Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

might have a Dropper malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

might have a Dropper malware

Unread postby IrishGuy74 » November 15th, 2008, 8:41 pm

Hi Guys,

I got a warning from my anti virus software(avast)



So I'm not sure if I'm infected :(

Edit...When I type the letters come out back to front :x



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:31:57, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Belkin\F5D7011\Belkinwcui.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1467345664
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4533828562
O17 - HKLM\System\CCS\Services\Tcpip\..\{94FCFDC5-07D1-47B9-956D-E54523B0517C}: NameServer = 87.250.98.250,87.250.97.250
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8399 bytes
IrishGuy74
Regular Member
 
Posts: 40
Joined: August 31st, 2007, 6:28 pm
Advertisement
Register to Remove

Re: might have a Dropper malware

Unread postby Odd dude » November 19th, 2008, 4:39 am

Hello and welcome to the forums!

I'm Odd dude, pleased to meet you; if it helps, you can call me OD ;). I will be helping you with your infection. However, it is important to take note of the following - quite the wall of text, I know, but please bear with me:

  • Logs from malware removal programs (Hijackthis is one of them) can take some time to analyze. I need you to be patient whilst I analyze any logs you post.
  • Please carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Only YOU must use these instructions, they are not suitable for any other computer with similar problems.
  • Do not do things I do not ask for, such as running a spyware scan. The one thing you should always do, though, is making sure that your antivirus definitions are up-to-date!
  • If I tell you to download a tool which you already have, please re-download it and do not use the copy you already have. This is because the tools are updated regularly.
  • In Windows Vista, all tools need to be started by right clicking and selecting Run as administrator!
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you were to do the same. From this point, we're in this together ;)
  • As I am still in training at the Malware Removal University, anything I do must be checked by an experienced malware fighter. This means there might be a slight delay in my answers.
  • Lastly, I am no magican. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

I am now analyzing your situation and hope to be back with you soon. While I am reviewing your situation, could you please do the following for me:

Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Please post back:
  • Uninstall list
  • New hijackthis log
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: might have a Dropper malware

Unread postby IrishGuy74 » November 19th, 2008, 9:22 am

Thank you Very Much OD :)

As Requested.

AC97 Data Fax SoftModem with SmartCP
Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
Advanced Video FX Engine
Apple Mobile Device Support
Apple Software Update
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Antivirus
Belkin Wireless G Plus Notebook Card
BlueSoleil
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Conexant AC-Link Audio
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 2
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Polar Precision Performance SW
Polar WebLink 2.4.8
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SightSpeed (remove only)
Skype™ 3.8
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Teaching-you 31 Languages CD #1
Teaching-you 31 Languages CD #2
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Touch and Launch
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
USB2.0 UVC Camera
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

--------------------------------------------------------------------------------

HJT log..



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:19, on 19/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Belkin\F5D7011\Belkinwcui.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1467345664
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4533828562
O17 - HKLM\System\CCS\Services\Tcpip\..\{94FCFDC5-07D1-47B9-956D-E54523B0517C}: NameServer = 87.250.98.250,87.250.97.250
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9034 bytes
IrishGuy74
Regular Member
 
Posts: 40
Joined: August 31st, 2007, 6:28 pm

Re: might have a Dropper malware

Unread postby Odd dude » November 20th, 2008, 5:20 am

Fix a line in hijackthis
  • Start HijackThis
  • Click Do a system scan only
  • Put a check next to the following item:
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  • Make sure that all other open windows are closed!
  • Press Fix checked.

GMER
Do not touch the computer while GMER is running! If you do, it'll go completely unresponsive and you'll have to shut it down using the power switch. Just don't touch the PC while GMER is working.
Please download gmer.zip by GMER and save it to your desktop.

  • Right click the file you just downloaded and choose Extract all
  • Click Next
  • Click Browse
  • Click the + next to My Computer
  • Click Local Disk (C:)
  • Click Make new folder
  • Enter GMER
  • Click OK, then Next
  • Check Show extracted files and click Finish
  • Double click on GMER.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the GMER scan log and post it in your next reply.
  • Close GMER.

Post back: GMER log
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: might have a Dropper malware

Unread postby IrishGuy74 » November 20th, 2008, 1:17 pm

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-20 18:12:59
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF2A64618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF2A644D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF2A649B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF2A640AC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF2A645AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF2A63FEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF2A64050]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF2A646CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF2A6468E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF2A6480E]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005B0002
IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005B0000
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.14 ----
IrishGuy74
Regular Member
 
Posts: 40
Joined: August 31st, 2007, 6:28 pm

Re: might have a Dropper malware

Unread postby Odd dude » November 20th, 2008, 1:42 pm

Hi IrishGuy74

Download MBR Rootkit Detector by GMER
Be sure to download it to the root of your drive, e.g. C:\MBR.exe


Once the download has finished, click Start :arrow: Run. Copy and paste the following into the run box, then click OK:
Code: Select all
\mbr


A log will be generated called MBR.txt. Post it in your next reply.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: might have a Dropper malware

Unread postby IrishGuy74 » November 20th, 2008, 6:20 pm

I'm Sorry, I don't understand how to download it onto my root drive? :oops:

I clicked on it and its on my desktop. when I click it its not giving me the option to save as :oops:


A log came up buts its quite small.. not sure if I correctly did it..

I'm getting a microsoft popup saying my system has recovered from an error even if I reboot. I'm not touching it until you tell me other wise.I don't think I should keep getting this popup even after I reboot.


Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

____________________________________________________

3d8 83c WinMain
3d8 83c lpCmdLine: '-Embedding'
3d8 83c Run
3d8 83c lpCmdLine: '-Embedding'
3d8 83c nCmdShow: 10
3d8 83c ServerInit 0
3d8 83c VerifyRegistry
3d8 83c GetRegistryString 'Software\Yahoo\YServer' 'HomeDir'
3d8 83c Failed to open 'Software\Yahoo\YServer' key 2
3d8 83c SaveRegistryString: Failed to open registry key for szKey 'Software\Yahoo\YServer'
3d8 83c GetRegistryString 'Software\Yahoo\YServer' 'HomeDir'
3d8 83c returning 'C:\PROGRA~1\Yahoo!\MESSEN~1\data'
3d8 83c GetRegistryDWORD 'Software\Yahoo\YServer' 'Use Logfile'
3d8 83c RegQueryValueExt failed 2 for 'Use Logfile'
3d8 83c GetRegistryDWORD 'Software\Yahoo\Pager' 'Use Logfile'
3d8 83c RegQueryValueExt failed 2 for 'Use Logfile'
3d8 c2c CountdownThread
3d8 83c leaving ServerInit
3d8 83c entering message loop
3d8 83c CYServerComponent::CreateInstance
3d8 83c Not aggregating; delegate to nondelegating IUnknown
3d8 83c CYServerComponent::CYServerComponent
3d8 83c the COM library asked for IMarshal
3d8 83c CYServerComponent::SetMaxConnections 3
3d8 83c CYServerComponent::IsServerRunning
3d8 83c CYServerComponent::StartServer
3d8 83c set gwGlobalErrorNumber to 0
3d8 83c server not running: starting server
3d8 83c StartWebServerThread
3d8 83c GetRegistryString 'Software\Yahoo\YServer' 'HomeDir'
3d8 83c returning 'C:\PROGRA~1\Yahoo!\MESSEN~1\data'
3d8 83c set gszHomeDir to C:\PROGRA~1\Yahoo!\MESSEN~1\data
3d8 83c CleanupShortcutFiles
3d8 83c GetRegistryInt 'Software\Yahoo\YServer' 'KeepShortcuts' 0
3d8 83c GetRegistryString 'Software\Yahoo\YServer' 'KeepShortcuts'
3d8 83c RegQueryValueExt failed 2 for 'KeepShortcuts'
3d8 83c ReadIniFileString
3d8 83c section: [Info] key: 'Timestamp' default: ''
3d8 83c file: C:\PROGRA~1\Yahoo!\MESSEN~1\data\.
3d8 83c no chars read
3d8 83c ReadIniFileString
3d8 83c section: [Info] key: 'Timestamp' default: ''
3d8 83c file: C:\PROGRA~1\Yahoo!\MESSEN~1\data\..
3d8 83c no chars read
3d8 83c leaving CleanupShortcutFiles
3d8 264 ServerThread
3d8 264 GetRegistryInt 'Software\Yahoo\YServer' 'IPPort' 80
3d8 264 GetRegistryString 'Software\Yahoo\YServer' 'IPPort'
3d8 264 RegQueryValueExt failed 2 for 'IPPort'
3d8 264 set gnPort to 80
3d8 264 calling CreateThread for ListenerThread
3d8 8bc ListenerThread
3d8 264 ListenerThread ID: 0x8bc
3d8 8bc portno: 80
3d8 8bc binding ip: 16885952
3d8 8bc lcl_ListenSocket: 0x18c
3d8 8bc local IP addr: 192.168.1.1
3d8 8bc local port: 80
3d8 8bc calling bind
3d8 8bc listen socket:
3d8 8bc IP addr: 192.168.1.1
3d8 8bc port: 80
3d8 8bc calling listen
3d8 264 ReportInitProgress
3d8 83c leaving StartWebServerThread
3d8 83c returned from StartWebServerThread, the return code is 1.
3d8 83c CYServerComponent::IsServerRunning
3d8 83c CYServerComponent::SubmitFile
3d8 83c CreateShortcutFileForRequest3d8 83c szFullPathName: C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\17022008023.jpg
3d8 83c szAppID: Messenger
3d8 83c szUserID: fogartyaisling
3d8 83c szVersion: MSG1.0
3d8 83c nhWnd: 591690
3d8 83c nMsgNumber: 1
3d8 83c CreateShortcutFile
3d8 83c szVersion: 'MSG1.0'
3d8 83c szOriginalFile: 'C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\17022008023.jpg'
3d8 83c szAppID: 'Messenger'
3d8 83c szUserID: 'fogartyaisling'
3d8 83c bIsDir: 0
3d8 83c bIsPost: 0
3d8 83c CreateShortcutFileName
3d8 83c shortcut file name: C:\PROGRA~1\Yahoo!\MESSEN~1\data\Messenger.fogartyaisling.121416698564617022008023.jpg
3d8 83c CSecretKey::CSecretKey
3d8 83c szApp: Messenger
3d8 83c szUser: fogartyaisling
3d8 83c CSecretKey::Init().
3d8 83c m_szAppID: Messenger
3d8 83c m_szUserID: fogartyaisling
3d8 83c CreateURL
3d8 83c GetBaseURL
3d8 83c bAddrContainsPort: 0
3d8 83c base URL: http://192.168.1.1
3d8 83c CreateURL returned:
3d8 83c http://192.168.1.1/Messenger.fogartyais ... q5beleg3z8
3d8 83c WriteShortcutFile
3d8 83c writing to ini file:
3d8 83c

[Info]
Name=C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\17022008023.jpg
Version=MSG1.0

3d8 83c wrote Name=C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\17022008023.jpg
3d8 83c wrote Version=MSG1.0
3d8 83c writing to ini file:
3d8 83c

App=Messenger
User=fogartyaisling

3d8 83c wrote App=Messenger
3d8 83c wrote User=fogartyaisling
3d8 83c writing to ini file:
3d8 83c

Timestamp=63E464F09251E00EF78FF5EC441820DA

3d8 83c wrote Timestamp=63E464F09251E00EF78FF5EC441820DA
3d8 83c writing to ini file:
3d8 83c

W=591690
M=1

3d8 83c wrote W=591690
3d8 83c wrote M=1
3d8 83c exit CreateShortcutFile
3d8 83c CreateShortcutFile succeeded.
3d8 83c Entering AllocateAndCopyToWideString
3d8 83c Leaving AllocateAndCopyToWideStrign
3d8 83c Entering AllocateAndCopyToWideString
3d8 83c Leaving AllocateAndCopyToWideStrign
3d8 83c Entering AllocateAndCopyToWideString
3d8 83c Leaving AllocateAndCopyToWideStrign
3d8 83c output:
3d8 83c szURL: http://192.168.1.1/Messenger.fogartyais ... q5beleg3z8
3d8 83c szKey: lc9l2jehk6h3urvlz8q5beleg3z8
3d8 83c szShortcutFileName: Messenger.fogartyaisling.121416698564617022008023.jpg
3d8 83c leaving SubmitFile
3d8 83c CYServerComponent::SubmitFile
3d8 83c CreateShortcutFileForRequest3d8 83c szFullPathName: C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\Video013.3gp
3d8 83c szAppID: Messenger
3d8 83c szUserID: fogartyaisling
3d8 83c szVersion: MSG1.0
3d8 83c nhWnd: 591690
3d8 83c nMsgNumber: 2
3d8 83c CreateShortcutFile
3d8 83c szVersion: 'MSG1.0'
3d8 83c szOriginalFile: 'C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\Video013.3gp'
3d8 83c szAppID: 'Messenger'
3d8 83c szUserID: 'fogartyaisling'
3d8 83c bIsDir: 0
3d8 83c bIsPost: 0
3d8 83c CreateShortcutFileName
3d8 83c shortcut file name: C:\PROGRA~1\Yahoo!\MESSEN~1\data\Messenger.fogartyaisling.1214166988162Video013.3gp
3d8 83c CSecretKey::CSecretKey
3d8 83c szApp: Messenger
3d8 83c szUser: fogartyaisling
3d8 83c CSecretKey::Init().
3d8 83c m_szAppID: Messenger
3d8 83c m_szUserID: fogartyaisling
3d8 83c CreateURL
3d8 83c GetBaseURL
3d8 83c bAddrContainsPort: 0
3d8 83c base URL: http://192.168.1.1
3d8 83c CreateURL returned:
3d8 83c http://192.168.1.1/Messenger.fogartyais ... 7od0945c7a
3d8 83c WriteShortcutFile
3d8 83c writing to ini file:
3d8 83c

[Info]
Name=C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\Video013.3gp
Version=MSG1.0

3d8 83c wrote Name=C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\Video013.3gp
3d8 83c wrote Version=MSG1.0
3d8 83c writing to ini file:
3d8 83c

App=Messenger
User=fogartyaisling

3d8 83c wrote App=Messenger
3d8 83c wrote User=fogartyaisling
3d8 83c writing to ini file:
3d8 83c

Timestamp=6434BC6496305560C1B489B1E173B84C

3d8 83c wrote Timestamp=6434BC6496305560C1B489B1E173B84C
3d8 83c writing to ini file:
3d8 83c

W=591690
M=2

3d8 83c wrote W=591690
3d8 83c wrote M=2
3d8 83c exit CreateShortcutFile
3d8 83c CreateShortcutFile succeeded.
3d8 83c Entering AllocateAndCopyToWideString
3d8 83c Leaving AllocateAndCopyToWideStrign
3d8 83c Entering AllocateAndCopyToWideString
3d8 83c Leaving AllocateAndCopyToWideStrign
3d8 83c Entering AllocateAndCopyToWideString
3d8 83c Leaving AllocateAndCopyToWideStrign
3d8 83c output:
3d8 83c szURL: http://192.168.1.1/Messenger.fogartyais ... 7od0945c7a
3d8 83c szKey: lc9l2jehk6h3tz4hf17od0945c7a
3d8 83c szShortcutFileName: Messenger.fogartyaisling.1214166988162Video013.3gp
3d8 83c leaving SubmitFile
3d8 83c CYServerComponent::RemoveShortcut
3d8 83c 'Messenger.fogartyaisling.121416698564617022008023.jpg'
3d8 83c RemoveShortcutFile
3d8 83c 'Messenger.fogartyaisling.121416698564617022008023.jpg'
3d8 8bc back from listen
3d8 8bc listen socket:
3d8 8bc IP addr: 192.168.1.1
3d8 8bc port: 80
3d8 8bc allocated a pool of 3 handles
3d8 8bc AcceptAndHandleRequests
3d8 8bc IsFreeEntryInThreadArray
3d8 83c CYServerComponent::RemoveShortcut
3d8 83c 'Messenger.fogartyaisling.1214166988162Video013.3gp'
3d8 83c RemoveShortcutFile
3d8 83c 'Messenger.fogartyaisling.1214166988162Video013.3gp'
3d8 83c CYServerComponent::GetDownloadStatus
3d8 83c HTTPRQTotals::GetTotals
3d8 83c Entering AllocateAndCopyToWideString
3d8 83c Leaving AllocateAndCopyToWideStrign
3d8 83c Entering AllocateAndCopyToWideString
3d8 83c Leaving AllocateAndCopyToWideStrign
IrishGuy74
Regular Member
 
Posts: 40
Joined: August 31st, 2007, 6:28 pm

Re: might have a Dropper malware

Unread postby Odd dude » November 21st, 2008, 5:02 am

I'm Sorry, I don't understand how to download it onto my root drive?

