-87C6-1AA7A4429EF1} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{000000F1-34E3-4633-87C6-1AA7A44296DA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000178-CD4A-447a-BCF9-6FD0096B5527} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000185-B716-11D3-92F3-00D0B709A7D8} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000185-C745-43D2-44F1-01A1C789C738} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000250-0320-4DD4-BE4F-7566D2314352} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0000026A-8230-4DD4-BE4F-6889D1E74167} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000273-8230-4DD4-BE4F-6889D1E74167} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000285-B716-11D3-92F3-00D0B709A7D8} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000580-C637-11D5-831C-00105AD6ACF0} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{000006B1-19B5-414A-849F-2A3C64AE6939} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000762-3965-4A1A-98CE-3D4BF457D4C8} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00000EF1-34E3-4633-87C6-1AA7A44296DA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{000020DD-C72E-4113-AF77-DD56626C6C42} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0000607D-D204-42C7-8E46-216055BF9918} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0000CC75-ACF3-4cac-A0A9-DD3868E06852} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00010a21-b924-4cd6-893c-eea1071ae8b3} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{000277A3-7D84-406a-9799-D12A81594693} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00041A26-7033-432C-94C7-6371DE343822} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{000E7270-CC7A-0786-8E7A-DA09B51938A6} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00110011-4B0B-44D5-9718-90C88817369B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0019C3E2-DD48-4A6D-AB2D-8D32436313D9} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0019C3E2-DD48-4A6D-ABCD-8D32436313D9} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{001B3456-4ADE-44D0-8C23-D69D32658D84} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{001DAE60-95C0-11d3-924E-009027950886} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{001F2470-5DF5-11d3-B991-00A0C9BB0874} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{001F2570-5DF5-11d3-B991-00A0C9BB0874} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0036F389-FEF8-43AC-9220-16430E0012ED} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{004A5840-FF59-11d2-B50D-0090271D3FD4} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{004B23E0-1E63-4ED6-BCAC-922BA26CF096} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0055C089-8582-441B-A0BF-17B458C2A3A8} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00673769-777F-4814-BE0F-74CBA1D823B8} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00A0A40C-F432-4C59-BA11-B25D142C7AB7} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00C6482D-C502-44C8-8409-FCE54AD9C208} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00D6A7E7-4A97-456f-848A-3B75BF7554D7} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{00F16DC8-1B2A-42F4-B18B-E21DA9D2D7FD} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0140DF95-9128-4053-AE72-F43F0CFCA062} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{01A7812B-59E8-4A4F-BFD6-EEE6D4CB6BA2} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{01CD4DDA-166D-4831-A373-ACCC27E1BB9D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{021BB032-80A8-4FB6-B3D5-CF27B1553B95} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{02336F51-24CA-4422-AB63-18841ADF35E6} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{02478D28-C3F9-4efb-9B51-7695ECA05670} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{024DE5EB-3649-445E-8D57-C09A9A33D479} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{02681612-869A-4a07-9D7D-984F42217890} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{029BB53A-C312-4b09-9B4F-ED57AF027B28} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{029CA12C-89C1-46a7-A3C7-82F2F98635CB} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{02DCA195-602B-4B1F-83FF-381B7E804BDB} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0315AA2C-10C7-4504-A1C4-F552ABA8A095} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0345B059-8731-42BC-B7B7-5121014B02C6} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0352960F-47BE-11D5-AB93-00D0B760B4EB} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{04047354-D353-11D2-B3EB-0060B03C5581} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{04079851-5845-4dea-848C-3ECD647AA554} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{04164EC4-1E48-4279-818E-3721931E7636} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0421701D-CF13-4E70-ADF0-45A953E7CB8B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0428FFC7-1931-45b7-95CB-3CBB919777E1} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{046D6EA4-15E3-4b27-8010-45BD78A9219E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{04719991-296F-4958-AA0F-FA25FFA5008B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{058FC709-D5CD-4A95-92DB-59E6488ECDA4} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{059B2FC0-741D-40F8-AEFA-D2C919EB9217} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{05BBB56A-2A69-4A5C-BFDA-43295DD67434} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{06594350-D723-11D8-9669-0800200C9A66} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{06DFEDAA-6196-11D5-BFC8-00508B4A487D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{074E3AA7-7718-4404-B3F8-FF8FB5414E0E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{08227B4B-54FE-4C4D-809F-BCA46292FC5B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{08351226-6472-43BD-8A40-D9221FF1C4CE} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{08351227-6472-43BD-8A40-D9221FF1C4CE} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{08442457-929D-4522-AE24-9D3E4664A0C1} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{086AE192-23A6-48D6-96EC-715F53797E85} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{086CEFD5-A88D-4981-8915-D51F04360ED1} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{087173EF-9829-4F49-8340-A524177D3F60} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{08C63920-DC18-11D2-9E1E-00A0247061AB} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{08DBDE36-DF28-11D5-8CA5-0050DA44A764} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{08E1C8E1-E565-44fc-A766-C9539BB3ABB7} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{08E74C67-99A6-45C7-94DA-A397A8FD8082} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0950C008-880D-46F3-AFE0-AE85C6458044} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{09549E9B-8BC0-40A4-B5D6-BD761338D631} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0982868C-47F0-4EFB-A664-C7B0B1015808} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{09AF76DD-6988-4664-97D0-362F1011E311} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{09F0F280-FB9A-481B-B69A-CB00DC44D027} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0A1375E1-56C2-11D6-8E45-8933A0FB5235} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0A1A2A3A-4A5A-6A7A-8A9A-AABACADAEAFA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0A4DC360-26A5-4FC1-8FB2-ADD00738A99