Don't worry, you did fine.

I'm getting a microsoft popup saying my system has recovered from an error even if I reboot. I'm not touching it until you tell me other wise.I don't think I should keep getting this popup even after I reboot.

I'd like some information about this. The popup is useless and harmless; you can safely close it.

OTScanIt
Download OTScanIt by OldTimer to your desktop.
  • Double click the tool to run it
  • Click Extract. When it has finished, click OK, then Close
  • Open the OTScanIt folder and start OTScanIt.exe
  • Under the Drivers section, select Non-Microsoft
  • Click the Run Scan button (top-left corner)
  • Once the scan has finished, Notepad will open with the results. Post them in your next reply.

Check the Event Viewer logs
  • Click Start :arrow: Run
  • In the box, type eventvwr
  • Look at the System and Application log files and note any that are red
  • I need to know the Event ID and Source.

Post back: OTScanIt log and the Event Viewer log(s).
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: might have a Dropper malware

Unread postby IrishGuy74 » November 21st, 2008, 6:44 pm

Avast came up twice as saying it found a virus during that scan

Code: Select all
OTScanIt logfile created on: 21/11/2008 23:08:28
OTScanIt by OldTimer - Version 1.0.19.0     Folder = C:\Documents and Settings\Christopher\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
702.17 Mb Total Physical Memory | 103.28 Mb Available Physical Memory | 14.71% Memory free
1.68 Gb Paging File | 1.08 Gb Available in Paging File | 64.54% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 38.82 Gb Free Space | 52.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Christopher
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
wltrysvc.exe -> %SystemRoot%\system32\wltrysvc.exe ->  [Ver =  | Size = 18944 bytes | Modified Date = 20/01/2006 02:16:02 | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr =    ]
btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe ->  [Ver =  | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr =    ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 18/01/2005 00:38:38 | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr =    ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr =    ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 08/10/2004 22:44:24 | Attr =    ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 08/10/2004 22:43:12 | Attr =    ]
vsnp2uvc.exe -> %SystemRoot%\vsnp2uvc.exe -> Sonix [Ver = 1, 0, 0, 3 | Size = 569344 bytes | Modified Date = 12/03/2007 18:49:16 | Attr =    ]
smoothview.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 118784 bytes | Modified Date = 12/05/2005 10:31:38 | Attr =    ]
padexe.exe -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077327 bytes | Modified Date = 17/11/2004 10:56:10 | Attr =    ]
ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 404 | Size = 962560 bytes | Modified Date = 22/04/2005 19:54:14 | Attr =    ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 28/06/2005 21:05:00 | Attr =    ]
launch~1.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 70, 41, 5 | Size = 217088 bytes | Modified Date = 13/12/2005 07:49:08 | Attr =    ]
toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 11/04/2005 11:26:06 | Attr =    ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
pcsync2.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> Time Information Services Ltd. [Ver = 2.00 (468) | Size = 1302528 bytes | Modified Date = 22/02/2006 15:18:10 | Attr =    ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 3, 25 | Size = 1833296 bytes | Modified Date = 16/09/2008 12:16:08 | Attr = RHS]
servic~1.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 70, 45, 1 | Size = 120320 bytes | Modified Date = 07/11/2005 09:09:18 | Attr =    ]
belkinwcui.exe -> %ProgramFiles%\Belkin\F5D7011\Belkinwcui.exe -> Belkin [Ver = 2, 1, 7, 48 | Size = 1572864 bytes | Modified Date = 18/04/2006 15:25:14 | Attr =    ]
mpapi3s.exe -> %CommonProgramFiles%\Nokia\MPAPI\MPAPI3s.exe -> Nokia Corporation [Ver = 6.70.161.0 | Size = 471040 bytes | Modified Date = 28/10/2005 12:54:50 | Attr =    ]
bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 4, 0 | Size = 1200128 bytes | Modified Date = 20/09/2005 09:28:16 | Attr =    ]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 2.0.0.58 | Size = 76744 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 15/11/2008 23:59:03 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr =    ]
(BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe ->  [Ver =  | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr =    ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 18/01/2005 00:38:38 | Attr =    ]
(wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wltrysvc.exe ->  [Ver =  | Size = 18944 bytes | Modified Date = 20/01/2006 02:16:02 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe ["C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"] -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 28/06/2005 21:05:00 | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr =    ]
AVFX Engine -> %ProgramFiles%\Creative\Creative Live! Cam\VideoFX\StartFX.exe [C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe] -> Creative Technology Ltd. [Ver = 1.12.02.00 | Size = 24576 bytes | Modified Date = 16/08/2006 01:12:00 | Attr =    ]
CFSServ.exe ->  [CFSServ.exe -NoClient] -> File not found
dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =    ]
KernelFaultCheck ->  [%systemroot%\system32\dumprep 0 -k] -> File not found
NDSTray.exe ->  [NDSTray.exe] -> File not found
PadTouch -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077327 bytes | Modified Date = 17/11/2004 10:56:10 | Attr =    ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray] -> Nokia [Ver = 6, 70, 41, 5 | Size = 217088 bytes | Modified Date = 13/12/2005 07:49:08 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 11/12/2007 10:56:54 | Attr =    ]
SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 118784 bytes | Modified Date = 12/05/2005 10:31:38 | Attr =    ]
snp2uvc -> %SystemRoot%\vsnp2uvc.exe [C:\WINDOWS\vsnp2uvc.exe] -> Sonix [Ver = 1, 0, 0, 3 | Size = 569344 bytes | Modified Date = 12/03/2007 18:49:16 | Attr =    ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 08/10/2004 22:43:12 | Attr =    ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 08/10/2004 22:44:24 | Attr =    ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 23/05/2008 22:49:54 | Attr =    ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
PcSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe [C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (468) | Size = 1302528 bytes | Modified Date = 22/02/2006 15:18:10 | Attr =    ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 3, 25 | Size = 1833296 bytes | Modified Date = 16/09/2008 12:16:08 | Attr = RHS]
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 11/04/2005 11:26:06 | Attr =    ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 17:43:18 | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk -> %ProgramFiles%\Belkin\F5D7011\Belkinwcui.exe -> Belkin [Ver = 2, 1, 7, 48 | Size = 1572864 bytes | Modified Date = 18/04/2006 15:25:14 | Attr =    ]
< Christopher Startup Folder > -> C:\Documents and Settings\Christopher\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 01:12:19 | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 01:12:38 | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 01:12:24 | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 01:12:41 | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 46080 bytes | Modified Date = 29/06/2005 06:56:50 | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13/04/2008 19:40:46 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 50 bytes | Modified Date = 01/07/2008 17:53:31 | Attr =    ]
< HOSTS File > (287955 bytes and 9968 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5189 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 04:16:42 | Attr =    ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 23/05/2008 22:50:06 | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15/09/2008 14:25:44 | Attr = RHS]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 23:09:42 | Attr =    ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_02\bin\NPJPI150_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.20.9 | Size = 69746 bytes | Modified Date = 04/03/2005 03:54:17 | Attr =    ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 23:09:42 | Attr =    ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15/09/2008 14:25:44 | Attr = RHS]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office12\EXCEL.EXE -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{20B8D8D4-9FCF-4337-8C59-030E6DBEFB2E} ->    () -> 
{4D20BC8D-50CD-476E-ABC5-BB2A9F944B7F} ->    () -> 
{94FCFDC5-07D1-47B9-956D-E54523B0517C} -> 87.250.98.250,87.250.97.250   (Belkin 802.11g Network Adapter) -> 
{B11C8138-6A10-42BC-9A35-F9FBA65CD05D} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211467345664[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214533828562[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 



[Files/Folders - Created Within 30 days]
mbr.exe -> %SystemDrive%\mbr.exe ->  [Ver =  | Size = 66048 bytes | Created Date = 20/11/2008 23:34:32 | Attr =    ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 20/11/2008 17:36:12 | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 20/11/2008 17:36:11 | Attr =    ]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 20/11/2008 17:36:11 | Attr = R  ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Created Date = 20/11/2008 17:36:19 | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Created Date = 20/11/2008 17:36:12 | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1393 bytes | Created Date = 24/10/2008 13:54:00 | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 21/11/2008 22:45:14 | Attr =    ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 20/11/2008 17:46:47 | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 11/11/2008 18:23:50 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 11/11/2008 18:23:50 | Attr =  H ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 736350208 bytes | Modified Date = 21/11/2008 22:40:58 | Attr =  HS]
mbr.exe -> %SystemDrive%\mbr.exe ->  [Ver =  | Size = 66048 bytes | Modified Date = 20/11/2008 23:44:45 | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 287955 bytes | Modified Date = 17/11/2008 10:12:42 | Attr = R  ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 20/11/2008 17:36:12 | Attr =    ]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 63930 bytes | Modified Date = 21/11/2008 22:45:44 | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 406896 bytes | Modified Date = 21/11/2008 22:45:44 | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 477670 bytes | Modified Date = 21/11/2008 22:45:44 | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 21/11/2008 22:41:31 | Attr =    ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 21/11/2008 22:41:01 | Attr =   S]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 20/11/2008 17:36:12 | Attr =    ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 20/11/2008 18:03:32 | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 20/11/2008 17:36:12 | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1393 bytes | Modified Date = 13/11/2008 23:57:51 | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 11/11/2008 18:23:50 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 11/11/2008 18:23:50 | Attr =  H ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 913 bytes | Modified Date = 30/10/2008 01:04:06 | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 21/11/2008 22:41:12 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 15/11/2005 14:33:27 | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 13/11/2008 23:38:39 | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 13/11/2008 23:38:39 | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 06/08/2008 22:32:06 | Attr =    ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8464 bytes | Modified Date = 06/08/2008 22:25:04 | Attr =    ]
C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 1 for gmer.zip\ -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 1 for gmer.zip\ ->  [Folder | Modified Date = 20/11/2008 17:57:58 | Attr =  H ]
gmer.exe -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Modified Date = 17/04/2008 21:13:02 | Attr =    ]
C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 2 for gmer.zip\ -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 2 for gmer.zip\ ->  [Folder | Modified Date = 20/11/2008 18:03:21 | Attr =  H ]
gmer.exe -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Modified Date = 17/04/2008 21:13:02 | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 21/11/2008 22:45:37 | Attr =    ]
Perflib_Perfdata_100.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_100.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/11/2008 17:57:17 | Attr =    ]
Perflib_Perfdata_170.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_170.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/11/2008 17:47:23 | Attr =    ]
Perflib_Perfdata_74c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 17/11/2008 11:18:24 | Attr =    ]
Perflib_Perfdata_a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 21/11/2008 22:41:18 | Attr =    ]
Perflib_Perfdata_a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 19/11/2008 14:09:16 | Attr =    ]
Perflib_Perfdata_b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/11/2008 23:47:31 | Attr =    ]
Perflib_Perfdata_c4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/11/2008 17:22:32 | Attr =    ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\xeda0\x22a\xeda0\x22a\1"
"DeviceDesc"="\xeda0\x22a\xeda0\x22a\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x408"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\eng\display driver\sbdrv\smbus\smbusati.inf"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\20071205\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Alice In Chains\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\ARW Chad\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\ARW OPSECD\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Bosnia Pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Nokia Memory Card\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Rammstein1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Rammstein2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Family Pix 01\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Family pix 02\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Stone Sour\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Jacks Commuinion\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\jacks communion pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Metallica\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\20080624\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\20080913\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\20080922\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\20081017\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\Camera pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 37

< End of report >

_________________________________________________________________________
APPLICATION (There was double ERRORS with the same ID which I didn't include on both Application and system)

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 20/11/2008
Time: 17:24:52
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000











Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/11/2008
Time: 19:13:47
User: N/A
Computer: LAPTOP
Description:
Hanging application SharePod.exe, version 3.8.7.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 53 68 61 72 65 50 ShareP
0018: 6f 64 2e 65 78 65 20 33 od.exe 3
0020: 2e 38 2e 37 2e 30 20 69 .8.7.0 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000



Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 22/10/2008
Time: 13:29:47
User: N/A
Computer: LAPTOP
Description:
Faulting application firefox.exe, version 1.9.0.3188, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001019e.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 66 69 72 ure fir
0018: 65 66 6f 78 2e 65 78 65 efox.exe
0020: 20 31 2e 39 2e 30 2e 33 1.9.0.3
0028: 31 38 38 20 69 6e 20 6e 188 in n
0030: 74 64 6c 6c 2e 64 6c 6c tdll.dll
0038: 20 35 2e 31 2e 32 36 30 5.1.260
0040: 30 2e 35 35 31 32 20 61 0.5512 a
0048: 74 20 6f 66 66 73 65 74 t offset
0050: 20 30 30 30 31 30 31 39 0001019
0058: 65 0d 0a e..




Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 13/09/2008
Time: 21:04:40
User: N/A
Computer: LAPTOP
Description:
Faulting application bluesoleil.exe, version 1.6.4.0, faulting module bluesoleil.exe, version 1.6.4.0, fault address 0x000614ca.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 62 6c 75 ure blu
0018: 65 73 6f 6c 65 69 6c 2e esoleil.
0020: 65 78 65 20 31 2e 36 2e exe 1.6.
0028: 34 2e 30 20 69 6e 20 62 4.0 in b
0030: 6c 75 65 73 6f 6c 65 69 luesolei
0038: 6c 2e 65 78 65 20 31 2e l.exe 1.
0040: 36 2e 34 2e 30 20 61 74 6.4.0 at
0048: 20 6f 66 66 73 65 74 20 offset
0050: 30 30 30 36 31 34 63 61 000614ca
0058: 0d 0a ..




Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/09/2008
Time: 16:04:53
User: N/A
Computer: LAPTOP
Description:
Faulting application belkinwcui.exe, version 2.1.7.48, faulting module brdcm2k.dll, version 0.9.1.3, fault address 0x00008ea4.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 62 65 6c ure bel
0018: 6b 69 6e 77 63 75 69 2e kinwcui.
0020: 65 78 65 20 32 2e 31 2e exe 2.1.
0028: 37 2e 34 38 20 69 6e 20 7.48 in
0030: 62 72 64 63 6d 32 6b 2e brdcm2k.
0038: 64 6c 6c 20 30 2e 39 2e dll 0.9.
0040: 31 2e 33 20 61 74 20 6f 1.3 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 30 38 65 61 34 0d 0a 008ea4..



Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 27/08/2008
Time: 09:20:44
User: N/A
Computer: LAPTOP
Description:
Fault bucket 506723909.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 35 30 36 37 32 33 39 30 50672390
0010: 39 0d 0a 9..




Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 27/08/2008
Time: 09:20:30
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000



Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 27/08/2008
Time: 09:20:28
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000




Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 03/08/2008
Time: 08:10:27
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000


Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 01/08/2008
Time: 20:47:20
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000


Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 30/06/2008
Time: 01:09:01
User: N/A
Computer: LAPTOP
Description:
Faulting application belkinwcui.exe, version 2.1.7.48, faulting module brdcm2k.dll, version 0.9.1.3, fault address 0x00008ea4.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 62 65 6c ure bel
0018: 6b 69 6e 77 63 75 69 2e kinwcui.
0020: 65 78 65 20 32 2e 31 2e exe 2.1.
0028: 37 2e 34 38 20 69 6e 20 7.48 in
0030: 62 72 64 63 6d 32 6b 2e brdcm2k.
0038: 64 6c 6c 20 30 2e 39 2e dll 0.9.
0040: 31 2e 33 20 61 74 20 6f 1.3 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 30 38 65 61 34 0d 0a 008ea4..



Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 17/06/2008
Time: 21:09:44
User: N/A
Computer: LAPTOP
Description:
Faulting application belkinwcui.exe, version 2.1.7.48, faulting module brdcm2k.dll, version 0.9.1.3, fault address 0x00008ea4.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 62 65 6c ure bel
0018: 6b 69 6e 77 63 75 69 2e kinwcui.
0020: 65 78 65 20 32 2e 31 2e exe 2.1.
0028: 37 2e 34 38 20 69 6e 20 7.48 in
0030: 62 72 64 63 6d 32 6b 2e brdcm2k.
0038: 64 6c 6c 20 30 2e 39 2e dll 0.9.
0040: 31 2e 33 20 61 74 20 6f 1.3 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 30 38 65 61 34 0d 0a 008ea4..


___________________________________________________
SYSTEM

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 20/11/2008
Time: 23:48:29
User: N/A
Computer: LAPTOP
Description:
Error code 1000008e, parameter1 c0000005, parameter2 000006f0, parameter3 ef822b50, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 38 1000008
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 63 30 eters c0
0030: 30 30 30 30 30 35 2c 20 000005,
0038: 30 30 30 30 30 36 66 30 000006f0
0040: 2c 20 65 66 38 32 32 62 , ef822b
0048: 35 30 2c 20 30 30 30 30 50, 0000
0050: 30 30 30 30 0000



Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 32003
Date: 20/11/2008
Time: 17:57:43
User: N/A
Computer: LAPTOP
Description:
The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1f 00 00 00 ....



Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 17/11/2008
Time: 00:12:12
User: N/A
Computer: LAPTOP
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 17/11/2008
Time: 00:12:12
User: N/A
Computer: LAPTOP
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 17/11/2008
Time: 00:11:57
User: N/A
Computer: LAPTOP
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 17/11/2008
Time: 00:11:57
User: N/A
Computer: LAPTOP
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1001
Date: 11/11/2008
Time: 17:30:09
User: N/A
Computer: LAPTOP
Description:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F86B07F. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c7 04 00 00 Ç...



Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1001
Date: 07/11/2008
Time: 10:54:29
User: N/A
Computer: LAPTOP
Description:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F86B07F. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c7 04 00 00 Ç...


Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1001
Date: 26/10/2008
Time: 15:58:22
User: N/A
Computer: LAPTOP
Description:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F86B07F. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c7 04 00 00 Ç...


Event Type: Error
Event Source: SideBySide
Event Category: None
Event ID: 36
Date: 24/10/2008
Time: 18:48:05
User: N/A
Computer: LAPTOP
Description:
The assembly x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a has missing or invalid files; recovery of this assembly failed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 23/09/2008
Time: 01:03:04
User: LAPTOP\Christopher
Computer: LAPTOP
Description:
The server {ACF50018-41F8-476D-85FD-CD953DAE4A49} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


__________________________________________________

There are quite alot of Yellow Warnings?



Event Type: Warning
Event Source: Disk
Event Category: None
Event ID: 51
Date: 07/10/2008
Time: 21:01:50
User: N/A
Computer: LAPTOP
Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..€
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 97 d2 04 00 00 00 00 00 —Ò......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 4e 00 00 00 00 @..N....
0040: 00 20 0a 12 40 02 20 40 . ..@. @
0048: 00 00 01 00 0a 00 00 00 ........
0050: 00 00 00 00 30 b1 64 82 ....0±d‚
0058: 00 00 00 00 08 a0 b0 82 ..... °‚
0060: 00 00 00 00 00 9c 06 00 .....œ..
0068: 28 00 00 06 9c 00 00 00 (...œ...
0070: 80 00 00 00 00 00 00 00 €.......
0078: 00 00 00 00 00 00 00 00 ........
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
IrishGuy74
Regular Member
 
Posts: 40
Joined: August 31st, 2007, 6:28 pm

Re: might have a Dropper malware

Unread postby Odd dude » November 22nd, 2008, 5:28 am

Avast came up twice as saying it found a virus during that scan

That's normal - some of our tools use quite unorthodox methods to obtain information or fix items, and an antivirus might question that.

The Event Viewer logs don't tell me much, however I see:
  • A lot of program errors
  • A disk error

That said, I want to make sure this is not a hard drive problem.

Click Start>Run and enter the following:
Code: Select all
chkdsk c: /f /v /r >C:\CHKDSK.TXT

Enter Y for Yes when asked whether to scan on reboot.

Upon reboot, your system will be completely scanned by checkdisk. This will take about 30 minutes, depending on how large your hard drive is.
If you recieve any notice about bad clusters, inform me. Also, if I'm not mistaken the scan should create a log at C:\CHKDSK.TXT. If it isn't there, that's my fault. But if it is there, please post it.

You have TeaTimer running
This is good as TeaTimer protects you from many malicious changes to your registry. However, TeaTimer is a computer program, which has no way of distinguishing between good or malicious intentions; this means it might hinder the modifications I need to make to your system.

This means that TeaTimer will need to be disabled until you have been cleaned of malware.

  1. Right-click on the Tea Timer icon in your system tray. It looks like this: Image
  2. If you have the new version 1.5: click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked. The Spybot icon in the System tray should now be now colourless.
  3. If you have Version 1.4, Click on Exit Spybot S&D Resident

This is not enough, there is a second step attached:

  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go to the bottom of the vertical panel on the left and click Tools
  • Now, also in left panel, click Resident - the pictogram shows a red/white shield.
  • In the Resident protection status frame, uncheck the box labelled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

When I give you the all-clear post, remember to reenable it!

Now please click Start > Run and enter:
Code: Select all
gmer_uninstall.cmd

That will uninstall GMER - we won't need it anymore.

Your Java is old
Java gets updated for a reason: fixing security holes (and improving performance). It is important to update to the newest version.
First, you must remove the old version. To do this:
  • Click Start > Control Panel > Software
  • Once the Add/Remove list has loaded, scroll down to Java Runtime Environment <version number> and remove it.
  • Next, download and install the latest version from here. The site is a bit confusing; this is what you should do:
    • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 10.
    • Click the Download button to the right.
    • Choose the correct Platform. Also, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
    • Now, click Continue.
    • Click on the filename under Windows Offline Installation and save it to your desktop.
    • Now, close all other windows. Including Internet Explorer.
    • You can now install Java by double-clicking the executable you just downloaded.

Update your Adobe Reader
Your version of Adobe Reader is old and may contain security leaks. Please first uninstall the older version, then download and install the newest version from here.

OTScanIt
Now start OTScanIt. Copy and paste the below into the pane where it says Paste fix here and then click the Run Fix button.
Code: Select all
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02]
[Files/Folders - Created Within 30 days]
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> mbr.exe -> %SystemDrive%\mbr.exe

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.



OK - I don't see any real malware in there.
How is your computer behaving now?

Please inform me regarding the results of the checkdisk scan, and if it's present please post the contents of this log: C:\CHKDSK.txt
Also create a new OTScanIt log please

Also inform me how the computer is running.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: might have a Dropper malware

Unread postby IrishGuy74 » November 24th, 2008, 5:11 pm

I went into event viewer and then into application to view log??
[color=#FF0000]I also did a scan with Ad-ware after I completed what you requested and it came back with 9 redirected host file entries? I couldn't delete so I quarantined them :? [/color]

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 2184 unused index entries from index $SII of file 0x9.
Cleaning up 2184 unused index entries from index $SDH of file 0x9.
Cleaning up 2184 unused security descriptors.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

78148160 KB total disk space.
41954712 KB in 49951 files.
16020 KB in 4648 indexes.
0 KB in bad sectors.
135636 KB in use by the system.
65536 KB occupied by the log file.
36041792 KB available on disk.

4096 bytes in each allocation unit.
19537040 total allocation units on disk.
9010448 allocation units available on disk.

Internal Info:
60 f2 00 00 52 d5 00 00 32 1a 01 00 00 00 00 00 `...R...2.......
96 02 00 00 02 00 00 00 7b 0d 00 00 00 00 00 00 ........{.......
08 dc 60 01 00 00 00 00 46 90 7a 27 00 00 00 00 ..`.....F.z'....
f2 c7 15 0d 00 00 00 00 f8 ab 3e 29 03 00 00 00 ..........>)....
1a 1e 0d cd 01 00 00 00 14 f8 6f 33 05 00 00 00 ..........o3....
99 9e 36 00 00 00 00 00 90 38 07 00 1f c3 00 00 ..6......8......
00 00 00 00 00 60 b6 00 0a 00 00 00 28 12 00 00 .....`......(...

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6005
Date: 24/11/2008
Time: 20:40:43
User: N/A
Computer: LAPTOP
Description:
The Event log service was started.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.





The machine seems to be working grand and as requested here is the OTscanlt

Code: Select all
OTScanIt logfile created on: 24/11/2008 22:11:33
OTScanIt by OldTimer - Version 1.0.19.0     Folder = C:\Documents and Settings\Christopher\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
702.17 Mb Total Physical Memory | 316.22 Mb Available Physical Memory | 45.03% Memory free
1.68 Gb Paging File | 1.12 Gb Available in Paging File | 66.53% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 34.37 Gb Free Space | 46.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Christopher
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
wltrysvc.exe -> %SystemRoot%\system32\wltrysvc.exe ->  [Ver =  | Size = 18944 bytes | Modified Date = 20/01/2006 02:16:02 | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr =    ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr =    ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 08/10/2004 22:44:24 | Attr =    ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 08/10/2004 22:43:12 | Attr =    ]
vsnp2uvc.exe -> %SystemRoot%\vsnp2uvc.exe -> Sonix [Ver = 1, 0, 0, 3 | Size = 569344 bytes | Modified Date = 12/03/2007 18:49:16 | Attr =    ]
smoothview.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 118784 bytes | Modified Date = 12/05/2005 10:31:38 | Attr =    ]
padexe.exe -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077327 bytes | Modified Date = 17/11/2004 10:56:10 | Attr =    ]
ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 404 | Size = 962560 bytes | Modified Date = 22/04/2005 19:54:14 | Attr =    ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 28/06/2005 21:05:00 | Attr =    ]
launch~1.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 70, 41, 5 | Size = 217088 bytes | Modified Date = 13/12/2005 07:49:08 | Attr =    ]
toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 11/04/2005 11:26:06 | Attr =    ]
servic~1.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 70, 45, 1 | Size = 120320 bytes | Modified Date = 07/11/2005 09:09:18 | Attr =    ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
pcsync2.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> Time Information Services Ltd. [Ver = 2.00 (468) | Size = 1302528 bytes | Modified Date = 22/02/2006 15:18:10 | Attr =    ]
belkinwcui.exe -> %ProgramFiles%\Belkin\F5D7011\Belkinwcui.exe -> Belkin [Ver = 2, 1, 7, 48 | Size = 1572864 bytes | Modified Date = 18/04/2006 15:25:14 | Attr =    ]
mpapi3s.exe -> %CommonProgramFiles%\Nokia\MPAPI\MPAPI3s.exe -> Nokia Corporation [Ver = 6.70.161.0 | Size = 471040 bytes | Modified Date = 28/10/2005 12:54:50 | Attr =    ]
btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe ->  [Ver =  | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr =    ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 18/01/2005 00:38:38 | Attr =    ]
bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 4, 0 | Size = 1200128 bytes | Modified Date = 20/09/2005 09:28:16 | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr =    ]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 2.0.0.58 | Size = 76744 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 15/11/2008 23:59:03 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr =    ]
(BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe ->  [Ver =  | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr =    ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 18/01/2005 00:38:38 | Attr =    ]
(wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wltrysvc.exe ->  [Ver =  | Size = 18944 bytes | Modified Date = 20/01/2006 02:16:02 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 9.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 9.0.0.2008061200 | Size = 34672 bytes | Modified Date = 12/06/2008 02:38:00 | Attr =    ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe ["C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"] -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 28/06/2005 21:05:00 | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr =    ]
AVFX Engine -> %ProgramFiles%\Creative\Creative Live! Cam\VideoFX\StartFX.exe [C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe] -> Creative Technology Ltd. [Ver = 1.12.02.00 | Size = 24576 bytes | Modified Date = 16/08/2006 01:12:00 | Attr =    ]
CFSServ.exe ->  [CFSServ.exe -NoClient] -> File not found
dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =    ]
KernelFaultCheck ->  [%systemroot%\system32\dumprep 0 -k] -> File not found
NDSTray.exe ->  [NDSTray.exe] -> File not found
PadTouch -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077327 bytes | Modified Date = 17/11/2004 10:56:10 | Attr =    ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray] -> Nokia [Ver = 6, 70, 41, 5 | Size = 217088 bytes | Modified Date = 13/12/2005 07:49:08 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 11/12/2007 10:56:54 | Attr =    ]
SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 118784 bytes | Modified Date = 12/05/2005 10:31:38 | Attr =    ]
snp2uvc -> %SystemRoot%\vsnp2uvc.exe [C:\WINDOWS\vsnp2uvc.exe] -> Sonix [Ver = 1, 0, 0, 3 | Size = 569344 bytes | Modified Date = 12/03/2007 18:49:16 | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 136600 bytes | Modified Date = 24/11/2008 21:00:34 | Attr =    ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 08/10/2004 22:43:12 | Attr =    ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 08/10/2004 22:44:24 | Attr =    ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 23/05/2008 22:49:54 | Attr =    ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
PcSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe [C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (468) | Size = 1302528 bytes | Modified Date = 22/02/2006 15:18:10 | Attr =    ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 11/04/2005 11:26:06 | Attr =    ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 17:43:18 | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk -> %ProgramFiles%\Belkin\F5D7011\Belkinwcui.exe -> Belkin [Ver = 2, 1, 7, 48 | Size = 1572864 bytes | Modified Date = 18/04/2006 15:25:14 | Attr =    ]
< Christopher Startup Folder > -> C:\Documents and Settings\Christopher\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 01:12:19 | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 01:12:38 | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 01:12:24 | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 01:12:41 | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 46080 bytes | Modified Date = 29/06/2005 06:56:50 | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13/04/2008 19:40:46 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 50 bytes | Modified Date = 01/07/2008 17:53:31 | Attr =    ]
< HOSTS File > (287955 bytes and 9968 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5189 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 75128 bytes | Modified Date = 11/06/2008 22:33:16 | Attr =    ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 23/05/2008 22:50:06 | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15/09/2008 14:25:44 | Attr = RHS]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 23:09:42 | Attr =    ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 320920 bytes | Modified Date = 24/11/2008 21:00:36 | Attr =    ]
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 34816 bytes | Modified Date = 24/11/2008 21:00:34 | Attr =    ]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 73728 bytes | Modified Date = 24/11/2008 21:00:38 | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 23:09:42 | Attr =    ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15/09/2008 14:25:44 | Attr = RHS]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office12\EXCEL.EXE -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{20B8D8D4-9FCF-4337-8C59-030E6DBEFB2E} ->    () -> 
{4D20BC8D-50CD-476E-ABC5-BB2A9F944B7F} ->    () -> 
{94FCFDC5-07D1-47B9-956D-E54523B0517C} -> 87.250.98.250,87.250.97.250   (Belkin 802.11g Network Adapter) -> 
{B11C8138-6A10-42BC-9A35-F9FBA65CD05D} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211467345664[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214533828562[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{0291E591-EA41-4c82-8106-3DC6CE7F7664} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [HKLM: Installation Support; IsInstalled: 1] -> File not found
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [HKEY_LOCAL_MACHINE] -> C:\WINDOWS\system32\java.exe [(default): Java (Sun); IsInstalled: 1] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 144792 bytes | Modified Date = 24/11/2008 21:00:33 | Attr =    ]
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKEY_LOCAL_MACHINE] ->  [(default): Vector Graphics Rendering (VML); IsInstalled: 01 00 00 00  [binary data]] -> 
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] ->  [ComponentID: NetShow; IsInstalled: 1] -> 
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] ->  [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] -> 
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKEY_LOCAL_MACHINE] ->  [(default): DirectAnimation; IsInstalled: 1] -> 
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> 
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [HKLM: Installation Support; IsInstalled: 1] -> File not found
{347B0667-C7ED-429B-BDE3-CC8D3BACAA31} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [HKLM: Installation Support; IsInstalled: 1] -> File not found
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKEY_LOCAL_MACHINE] ->  [(default): Dynamic HTML Data Binding for Java; IsInstalled: 1] -> 
{3af36230-a269-11d1-b5bf-0000f8051515} [HKEY_LOCAL_MACHINE] ->  [(default): Offline Browsing Pack; IsInstalled: 1] -> 
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKEY_LOCAL_MACHINE] ->  [(default): Uniscribe; IsInstalled: 1] -> 
{411EDCF7-755D-414E-A74B-3DCD6583F589} [HKEY_LOCAL_MACHINE] ->  [(default): Microsoft .NET Framework 1.1 Service Pack 1 (KB867460); IsInstalled: 1] -> 
{4278c270-a269-11d1-b5bf-0000f8051515} [HKEY_LOCAL_MACHINE] ->  [(default): Advanced Authoring; IsInstalled: 1] -> 
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00  [binary data]] -> 
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] ->  [(default): DirectShow; IsInstalled: 1] -> 
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKEY_LOCAL_MACHINE] ->  [(default): DirectDrawEx; IsInstalled: 1] -> 
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKEY_LOCAL_MACHINE] ->  [(default): Internet Explorer Help; IsInstalled: 1] -> 
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKEY_LOCAL_MACHINE] ->  [(default): DirectAnimation Java Classes; IsInstalled: 1] -> 
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKEY_LOCAL_MACHINE] ->  [(default): Microsoft Windows Script 5.6; IsInstalled: 1] -> 
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] -> 
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKEY_LOCAL_MACHINE] ->  [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> 
{630b1da0-b465-11d1-9948-00c04f98bbc9} [HKEY_LOCAL_MACHINE] ->  [(default): Browsing Enhancements; IsInstalled: 1] -> 
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] -> 
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKEY_LOCAL_MACHINE] ->  [(default): MSN Site Access; IsInstalled: 1] -> 
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} [HKEY_LOCAL_MACHINE] ->  [(default): .NET Framework] -> 
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [StubPath] ->  [(default): Web Folders; IsInstalled: 1] -> 
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Address Book 6; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop Update; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] -> 
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> 
{8D1D0E9A-C799-4D28-9E29-0061D1E66E43} [HKEY_LOCAL_MACHINE] ->  [(default): Microsoft .NET Framework 1.1 Hotfix (KB928366); IsInstalled: 1] -> 
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKEY_LOCAL_MACHINE] ->  [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> 
{A17E30C4-A9BA-11D4-8673-60DB54C10000} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [HKLM: Yahoo! MailTo; IsInstalled: 1] -> File not found
{AA218328-0EA8-4D70-8972-E987A9190FF4} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [HKLM: Yahoo! Mail Attachment Control; IsInstalled: 1] -> File not found
{B508B3F1-A24A-32C0-B310-85786919EF28} [HKEY_LOCAL_MACHINE] ->  [(default): .NET Framework] -> 
{C9E9A340-D1F1-11D0-821E-444553540600} [HKEY_LOCAL_MACHINE] ->  [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> 
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKEY_LOCAL_MACHINE] ->  [(default): .NET Framework] -> 
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKEY_LOCAL_MACHINE] ->  [(default): Task Scheduler; IsInstalled: 1] -> 
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00  [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKEY_LOCAL_MACHINE] ->  [(default): Adobe Flash Player; IsInstalled: 01 00 00 00  [binary data]] -> 
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKEY_LOCAL_MACHINE] ->  [(default): HTML Help; IsInstalled: 1] -> 
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [ComponentID: Yahoo! Messenger; IsInstalled: 1] -> File not found
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKEY_LOCAL_MACHINE] ->  [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00  [binary data]] -> 
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): IE7 Uninstall Stub; IsInstalled: 1] -> 
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] -> 
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> 
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] -> 
< ActiveX StubPath [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [HKEY_LOCAL_MACHINE] ->  [HKLM: Microsoft NetShow Player] -> 
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKEY_LOCAL_MACHINE] ->  [HKLM: Windows Media Player] -> 
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
{4b218e3e-bc98-4770-93d3-2731b9329278} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKEY_LOCAL_MACHINE] ->  [HKLM: Windows Media Player] -> 
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
>{26923b43-4d38-484f-9b9e-de460746276c} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKEY_LOCAL_MACHINE] ->  [(no name)] -> 
InitiallyClear [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 
AcroRd32.exe -> %ProgramFiles%\Adobe\Reader 9.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe] -> Adobe Systems Incorporated [Ver = 9.0.0.2008061200 | Size = 349544 bytes | Modified Date = 12/06/2008 02:47:22 | Attr =    ]
ashAvast.exe -> %ProgramFiles%\Alwil Software\Avast4\ashAvast.exe [C:\Program Files\Alwil Software\Avast4\ashAvast.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 270520 bytes | Modified Date = 19/07/2008 15:28:35 | Attr =    ]
bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files\IVT Corporation\BlueSoleil\bluesoleil.exe] -> IVT Corporation [Ver = 1, 6, 4, 0 | Size = 1200128 bytes | Modified Date = 20/09/2005 09:28:16 | Attr =    ]
ccleaner.exe -> %ProgramFiles%\CCleaner\CCleaner.exe [C:\Program Files\CCleaner\ccleaner.exe] -> Piriform Ltd [Ver = 2, 11, 0, 636 | Size = 1234160 bytes | Modified Date = 22/08/2008 18:26:02 | Attr =    ]
CFSServ.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSServ.exe [C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe] -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 100 | Size = 794624 bytes | Modified Date = 13/04/2005 06:54:38 | Attr =    ]
cmmgr32.exe -> %SystemRoot%\system32\cmmgr32.exe [C:\WINDOWS\system32\cmmgr32.exe] -> File not found
CTRegSvr.exe -> %ProgramFiles%\Creative\Shared Files\CTRegSvr.exe [C:\Program Files\Creative\Shared Files\CTRegSvr.EXE] -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 24576 bytes | Modified Date = 12/08/2002 01:00:00 | Attr =    ]
EyeCatcherEx.dll -> %ProgramFiles%\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll [C:\Program Files\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll] ->  [Ver = 1, 6, 1, 3 | Size = 253952 bytes | Modified Date = 05/07/2006 14:37:00 | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe] -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 15/11/2008 23:59:03 | Attr =    ]
HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\HijackThis.exe [C:\Program Files\Trend Micro\HijackThis\hijackthis.exe] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 16/11/2008 01:31:32 | Attr =    ]
hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe ["C:\Program Files\Windows NT\hypertrm.exe"] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 28160 bytes | Modified Date = 04/08/2004 13:00:00 | Attr =    ]
install.exe -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 11/12/2007 12:10:18 | Attr =    ]
javaws.exe -> %ProgramFiles%\Java\jre6\bin\javaws.exe [C:\Program Files\Java\jre6\bin\javaws.exe] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 148888 bytes | Modified Date = 24/11/2008 21:00:33 | Attr =    ]
MsoHtmEd.exe -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
NDSTray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe [C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe] -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 404 | Size = 962560 bytes | Modified Date = 22/04/2005 19:54:14 | Attr =    ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE [C:\WINDOWS\ORUN32.EXE] -> File not found
PadExe.exe -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077327 bytes | Modified Date = 17/11/2004 10:56:10 | Attr =    ]
PCDiag.exe -> %ProgramFiles%\Toshiba\PCDiag\PCDiag.exe [C:\Program Files\TOSHIBA\PCDiag\PCDiag.exe] ->  [Ver =  | Size = 49152 bytes | Modified Date = 20/04/2004 17:49:06 | Attr =    ]
PictureViewer.exe -> %ProgramFiles%\QuickTime\PictureViewer.exe [C:\Program Files\QuickTime\PictureViewer.exe] -> Apple Inc. [Ver = 7.3.1 | Size = 483328 bytes | Modified Date = 11/12/2007 10:56:42 | Attr =    ]
pinball.exe -> %ProgramFiles%\Windows NT\Pinball\pinball.exe [C:\Program Files\Windows NT\Pinball\pinball.exe] -> Cinematronics [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 281088 bytes | Modified Date = 14/04/2008 01:12:31 | Attr =    ]
QuickTimePlayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe] -> Apple Inc. [Ver = 7.3.1 | Size = 6948144 bytes | Modified Date = 11/12/2007 10:57:36 | Attr =    ]
RealPlay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe] -> RealNetworks, Inc. [Ver = 11.0.0.446 | Size = 214560 bytes | Modified Date = 23/05/2008 22:49:57 | Attr =    ]
RecordNow.exe -> %ProgramFiles%\Sonic\RecordNow!\RecordNow.exe [C:\Program Files\Sonic\RecordNow!\RecordNow.exe] ->  [Ver = 7.31.21a | Size = 1961984 bytes | Modified Date = 22/06/2005 07:31:00 | Attr =    ]
rnxproc.exe -> %CommonProgramFiles%\Real\Update_OB\rnxproc.exe [C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe] -> RealNetworks, Inc. [Ver = 7.0.1.45 | Size = 58952 bytes | Modified Date = 23/05/2008 22:49:55 | Attr =    ]
setup.exe -> %ProgramFiles%\Belkin\F5D7051\setup.exe [C:\Program Files\Belkin\F5D7051\setup.exe] -> File not found
SightSpeed.exe -> %ProgramFiles%\SightSpeed\SightSpeed.exe [C:\Program Files\SightSpeed\SightSpeed.exe] -> SightSpeed Inc. [Ver = 6, 0, 0, 6536 | Size = 4725560 bytes | Modified Date = 20/06/2008 06:22:00 | Attr =    ]
SmoothView.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 118784 bytes | Modified Date = 12/05/2005 10:31:38 | Attr =    ]
table30.exe -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
TInTouch.exe -> %ProgramFiles%\Toshiba\TOSHIBA Assist\TInTouch.exe [C:\Program Files\TOSHIBA\TOSHIBA Assist\TInTouch.exe] -> TOSHIBA Corporation [Ver = 1.03.00 | Size = 524288 bytes | Modified Date = 28/02/2005 15:51:16 | Attr =    ]
TOSCDSPD.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 11/04/2005 11:26:06 | Attr =    ]
VideoMerge.exe -> %ProgramFiles%\SightSpeed\VideoMerge.exe [C:\Program Files\SightSpeed\VideoMerge.exe] -> SightSpeed Inc. [Ver = 6, 0, 0, 6536 | Size = 298808 bytes | Modified Date = 20/06/2008 06:22:08 | Attr =    ]
WinDVD.exe -> %ProgramFiles%\InterVideo\WinDVD\WinDVD.exe [C:\Program Files\InterVideo\WinDVD\WinDVD.exe] -> InterVideo Inc. [Ver = 5.0.11.475 | Size = 102400 bytes | Modified Date = 12/12/2004 01:21:44 | Attr =    ]
winnt32.exe -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
yourapp.Exe -> %ProgramFiles%\Teaching-you\Teaching-you 31 Languages\yourapp.Exe [C:\Program Files\Teaching-you\Teaching-you 31 Languages\yourapp.Exe] -> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> 
{2F5AC606-70CF-461C-BFE1-6063670C3484} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Toshiba\TouchED\TouchED.DLL [Display CPL Extension] -> TOSHIBA Inc. [Ver = 1, 5, 4, 0 | Size = 131072 bytes | Modified Date = 23/07/2005 04:43:38 | Attr =    ]
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 5947482 bytes | Modified Date = 08/10/2004 22:38:16 | Attr =    ]
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [PhoneBrowser] -> Nokia [Ver = 6, 70, 24, 4 | Size = 516096 bytes | Modified Date = 28/11/2005 10:23:46 | Attr =    ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKEY_LOCAL_MACHINE] ->  [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 73912 bytes | Modified Date = 19/07/2008 15:30:42 | Attr =    ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\YMMAPI.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2005, 1, 1, 12 | Size = 285464 bytes | Modified Date = 28/06/2007 22:41:00 | Attr =    ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =    ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Shell extensions for file compression] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 04/08/2004 13:00:00 | Attr =    ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 132392 bytes | Modified Date = 11/12/2007 12:10:28 | Attr =    ]
{C0C4375A-5B72-4efe-929D-3B848C3A1E91} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Nokia\Nokia PC Suite 6\MessageView.dll [Message View] -> Nokia [Ver = 6, 70, 98, 3 | Size = 256512 bytes | Modified Date = 11/11/2005 12:11:44 | Attr =    ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Sonic\RecordNow!\shlext.dll [RecordNow! SendToExt] ->  [Ver = 7.0.0.0 | Size = 73728 bytes | Modified Date = 22/06/2005 07:31:00 | Attr =    ]
{E91B2703-013E-4A99-AD33-2B6FB00AA356} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Sonic\RecordNow!\shlext.dll [RecordNow! ContextMenuExt] ->  [Ver = 7.0.0.0 | Size = 73728 bytes | Modified Date = 22/06/2005 07:31:00 | Attr =    ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.2.44 | Size = 63040 bytes | Modified Date = 23/05/2008 22:49:58 | Attr =    ]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 01:12:00 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14/04/2008 01:11:56 | Attr =    ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 01:12:00 | Attr =    ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14/04/2008 01:12:08 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 856 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 14/04/2008 01:12:02 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 8E F4 37 C3 5C 8B F1 D9 8E 2E C7 28 AB 1A 1C 68 32 37 39 61 33 35 63 33 00 00 00 00 1B 0B 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 54 81 71 00 FB 93 9A 22 2E 79 93 27  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 80 C1 F9 56 2E BB D1 FC C7  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 1B A4 6B 7E 85 C5  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 04/08/2004 13:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 6B 86 00 BB EE 0B 3C 07 D5 3A F7 47 28 6B 97 4D  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> A4 34 24 C3 1D BC C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8538 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 01:11:55 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toshiba\ConfigFree\CFXFER.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFXFER.exe [C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine] -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 23 | Size = 901120 bytes | Modified Date = 03/03/2005 22:21:06 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil] -> IVT Corporation [Ver = 1, 6, 4, 0 | Size = 1200128 bytes | Modified Date = 20/09/2005 09:28:16 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 11/12/2007 12:10:18 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 17:43:18 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 30/08/2007 17:43:18 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SightSpeed\SightSpeed.exe -> %ProgramFiles%\SightSpeed\SightSpeed.exe [C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed] -> SightSpeed Inc. [Ver = 6, 0, 0, 6536 | Size = 4725560 bytes | Modified Date = 20/06/2008 06:22:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 15/11/2008 23:59:03 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 11.0.0.446 | Size = 214560 bytes | Modified Date = 23/05/2008 22:49:57 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe -> E:\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe [E:\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Disabled:DarkCrusade] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 01:12:11 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 01:12:04 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 14/04/2008 01:12:04 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 14/04/2008 01:12:38 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 01:12:04 | Attr =    ]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
< ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ -> 
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 9.0.0.2008061100 | Size = 378200 bytes | Modified Date = 11/06/2008 22:49:10 | Attr =    ]
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shell\ -> 
sdfiles -> %ProgramFiles%\Spybot - Search & Destroy\SDFiles.exe ["C:\Program Files\Spybot - Search & Destroy\SDFiles.exe" "%1" /ask] -> Safer Networking Limited [Ver = 1.6.0.4 | Size = 1430016 bytes | Modified Date = 07/07/2008 09:36:46 | Attr =    ]
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ -> 
(avast):{472083B0-C522-11CF-8763-00608CC02F24} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 73912 bytes | Modified Date = 19/07/2008 15:30:42 | Attr =    ]
(Yahoo! Mail):{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\YMMAPI.dll [Yahoo! Mail Shell Extension] -> Yahoo! Inc. [Ver = 2005, 1, 1, 12 | Size = 285464 bytes | Modified Date = 28/06/2007 22:41:00 | Attr =    ]
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shell\ -> 
sdfiles -> %ProgramFiles%\Spybot - Search & Destroy\SDFiles.exe ["C:\Program Files\Spybot - Search & Destroy\SDFiles.exe" "%1" /ask] -> Safer Networking Limited [Ver = 1.6.0.4 | Size = 1430016 bytes | Modified Date = 07/07/2008 09:36:46 | Attr =    ]
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ -> 
(avast):{472083B0-C522-11CF-8763-00608CC02F24} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 73912 bytes | Modified Date = 19/07/2008 15:30:42 | Attr =    ]
< ControlSets > 
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 3 -> 
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
0 -> [Key] -> 
0 -> FriendlyName = My Current Home Page -> 
0 -> Source = About:Home -> 
0 -> SubscribedURL = About:Home -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %SystemDrive%\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 4, 0 | Size = 1200128 bytes | Modified Date = 20/09/2005 09:28:16 | Attr =    ]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/12/2007 12:10:26 | Attr =    ]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< IE Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\MinorVersion -> 0 -> 
*CodeBaseSearchPath* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\CodeBaseSearchPath -> 
CODEBASE ->  -> File not found
<http://activex.microsoft.com/objects/ocget.dll> ->  -> File not found
<http://codecs.microsoft.com/isapi/ocget.dll> ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\UrlEncoding -> 0x00000000 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ActiveXCache -> C:\WINDOWS\Downloaded Program Files -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\EnablePunycode -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\WarnOnIntranet -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Subscription Folder\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ -> -> 
< IE SafeSites Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites\\ie.search.msn.com -> http://ie.search.msn.com/* -> 
< IE Template Policies Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\TemplateIndex -> 73728 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\DisplayName -> High safety (very secure) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\Description -> Exclude content that could damage your computer. -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001205] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1001 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1200 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1400 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1402 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1405 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1406 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1407 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1601 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1604 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1606 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1607 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1608 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1800 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1802 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1803 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1804 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1809 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A00 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A02 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A03 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A04 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A05 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A06 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1C00 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1E05 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2100 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2101 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2102 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2200 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2300 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2000 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2001 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\180B -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1206 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1207 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1208 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1209 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\120A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1408 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\160A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1806 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2103 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2104 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2105 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2301 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2400 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2401 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2402 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2600 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2007 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\TemplateIndex -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\DisplayName -> Low safety (very insecure) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\Description -> Do not warn before running potentially damaging content. -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001207] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1001 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1004 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1201 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1405 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1406 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1407 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1601 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1604 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1606 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1607 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1608 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1800 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1802 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1803 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1804 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1809 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A00 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A02 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A03 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A04 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A05 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A06 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1C00 -> 196608 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1E05 -> 196608 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2100 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2101 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2102 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2201 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2300 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2000 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2001 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2004 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1206 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1207 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1208 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1209 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\120A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1408 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\160A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1806 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2103 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2104 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2105 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2301 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2401 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2600 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2007 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1001 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1206 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1207 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1208 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1209 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\120A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1405 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1406 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1407 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1408 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1601 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1604 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1606 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1607 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1608 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\160A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1800 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1802 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1803 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1804 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1806 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1809 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A00 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A02 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A03 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A04 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A05 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A06 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1C00 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1E05 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2000 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2100 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2101 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2102 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2103 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2104 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2105 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2200 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2300 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2301 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2401 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2600 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\Description -> Help prevent malware from accessing your computer. -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\DisplayName -> Internet recommended safety (medium high security) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001206] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\TemplateIndex -> 70912 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2001 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2004 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2007 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\TemplateIndex -> 69632 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\DisplayName -> Medium safety (medium security) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\Description -> Warn before running potentially damaging content. -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001206] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1001 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1405 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1406 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1407 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1601 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1604 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1606 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1607 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1608 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1800 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1802 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1803 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1804 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1809 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A00 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A02 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A03 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A04 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A05 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A06 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1C00 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1E05 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2100 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2101 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2102 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2200 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2300 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2000 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2001 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2004 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1206 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1207 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1208 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1209 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\120A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1408 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\160A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1806 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2103 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2104 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2105 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2301 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2401 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2600 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2007 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\TemplateIndex -> 66816 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\DisplayName -> Intranet recommended safety (less secure) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\Description -> Recommended for intranet. -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001206] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1001 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1405 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1406 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1407 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1601 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1604 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1606 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1607 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1608 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1800 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1802 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1803 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1804 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1809 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A00 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A02 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A03 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A04 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A05 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A06 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1C00 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1E05 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2100 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2101 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2102 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2201 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2300 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2000 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2001 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2004 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1206 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1207 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1208 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1209 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\120A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1408 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\160A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1806 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2103 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2104 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2105 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2301 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2401 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2600 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2007 -> 65536 -> 