B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0A68C5A2-64AE-4415-88A2-6542304A4745} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0A6A6F79-BBE3-4A8B-8A64-9D1D1100A347} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0AAF602E-72A1-45FE-BAB1-06971E07EAA2} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0ADCDFE7-8490-406D-91BF-88F71FD7F8AE} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0AEE4D0C-4B38-4196-AE32-70ACE5656647} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0B519E07-7824-4adc-8890-93D5EABBF285} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0B90AA1B-F649-44C3-9FD3-736C332CBBCF} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0BA1C6EB-D062-4E37-9DB5-B07743276324} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0C9CBFE1-91CD-40C2-BB64-1EC84C4C46AF} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0CF0B8EE-6596-11D5-A98E-0003470BB48E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0D245396-8535-11D3-B3F9-00A0C9424626} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0D7DC475-59EB-4781-985F-A6F5D4E2BC73} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0D929918-C804-4756-B0AC-640EF3F061E9} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0DDBB570-0396-44C9-986A-8F6F61A51C2F} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0E1230F8-EA50-42A9-983C-D22ABC2E0099} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0EEDB912-C5FA-486F-8334-57288578C627} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0F660F64-F4C9-477F-8529-44181B717472} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0FC817C2-3B45-11D4-8340-0050DA825906} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{0FFE2F08-3AC9-4A91-A61D-4FF24F91A561} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1028F737-81E7-452B-A860-E50CAD90A08C} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{10384d0e-2bc1-48b6-844b-ad0e9e6d2511} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{10955232-B671-11D7-8066-0040F6F477E4} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{11359F4A-B191-42d7-905A-594F8CF0387B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{118CE65F-5D86-4AEA-A9BD-94F92B89119F} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{11904CE8-632A-4856-A7CC-00B33FE71BD8} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{11990E9F-2A4D-11D6-9507-02608CDD2842} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{11F6B95F-0774-4B8D-8C9E-6B552CBCAD14} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1201333E-BAD9-481C-BCF5-6904498CF85B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{120FF052-1C61-4C14-8F54-BBBC4A988590} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{123249EB-F891-44C4-946F-450064F9080E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{12BA043E-293E-4CE4-A8C7-8460934FE801} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{12D02C08-218F-4A11-BDE1-6611ADB7B81F} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{12DF6E3E-6272-4AE8-880B-2158D60791C0} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{12F02779-6D88-4958-8AD3-83C12D86ADC7} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{136A9D1D-1F4B-43D4-8359-6F2382449255} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{13707362-08A2-11D3-A26D-0060976E9E6A} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{139D88E5-C372-469D-B4C5-1FE00852AB9B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{13F537F0-AF09-11d6-9029-0002B31F9E59} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{13F90341-AD79-4A9F-9B57-0234675670D6} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1402DF89-8043-44E9-AFE8-CB3DB644EF7D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{150FA160-130D-451F-B863-B655061432BA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{157F70D2-49E8-11D3-B094-005004116944} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{15C9938F-CB96-496D-800A-B827F2E34EA1} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{16122F02-9713-11D3-9744-005004116944} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1624F640-49AC-11D3-8ABD-00C04FA95EE0} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{165EAF06-A068-4BE1-8418-D92B2A196878} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{166348F1-2C41-4C9F-86BB-EB2B8ADE030C} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{16664845-0E00-11D2-8059-000000000000} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1678F7E1-C422-11D0-AD7D-00400515CAAA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17456D4E-823D-9B68-283C-1A819CBBDD19} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17939A30-18E2-471E-9D3A-56DD725F1215} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1808648B-3102-4293-8AD3-06AF71D3321B} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{18AD2309-B249-46FB-9012-3B787446707F} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{18B79968-1A76-4953-9EBB-B651407F8998} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{19A447BA-9C2E-4864-93F5-A0645229771E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{19E41A2D-BD9D-48bb-9576-27B2CF0877C0} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1A1DAC8C-074D-440F-8707-7009A672D7D1} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1A214F62-47A7-4CA3-9D00-95A3965A8B4A} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1A98BCA2-0BD1-47DE-9710-C7665F7F1FCB} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1B0E7716-898E-48cc-9690-4E338E8DE1D3} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1B13BF1B-A528-4CC4-B5BF-553CAA6487AC} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1B77D30A-81C9-497A-8647-142F7511B1FB} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1B7D753B-1981-4bd2-91F3-6D055EE113A0} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1BDD55B8-3985-4E59-B906-5E0AD56D6710} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1C4DA27D-4D52-4465-A089-98E01BB725CA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1C78AB3F-A857-482e-80C0-3A1E5238A565} -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1D022C27-3771-4D1D-B1B7-1953E271C6CA} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1D62BD48-16F6-4004-A54A-3C41E4955A87} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1D71DB63-D72A-4479-98F8-5BCB84FAE0F6} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1D870C86-AA3C-4451-81E4-71D480A1A652} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1D9B10E0-E90C-11D7-A399-B7BAC8911A3F} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1E1B2879-30C7-11D4-8DDF-525400E483E3} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1E1B2879-88FA-11D3-8D96-D7ACAC95951A} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1E1B2879-88FF-11D2-8D96-000000000003} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1E1B2879-88FF-11D2-8D96-000000000004} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1E1B2879-88FF-11D2-8D96-123457123457} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1E1B2879-88FF-11D2-8D96-D7ACAC31337F} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{1E1B2879-88FF-1

Det er ikke for at være petitesse-rytter, men jeg kan se at hele loggen ikke kunne være i én post. Derfor er du nødt til (som jeg skrev ovenfor), at lægge den ind i flere dele. Det er ikke så megen nytte til at jeg begynder at analysere på en udvalgt del, når jeg ikke kan få det hele med på én gang :-)