< IE Zones Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\DisplayName -> Computer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\Description -> Your computer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\Icon -> %SystemRoot%\explorer.exe [explorer.exe#0100] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 01:12:19 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\CurrentLevel -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\Flags -> 33 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1001 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1004 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1201 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1206 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1405 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1406 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1407 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1601 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1604 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1606 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1607 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1608 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1800 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1802 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1803 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1804 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1805 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1806 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1807 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1808 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1809 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A00 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A02 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A03 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A04 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A05 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A06 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A10 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1C00 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1E05 -> 196608 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2100 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2101 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2102 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2201 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2300 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2000 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2001 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\180D -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1207 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1208 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1209 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\120A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1408 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\160A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\180A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\180C -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2103 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2104 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2105 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2301 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2401 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2500 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2600 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005422] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\PMDisplayName -> Computer [Protected Mode] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2007 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\DisplayName -> Local intranet -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\Description -> This zone is for all websites that are found on your intranet. -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\Icon -> %SystemRoot%\system32\shell32.dll [shell32.dll#0018] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\CurrentLevel -> 66816 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\MinLevel -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\RecommendedLevel -> 66816 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\Flags -> 323 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1001 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1206 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1405 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1406 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1407 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1601 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1604 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1606 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1607 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1608 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1800 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1802 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1803 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1804 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1805 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1806 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1807 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1808 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1809 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A00 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A02 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A03 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A04 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A05 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A06 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A10 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1C00 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1E05 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2100 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2101 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2102 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2201 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2300 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2000 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2001 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2004 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\180D -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1207 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1208 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1209 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\120A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1408 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\160A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\180A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\180C -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2103 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2104 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2105 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2301 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2401 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2500 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2600 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005423] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\PMDisplayName -> Local intranet [Protected Mode] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2007 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\DisplayName -> Trusted sites -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\Description -> This zone contains web sites that you trust not to damage your computer or your files -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\Icon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#00004480] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\CurrentLevel -> 69632 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\MinLevel -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\RecommendedLevel -> 69632 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\Flags -> 71 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1001 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1206 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1405 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1406 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1407 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1601 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1604 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1606 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1607 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1608 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1800 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1802 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1803 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1804 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1805 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1806 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1807 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1808 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1809 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A00 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A02 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A03 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A04 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A05 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A06 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A10 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1C00 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1E05 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2100 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2101 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2102 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2200 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2300 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2000 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2001 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2004 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\180D -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1207 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1208 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1209 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\120A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1408 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\160A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\180A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\180C -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2103 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2104 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2105 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2301 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2401 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2500 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2600 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005424] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\PMDisplayName -> Trusted sites [Protected Mode] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2007 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\DisplayName -> Internet -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\Description -> This zone is for Internet websites, except those listed in trusted and restricted zones. -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\Icon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#001313] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\CurrentLevel -> 70912 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\MinLevel -> 69632 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\RecommendedLevel -> 70912 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\Flags -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1001 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1200 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1206 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1405 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1406 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1407 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1601 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1604 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1606 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1607 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1608 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1800 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1802 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1803 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1804 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1805 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1806 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1807 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1808 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1809 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A00 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A02 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A03 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A04 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A05 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A06 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A10 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1C00 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1E05 -> 131072 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2100 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2101 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2102 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2200 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2300 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2000 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2001 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2004 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\180D -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1207 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1208 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1209 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\120A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1408 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\160A -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\180A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\180C -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2103 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2104 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2105 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2301 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2400 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2401 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2402 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2500 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2600 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005425] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\PMDisplayName -> Internet [Protected Mode] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2007 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\DisplayName -> Restricted sites -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\Description -> This zone is for websites that might damage your computer or your files. -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\Icon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#00004481] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\CurrentLevel -> 73728 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\MinLevel -> 73728 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\RecommendedLevel -> 73728 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\Flags -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1001 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1200 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1206 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1400 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1402 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1405 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1406 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1407 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1601 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1604 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1605 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1606 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1607 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1608 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1609 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1800 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1802 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1803 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1804 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1805 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1806 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1807 -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1808 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1809 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A00 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A02 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A03 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A04 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A05 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A06 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A10 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1C00 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1E05 -> 65536 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2100 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2101 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2102 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2200 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2201 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2300 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2000 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2001 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2004 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\180B -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\180D -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1207 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1208 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1209 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\120A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1408 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\160A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\180A -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\180C -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2103 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2104 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2105 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2301 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2400 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2401 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2402 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2500 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2600 -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005426] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\PMDisplayName -> Restricted sites [Protected Mode] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2007 -> 3 -> 
< IE Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\MinorVersion -> 0 -> 
*CodeBaseSearchPath* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\CodeBaseSearchPath -> 
CODEBASE ->  -> File not found
<http://activex.microsoft.com/objects/ocget.dll> ->  -> File not found
<http://codecs.microsoft.com/isapi/ocget.dll> ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\UrlEncoding -> 0x00000000 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ActiveXCache -> C:\WINDOWS\Downloaded Program Files -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\EnablePunycode -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\WarnOnIntranet -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Subscription Folder\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ -> -> 
< IE SafeSites Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites\\ie.search.msn.com -> http://ie.search.msn.com/* -> 
< IE Template Policies Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\TemplateIndex -> 73728 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\DisplayName -> High safety (very secure) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\Description -> Exclude content that could damage your computer. -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001205] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1001 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1200 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1400 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1402 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1405 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1406 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1407 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1601 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1604 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1606 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1607 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1608 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1800 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1802 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1803 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1804 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1809 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A00 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A02 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A03 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A04 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A05 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1A06 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1C00 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1E05 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2100 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2101 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2102 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2200 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2300 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2000 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2001 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\180B -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1206 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1207 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1208 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1209 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\120A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1408 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\160A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\1806 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2103 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2104 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2105 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2301 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2400 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2401 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2402 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2600 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High\\2007 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\TemplateIndex -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\DisplayName -> Low safety (very insecure) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\Description -> Do not warn before running potentially damaging content. -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001207] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1001 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1004 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1201 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1405 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1406 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1407 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1601 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1604 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1606 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1607 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1608 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1800 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1802 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1803 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1804 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1809 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A00 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A02 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A03 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A04 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A05 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1A06 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1C00 -> 196608 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1E05 -> 196608 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2100 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2101 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2102 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2201 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2300 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2000 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2001 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2004 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1206 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1207 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1208 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1209 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\120A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1408 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\160A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\1806 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2103 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2104 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2105 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2301 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2401 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2600 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low\\2007 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1001 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1206 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1207 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1208 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1209 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\120A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1405 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1406 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1407 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1408 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1601 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1604 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1606 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1607 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1608 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\160A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1800 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1802 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1803 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1804 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1806 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1809 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A00 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A02 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A03 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A04 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A05 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1A06 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1C00 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\1E05 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2000 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2100 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2101 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2102 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2103 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2104 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2105 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2200 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2300 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2301 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2401 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2600 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\Description -> Help prevent malware from accessing your computer. -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\DisplayName -> Internet recommended safety (medium high security) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001206] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\TemplateIndex -> 70912 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2001 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2004 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh\\2007 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\TemplateIndex -> 69632 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\DisplayName -> Medium safety (medium security) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\Description -> Warn before running potentially damaging content. -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001206] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1001 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1405 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1406 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1407 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1601 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1604 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1606 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1607 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1608 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1800 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1802 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1803 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1804 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1809 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A00 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A02 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A03 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A04 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A05 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1A06 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1C00 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1E05 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2100 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2101 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2102 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2200 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2300 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2000 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2001 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2004 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1206 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1207 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1208 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1209 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\120A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1408 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\160A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\1806 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2103 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2104 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2105 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2301 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2401 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2600 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Medium\\2007 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\TemplateIndex -> 66816 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\DisplayName -> Intranet recommended safety (less secure) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\Description -> Recommended for intranet. -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\Icon -> %SystemRoot%\system32\wininet.dll [wininet.dll#00001206] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1001 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1405 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1406 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1407 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1601 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1604 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1606 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1607 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1608 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1800 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1802 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1803 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1804 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1809 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A00 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A02 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A03 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A04 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A05 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1A06 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1C00 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1E05 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2100 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2101 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2102 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2201 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2300 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2000 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2001 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2004 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1206 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1207 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1208 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1209 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\120A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1408 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\160A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\1806 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2103 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2104 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2105 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2301 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2401 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2600 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow\\2007 -> 65536 -> 
< IE Zones Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\DisplayName -> Computer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\Description -> Your computer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\Icon -> %SystemRoot%\explorer.exe [explorer.exe#0100] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 01:12:19 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\CurrentLevel -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\Flags -> 33 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1001 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1004 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1201 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1206 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1405 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1406 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1407 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1601 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1604 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1606 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1607 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1608 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1800 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1802 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1803 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1804 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1805 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1806 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1807 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1808 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1809 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A00 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A02 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A03 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A04 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A05 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A06 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1A10 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1C00 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1E05 -> 196608 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2100 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2101 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2102 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2201 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2300 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2000 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2001 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\180D -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1207 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1208 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1209 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\120A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1408 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\160A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\180A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\180C -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2103 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2104 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2105 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2301 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2401 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2500 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2600 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005422] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\PMDisplayName -> Computer [Protected Mode] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\2007 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\DisplayName -> Local intranet -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\Description -> This zone is for all websites that are found on your intranet. -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\Icon -> %SystemRoot%\system32\shell32.dll [shell32.dll#0018] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\CurrentLevel -> 66816 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\MinLevel -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\RecommendedLevel -> 66816 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\Flags -> 323 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1001 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1206 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1405 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1406 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1407 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1601 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1604 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1606 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1607 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1608 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1800 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1802 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1803 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1804 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1805 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1806 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1807 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1808 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1809 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A00 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A02 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A03 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A04 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A05 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A06 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1A10 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1C00 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1E05 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2100 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2101 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2102 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2201 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2300 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2000 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2001 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2004 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\180D -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1207 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1208 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1209 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\120A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1408 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\160A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\180A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\180C -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2103 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2104 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2105 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2301 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2401 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2500 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2600 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005423] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\PMDisplayName -> Local intranet [Protected Mode] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\2007 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\DisplayName -> Trusted sites -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\Description -> This zone contains web sites that you trust not to damage your computer or your files -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\Icon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#00004480] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\CurrentLevel -> 69632 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\MinLevel -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\RecommendedLevel -> 69632 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\Flags -> 71 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1001 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1206 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1405 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1406 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1407 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1601 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1604 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1606 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1607 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1608 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1800 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1802 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1803 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1804 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1805 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1806 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1807 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1808 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1809 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A00 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A02 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A03 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A04 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A05 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A06 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1A10 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1C00 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1E05 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2100 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2101 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2102 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2200 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2300 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2000 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2001 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2004 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\180D -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1207 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1208 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1209 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\120A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1408 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\160A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\180A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\180C -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2103 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2104 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2105 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2301 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2401 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2500 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2600 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005424] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\PMDisplayName -> Trusted sites [Protected Mode] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\2007 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\DisplayName -> Internet -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\Description -> This zone is for Internet websites, except those listed in trusted and restricted zones. -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\Icon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#001313] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\CurrentLevel -> 70912 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\MinLevel -> 69632 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\RecommendedLevel -> 70912 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\Flags -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1001 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1200 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1206 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1405 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1406 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1407 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1601 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1604 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1606 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1607 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1608 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1800 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1802 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1803 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1804 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1805 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1806 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1807 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1808 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1809 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A00 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A02 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A03 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A04 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A05 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A06 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1A10 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1C00 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1E05 -> 131072 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2100 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2101 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2102 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2200 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2300 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2000 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2001 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2004 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\180D -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1207 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1208 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1209 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\120A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1408 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\160A -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\180A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\180C -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2103 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2104 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2105 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2301 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2400 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2401 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2402 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2500 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2600 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005425] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\PMDisplayName -> Internet [Protected Mode] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\2007 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\ ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\DisplayName -> Restricted sites -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\Description -> This zone is for websites that might damage your computer or your files. -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\Icon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#00004481] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\CurrentLevel -> 73728 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\MinLevel -> 73728 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\RecommendedLevel -> 73728 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\Flags -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1001 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1200 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1206 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1400 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1402 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1405 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1406 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1407 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1601 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1604 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1605 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1606 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1607 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1608 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1609 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1800 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1802 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1803 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1804 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1805 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1806 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1807 -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1808 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1809 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A00 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A02 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A03 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A04 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A05 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A06 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1A10 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1C00 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1E05 -> 65536 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2100 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2101 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2102 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2200 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2201 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2300 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2000 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2001 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2004 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\180B -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\180D -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1207 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1208 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1209 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\120A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\1408 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\160A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\180A -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\180C -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2103 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2104 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2105 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2301 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2400 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2401 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2402 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2500 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2600 -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\LowIcon -> %SystemRoot%\system32\inetcpl.cpl [inetcpl.cpl#005426] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1831424 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\PMDisplayName -> Restricted sites [Protected Mode] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\\2007 -> 3 -> 
< MountPoints2 > -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cdae1de-5993-11dd-aa3e-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cdae1de-5993-11dd-aa3e-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{151b7cbc-8e56-11dd-aa99-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{151b7cbc-8e56-11dd-aa99-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed157c8-4da0-11dd-aa2a-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed157c8-4da0-11dd-aa2a-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22dc11d8-2cf7-11dd-a9f1-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22dc11d8-2cf7-11dd-a9f1-0011675f4a1d}\Shell\\ -> Open -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22dc11db-2cf7-11dd-a9f1-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22dc11db-2cf7-11dd-a9f1-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47d547f4-29c6-11dd-a9e8-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47d547f4-29c6-11dd-a9e8-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47d547f9-29c6-11dd-a9e8-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47d547f9-29c6-11dd-a9e8-0011675f4a1d}\Shell\\ -> AutoRun -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47d547fd-29c6-11dd-a9e8-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47d547fd-29c6-11dd-a9e8-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57cedcdc-3cb4-11dd-aa07-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57cedcdc-3cb4-11dd-aa07-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6507fe0e-ba65-11dd-aaeb-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6507fe0e-ba65-11dd-aaeb-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7709c702-4627-11dd-aa16-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7709c702-4627-11dd-aa16-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7709c703-4627-11dd-aa16-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7709c703-4627-11dd-aa16-0011675f4a1d}\Shell\\ -> AutoRun -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7709c707-4627-11dd-aa16-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7709c707-4627-11dd-aa16-0011675f4a1d}\Shell\\ -> AutoRun -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0d7453-9551-11dd-aaa2-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0d7453-9551-11dd-aaa2-0011675f4a1d}\Shell\\ -> Open -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daac3f92-2e4e-11dd-a9f5-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daac3f92-2e4e-11dd-a9f5-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f84e0f91-60c9-11dd-aa4b-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f84e0f91-60c9-11dd-aa4b-0011675f4a1d}\Shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffdb1cb2-9068-11dd-aa9d-0011675f4a1d}\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffdb1cb2-9068-11dd-aa9d-0011675f4a1d}\Shell\\ -> None -> 
< NeverShowExt [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Classes\ -> 
lnkfile\\NeverShowExt ->  -> 
piffile\\NeverShowExt ->  -> 
SHCmdFile\\NeverShowExt ->  -> 
< Hidden File Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\\Text -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30499] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\\Type -> group -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\\Bitmap -> %SystemRoot%\system32\shell32.dll [%SystemRoot%\system32\SHELL32.dll,4] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\\HelpID -> shell.hlp#51131 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\Text -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30501] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\Type -> radio -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\CheckedValue -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\ValueName -> Hidden -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\DefaultValue -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\HelpID -> shell.hlp#51104 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\Text -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30500] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\Type -> radio -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\ValueName -> Hidden -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\DefaultValue -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\HelpID -> shell.hlp#51105 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\Type -> checkbox -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\Text -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30503] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\ValueName -> HideFileExt -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\DefaultValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\HelpID -> shell.hlp#51101 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\Type -> checkbox -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\Text -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30508] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\WarningIfNotDefault -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-28964] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\ValueName -> ShowSuperHidden -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\CheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\UncheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\HelpID -> shell.hlp#51103 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\ ->  -> 
< Hidden File Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
< Hidden File Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideFileExt -> 0 -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
AlternateShell -> cmd.exe -> 
< Security Settings > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> 
Rpcss -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 01:12:04 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> %SystemRoot%\system32\qmgr.dll [C:\WINDOWS\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.7.2600.5512 (xpsp.080413-2108) | Size = 409088 bytes | Modified Date = 14/04/2008 01:12:03 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8538 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 01:11:55 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toshiba\ConfigFree\CFXFER.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFXFER.exe [C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine] -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 23 | Size = 901120 bytes | Modified Date = 03/03/2005 22:21:06 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil] -> IVT Corporation [Ver = 1, 6, 4, 0 | Size = 1200128 bytes | Modified Date = 20/09/2005 09:28:16 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 11/12/2007 12:10:18 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 17:43:18 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 30/08/2007 17:43:18 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SightSpeed\SightSpeed.exe -> %ProgramFiles%\SightSpeed\SightSpeed.exe [C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed] -> SightSpeed Inc. [Ver = 6, 0, 0, 6536 | Size = 4725560 bytes | Modified Date = 20/06/2008 06:22:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 15/11/2008 23:59:03 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 11.0.0.446 | Size = 214560 bytes | Modified Date = 23/05/2008 22:49:57 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe -> E:\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe [E:\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Disabled:DarkCrusade] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 01:12:11 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> 
BootExecute -> autocheck autochk *;lsdelete; -> 
ExcludeFromKnownDlls ->  -> 
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> 
\Windows ->  -> File not found
\RPC Control ->  -> File not found
*MultiFile Done* -> -> 
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> 
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 389120 bytes | Modified Date = 14/04/2008 01:12:14 | Attr =    ]
TEMP -> %SystemRoot%\TEMP -> 
TMP -> %SystemRoot%\TEMP -> 
windir -> %SystemRoot% -> 
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> 
%SystemRoot%\system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 24/11/2008 21:22:34 | Attr =    ]
%SystemRoot% -> %SystemRoot% ->  [Folder | Modified Date = 24/11/2008 21:18:05 | Attr =    ]
%SystemRoot%\System32\Wbem -> %SystemRoot%\system32\wbem ->  [Folder | Modified Date = 22/05/2008 16:08:47 | Attr =    ]
C:\Program Files\ATI Technologies\ATI Control Panel ->  -> File not found
C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem ->  [Folder | Modified Date = 28/05/2008 21:50:13 | Attr =    ]
*MultiFile Done* -> -> 
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> 
.COM ->  -> File not found
.EXE ->  -> File not found
.BAT ->  -> File not found
.CMD ->  -> File not found
.VBS ->  -> File not found
.VBE ->  -> File not found
.JS ->  -> File not found
.JSE ->  -> File not found
.WSF ->  -> File not found
.WSH ->  -> File not found
*MultiFile Done* -> -> 
< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> 
< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> 
advapi32 -> C:\WINDOWS\system32\advapi32.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 617472 bytes | Modified Date = 14/04/2008 01:11:48 | Attr =    ]
comdlg32 -> C:\WINDOWS\system32\comdlg32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 276992 bytes | Modified Date = 14/04/2008 01:11:51 | Attr =    ]
DllDirectory -> C:\WINDOWS\system32 ->  [Folder | Modified Date = 24/11/2008 21:22:34 | Attr =    ]
gdi32 -> C:\WINDOWS\system32\gdi32.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 285184 bytes | Modified Date = 14/04/2008 01:11:54 | Attr =    ]
imagehlp -> C:\WINDOWS\system32\imagehlp.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 144384 bytes | Modified Date = 14/04/2008 01:11:54 | Attr =    ]
kernel32 -> C:\WINDOWS\system32\kernel32.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 989696 bytes | Modified Date = 14/04/2008 01:11:56 | Attr =    ]
lz32 -> C:\WINDOWS\system32\lz32.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 2560 bytes | Modified Date = 04/08/2004 13:00:00 | Attr =    ]
ole32 -> C:\WINDOWS\system32\ole32.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 1287168 bytes | Modified Date = 14/04/2008 01:12:02 | Attr =    ]
oleaut32 -> C:\WINDOWS\system32\oleaut32.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 | Size = 551936 bytes | Modified Date = 14/04/2008 01:12:02 | Attr =    ]
olecli32 -> C:\WINDOWS\system32\olecli32.dll -> Microsoft Corporation [Ver = 1.07 (xpsp.080413-2108) | Size = 74752 bytes | Modified Date = 14/04/2008 01:12:02 | Attr =    ]
olecnv32 -> C:\WINDOWS\system32\olecnv32.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 37376 bytes | Modified Date = 14/04/2008 01:12:02 | Attr =    ]
olesvr32 -> C:\WINDOWS\system32\olesvr32.dll -> Microsoft Corporation [Ver = 1.09 (XPClient.010817-1148) | Size = 22016 bytes | Modified Date = 04/08/2004 13:00:00 | Attr =    ]
olethk32 -> C:\WINDOWS\system32\olethk32.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 69120 bytes | Modified Date = 04/08/2004 13:00:00 | Attr =    ]
rpcrt4 -> C:\WINDOWS\system32\rpcrt4.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 584704 bytes | Modified Date = 14/04/2008 01:12:04 | Attr =    ]
shell32 -> C:\WINDOWS\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr =    ]
url -> C:\WINDOWS\system32\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 105984 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
urlmon -> C:\WINDOWS\system32\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 1159680 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
user32 -> C:\WINDOWS\system32\user32.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 578560 bytes | Modified Date = 14/04/2008 01:12:08 | Attr =    ]
version -> C:\WINDOWS\system32\version.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 18944 bytes | Modified Date = 14/04/2008 01:12:08 | Attr =    ]
wininet -> C:\WINDOWS\system32\wininet.dll -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 826368 bytes | Modified Date = 26/08/2008 08:24:31 | Attr =    ]
wldap32 -> C:\WINDOWS\system32\wldap32.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 172032 bytes | Modified Date = 14/04/2008 01:12:09 | Attr =    ]
< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC -> 
CommonFilesDir -> C:\Program Files\Common Files ->  [Folder | Modified Date = 24/11/2008 21:12:02 | Attr =    ]
ProgramFilesDir -> C:\Program Files ->  [Folder | Modified Date = 24/11/2008 21:03:55 | Attr = R  ]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> File not found
cmdfile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
http [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 15/11/2008 23:59:03 | Attr =    ]
https [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 15/11/2008 23:59:03 | Attr =    ]
piffile [open] -> "%1" %* -> File not found
regfile [merge] -> Reg Error: Key does not exist or could not be opened.
scrfile [config] -> "%1" -> File not found
scrfile [open] -> "%1" /S -> File not found
txtfile [edit] -> Reg Error: Key does not exist or could not be opened.
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultExecMenuItems\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultExecMenuItems\\tWhiteList -> [String data over 1000 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> %SystemRoot%\system32\version.dll [version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 18944 bytes | Modified Date = 14/04/2008 01:12:08 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms\\tFlashContentSchemeWhiteList -> http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms\\tSponsoredContentSchemeWhiteList -> http|https -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms\\tSchemePerms -> %SystemRoot%\system32\version.dll [version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 18944 bytes | Modified Date = 14/04/2008 01:12:08 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> 
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> 
ADE ->  -> File not found
ADP ->  -> File not found
BAS ->  -> File not found
BAT ->  -> File not found
CHM ->  -> File not found
CMD -> %SystemRoot%\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 389120 bytes | Modified Date = 14/04/2008 01:12:14 | Attr =    ]
COM ->  -> File not found
CPL ->  -> File not found
CRT ->  -> File not found
EXE ->  -> File not found
HLP ->  -> File not found
HTA ->  -> File not found
INF ->  -> File not found
INS ->  -> File not found
ISP ->  -> File not found
LNK ->  -> File not found
MDB ->  -> File not found
MDE ->  -> File not found
MSC ->  -> File not found
MSI -> %SystemRoot%\system32\msi.dll -> Microsoft Corporation [Ver = 3.1.4001.5512 | Size = 2843136 bytes | Modified Date = 14/04/2008 01:11:59 | Attr =    ]
MSP ->  -> File not found
MST ->  -> File not found
OCX ->  -> File not found
PCD ->  -> File not found
PIF ->  -> File not found
REG -> %SystemRoot%\system32\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 50176 bytes | Modified Date = 14/04/2008 01:12:32 | Attr =    ]
SCR ->  -> File not found
SHS ->  -> File not found
URL -> %SystemRoot%\system32\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 105984 bytes | Modified Date = 26/08/2008 08:24:30 | Attr =    ]
VB ->  -> File not found
WSC ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> 5E AB 30 4F 95 7A 49 89 6A 00 6C 1C 31 15 40 15  [binary data] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> 
̋ ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> 67 B0 D4 8B 34 3A 3F D3 BC E9 DC 64 67 04 F3 94  [binary data] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> 
ȅ ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 32 78 02 DC FE F8 C8 93 DC 8A B0 06 DD 84 7D 1D  [binary data] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> 
Ζ ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> BD 9A 2A DB 42 EB D8 56 0E 25 0E 4D F8 16 2F 67  [binary data] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> 
å ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 38 6B 08 5F 84 EC F6 69 D3 6B 95 6A 22 C0 1E 80  [binary data] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> 
Ų ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\\Allow-LogonScript-NetbiosDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Shutdown\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Shutdown\\ShowHibernateButton -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WiredL2\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WiredL2\GP_Policy\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WiredL2\GP_Policy\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> 
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> 
< Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{00203668-8170-44A0-BE44-B632FA4D780F} -> Adobe AIR
{0456ebd7-5f67-4ab6-852e-63781e3f389c} -> Macromedia Flash Player
{05832D65-6EDB-4D32-BA78-BCD0E2B91C02} -> Atheros Wireless LAN MiniPCI card Driver
{099D12EC-0321-4CAC-A0CC-33D020156FCD} -> Toshiba Utility
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel
{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} -> Security Update for CAPICOM (KB931906)
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Sonic DLA
{12B3A009-A080-4619-9A2A-C6DB151D8D67} -> TOSHIBA Assist
{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91} -> iTunes
{26A24AE4-039D-4CA4-87B4-2F83216010FF} -> Java(TM) 6 Update 10
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{399C37FB-08AF-493B-BFED-20FBD85EDF7F} -> USB2.0 UVC Camera
{3EB6332B-AF02-457C-A31C-835458C5B48B} -> TOSHIBA Manuals
{427DFBF2-753F-4149-84F5-84D789C7F782} -> Nokia PC Suite
{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} -> Skype™ 3.8
{5D96E2B1-D9AC-46E0-9073-425C5F63E338} -> Touch and Launch
{63D1A44F-E1FD-4460-BE0A-8745012F67EF} -> BlueSoleil
{64212898-097F-4F3F-AECA-6D34A7EF82DF} -> TOSHIBA Zooming Utility
{76B78008-3832-42FD-AE55-C8F946ED3C7E} -> muvee autoProducer 4.1
{77C0F81A-F321-407B-8857-4DEEA2152211} -> Teaching-you 31 Languages CD #1
{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com
{78D41C76-1784-463C-A674-F4D5F95111F0} -> Teaching-you 31 Languages CD #2
{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} -> MSXML 4.0 SP2 (KB954430)
{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} -> InterVideo WinDVD for TOSHIBA
{91A10409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office OneNote 2003
{94FB906A-CF42-4128-A509-D353026A607E} -> REALTEK Gigabit and Fast Ethernet NIC Driver
{9541FED0-327F-4DF0-8B96-EF57EF622F19} -> Sonic RecordNow!
{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D} -> CD/DVD Drive Acoustic Silencer
{A1CFBEF8-D9F6-4B2A-BDBE-7D8C0B0FE03A} -> Toshiba Hotkey Utility
{AC76BA86-7AD7-1033-7B44-A90000000001} -> Adobe Reader 9
{B116E95E-01B1-420A-AECB-B2B330B9BD97} -> Polar Precision Performance SW 
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B5C209B1-8DDB-4642-A573-375B951514CB} -> Apple Mobile Device Support
{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} -> Apple Software Update
{B7757137-0A71-4A9F-8A82-1AE4A1B73420} -> Nokia Connectivity Cable Driver
{BDD83DC9-BEE9-4654-A5DA-CC46C250088D} -> TOSHIBA ConfigFree
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{D59CAED6-39AF-4F87-AD40-C10C3906B7A4} -> Belkin Wireless G Plus Notebook Card
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{E0D51394-1D45-460A-B62D-383BC4F8B335} -> QuickTime
{F4C38940-1D2B-445F-B461-7930B28CA68C} -> Polar WebLink 2.4.8
{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA} -> Toshiba Touchpad Utility
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Advanced Video FX Engine -> Advanced Video FX Engine
All ATI Software -> ATI - Software Uninstall Utility
ATI Display Driver -> ATI Display Driver
avast! -> avast! Antivirus
CCleaner -> CCleaner (remove only)
CNXT_AUDIO -> Conexant AC-Link Audio
CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_FF311179 -> AC97 Data Fax SoftModem with SmartCP
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD} -> Toshiba Utility
InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA} -> Toshiba Touchpad Utility
KB892130 -> Windows Genuine Advantage Validation Tool (KB892130)
KB923689 -> Security Update for Windows XP (KB923689)
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)
KB931906 -> Security Update for CAPICOM (KB931906)
KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782)
KB938127-v2-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127-v2)
KB938464 -> Security Update for Windows XP (KB938464)
KB939683 -> Hotfix for Windows Media Player 11 (KB939683)
KB941569 -> Security Update for Windows XP (KB941569)
KB942763 -> Update for Windows XP (KB942763)
KB946648 -> Security Update for Windows XP (KB946648)
KB950759-IE7 -> Security Update for Windows Internet Explorer 7 (KB950759)
KB950760 -> Security Update for Windows XP (KB950760)
KB950762 -> Security Update for Windows XP (KB950762)
KB950974 -> Security Update for Windows XP (KB950974)
KB951066 -> Security Update for Windows XP (KB951066)
KB951072-v2 -> Update for Windows XP (KB951072-v2)
KB951376-v2 -> Security Update for Windows XP (KB951376-v2)
KB951698 -> Security Update for Windows XP (KB951698)
KB951748 -> Security Update for Windows XP (KB951748)
KB951978 -> Update for Windows XP (KB951978)
KB952287 -> Hotfix for Windows XP (KB952287)
KB952954 -> Security Update for Windows XP (KB952954)
KB953838-IE7 -> Security Update for Windows Internet Explorer 7 (KB953838)
KB953839 -> Security Update for Windows XP (KB953839)
KB954154_WM11 -> Security Update for Windows Media Player 11 (KB954154)
KB954211 -> Security Update for Windows XP (KB954211)
KB954459 -> Security Update for Windows XP (KB954459)
KB955069 -> Security Update for Windows XP (KB955069)
KB956390-IE7 -> Security Update for Windows Internet Explorer 7 (KB956390)
KB956391 -> Security Update for Windows XP (KB956391)
KB956803 -> Security Update for Windows XP (KB956803)
KB956841 -> Security Update for Windows XP (KB956841)
KB957095 -> Security Update for Windows XP (KB957095)
KB957097 -> Security Update for Windows XP (KB957097)
KB958644 -> Security Update for Windows XP (KB958644)
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.4) -> Mozilla Firefox (3.0.4)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
PC Diagnostic Tool -> TOSHIBA PC Diagnostic Tool
RealPlayer 6.0 -> RealPlayer
SightSpeed -> SightSpeed (remove only)
SynTPDeinstKey -> Synaptics Pointing Device Driver
WGA -> Windows Genuine Advantage Validation Tool (KB892130)
WgaNotify -> Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Extras -> Yahoo! Browser Services
Yahoo! Mail -> Yahoo! Internet Mail
Yahoo! Messenger -> Yahoo! Messenger
YInstHelper -> Yahoo! Install Manager
< WOW Settings [HKEY_LOCAL_MACHINE] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW -> 
cmdline -> %SystemRoot%\system32\ntvdm.exe -> 
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Antivirus [ Error ] 19/07/2008 01:25:49 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of \\CHRIS-ZCBZDBNDY\SharedDocs\DS Lite Games\kev's list.xls failed, 00000005.  
Antivirus [ Error ] 19/07/2008 01:25:49 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of \\CHRIS-ZCBZDBNDY\SharedDocs\DS Lite Games\List of DS Games on Server.xls failed, 00000005.  
Antivirus [ Error ] 07/10/2008 19:46:48 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\102HP407\IM000856.jpg failed, 0000001E.  
Antivirus [ Error ] 07/10/2008 19:51:59 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\103HP407\IM000897.jpg failed, 0000001E.  
Antivirus [ Error ] 07/10/2008 19:52:33 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\104HP407\IM000933.jpg failed, 0000001E.  
Antivirus [ Error ] 07/10/2008 19:53:33 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\104HP407\IM000995.jpg failed, 0000001E.  
Antivirus [ Error ] 07/10/2008 19:53:53 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\105HP407\IM000012.jpg failed, 0000001E.  
Antivirus [ Error ] 07/10/2008 19:53:58 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\105HP407\IM000018.jpg failed, 0000001E.  
Antivirus [ Error ] 07/10/2008 19:54:35 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\105HP407\IM000006.jpg failed, 0000001E.  
Antivirus [ Error ] 07/10/2008 19:54:40 -> Computer Name = LAPTOP - User Name = User SID not found - Source = avast! -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\106HP407\IM000084.jpg failed, 0000001E.  
Application [ Error ] 17/06/2008 20:09:44 -> Computer Name = LAPTOP - User Name = User SID not found - Source = Application Error -> Description = Faulting application belkinwcui.exe, version 2.1.7.48, faulting module brdcm2k.dll, version 0.9.1.3, fault address 0x00008ea4.
Application [ Error ] 26/06/2008 23:01:36 -> Computer Name = LAPTOP - User Name = User SID not found - Source = Application Hang -> Description = Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 30/06/2008 00:09:01 -> Computer Name = LAPTOP - User Name = User SID not found - Source = Application Error -> Description = Faulting application belkinwcui.exe, version 2.1.7.48, faulting module brdcm2k.dll, version 0.9.1.3, fault address 0x00008ea4.
System [ Error ] 20/11/2008 16:54:49 -> Computer Name = LAPTOP - User Name = User SID not found - Source = System Error -> Description = Error code 1000008e, parameter1 c0000005, parameter2 0000a8a4, parameter3 f0223b50, parameter4 00000000.
System [ Error ] 20/11/2008 16:57:43 -> Computer Name = LAPTOP - User Name = User SID not found - Source = ipnathlp -> Description = The Network Address Translator (NAT) was unable to request an operation  of the kernel-mode translation module.  This may indicate misconfiguration, insufficient resources, or  an internal error.  The data is the error code.
System [ Error ] 20/11/2008 16:58:48 -> Computer Name = LAPTOP - User Name = User SID not found - Source = System Error -> Description = Error code 1000008e, parameter1 c0000005, parameter2 0000a8a4, parameter3 f0223b50, parameter4 00000000.
System [ Error ] 20/11/2008 17:02:48 -> Computer Name = LAPTOP - User Name = User SID not found - Source = System Error -> Description = Error code 1000008e, parameter1 c0000005, parameter2 0000a8a4, parameter3 f0223b50, parameter4 00000000.
System [ Error ] 20/11/2008 21:47:18 -> Computer Name = LAPTOP - User Name = User SID not found - Source = System Error -> Description = Error code 1000008e, parameter1 c0000005, parameter2 0000a8a4, parameter3 b79a7b50, parameter4 00000000.
System [ Error ] 20/11/2008 22:48:29 -> Computer Name = LAPTOP - User Name = User SID not found - Source = System Error -> Description = Error code 1000008e, parameter1 c0000005, parameter2 000006f0, parameter3 ef822b50, parameter4 00000000.
System [ Error ] 24/11/2008 12:22:00 -> Computer Name = LAPTOP - User Name = User SID not found - Source = W32Time -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15  minutes.  The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 24/11/2008 12:22:00 -> Computer Name = LAPTOP - User Name = User SID not found - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or more  time sources, however none of the sources are currently accessible.   No attempt to contact a source will be made for 14 minutes.  NtpClient has no source of accurate time. 
System [ Error ] 24/11/2008 12:22:21 -> Computer Name = LAPTOP - User Name = User SID not found - Source = W32Time -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15  minutes.  The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 24/11/2008 12:22:21 -> Computer Name = LAPTOP - User Name = User SID not found - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or more  time sources, however none of the sources are currently accessible.   No attempt to contact a source will be made for 14 minutes.  NtpClient has no source of accurate time. 


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 24/11/2008 21:02:04 | Attr =  HS]
mbr.exe -> %SystemDrive%\mbr.exe ->  [Ver =  | Size = 66048 bytes | Created Date = 20/11/2008 23:34:32 | Attr =    ]
_OTScanIt -> %SystemDrive%\_OTScanIt ->  [Folder | Created Date = 24/11/2008 21:13:49 | Attr =    ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 20/11/2008 17:36:12 | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 20/11/2008 17:36:11 | Attr =    ]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 20/11/2008 17:36:11 | Attr = R  ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Created Date = 20/11/2008 17:36:19 | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Created Date = 20/11/2008 17:36:12 | Attr =    ]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 20/11/2008 17:46:47 | Attr =    ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 11/11/2008 18:23:50 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 11/11/2008 18:23:50 | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Created Date = 24/11/2008 21:10:48 | Attr =    ]
NOS -> %AllUsersProfile%\Application Data\NOS ->  [Folder | Created Date = 24/11/2008 21:03:55 | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 17/11/2008 09:36:23 | Attr =    ]
SharePod -> %AppData%\SharePod ->  [Folder | Created Date = 11/11/2008 19:08:11 | Attr =    ]
Best of chicane -> %UserProfile%\My Documents\Best of chicane ->  [Folder | Created Date = 09/11/2008 23:15:19 | Attr =    ]
Dawn of War - Dark Crusade -> %UserProfile%\My Documents\Dawn of War - Dark Crusade ->  [Folder | Created Date = 24/11/2008 21:38:46 | Attr =    ]
GMER -> %UserProfile%\My Documents\GMER ->  [Folder | Created Date = 20/11/2008 17:41:34 | Attr =    ]
New Folder -> %UserProfile%\My Documents\New Folder ->  [Folder | Created Date = 20/11/2008 17:49:57 | Attr =    ]
Acrobat.com.lnk -> %AllUsersProfile%\Desktop\Acrobat.com.lnk ->  [Ver =  | Size = 734 bytes | Created Date = 24/11/2008 21:12:25 | Attr =    ]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 793 bytes | Created Date = 16/11/2008 05:06:55 | Attr =    ]
Adobe Reader 9.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 9.lnk ->  [Ver =  | Size = 1729 bytes | Created Date = 24/11/2008 21:11:18 | Attr =    ]
aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe ->  [Ver =  | Size = 23804784 bytes | Created Date = 16/11/2008 04:59:00 | Attr =    ]
Adobe Reader 9 Installer -> %UserProfile%\Desktop\Adobe Reader 9 Installer ->  [Folder | Created Date = 24/11/2008 21:09:07 | Attr =    ]
gmer.zip -> %UserProfile%\Desktop\gmer.zip ->  [Ver =  | Size = 747873 bytes | Created Date = 20/11/2008 17:40:45 | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 16/11/2008 01:31:33 | Attr =    ]
hk1.jpg -> %UserProfile%\Desktop\hk1.jpg ->  [Ver =  | Size = 43742 bytes | Created Date = 17/11/2008 10:47:22 | Attr =    ]
Ipod music -> %UserProfile%\Desktop\Ipod music ->  [Folder | Created Date = 10/11/2008 00:19:02 | Attr =    ]
jre-6u10-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u10-windows-i586-p.exe ->  [Ver =  | Size = 16156056 bytes | Created Date = 24/11/2008 20:57:32 | Attr =    ]
mbr.exe -> %UserProfile%\Desktop\mbr.exe ->  [Ver =  | Size = 66048 bytes | Created Date = 20/11/2008 23:08:13 | Attr =    ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 21/11/2008 23:06:40 | Attr =    ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 21/11/2008 23:05:22 | Attr =    ]
SharePod -> %UserProfile%\Desktop\SharePod ->  [Folder | Created Date = 10/11/2008 00:42:05 | Attr =    ]
SharePod.zip -> %UserProfile%\Desktop\SharePod.zip ->  [Ver =  | Size = 609393 bytes | Created Date = 10/11/2008 00:41:44 | Attr =    ]
Spybot - Search & Destroy (for blind users).lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy (for blind users).lnk ->  [Ver =  | Size = 955 bytes | Created Date = 17/11/2008 09:36:36 | Attr =    ]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 17/11/2008 09:36:36 | Attr =    ]
spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited                                     [Ver = 1.6.0                | Size = 15083520 bytes | Created Date = 17/11/2008 09:29:43 | Attr =    ]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Created Date = 24/11/2008 21:10:02 | Attr =    ]
Adobe AIR -> %CommonProgramFiles%\Adobe AIR ->  [Folder | Created Date = 24/11/2008 21:12:02 | Attr =    ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 16/11/2008 05:06:03 | Attr =    ]
NOS -> %ProgramFiles%\NOS ->  [Folder | Created Date = 24/11/2008 21:03:55 | Attr =    ]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 17/11/2008 09:36:23 | Attr =    ]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 16/11/2008 01:31:32 | Attr =    ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 736350208 bytes | Modified Date = 24/11/2008 21:17:25 | Attr =  HS]
mbr.exe -> %SystemDrive%\mbr.exe ->  [Ver =  | Size = 66048 bytes | Modified Date = 20/11/2008 23:44:45 | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 287955 bytes | Modified Date = 17/11/2008 10:12:42 | Attr = R  ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 20/11/2008 17:36:12 | Attr =    ]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 63930 bytes | Modified Date = 24/11/2008 21:22:34 | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 406896 bytes | Modified Date = 24/11/2008 21:22:34 | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 477670 bytes | Modified Date = 24/11/2008 21:22:34 | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 24/11/2008 21:18:07 | Attr =    ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 24/11/2008 21:17:28 | Attr =   S]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 20/11/2008 17:36:12 | Attr =    ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 20/11/2008 18:03:32 | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 20/11/2008 17:36:12 | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1393 bytes | Modified Date = 13/11/2008 23:57:51 | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 11/11/2008 18:23:50 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 11/11/2008 18:23:50 | Attr =  H ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 913 bytes | Modified Date = 30/10/2008 01:04:06 | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 24/11/2008 21:17:42 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 15/11/2005 14:33:27 | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 13/11/2008 23:38:39 | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 13/11/2008 23:38:39 | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 06/08/2008 22:32:06 | Attr =    ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8464 bytes | Modified Date = 06/08/2008 22:25:04 | Attr =    ]
C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 1 for gmer.zip\ -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 1 for gmer.zip\ ->  [Folder | Modified Date = 20/11/2008 17:57:58 | Attr =  H ]
gmer.exe -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Modified Date = 17/04/2008 21:13:02 | Attr =    ]
C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 2 for gmer.zip\ -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 2 for gmer.zip\ ->  [Folder | Modified Date = 20/11/2008 18:03:21 | Attr =  H ]
gmer.exe -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Modified Date = 17/04/2008 21:13:02 | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 24/11/2008 21:19:42 | Attr =    ]
Perflib_Perfdata_100.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_100.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/11/2008 17:57:17 | Attr =    ]
Perflib_Perfdata_108.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_108.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 24/11/2008 20:27:08 | Attr =    ]
Perflib_Perfdata_140.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_140.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 24/11/2008 21:17:49 | Attr =    ]
Perflib_Perfdata_170.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_170.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/11/2008 17:47:23 | Attr =    ]
Perflib_Perfdata_74c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 17/11/2008 11:18:24 | Attr =    ]
Perflib_Perfdata_a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 21/11/2008 22:41:18 | Attr =    ]
Perflib_Perfdata_a68.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a68.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 24/11/2008 21:18:03 | Attr =    ]
Perflib_Perfdata_b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/11/2008 23:47:31 | Attr =    ]
Perflib_Perfdata_c4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/11/2008 17:22:32 | Attr =    ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 13312 bytes | Modified Date = 24/11/2008 21:52:09 | Attr =    ]
Acrobat.com.lnk -> %AllUsersProfile%\Desktop\Acrobat.com.lnk ->  [Ver =  | Size = 734 bytes | Modified Date = 24/11/2008 21:12:25 | Attr =    ]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 793 bytes | Modified Date = 16/11/2008 05:06:55 | Attr =    ]
Adobe Reader 9.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 9.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 24/11/2008 21:11:18 | Attr =    ]
Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk ->  [Ver =  | Size = 2257 bytes | Modified Date = 16/11/2008 20:01:27 | Attr =    ]
aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe ->  [Ver =  | Size = 23804784 bytes | Modified Date = 16/11/2008 05:05:50 | Attr =    ]
gmer.zip -> %UserProfile%\Desktop\gmer.zip ->  [Ver =  | Size = 747873 bytes | Modified Date = 20/11/2008 17:40:45 | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 16/11/2008 01:31:33 | Attr =    ]
hk1.jpg -> %UserProfile%\Desktop\hk1.jpg ->  [Ver =  | Size = 43742 bytes | Modified Date = 17/11/2008 10:47:23 | Attr =    ]
jre-6u10-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u10-windows-i586-p.exe ->  [Ver =  | Size = 16156056 bytes | Modified Date = 24/11/2008 20:59:45 | Attr =    ]
mbr.exe -> %UserProfile%\Desktop\mbr.exe ->  [Ver =  | Size = 66048 bytes | Modified Date = 20/11/2008 23:09:13 | Attr =    ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 21/11/2008 23:05:44 | Attr =    ]
SharePod.zip -> %UserProfile%\Desktop\SharePod.zip ->  [Ver =  | Size = 609393 bytes | Modified Date = 10/11/2008 00:41:54 | Attr =    ]
Spybot - Search & Destroy (for blind users).lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy (for blind users).lnk ->  [Ver =  | Size = 955 bytes | Modified Date = 17/11/2008 09:36:36 | Attr =    ]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 17/11/2008 09:36:36 | Attr =    ]
spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited                                     [Ver = 1.6.0                | Size = 15083520 bytes | Modified Date = 17/11/2008 09:34:29 | Attr =    ]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 24/11/2008 21:10:48 | Attr = RH ]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 24/11/2008 21:11:42 | Attr =    ]
Apple -> C:\Documents and Settings\All Users\Application Data\Apple ->  [Folder | Modified Date = 28/05/2008 21:48:50 | Attr =    ]
Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 28/05/2008 21:51:00 | Attr =    ]
Bluetooth -> C:\Documents and Settings\All Users\Application Data\Bluetooth ->  [Folder | Modified Date = 13/09/2008 21:18:58 | Attr =    ]
Creative -> C:\Documents and Settings\All Users\Application Data\Creative ->  [Folder | Modified Date = 01/07/2008 21:44:04 | Attr =    ]
Downloaded Installations -> C:\Documents and Settings\All Users\Application Data\Downloaded Installations ->  [Folder | Modified Date = 13/09/2008 21:47:56 | Attr =    ]
Google -> C:\Documents and Settings\All Users\Application Data\Google ->  [Folder | Modified Date = 23/05/2008 15:57:04 | Attr =    ]
Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft ->  [Folder | Modified Date = 16/11/2008 05:07:42 | Attr =    ]
McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee ->  [Folder | Modified Date = 23/05/2008 22:22:28 | Attr =    ]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 13/09/2008 21:03:00 | Attr =   S]
Microsoft Help -> C:\Documents and Settings\All Users\Application Data\Microsoft Help ->  [Folder | Modified Date = 06/08/2008 22:32:20 | Attr =    ]
muvee Technologies -> C:\Documents and Settings\All Users\Application Data\muvee Technologies ->  [Folder | Modified Date = 01/07/2008 17:51:53 | Attr =    ]
NOS -> C:\Documents and Settings\All Users\Application Data\NOS ->  [Folder | Modified Date = 24/11/2008 21:17:44 | Attr =    ]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI ->  [Folder | Modified Date = 04/08/2005 10:31:55 | Attr =    ]
SiteAdvisor -> C:\Documents and Settings\All Users\Application Data\SiteAdvisor ->  [Folder | Modified Date = 23/05/2008 22:22:28 | Attr =    ]
Skype -> C:\Documents and Settings\All Users\Application Data\Skype ->  [Folder | Modified Date = 15/08/2008 19:18:13 | Attr =    ]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 17/11/2008 11:19:16 | Attr =    ]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 22/05/2008 15:46:53 | Attr =    ]
Yahoo! -> C:\Documents and Settings\All Users\Application Data\Yahoo! ->  [Folder | Modified Date = 07/06/2008 21:06:14 | Attr =    ]
Application Data -> C:\Documents and Settings\Christopher\Application Data ->  [Folder | Modified Date = 11/11/2008 19:08:11 | Attr = RH ]
Adobe -> C:\Documents and Settings\Christopher\Application Data\Adobe ->  [Folder | Modified Date = 01/07/2008 00:15:19 | Attr =    ]
AdobeUM -> C:\Documents and Settings\Christopher\Application Data\AdobeUM ->  [Folder | Modified Date = 01/07/2008 17:59:25 | Attr =    ]
Apple Computer -> C:\Documents and Settings\Christopher\Application Data\Apple Computer ->  [Folder | Modified Date = 28/05/2008 21:51:36 | Attr =    ]
Creative -> C:\Documents and Settings\Christopher\Application Data\Creative ->  [Folder | Modified Date = 01/07/2008 21:44:04 | Attr =    ]
DataLayer -> C:\Documents and Settings\Christopher\Application Data\DataLayer ->  [Folder | Modified Date = 24/05/2008 19:49:00 | Attr =    ]
Help -> C:\Documents and Settings\Christopher\Application Data\Help ->  [Folder | Modified Date = 04/08/2005 14:07:51 | Attr =    ]
Identities -> C:\Documents and Settings\Christopher\Application Data\Identities ->  [Folder | Modified Date = 04/08/2005 12:02:24 | Attr =    ]
InstallShield -> C:\Documents and Settings\Christopher\Application Data\InstallShield ->  [Folder | Modified Date = 03/07/2008 18:12:04 | Attr =    ]
InterVideo -> C:\Documents and Settings\Christopher\Application Data\InterVideo ->  [Folder | Modified Date = 23/05/2008 23:02:38 | Attr =    ]
Macromedia -> C:\Documents and Settings\Christopher\Application Data\Macromedia ->  [Folder | Modified Date = 23/05/2008 08:53:52 | Attr =    ]
Microsoft -> C:\Documents and Settings\Christopher\Application Data\Microsoft ->  [Folder | Modified Date = 30/10/2008 02:58:39 | Attr =   S]
Mozilla -> C:\Documents and Settings\Christopher\Application Data\Mozilla ->  [Folder | Modified Date = 13/09/2008 19:38:12 | Attr =    ]
muvee Technologies -> C:\Documents and Settings\Christopher\Application Data\muvee Technologies ->  [Folder | Modified Date = 01/07/2008 21:45:01 | Attr =    ]
Nokia -> C:\Documents and Settings\Christopher\Application Data\Nokia ->  [Folder | Modified Date = 24/05/2008 19:48:54 | Attr =    ]
Nokia Multimedia Player -> C:\Documents and Settings\Christopher\Application Data\Nokia Multimedia Player ->  [Folder | Modified Date = 24/06/2008 10:51:17 | Attr =    ]
PC Suite -> C:\Documents and Settings\Christopher\Application Data\PC Suite ->  [Folder | Modified Date = 24/05/2008 19:38:01 | Attr =    ]
Real -> C:\Documents and Settings\Christopher\Application Data\Real ->  [Folder | Modified Date = 24/05/2008 20:19:10 | Attr =    ]
SharePod -> C:\Documents and Settings\Christopher\Application Data\SharePod ->  [Folder | Modified Date = 11/11/2008 19:08:11 | Attr =    ]
SiteAdvisor -> C:\Documents and Settings\Christopher\Application Data\SiteAdvisor ->  [Folder | Modified Date = 24/11/2008 22:08:25 | Attr =    ]
Skype -> C:\Documents and Settings\Christopher\Application Data\Skype ->  [Folder | Modified Date = 24/11/2008 22:00:11 | Attr =    ]
skypePM -> C:\Documents and Settings\Christopher\Application Data\skypePM ->  [Folder | Modified Date = 24/11/2008 20:28:03 | Attr =    ]
Sonic -> C:\Documents and Settings\Christopher\Application Data\Sonic ->  [Folder | Modified Date = 05/08/2005 07:34:42 | Attr =    ]
Sun -> C:\Documents and Settings\Christopher\Application Data\Sun ->  [Folder | Modified Date = 03/07/2008 21:09:14 | Attr =    ]
toshiba -> C:\Documents and Settings\Christopher\Application Data\toshiba ->  [Folder | Modified Date = 05/08/2005 06:50:35 | Attr =    ]
Yahoo! -> C:\Documents and Settings\Christopher\Application Data\Yahoo! ->  [Folder | Modified Date = 24/10/2008 18:29:31 | Attr =    ]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 02/07/2008 01:18:53 | Attr =   S]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 07/10/2008 22:07:03 | Attr =    ]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 04/08/2004 13:00:00 | Attr = RH ]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 24/11/2008 21:17:42 | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

< End of report >
IrishGuy74
Regular Member
 
Posts: 40
Joined: August 31st, 2007, 6:28 pm

Re: might have a Dropper malware

Unread postby Odd dude » November 25th, 2008, 10:26 am

First, try to reboot and see if you get a blue screen saying checkdisk is running (should be after windows logo but before desktop). If you get that, let it run and if it's there post c:\chkdsk.txt

If you do not get the blue screen, then try this:

click start>run, copy and paste this:
Code: Select all
cmd /c echo y|chkdsk c: /f /v /r

Then reboot. Now checkdisk will run.


If there is no c:\chkdsk.txt after running checkdisk please try this:


Click start>run and copy and paste this:
Code: Select all
chkdsk/c/i C:>>\chkdsk.txt 2>>&1

CHKDSK will run again but only scan and it won't perform extensive tests. That should only take five minutes. Then it will generate a log c:\chkdsk.txt, which I would like to see.


In your next reply, post the log from checkdisk and a new hijackthis log.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: might have a Dropper malware

Unread postby IrishGuy74 » November 26th, 2008, 10:11 am

I tried that but still no checkdisk txt?? I got a warning stating windows can't find chkdsk/c/i C:>>\chkdsk.txt 2>>&1


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:00, on 26/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Belkin\F5D7011\Belkinwcui.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1467345664
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4533828562
O17 - HKLM\System\CCS\Services\Tcpip\..\{7035AF14-1412-4A7D-941C-D92810EBEFFD}: NameServer = 217.75.192.10 217.75.192.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{94FCFDC5-07D1-47B9-956D-E54523B0517C}: NameServer = 87.250.98.250,87.250.97.250
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9519 bytes
IrishGuy74
Regular Member
 
Posts: 40
Joined: August 31st, 2007, 6:28 pm

Re: might have a Dropper malware

Unread postby Odd dude » November 26th, 2008, 10:53 am

Sorry, that's my fault - had a small error in there.

Did you get a blue screen saying Windows was checking the disk when you rebooted?

The correct way to get the chkdsk log would be Start>Run and entering this code:
Code: Select all
cmd /c chkdsk/c/i C:>>\chkdsk.txt 2>>&1


(I forgot the cmd /c part which caused the code to fail... sorry!)

The log is looking good, one tiny thing to clean up.
Open hijackthis, click do a system scan only, put a check next to this, then click fix checked:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Post next the answers to my two questions:
- did you get a blue screen saying checkdisk was running when you rebooted?
- after entering the correct code ( :oops: ), was a log c:\chkdsk.txt created?

The log is now looking clean. I wanted you to run checkdisk because those application errors might be a sign of failing hard disk, but first I wanted checkdisk to inform me whether that was the case, as there could be also other things causing those errors.

So post next answer to my questions :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: might have a Dropper malware

Unread postby IrishGuy74 » November 26th, 2008, 12:05 pm

Yes, I got a Blue screen when I rebooted informing me that checkdisk was running but I'm sorry still no Checkdisk.txt.

My hard drive is only new..about 8 months old.

All I got was a black empty comd screen :?
IrishGuy74
Regular Member
 
Posts: 40
Joined: August 31st, 2007, 6:28 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 333 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware