Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Desktop Hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan Desktop Hijack

Unread postby creepers » December 30th, 2005, 10:51 am

Recently I removed this virus using Microsoft Antivirus. Now when I reboot I get a message about kernels64.exe missing. Also my Windows Explorer continually sends an error message back to the mothership at Microsoft. Below is my notepad:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:20 AM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\alt.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Tardis95.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php ... ect1&term=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.srh.noaa.gov/ifps/MapClick.p ... 8&map.y=63
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php ... ect1&term=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.msnbc.msn.com/"); (C:\Documents and Settings\Craig Allen\Application Data\Mozilla\Profiles\default\2bhohxal.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Craig Allen\Application Data\Mozilla\Profiles\default\2bhohxal.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Tardis95.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2747439284
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {E0051273-5988-41EC-A891-11D4A1BABF35} (KDreg class) - http://193.242.125.31/player/kdreg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A312C3A-80A0-4CC5-818C-2233FFDAA992}: NameServer = 85.255.113.130,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1600FA7-729C-414B-B226-E11309F241FC}: NameServer = 85.255.113.130,85.255.112.67
O18 - Protocol: bw+0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A676C3BD-457D-4267-A5C7-602A5B13DBC6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am
Advertisement
Register to Remove

Unread postby Kimberly » December 30th, 2005, 2:21 pm

Hello creepers,

This happens because this pest opens Windows Explorer at boot. You have quite a few nasties on board and your DNS servers have been hijacked. Try to limit Internet access for now. I'm looking over your log and will post a fix soon.

Any idea what Tardis95.exe is ? Located C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Tardis95.exe

If not, perform this:

Make sure that you can see hidden files.
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading select Show hidden files and folders.
  6. Uncheck the Hide protected operating system files (recommended) option.
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.

______________________________

Submit the file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Tardis95.exe to Jotti's scanner at:
http://virusscan.jotti.org/ Post the results here in the next reply.

Navigate to C:\Documents and Settings\All Users\Start Menu\Programs\Startup folder and right-click on Tardis95.exe. Select Properties from the context menu that pops up, go to the Version tab, and get all the information you can from there (click on the individual Item Names under Other Version information so that you can see the details for each). Post that information here.

If Jotti's load is too high, use http://www.virustotal.com instead.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby creepers » December 30th, 2005, 2:51 pm

Tardis95 is a small program that is tied to the atomic clock. I've been using this for years and never had any problem with it.
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am

Unread postby Kimberly » December 30th, 2005, 6:27 pm

Hello creepers,

Thanks for the information about Tardis95.exe.

Ok, here we go - lot's to do on the PC ...

Please print out or copy these instructions\tutorials to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Disable Microsoft AntiSpyware, it will interfer with the fix.
  1. Open Microsoft AntiSpyware.
  2. Click on Options, Settings.
  3. In the left pane, click on Real-time Protection.
  4. Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  5. Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
  6. After you unchecked these, click on the Save button and close Microsoft AntiSpyware.
  7. Right click on the Microsoft AntiSpyware Icon on the taskbar and select Shutdown Microsoft AntiSpyware.
______________________________

Make sure that you can see hidden files.
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading select Show hidden files and folders.
  6. Uncheck the Hide protected operating system files (recommended) option.
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.
______________________________

Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.

REGEDIT4

[HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{31EE3286-D785-4E3F-95FC-51D00FDABC01}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}]


Save it to your desktop as Fixme.reg. Save it as :
File Type: All Files (not as a text document or it wont work).
Name: Fixme.reg

Locate Fixme.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt.
______________________________

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A312C3A-80A0-4CC5-818C-2233FFDAA992}: NameServer = 85.255.113.130,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1600FA7-729C-414B-B226-E11309F241FC}: NameServer = 85.255.113.130,85.255.112.67

Close ALL windows and browsers except HijackThis and click Fix Checked
______________________________

Reset your DNS servers
  1. Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.
  2. Right-click the network connection that you want to configure, and then click Properties.
  3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click Internet Protocol (TCP/IP), and then click Properties.
  4. If you want to obtain DNS server addresses from a DHCP server, click Obtain DNS server address automatically. (Recommended)
  5. If you want to manually configure DNS server addresses, click Use the following DNS server addresses, and then type the preferred DNS server and alternate DNS server IP addresses in the Preferred DNS server and Alternate DNS server boxes.
Reboot your PC
______________________________

Please download FixWareout from
http://swandog46.geekstogo.com/Fixwareout.exe

Note: Leave your internet connection running, the fixwareout may prompt you to download BFU from merijn.

Save it to your Desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch.

Put a check in the box on the left side of the following items if still present:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A312C3A-80A0-4CC5-818C-2233FFDAA992}: NameServer = 85.255.113.130,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1600FA7-729C-414B-B226-E11309F241FC}: NameServer = 85.255.113.130,85.255.112.67

Close ALL windows and browsers except HijackThis and click Fix Checked

At the end of the fix, you may need to restart your computer again. A log will be created, C:\fixwareout\report.txt, I will need that file later on.

If present, delete the folder C:\Program Files\WareOut
______________________________

Download win32delfkil.exe from:
http://users.telenet.be/marcvn/tools/win32delfkil.exe.
Save it on your desktop. Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer should reboot automatically, if not you'll need to reboot the computer manually, by turning the power off and then back on.
It will create a log named c:\windelf.txt, I will need that later on.
______________________________

Download Registry Search by Bobbi Flekman
http://www.bleepingcomputer.com/files/regsearch.php
Create a folder named C:\Reg for it and unzip into that folder.
______________________________

Please download SmitRem.exe by noahdfear to your Desktop.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double-click the smitRem.exe and it will extract the files to a smitRem folder on your Desktop.
______________________________

Please download the trial version of Ewido Security Suite 3.5 from here:
http://www.ewido.net/en/download/
  • Install Ewido Security Suite.
  • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
  • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
  • The program will prompt you to update. Click the Ok button.
  • The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

If you already have the latest Ad-Aware SE 1.06 version, skip to Run Ad-Aware. Otherwise download Ad-Aware SE 1.06 from here and install it. Uncheck all the options before leaving the Install Wizard.

Run Ad-Aware and Click on the World Icon. Click the Connect button on the webupdate screen. If an update is available download it and install it. Click the Finish button to go back to the main screen.

Click on the Gear Icon (second from the left at the top of the window) to access the Configuration Window.

Click on the General Button on the left and select in green
  • Under Safety
    • Automatically save log-file
    • Automatically quarantine objects prior to removal
    • Safe Mode (always request confirmation)
  • Under Definitions
    • Prompt to udate outdated definitions - set to 7 days
Click on the Scanning Button of the left and select in green
  • Under Driver, Folders & Files
    • Scan Within Archives
  • Under Select drives & folders to scan
    • choose all hard drives
  • Under Memory & Registry
    • Scan Active Processes
    • Scan Registry
    • Deep Scan Registry
    • Scan my IE favorites for banned URL’s
    • Scan my Hosts file
Click on the Advanced Button on the left and select in green
  • Under Shell Integration
    • Move deleted files to Recycle Bin
  • Under Logfile Detail Level
    • Include addtional object information
    • DESELECT - Include negligible objects information (make it show a red X)
    • Include environment information
  • Under Alternate Data Streams
    • Don't log streams smaller than 0 bytes
    • Don't log ADS with the following names: CA_INOCULATEIT
Click the Tweak Button and select in green
  • Under the Scanning Engine (Click on the + sign to expand)
    • DESELECT Unload recognized processes & modules during scan (make it show a red X)
    • Scan registry for all users instead of current user only
  • Under the Cleaning Engine (Click on the + sign to expand)
    • Always try to unload modules before deletion
    • During Removal, unload Explorer and IE if necessary
    • Let Windows remove files in use at next reboot
  • Under the Log Files (Click on the + sign to expand)
    • Include basic Ad-aware SE settings in logfile
    • Include additional Ad-aware SE settings in logfile
    • Include reference summarry in log file
    • Include alternate data stream details in log file
Click on Proceed to save the settings and close the program.
______________________________

If not already installed, download and install the VX2 Cleaner 2.0 plugin from Lavasoft by following the instructions below.

Installing VX2 Cleaner 2.0
  1. Close Ad-Aware, if it is currently open.
  2. Download the VX2 Cleaner 2.0 Plug-in here.
  3. Install the VX2 Cleaner by clicking on vx2cleaner_inst.exe.
______________________________

If Spybot - S&D 1.4 is already installed on your system, skip to Update Spybot - S&D before using it. Otherwise download Spybot - S&D from the following link:
Spybot - Search and Destroy

When you have downloaded the program, double click on the downloaded file to start the installation. Follow the default selections, pressing the Next button until you get to the Select Additional Tasks screen.

Under Permanent protection, make sure to uncheck the following items for now:
  • Use Internet Explorer Protection
  • Use system settings Protection (TeaTimer)
Press the Next button and then the Install button to start the installation process. When the installation process is complete, make sure that Run Teatimer is unchecked.

Launch Spybot - S&D

If you told Spybot to launch when it was done installing, the program should now be open. Otherwise find the icon on your desktop and double-click on it. When you use Spybot - S&D for the first time, it will prompt you for certain tasks to complete. Skip all tasks for now by pressing the Next button. Click on the button labeled Start using this program to begin using Spybot - Search & Destroy.

Update Spybot - S&D before using it

Click on the Search for Updates button. If there are available updates, they will be listed. Click on the Download Updates button and Spybot - S&D will download the updates and install them.
______________________________

MySearch comes with WeatherBug, it's is questionable and mostly identified as adware bordering on spyware..
Alternatives and more info here:

WeatherBug Removal Instructions and Help
http://www.pchell.com/support/weatherbug.shtml

A good read on weatherbug here :
http://www.searchlores.org/weatherbug.htm

May I suggest you remove this application.

In order to avoid future problems with Weatherbug, make sure the program is not running before uninstalling it. If there is a WeatherBug icon in the system tray (in the lower right hand corner of the screen) you'll need to right-click on it and choose "Exit WeatherBug" or "Terminate Weatherbug".

Click on Start, Control Panel, click on Add/Remove Programs
Look through the installed programs for the following items and remove them if present:

Logitech Desktop Manager
WeatherBug
My Search


During the uninstall process, you might be presented with several prompts to guide you through uninstalling the product. Read these carefully to make sure you are actually choosing to uninstall rather than keep the software.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
______________________________

Double-click the icon for RegSearch.exe in the C:\reg folder to launch the program.
Enter contextplus to search for and click "OK".
After completion Notepad will be opened with all the found instances of the string.
The resulting file is saved in the same folder location as RegSearch.exe. I will need that file later on.
______________________________

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php ... ect1&term=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php ... ect1&term=
R3 - Default URLSearchHook is missing
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {E0051273-5988-41EC-A891-11D4A1BABF35} (KDreg class) - http://193.242.125.31/player/kdreg.cab

All O18 lines with \Logitech\Desktop Messenger

O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll

Close ALL windows and browsers except HijackThis and click Fix Checked.
______________________________

Open the smitRem Folder, then double-click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Using Windows Explorer, Search and Delete these Folders if listed:

C:\Program Files\Logitech\DesktopMessenger
C:\Program Files\AWS
C:\Program Files\mysearch
C:\Program Files\WareOut <--- if not yet done

Using Windows Explorer, Search and Delete these Files if listed:

C:\WINDOWS\adsldpbf.dll
C:\WINDOWS\alt.exe
C:\WINDOWS\system32\kernels64.exe
C:\WINDOWS\system32\idemlog.exe
C:\WINDOWS\system32\browsela.dll

If you get an error when deleting a file, right click on the file and check to see if the read only attribute is checked. If it is uncheck it and try again.
______________________________

Navigate to C:\Windows\Prefetch
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Procede like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, click to select the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see an checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido Security Suite, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido.
______________________________

Start Ad-Aware SE
  • Click on Add-ons
  • Select the VX2 Cleaner plug-in and click Run Tool
  • If your computer isn’t infected, click Close.
    OR
  • If you computer is infected with VX2, a dialog box with text such as New VX2 variant found or VX2 variant 1 found will appear.
  • Press Clean and a dialog box with text The first phase completed. Please reboot and perform a Smart Scan will appear.
  • Reboot your computer
  • Run Ad-Aware and Click on the Scan Now Button
    • Choose Perform Full System Scan
    • DESELECT Search for negligible risk entries, as negligible risk entries (MRU's) are not considered to be a threat. (make it show a red X)
    Click Next to begin the scan. When the scan is completed, the Performing System Scan screen will change name to Scan Complete.

    Click the Next Button to get to the Scanning Results Window where more information about the objects detected during the scan is available. Click the Critical Objects Tab. In general all of the items listed will be bad. To fix all the bad critical objects, right click on one of them, click the Select All entry in the pop-up menu to mark all entries. Click Next and then OK in the dialog box to confirm the removal.
Repeat this until the VX2 Cleaner reports System clean. Press Close to exit.

Run Ad-Aware one more time and perform a Perform Full System Scan of your computer to make sure VX2 has been found and removed. Reboot in Normal Mode
______________________________

Run Spybot - S&D

Click the button Check for Problems
When Spybot is complete, it will be showing RED entries, BLACK entries and GREEN entries in the window.
Make sure that there is a check mark beside all of the RED entries ONLY.
Choose Fix Selected Problems and allow Spybot to fix the RED entries.

If it has trouble removing any spyware, you will get a message window, asking if it would be ok to run Spybot - S&D on the next reboot before any other applications start running. You should reply Yes to this. The next time you start Windows, Spybot will run automatically and fix any of the programs it could not fix previously.

At this point you will be presented with the list of found entries again, but now there will be large green checkmarks next to the items that Spybot - S&D was able to remove. The ones that are still checked but do not have the large green checkmark next to them will be fixed on the next reboot of windows. Reboot the PC.
______________________________

Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
______________________________

Download WinPFind.zip to your Desktop or to your usual Download Folder.
http://www.bleepingcomputer.com/files/winpfind.php
Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
Open the C:\WinPFind folder and double-click on WinPFind.exe.
Click on Configure Scan Options.
Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
Click on the Start Scan button and wait for it to finish.

Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named C:\WinPFind\WinPFind.txt. Please copy that log into your next reply.
______________________________

Please post :
  1. C:\fixwareout\report.txt
  2. c:\windelf.txt
  3. The results from the RegSearch.exe
  4. smitfiles.txt
  5. Ewido log
  6. Kaspersky results
  7. C:\WinPFind\WinPFind.txt
  8. a new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby creepers » December 31st, 2005, 8:46 am

Kim,

I get to the Fixme.reg and the I get a reply that the computer is having a problem accessing the registry.
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am

Unread postby Kimberly » December 31st, 2005, 10:12 am

Either the permissions have been changed, either the file is missing. Let's look up what's wrong before we continue the fix. Make sure that you have admin rights on the PC.

Download WinPFind.zip to your Desktop or to your usual Download Folder.
http://www.bleepingcomputer.com/files/winpfind.php
Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
Open the C:\WinPFind folder and double-click on WinPFind.exe.
Click on Configure Scan Options.
Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
Click on the Start Scan button and wait for it to finish.

Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named C:\WinPFind\WinPFind.txt. Please copy that log into your next reply.

Copy/paste the following text into a new Notepad document.

cd %windir%\
dir reg* /s > %systemdrive%\peek.txt
Notepad %systemdrive%\peek.txt


Save it to your desktop as peek.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: peek.bat

Double click peek.bat. A DOS box should open and close quickly, this is normal. Notepad will open with the content of the file, post as a reply please.

1. C:\WinPFind\WinPFind.txt
2. C:\peek.txt

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby creepers » December 31st, 2005, 10:52 am

1.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
=

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}
C:\WINDOWS\adsldpbf.dll = C:\WINDOWS\adsldpbf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{8B224779-3B0E-4FEA-8AE1-B66C20DD840F} = :
{014DA6C9-189F-421a-88CD-07CFE51CFF10} = :
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{08BEC6AA-49FC-4379-3587-4B21E286C19E} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{FE6BC4EF-5676-484B-88AE-883323913256} = :
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{1C78AB3F-A857-482E-80C0-3A1E5238A565} = :
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{08BEC6AA-49FC-4379-3587-4B21E286C19E} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
LDM C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Weather C:\Program Files\AWS\WeatherBug\Weather.exe 1
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
desktop C:\WINDOWS\system32\idemlog.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
item Acrobat Assistant
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
item Acrobat Assistant

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Go!Zilla.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Go!Zilla.lnk
backup C:\WINDOWS\pss\Go!Zilla.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Go!Zilla\gozilla.exe
item Go!Zilla
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Go!Zilla.lnk
backup C:\WINDOWS\pss\Go!Zilla.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Go!Zilla\gozilla.exe
item Go!Zilla

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NORTON~2\SYSDOC32.EXE /STARTUP
item Norton System Doctor
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NORTON~2\SYSDOC32.EXE /STARTUP
item Norton System Doctor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gator
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gator
hkey HKLM
command "C:\Program Files\Gator.com\Gator\Gator.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gator
hkey HKLM
command "C:\Program Files\Gator.com\Gator\Gator.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Go!Zilla dial-up fix
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Go
hkey HKLM
command "C:\PROGRA~1\GoZilla\Go.exe" /FIXRAS
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Go
hkey HKLM
command "C:\PROGRA~1\GoZilla\Go.exe" /FIXRAS
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mozilla Quick Launch
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Netscp
hkey HKCU
command "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Netscp
hkey HKCU
command "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioAudioCentral
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RxMon
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RxMon
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioDragToDisc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DrgToDsc
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DrgToDsc
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioEngineUtility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EngUtil
hkey HKLM
command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EngUtil
hkey HKLM
command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
SpecifyDefaultButtons 1
Btn_Search 2
NoBandCustomize 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{00000000-0000-0000-0000-000000000000} 0
{00000000-0000-0000-0000-000000000001} 0
{00000000-0000-0000-0000-000000000221} 0
{00000000-0000-0000-0000-000000000240} 0
{00000000-0000-0000-8835-3EFF76BF2657} 0
{00000000-0000-0000-BFA1-D7EE6696B865} 0
{00000000-0000-41a3-98CF-00000000168B} 0
{00000000-0000-47c5-A90F-2CDE8F7638DB} 0
{00000000-0000-5DFC-5652-1705043F6518} 0
{00000000-0000-7EBF-57C6-0BAE047EA682} 0
{00000000-0001-0345-2280-0287F27A63EE} 0
{00000000-0001-1DBE-075A-39EC04BD88AF} 0
{00000000-0001-F7A6-1F38-0204019E355E} 0
{00000000-0002-0002-0000-000000000000} 0
{00000000-0002-53D4-0622-35EA0235778E} 0
{00000000-0007-5041-4354-0020e48020af} 0
{00000000-0008-5041-4354-0020e48020af} 0
{00000000-0008-D357-0798-004401965D4A} 0
{00000000-0009-1C42-7D61-6CFF050894A7} 0
{00000000-0015-BD9C-263A-493001BA0C6C} 0
{00000000-002B-EFE6-6B08-560C01922D3B} 0
{00000000-0033-C1AC-0E62-0C1F0537605D} 0
{00000000-008C-1E65-6AA6-3A270279F027} 0
{00000000-00FA-71ED-4ABA-348801BAA0A9} 0
{00000000-0C95-B1F8-547A-405204D6961A} 0
{00000000-10D6-4e5f-8F7F-29B32C1C0FC4} 0
{00000000-167B-41bc-95FF-86A07B14712C} 0
{00000000-2565-4c5b-A455-A74C8A2247AB} 0
{00000000-5eb9-11d5-9d45-009027c14662} 0
{00000000-623A-11D4-BCDB-005004131771} 0
{00000000-64C4-4a64-9767-895AB4921E41} 0
{00000000-6CB0-410C-8C3D-8FA8D2011D0A} 0
{00000000-6c30-11d8-9363-000ae6309654} 0
{00000000-D9E3-4BC6-A0BD-3D0CA4BE5271} 0
{00000000-F183-11D1-BE1C-00000100C596} 0
{00000010-6F7D-442C-93E3-4A4827C2E4C8} 0
{0000001D-BA9B-11D2-BDF1-0090272A6D78} 0
{000000DA-0786-4633-87C6-1AA7A4429EF1} 0
{000000F1-34E3-4633-87C6-1AA7A44296DA} 0
{00000178-CD4A-447a-BCF9-6FD0096B5527} 0
{00000185-B716-11D3-92F3-00D0B709A7D8} 0
{00000185-C745-43D2-44F1-01A1C789C738} 0
{00000250-0320-4DD4-BE4F-7566D2314352} 0
{0000026A-8230-4DD4-BE4F-6889D1E74167} 0
{00000273-8230-4DD4-BE4F-6889D1E74167} 0
{00000285-B716-11D3-92F3-00D0B709A7D8} 0
{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} 0
{00000580-C637-11D5-831C-00105AD6ACF0} 0
{000006B1-19B5-414A-849F-2A3C64AE6939} 0
{00000762-3965-4A1A-98CE-3D4BF457D4C8} 0
{00000EF1-0786-4633-87C6-1AA7A44296DA} 0
{00000EF1-34E3-4633-87C6-1AA7A44296DA} 0
{000020DD-C72E-4113-AF77-DD56626C6C42} 0
{0000607D-D204-42C7-8E46-216055BF9918} 0
{0000CC75-ACF3-4cac-A0A9-DD3868E06852} 0
{00010a21-b924-4cd6-893c-eea1071ae8b3} 0
{000277A3-7D84-406a-9799-D12A81594693} 0
{00041A26-7033-432C-94C7-6371DE343822} 0
{000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} 0
{000E7270-CC7A-0786-8E7A-DA09B51938A6} 0
{00110011-4B0B-44D5-9718-90C88817369B} 0
{0019C3E2-DD48-4A6D-AB2D-8D32436313D9} 0
{0019C3E2-DD48-4A6D-ABCD-8D32436313D9} 0
{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} 0
{001B3456-4ADE-44D0-8C23-D69D32658D84} 0
{001DAE60-95C0-11d3-924E-009027950886} 0
{001F2470-5DF5-11d3-B991-00A0C9BB0874} 0
{001F2570-5DF5-11d3-B991-00A0C9BB0874} 0
{00320615-B6C2-40A6-8F99-F1C52D674FAD} 0
{0036F389-FEF8-43AC-9220-16430E0012ED} 0
{004A5840-FF59-11d2-B50D-0090271D3FD4} 0
{004B23E0-1E63-4ED6-BCAC-922BA26CF096} 0
{0055C089-8582-441B-A0BF-17B458C2A3A8} 0
{00673769-777F-4814-BE0F-74CBA1D823B8} 0
{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} 0
{00A0A40C-F432-4C59-BA11-B25D142C7AB7} 0
{00A6FAF1-072E-44cf-8957-5838F569A31D} 0
{00C6482D-C502-44C8-8409-FCE54AD9C208} 0
{00D6A7E7-4A97-456f-848A-3B75BF7554D7} 0
{00F16DC8-1B2A-42F4-B18B-E21DA9D2D7FD} 0
{0140DF95-9128-4053-AE72-F43F0CFCA062} 0
{014DA6C1-189F-421a-88CD-07CFE51CFF10} 0
{014DA6C9-189F-421a-88CD-07CFE51CFF10} 0
{01A7812B-59E8-4A4F-BFD6-EEE6D4CB6BA2} 0
{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} 0
{01CD4DDA-166D-4831-A373-ACCC27E1BB9D} 0
{01E04581-4EEE-11D0-BFE9-00AA005B4383} 0
{01F44A8A-8C97-4325-A378-76E68DC4AB2E} 0
{021BB032-80A8-4FB6-B3D5-CF27B1553B95} 0
{02336F51-24CA-4422-AB63-18841ADF35E6} 0
{02478D28-C3F9-4efb-9B51-7695ECA05670} 0
{02478D38-C3F9-4efb-9B51-7695ECA05670} 0
{024DE5EB-3649-445E-8D57-C09A9A33D479} 0
{02681612-869A-4a07-9D7D-984F42217890} 0
{029BB53A-C312-4b09-9B4F-ED57AF027B28} 0
{029CA12C-89C1-46a7-A3C7-82F2F98635CB} 0
{02DCA195-602B-4B1F-83FF-381B7E804BDB} 0
{0315AA2C-10C7-4504-A1C4-F552ABA8A095} 0
{0345B059-8731-42BC-B7B7-5121014B02C6} 0
{0352960F-47BE-11D5-AB93-00D0B760B4EB} 0
{04047354-D353-11D2-B3EB-0060B03C5581} 0
{04079851-5845-4dea-848C-3ECD647AA554} 0
{04164EC4-1E48-4279-818E-3721931E7636} 0
{0421701D-CF13-4E70-ADF0-45A953E7CB8B} 0
{0428FFC7-1931-45b7-95CB-3CBB919777E1} 0
{046D6EA4-15E3-4b27-8010-45BD78A9219E} 0
{04719991-296F-4958-AA0F-FA25FFA5008B} 0
{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} 0
{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} 0
{0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} 0
{058FC709-D5CD-4A95-92DB-59E6488ECDA4} 0
{059B2FC0-741D-40F8-AEFA-D2C919EB9217} 0
{05BBB56A-2A69-4A5C-BFDA-43295DD67434} 0
{06594350-D723-11D8-9669-0800200C9A66} 0
{06DFEDAA-6196-11D5-BFC8-00508B4A487D} 0
{074E3AA7-7718-4404-B3F8-FF8FB5414E0E} 0
{07B18EA1-A523-4961-B6BB-170DE4475CCA} 0
{07B18EA9-A523-4961-B6BB-170DE4475CCA} 0
{08227B4B-54FE-4C4D-809F-BCA46292FC5B} 0
{08351226-6472-43BD-8A40-D9221FF1C4CE} 0
{08351227-6472-43BD-8A40-D9221FF1C4CE} 0
{08442457-929D-4522-AE24-9D3E4664A0C1} 0
{086AE192-23A6-48D6-96EC-715F53797E85} 0
{086CEFD5-A88D-4981-8915-D51F04360ED1} 0
{087173EF-9829-4F49-8340-A524177D3F60} 0
{08C63920-DC18-11D2-9E1E-00A0247061AB} 0
{08DBDE36-DF28-11D5-8CA5-0050DA44A764} 0
{08E1C8E1-E565-44fc-A766-C9539BB3ABB7} 0
{08E74C67-99A6-45C7-94DA-A397A8FD8082} 0
{0950C008-880D-46F3-AFE0-AE85C6458044} 0
{09549E9B-8BC0-40A4-B5D6-BD761338D631} 0
{0982868C-47F0-4EFB-A664-C7B0B1015808} 0
{09AF76DD-6988-4664-97D0-362F1011E311} 0
{09F0F280-FB9A-481B-B69A-CB00DC44D027} 0
{0A1375E1-56C2-11D6-8E45-8933A0FB5235} 0
{0A1A2A3A-4A5A-6A7A-8A9A-AABACADAEAFA} 0
{0A4DC360-26A5-4FC1-8FB2-ADD00738A99B} 0
{0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} 0
{0A68C5A2-64AE-4415-88A2-6542304A4745} 0
{0A6A6F79-BBE3-4A8B-8A64-9D1D1100A347} 0
{0AAF602E-72A1-45FE-BAB1-06971E07EAA2} 0
{0ADCDFE7-8490-406D-91BF-88F71FD7F8AE} 0
{0AEE4D0C-4B38-4196-AE32-70ACE5656647} 0
{0B519E07-7824-4adc-8890-93D5EABBF285} 0
{0B90AA1B-F649-44C3-9FD3-736C332CBBCF} 0
{0BA1C6EB-D062-4E37-9DB5-B07743276324} 0
{0C9CBFE1-91CD-40C2-BB64-1EC84C4C46AF} 0
{0D245396-8535-11D3-B3F9-00A0C9424626} 0
{0D7DC475-59EB-4781-985F-A6F5D4E2BC73} 0
{0D929918-C804-4756-B0AC-640EF3F061E9} 0
{0DDBB570-0396-44C9-986A-8F6F61A51C2F} 0
{0E1230F8-EA50-42A9-983C-D22ABC2E0099} 0
{0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} 0
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} 0
{0E5CBF21-D15F-11D0-8301-00AA005B4383} 0
{0EEDB912-C5FA-486F-8334-57288578C627} 0
{0F660F64-F4C9-477F-8529-44181B717472} 0
{0FC817C2-3B45-11D4-8340-0050DA825906} 0
{0FFE2F08-3AC9-4A91-A61D-4FF24F91A561} 0
{1028F737-81E7-452B-A860-E50CAD90A08C} 0
{10384d0e-2bc1-48b6-844b-ad0e9e6d2511} 0
{10955232-B671-11D7-8066-0040F6F477E4} 0
{11359F4A-B191-42d7-905A-594F8CF0387B} 0
{118CE65F-5D86-4AEA-A9BD-94F92B89119F} 0
{11904CE8-632A-4856-A7CC-00B33FE71BD8} 0
{11990E9F-2A4D-11D6-9507-02608CDD2842} 0
{11F6B95F-0774-4B8D-8C9E-6B552CBCAD14} 0
{1201333E-BAD9-481C-BCF5-6904498CF85B} 0
{120FF052-1C61-4C14-8F54-BBBC4A988590} 0
{123249EB-F891-44C4-946F-450064F9080E} 0
{12BA043E-293E-4CE4-A8C7-8460934FE801} 0
{12D02C08-218F-4A11-BDE1-6611ADB7B81F} 0
{12DF6E3E-6272-4AE8-880B-2158D60791C0} 0
{12F02779-6D88-4958-8AD3-83C12D86ADC7} 0
{136A9D1D-1F4B-43D4-8359-6F2382449255} 0
{13707362-08A2-11D3-A26D-0060976E9E6A} 0
{139D88E5-C372-469D-B4C5-1FE00852AB9B} 0
{13F537F0-AF09-11d6-9029-0002B31F9E59} 0
{13F90341-AD79-4A9F-9B57-0234675670D6} 0
{1402DF89-8043-44E9-AFE8-CB3DB644EF7D} 0
{14B3D246-6274-40B5-8D50-6C2ADE2AB29B} 0
{150FA160-130D-451F-B863-B655061432BA} 0
{157F70D2-49E8-11D3-B094-005004116944} 0
{16122F02-9713-11D3-9744-005004116944} 0
{1624F640-49AC-11D3-8ABD-00C04FA95EE0} 0
{165EAF06-A068-4BE1-8418-D92B2A196878} 0
{166348F1-2C41-4C9F-86BB-EB2B8ADE030C} 0
{16664845-0E00-11D2-8059-000000000000} 0
{1678F7E1-C422-11D0-AD7D-00400515CAAA} 0
{17456D4E-823D-9B68-283C-1A819CBBDD19} 0
{17939A30-18E2-471E-9D3A-56DD725F1215} 0
{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF} 0
{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} 0
{1808648B-3102-4293-8AD3-06AF71D3321B} 0
{18AD2309-B249-46FB-9012-3B787446707F} 0
{18B79968-1A76-4953-9EBB-B651407F8998} 0
{19A447BA-9C2E-4864-93F5-A0645229771E} 0
{19E41A2D-BD9D-48bb-9576-27B2CF0877C0} 0
{1A1DAC8C-074D-440F-8707-7009A672D7D1} 0
{1A214F62-47A7-4CA3-9D00-95A3965A8B4A} 0
{1A98BCA2-0BD1-47DE-9710-C7665F7F1FCB} 0
{1B0E7716-898E-48cc-9690-4E338E8DE1D3} 0
{1B13BF1B-A528-4CC4-B5BF-553CAA6487AC} 0
{1B77D30A-81C9-497A-8647-142F7511B1FB} 0
{1B7D753B-1981-4bd2-91F3-6D055EE113A0} 0
{1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257} 0
{1BDD55B8-3985-4E59-B906-5E0AD56D6710} 0
{1C4DA27D-4D52-4465-A089-98E01BB725CA} 0
{1C78AB3F-A857-482e-80C0-3A1E5238A565} 1
{1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} 0
{1D022C27-3771-4D1D-B1B7-1953E271C6CA} 0
{1D62BD48-16F6-4004-A54A-3C41E4955A87} 0
{1D71DB63-D72A-4479-98F8-5BCB84FAE0F6} 0
{1D870C86-AA3C-4451-81E4-71D480A1A652} 0
{1D9B10E0-E90C-11D7-A399-B7BAC8911A3F} 0
{1E1B2879-30C7-11D4-8DDF-525400E483E3} 0
{1E1B2879-88FA-11D3-8D96-D7ACAC95951A} 0
{1E1B2879-88FF-11D2-8D96-000000000003} 0
{1E1B2879-88FF-11D2-8D96-000000000004} 0
{1E1B2879-88FF-11D2-8D96-123457123457} 0
{1E1B2879-88FF-11D2-8D96-D7ACAC31337F} 0
{1E1B2879-88FF-11D2-8D96-D7ACAC95951A} 0
{1E1B2879-88FF-11D2-8D96-D7ACAC95951F} 0
{1E1B2879-88FF-11D2-8D96-D7ACAC97972F} 0
{1E1B2879-88FF-11D2-8D96-FFFFAC95951F} 0
{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} 0
{1E1B2879-88FF-11D3-8D96-D7ACAC95951F} 0
{1E6F1D6A-1F20-11D4-8859-00A0CCE26836} 0
{1F326B8F-CE7F-4C98-96A1-AC7A2B61D742} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA2} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA7} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA8} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2} 0
{1F5D3D5F-5738-423C-A962-066EC1A6427F} 0
{1FEA39D6-46B3-4F66-BC38-4839CFE198EA} 0
{2005F7BA-6189-4607-BF8B-667679251CC0} 0
{2038A287-4221-4F76-A7C0-ADDD77AFABB3} 0
{204F937E-519E-4597-96FA-8F1F59F3CB6D} 0
{206E52E0-D52E-11D4-AD54-0000E86C26F6} 0
{20E5DE3E-3D2C-4E4F-969E-6C3F00354BC7} 0
{21301D69-B8F1-46AA-B0B5-09EE2285914C} 0
{21C32A07-0176-4FFE-BCDA-65D4A24F4303} 0
{223405EC-01F9-48a2-BDBB-D519913E2765} 0
{224530A0-C9CB-4AEE-9C0F-54AC1B533211} 0
{22941A26-7033-432C-94C7-6371DE343822} 0
{22998D24-B789-4CA2-A7FC-CD7CE7DEB14C} 0
{22D003CE-6952-46C5-80B9-D19B479620AB} 0
{23BC1CCF-4BE7-497F-B154-6ADA68425FBB} 0
{23DDAE8C-6A79-4d62-80AA-E95D89CB9811} 0
{24180B00-2EB6-11d7-BD6F-004854603DCE} 0
{248B131E-01EA-4587-8EFE-1D915E143D5E} 0
{24AC2D89-8566-4A52-850A-24FAF8DF57E0} 0
{259F616C-A300-44F5-B04A-ED001A26C85C} 0
{25F7FA20-3FC3-11D7-B487-00D05990014C} 0
{2645D297-DD4B-4DD3-BAB0-34D4BB8F7EE6} 0
{2662BDD7-05D6-408F-B241-FF98FACE6054} 0
{267D5BD3-0DC2-4724-A196-7F4794FBB9EB} 0
{269B6797-664E-48AA-B283-B012BDF6E525} 0
{26CA4BD4-E63A-423D-AE08-933C2F8F0977} 0
{26CB33C5-1F3C-4C52-8B26-29D6E0635770} 0
{270B845C-712C-4773-BEE0-AE2D2001CD0F} 0
{2737A6C0-7E24-11D7-B299-00E0297E0844} 0
{27557cf1-a237-496d-8c8f-08f3844c6a8b} 0
{275636E4-A535-4668-9FF1-86DC0C62D446} 0
{27A5FF76-9919-492C-98E3-EDA3502FC829} 0
{28A19C3E-91E4-4bca-A623-BAF3C43C4F49} 0
{28CAEFF3-0F18-4036-B504-51D73BD81C3A} 0
{296AE49F-E195-4835-895C-91788B938DF8} 0
{297caf50-e4f7-11d1-a380-00600896eccc} 0
{29A38549-AF6F-11D4-89D6-BC1DFD912B00} 0
{29F7B7FA-ADC8-48ea-9E1C-EA87A05AE642} 0
{2A57772A-D963-4533-A999-A4D66B7EF424} 0
{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} 0
{2A7B720A-7A28-4e99-80A0-2DF985EC93D0} 0
{2AF8CED6-5BD8-4310-A90C-9664EFB16B10} 0
{2B3452C5-1B9A-440F-A203-F6ED0F64C895} 0
{2BC43670-C0BD-4794-BB11-F60F3E001DC5} 0
{2BDEC2E4-819F-11D5-8846-006097B89050} 0
{2CF0B992-5EEB-4143-99C0-5297EF71F443} 0
{2CF0B992-5EEB-4143-99C0-5297EF71F444} 0
{2CF0B992-5EEB-4143-99C0-5297EF71F44A} 0
{2CF0B992-5EEB-4143-99C0-5297EF71F44B} 0
{2CF0B992-5EEB-4143-99C2-5297EF71F44A} 0
{2CF0B992-5EEB-4143-99C2-5297EF71F44B} 0
{2D38A51A-23C9-48a1-A33C-48675AA2B494} 0
{2D43D3A0-EC29-11D2-8ADE-0020182CECB3} 0
{2D556983-83D7-4630-9AA5-27C74CA27B79} 0
{2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71} 0
{2D877C0B-3F44-42CD-A283-57AAA9186CB9} 0
{2DFC54AD-2B04-4E4A-96FA-79D2701F3763} 0
{2E03C0FD-4C48-43A7-9A54-00240C70FF16} 0
{2E12B523-3D4C-4FAC-9B04-0376A8F5E879} 0
{2E77E33F-671E-4334-ABAA-0C2E2BE654F1} 0
{2E9CAFF6-30C7-4208-8807-E79D4EC6F806} 0
{2ECB7FB2-0333-416F-92FD-4904AD49252B} 0
{2EF37A01-884F-11D5-AC99-B112050ECB4F} 0
{2F24B54D-3A27-11D8-8169-00C02623048A} 0
{2F4F8CC3-FF89-11D1-9F63-0020182D7E20} 0
{2FF5573C-0EB5-43db-A1B2-C4326813468E} 0
{30192F8D-0958-44E6-B54D-331FD39AC959} 0
{305C398B-4278-4AD6-86D9-6A2774596BE3} 0
{30A56549-9D5B-4D34-AFA7-440A7F0538A9} 0
{312FA154-E1B7-4336-9833-EE6B38D58B56} 0
{316AEF8D-3C37-423E-9E6E-13820A9DC37A} 0
{31995C64-CB4D-483E-82C2-CCFFE2F66CAB} 0
{319A68DB-06D0-46DA-9F93-A810D5A70836} 0
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} 0
{33414365-E6C7-460d-880A-A163BD69E84D} 0
{337D0C1D-4053-4FAB-AF2B-45C2F7B0FAA6} 0
{337D0C1D-4053-4FAB-AF2B-45C2F7B0FAA7} 0
{3392BD0A-A851-4AA4-86E0-4651006F9EA8} 0
{339BB23F-A864-48C0-A59F-29EA915965EC} 0
{340166BC-786B-401F-96AC-7C8821EFA9CD} 0
{3424643B-A93E-45BF-ACA9-AF8B3ACC7BF0} 0
{348FE907-249E-4C65-A838-F34A193FE1D1} 0
{34A44FCF-50E3-63A5-A8DA-7835752B9571} 0
{34D516EA-40E3-4E3B-8BA8-505112738ED5} 0
{35980F6E-A137-4E50-953D-813BB8556899} 0
{35CC7369-C6EB-4A64-AB05-44CF0B5087A0} 0
{35EB9C91-1CA6-11d5-8B2B-00C04F779127} 0
{3611204F-4B3C-11D4-B416-E159A5067F41} 0
{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} 0
{3717DF55-0396-463d-98B7-647C7DC6898A} 0
{371C6960-302C-45D0-9504-50B820247439} 0
{3750BFA3-1392-4AF3-AF86-9D2D4776E5A4} 0
{3789CBF0-C4CA-4e98-B93B-22ACF0587FBA} 0
{423BD222-52BE-471A-BE01-75FCCEB3D48F} 0
{42A7CE31-CEE7-4CCE-A060-A44A7E52E062} 0
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} 0
{432D8C41-8586-11D8-997D-00C026232EB9} 0
{437434D2-065E-499D-A337-59657DF3342F} 0
{43872F3D-F7C8-4fa6-BE94-B3C263C1E2A9} 0
{43D29D14-460E-4F3A-9037-E60F11EF12F0} 0
{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} 0
{43DF16FD-D9ED-4c9e-B14A-F3236A12C649} 0
{43FA5935-E36E-4937-8127-A90191B2EC68} 0
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} 0
{442599A9-EB41-4F1F-B999-737BC587F314} 0
{447160CD-ECF5-4EA2-8A8A-1F70CA363F85} 0
{44A23DAB-8D31-43AE-9F68-5AC24CF7CE8C} 0
{44AF5221-A43E-224E-56BA-ABCD43C344D1} 0
{44BE0690-5429-47f0-85BB-3FFD8020233E} 0
{459CAF0F-CA9F-4d69-A1A9-B0699D07AB8A} 0
{45AD732C-2CE2-4666-B366-B2214AD57A49} 0
{4647E382-520B-11D2-A0D0-004033D0645D} 0
{467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} 0
{46832FF5-95B5-4654-88F4-7F5F37AD1FC2} 0
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} 0
{46B9D770-1B7D-45D1-81B4-AC07B2F127EF} 0
{4708D1EF-3800-4E4E-9948-360BA9164264} 0
{474264BC-9571-47C1-85B9-780F756DC9CE} 0
{47833539-D0C5-4125-9FA8-0819E2EAAC93} 0
{4845C240-1DFD-11D3-97DE-00104B873412} 0
{484FF54A-CC44-467E-9C31-5B89FC753007} 0
{48BF2BC0-2945-11D8-8CAC-00080EC65465} 0
{496756A6-05E2-4646-96B5-071EC0394E9C} 0
{499DB658-1909-420B-931A-4A8CAEFD232F} 0
{49A69FA0-2678-45CD-A069-6ACC372B20F8} 0
{49E0E0F0-5C30-11D4-945D-000000000000} 0
{49E0E0F0-5C30-11D4-945D-000000000001} 0
{49E0E0F0-5C30-11D4-945D-000000000003} 0
{49E0E0F0-5C30-11D4-945D-010002000012} 0
{49F2248D-1734-4B0F-A7B8-542E526EE07C} 0
{4A20B7AF-2835-47EF-BBBF-09CAF8AF2907} 0
{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} 0
{4A368E80-174F-4872-96B5-0B27DDD11DB2} 0
{4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} 0
{4B021269-DD24-48B2-96B4-DA121E9C0502} 0
{4B2F5308-2CB0-40E2-8030-59936ED5D22C} 0
{4B5F2E08-6F39-479A-B547-B2026E4C7EDF} 0
{4B7B69EB-A00F-4FCD-B601-ACCBB86ED528} 0
{4B8E6575-1013-45e9-BF77-9852ECEF07A9} 0
{4B8F38C7-62FC-4762-B9A0-27E63F768167} 0
{4BC3AC04-3E56-411D-B465-4FEA06654611} 0
{4BCF322B-9621-4e90-9678-F1424EB7584E} 0
{4BD9653E-D4C7-454B-9151-A8517B84BA08} 0
{4C12361F-3431-4A69-B0CA-CA788A8F7C12} 0
{4C4871FD-30F6-4430-8834-BC75D58F1529} 0
{4C4C942D-03B0-4041-94F2-73991832615F} 0
{4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} 0
{4CC0FAF8-6048-421C-9FE2-261A9ECE5F80} 0
{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} 0
{4D0B671C-7F9A-4516-B4DB-D30F3A12EE26} 0
{4D568F0F-8AC9-40AB-88B7-415134C78777} 0
{4D63CEBE-B169-426C-B092-C130C498B6E6} 0
{4DF1DB24-A57C-11d3-A180-00A0C90AE44B} 0
{4DF5B116-4FD9-4039-B377-1130953A980F} 0
{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31} 0
{4E4B8455-0390-4417-8774-6868F5544810} 0
{4E7BD74F-2B8D-469E-92A5-F865B88CBE28} 0
{4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} 0
{4E7BD74F-2B8D-469E-92EA-EC65A294AE31} 0
{4E7BD74F-2B8D-469E-95BE-B378BA9CB52D} 0
{4E7BD74F-2B8D-469E-96F7-EB6DB99AA92E} 0
{4E7BD74F-2B8D-469E-98F7-EB6DB99AA93B} 0
{4E7BD74F-2B8D-469E-A08D-8F6FA787AD2D} 0
{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D} 0
{4E7BD74F-2B8D-469E-A0E4-EA6FA787AD2D} 0
{4E7BD74F-2B8D-469E-A0E8-ED6DB696BB7D} 0
{4E7BD74F-2B8D-469E-A0E8-F76FA694BF2E} 0
{4E7BD74F-2B8D-469E-A1E4-EA6FA787AD2D} 0
{4E7BD74F-2B8D-469E-A3F3-E96FF4D5FA7D} 0
{4E7BD74F-2B8D-469E-A3FA-F161A787AD2D} 0
{4E7BD74F-2B8D-469E-A3FA-F363B384B77D} 0
{4E7BD74F-2B8D-469E-A58D-8F6FA787AD2D} 0
{4E7BD74F-2B8D-469E-A68E-8E1CA787AD2D} 0
{4E7BD74F-2B8D-469E-AA8E-8E1CA787AD2D} 0
{4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} 0
{4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} 0
{4E7BD74F-2B8D-469E-C0FB-EF60B19DBC34} 0
{4E7BD74F-2B8D-469E-C0FB-FA62BD92B438} 0
{4E7BD74F-2B8D-469E-C0FB-FB6DA681FA7D} 0
{4E7BD74F-2B8D-469E-C0FC-F76FA694BF2E} 0
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} 0
{4E7BD74F-2B8D-469E-C0FF-FD60B890A37D} 0
{4E7BD74F-2B8D-469E-C0FF-FD63B29BB37D} 0
{4E7BD74F-2B8D-469E-C0FF-FD63B399BC7D} 0
{4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} 0
{4E7BD74F-2B8D-469E-C0FF-FD69BD9BBF3A} 0
{4E7BD74F-2B8D-469E-C0FF-FD6DB787FA7D} 0
{4E7BD74F-2B8D-469E-C0FF-FD78A087B530} 0
{4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} 0
{4E7BD74F-2B8D-469E-C1EB-ED65B786FA7D} 0
{4E7BD74F-2B8D-469E-C1F2-F063A081BF33} 0
{4E7BD74F-2B8D-469E-C3FF-FB7FB59BFA7D} 0
{4E7BD74F-2B8D-469E-C6ED-ED6AA787AD2D} 0
{4E7BD74F-2B8D-469E-C8EF-F36FA787AD2D} 0
{4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} 0
{4E7BD74F-2B8D-469E-D1F0-E56FA787AD2D} 0
{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D} 0
{4E7BD74F-2B8D-469E-D3EC-FE6EB89AB529} 0
{4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} 0
{4E7BD74F-2B8D-469E-D3FC-F363BB81A82F} 0
{4E7BD74F-2B8D-469E-D4F3-F66DA787AD2D} 0
{4E7BD74F-2B8D-469E-D4FF-ED78A787AD2D} 0
{4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} 0
{4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} 0
{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} 0
{4E7BD74F-2B8D-469E-D9FB-FA6BAD98FA7D} 0
{4E7BD74F-2B8D-469E-DAEE-FE7EB39ABD7D} 0
{4E7BD74F-2B8D-469E-DBFC-ED1CA787AD2D} 0
{4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} 0
{4E7BD74F-2B8D-469E-DFF7-EC7DA787AD2D} 0
{4E7BD74F-2B8D-469E-EEFD-ED6DB186CE4D} 0
{4E7D0B40-F575-4A29-9710-4675EAF4686A} 0
{4EBDC6E1-4B3C-11D7-BC75-008048C7A589} 0
{4F869C58-D71D-4850-8BDD-7B5CDF8EC911} 0
{4F92B827-1E56-4E30-A978-A17A7861A606} 0
{4FC95EDD-4796-4966-9049-29649C80111D} 0
{5074851C-F67A-488E-A9C9-C244573F4068} 0
{51641EF3-8A7A-4D84-8659-B0911E947CC8} 0
{516E2306-7ADF-47EC-AEA8-ACB6B51899F1} 0
{51C8BCA8-2524-4523-BF09-738C4EEBFC58} 0
{525BBD23-1863-46C6-86D6-5F9A3715D44E} 0
{52706EF7-D7A2-49AD-A615-E903858CF284} 0
{528DA727-EC08-461E-9564-DF5C971E8574} 0
{52D9BB0E-07DF-11D5-AE44-444553540000} 0
{52FE5233-367C-4EFB-BDD7-0BE4D212C107} 0
{5321E378-FFAD-4999-8C62-03CA8155F0B3} 0
{53707962-6F74-2D53-2644-206D7942484F} 0
{53C330D6-A4AB-419B-B45D-FD4411C1FEF4} 0
{53CBEE82-D747-11d3-9ED0-005004189684} 0
{53D3C442-8FEE-4784-9A21-6297D39613F0} 0
{53E10C2C-43B2-4657-BA29-AAE179E7D35C} 0
{5420be57-2ed4-4f4f-9eb9-381cec2290e7} 0
{54A85A38-A699-4AEC-8F88-AB542210C93B} 0
{54EC170F-6EB1-47C6-9C4D-EB0BE20CE45E} 0
{54ED9B49-81D1-4866-95A6-30F01DE0047E} 0
{54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} 0
{5538fb62-f725-4433-a965-91314e8d8e4d} 0
{55910916-8B4E-4C1E-9253-CCE296EA71EB} 0
{55EDFA0E-B812-4AE5-94CC-8ABE6EA13515} 0
{56071E0D-C61B-11D3-B41C-00E02927A304} 0
{562C1A20-72E7-4ED8-A26D-0DC57415FE92} 0
{56796C51-A689-4360-B813-18A47C9D05C2} 0
{569E7719-1A11-415E-9206-AC1860FB8BFF} 0
{56B38F40-4E70-11d4-A076-0080AD86BA2F} 0
{56CD20F0-7C09-11D5-A768-0050042307CE} 0
{576EB0AD-6980-11D5-A9CD-0001032FEE17} 0
{57CD6D2E-0291-488F-B846-AF101B367DD5} 0
{57D23905-A2A3-4002-8C48-09DEA366703F} 0
{57E69D5A-6539-4d7d-9637-775DE8A385B4} 0
{57E91B41-F40A-11D1-B792-444553540000} 0
{58359010-BF36-11D3-99A2-0050DA2EE1BE} 0
{5843A29E-1246-11D4-BA8C-0050DA707ACD} 0
{587DBF2D-9145-4c9e-92C2-1F953DA73773} 0
{5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} 0
{58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} 0
{5998B08E-CFAC-11D5-822A-0050048E6E38} 0
{5A3A5040-4210-11D7-BD2E-00080E34122F} 0
{5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} 0
{5B2AD7D7-81E3-4B74-8B74-4600A67BBB8A} 0
{5BBFC00A-312C-4777-A5DF-DDA65C67120C} 0
{5C472352-90D0-4214-BF20-8E4A2B82F980} 0
{5C9DCA26-CEC4-4280-A831-D622D4DBF113} 0
{5CA3D70E-1895-11CF-8E15-001234567890} 0
{5CF8A355-F8C6-4883-9C25-49D01A7D25BE} 0
{5D60FF48-95BE-4956-B4C6-6BB168A70310} 0
{5DAFD089-24B1-4c5e-BD42-8CA72550717B} 0
{5DE4E98D-DE09-4BC3-8A70-A6D9A24F4EC9} 0
{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} 0
{5ED50735-B0D9-47C6-9774-02DD8E6FE053} 0
{5F186CB1-08C6-4034-8529-CDC625463D99} 0
{5F1ABCDB-A875-46c1-8345-B72A4567E486} 0
{5F48C39E-5581-4701-9A76-96A6E25E5BCC} 0
{5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} 0
{5F5564AC-DE7A-4DCD-9296-32E71A35DCB6} 0
{5F5564AC-DE7A-4DCD-9296-32E71A35DCB7} 0
{5F6293C0-8686-11d5-9C62-000102117FC3} 0
{5FA6752A-C4A0-4222-88C2-928AE5AB4966} 0
{60112085-E1CE-4e0e-823A-EBB1AD98804C} 0
{601ED020-FB6C-11D3-87D8-0050DA59922B} 0
{604B283A-4E26-4504-98E7-72859F949547} 0
{6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} 0
{60C718BD-2471-44E4-AFCF-6625BEB620BF} 0
{60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} 0
{60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} 0
{61225C49-D70F-4082-B2F6-90C7B66D06C8} 0
{6165D324-3AAF-4C63-B545-C7D2285BEA1C} 0
{6172E460-FAE3-11D2-B494-004005A47AAA} 0
{61B5B39F-0750-4637-9D70-A63A79978B5D} 0
{61D029AC-972B-49FE-A155-962DFA0A37BB} 0
{62160EEF-9D84-4C19-B7B8-6AC2526CD726} 0
{622CC208-B014-4FE0-801B-874A5E5E403A} 0
{6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} 0
{6291957C-8CE9-4c90-BEFF-12D9E68CFF30} 0
{62999427-33FC-4baf-9C9C-BCE6BD127F08} 0
{634EFDE4-087D-4ce9-952F-63C9EEB2E0BF} 0
{63B78BC1-A711-4D46-AD2F-C581AC420D41} 0
{63CF97E8-4133-438a-A831-CC9C6D47D673} 0
{6427806D-3820-11D5-9939-00B0D0522EB5} 0
{645FD3BC-C314-4F7A-9D2E-64D62A0FDD78} 0
{65394353-C60B-4480-ADC3-02B7B4C434B4} 0
{656EC4B7-072B-4698-B504-2A414C1F0037} 0
{657B9354-BB3B-4500-A9B0-109B4FA64815} 0
{6596829B-37D4-40ad-971B-1E9041725C52} 0
{65C8C1F5-230E-4DC9-9A0D-F3159A5E7778} 0
{6607C683-AE7C-11D4-ACD7-0050DAC291A2} 0
{663C7429-E454-11D3-B9AE-0000B4C32B4D} 0
{6656B666-992F-4D74-8588-8CAC9E79D90C} 0
{665ACD90-4541-4836-9FE4-062386BB8F05} 0
{669695BC-A811-4A9D-8CDF-BA8C795F261C} 0
{66993893-61B8-47DC-B10D-21E0C86DD9C8} 0
{66F67511-2665-4C34-9E20-FAC2C0954EF2} 0
{6754A456-BAD9-11D4-93D3-00B0D03A2F91} 0
{67970B26-F57D-4455-8262-81C3AE3B8B5E} 0
{68513770-A18E-11D7-B77C-00C0DFF3F600} 0
{68E69D9D-63C9-4C32-A53B-CBE1D5A5903E} 0
{69135BDE-5FDC-4B61-98AA-82AD2091BCCC} 0
{69550BE2-9A78-11D2-BA91-00600827878D} 0
{6A85D97D-665D-4825-8341-9501AD9F56A3} 0
{6AC15BAC-8AE7-11D3-A458-0000C07BA55F} 0
{6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} 0
{6AF9BC61-3CC5-42A7-82D1-FFC2562A7289} 0
{6B12DABB-0B7C-44FA-B0B3-4BAFF3790256} 0
{6BC013D0-77D9-11d5-AB95-0050DA664D35} 0
{6BDE1669-B490-48E3-B668-456314F2D6C3} 0
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} 0
{6CC1C918-AE8B-4373-A5B4-28BA1851E39A} 0
{6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} 0
{6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} 0
{6D0AC7F7-B628-4581-A8B2-14D97F24AA76} 0
{6D106759-3F98-4026-A46B-8E34DE30DA80} 0
{6D55490C-1BD4-4790-BA31-84D261316E28} 0
{6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} 0
{6E18F3FD-82DA-46EE-944C-CBEC9071D2F7} 0
{6E1C5E3D-A8E6-4a92-820F-BFCFE45BA158} 0
{6E34D984-4054-45E3-8452-0159A2F0D232} 0
{6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} 0
{6F8ADBE2-8C92-4362-B0E6-7321AA49EE46} 0
{6F91A936-734D-4EE7-9320-50718870285D} 0
{7011471D-3F74-498E-88E1-C0491200312D} 0
{702AD576-FDDB-4d0f-9811-A43252064684} 0
{707E6F76-9FFB-4920-A976-EA101271BC25} 0
{70E1F00F-DD39-4C24-A93C-DD5BADD08F25} 0
{710089CF-87C3-763F-C8F6-5A0DBFD3AEC3} 0
{712B650E-8940-4860-8EE9-B03F58AB36EF} 0
{7157CE13-F711-49CD-AA5F-4FA80EAA622B} 0
{71AAABE5-1F0F-11d7-BD6F-004854603DCE} 0
{71B8AB7E-CB3F-4471-878E-8E1DFDF49B8B} 0
{71CC3BD4-6217-44AB-B8D0-96AEAF9A8678} 0
{71ED4FBA-4024-4bbe-91DC-9704C93F453E} 0
{724D43A0-0D85-11D4-9908-00400523E39A} 0
{724d43a9-0d85-11d4-9908-00400523e39a} 0
{72557F9F-13AE-44C9-B3D7-5091B599027C} 0
{727D45C4-2BD1-41D2-B54E-97DEAF06AD9A} 0
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} 0
{72A58725-2635-4725-8C53-676DFD1FEB8D} 0
{72CEAE02-DF9C-49F3-9689-10D1B82DC343} 0
{72EFCEB7-436E-11D3-93ED-0008C7396667} 0
{730F2451-A3FE-4A72-938C-FC8A74F15978} 0
{7371F073-AC0F-4b80-BB2F-96A488CEFB32} 0
{748A5D0A-68D3-11D4-A67E-00E098823A80} 0
{753AA023-02D1-447D-8B55-53A91A5ABF18} 0
{7559B76E-0222-4d77-9499-CCE9EB4EDC2F} 0
{75A46C7E-D7AB-55F3-8DF2-D9A7FFD913E6} 0
{75CD0BC5-E317-449C-9FF6-4986B3D48F64} 0
{760A9DDE-1433-4A7C-8189-D6735BB5D3DD} 0
{765E6B09-6832-4738-BDBE-25F226BA2AB0} 0
{769A6A36-ED24-4376-BC7C-80225BF35698} 0
{769a6fad-c100-4af9-9bf9-439e05ba1542} 0
{76D92AF6-2C25-4667-A54F-F75012BCB7B1} 0
{76EAE03C-F2B1-4397-97E8-390920B7C2DC} 0
{76EC9B95-D244-41F9-A5BE-6896EFFB40CF} 0
{774E69B6-C981-11D6-B1B1-0050DAB9F678} 0
{77712A64-F30B-47C8-A363-CDA1CEC7DC1B} 0
{777D0B4C-75C9-4874-ABFF-80B4BE8DC532} 0
{778B6755-2A32-11D4-A68C-00104BB641A7} 0
{78104A01-8E71-4F30-9A36-3793799615B4} 0
{78839ABD-14B9-11D4-BA68-00104BC6425F} 0
{78B5D524-8F7C-4B57-8D17-0D446F868994} 0
{79049BCB-7C3A-467B-BFA9-0B8C1CD44463} 0
{79369D5C-2903-4b7a-ADE2-D5E0DEE14D24} 0
{79594677-0416-4097-A421-41BE9667B36F} 0
{799A370D-5993-4887-9DF7-0A4756A77D00} 0
{79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} 0
{79C9FB71-7827-11D3-8DF7-00105A119B7C} 0
{79C9FDA0-0A67-4C56-BC89-6AB3FEC2752F} 0
{7A33D136-248C-4BA5-B72D-BB68F4AD9039} 0
{7A3BA17E-A5C6-4889-8A78-80A3C3382118} 0
{7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} 0
{7A4CB73C-64DF-4155-9EFA-57F86560245E} 0
{7A9BC6B1-7F27-47c6-A66D-13582E81E537} 0
{7B49A2A5-B45F-46F3-AC60-2578477671EE} 0
{7B55BB05-0B4D-44fd-81A6-B136188F5DEB} 0
{7B64270B-1216-47CE-9708-DE9D2D628CC5} 0
{7BA7B95F-9B92-4132-8012-E19B585CAF21} 0
{7C0D0F1A-AA1F-4F43-94EC-3F88651C8C7F} 0
{7C24A476-8B03-46ed-8CCF-CE8AE7213C99} 0
{7D9E713D-0388-4384-BDD8-2A42EB1C4F04} 0
{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} 0
{7DAFD8A1-A6F8-11D3-9B51-0000E85300BA} 0
{7DD896A9-7AEB-430F-955B-CD125604FDCB} 0
{7DE7B623-A17E-4A0B-94BA-D1B3BA646792} 0
{7E600446-2123-4CC9-A69D-7EEC55AB9956} 0
{7E6CDC1C-3B90-47D7-B2A8-24438CA96075} 0
{7E82235C-F31E-46CB-AF9F-1ADD94C585FF} 0
{7EED2A74-002E-481F-A283-D96B81EA244B} 0
{7EEF1E3D-FD97-4401-BCDB-5827F2D11709} 0
{8017CFC2-1836-4A82-A5B6-829780A41536} 0
{801BF87E-A000-11D3-81FE-00902741DE09} 0
{80230FFE-53DD-11D2-AE5F-0000832F3A64} 0
{80672997-D58C-4190-9843-C6C61AF8FE97} 0
{80841D20-757E-4A6B-9934-2B3CB9AE83CB} 0
{8085E374-ACBB-42F9-873F-49EC7E244F97} 0
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} 0
{80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} 0
{81270159-E8F9-4713-9646-03531E0EEF58} 0
{8151A854-F9E0-46F2-A1DC-72093BCA624F} 0
{8170D7DC-BDD6-461e-88EB-F047257898C9} 0
{81766E08-CE68-4F23-95C4-C1468FDE68AA} 0
{81D66134-ADC3-4C6D-B0A9-03D4EE35B849} 0
{81F4066B-F330-4872-8094-3E9FBCCEC8C1} 0
{82315A18-6CFB-44a7-BDFD-90E36537C252} 0
{82599E0A-8C81-11d7-9F97-0050FC5441CB} 0
{825CF5BD-8862-4430-B771-0C15C5CA880F} 0
{8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} 0
{82B98006-7A56-11D2-A26F-00C04F962769} 0
{82DF1118-9B92-45d8-B78F-1737A69A06E1} 0
{8333C319-0669-4893-A418-F56D9249FCA6} 0
{834261E1-DD97-4177-853B-C907E5D5BD6E} 0
{83A30C59-3A50-49E6-9DAF-4923C4EA3C23} 0
{83DE62E0-5805-11D8-9B25-00E04C60FAF2} 0
{8403CB53-12B3-4537-9DEC-4F12F70A883D} 0
{856D6A8E-A24C-498A-A55A-2B25C606A6B4} 0
{85810C93-C14C-11D5-BC4B-0050BA28E4FE} 0
{858126B0-3708-4051-AE8E-B48521401CA2} 0
{85A702BA-EA8F-4B83-AA07-07A5186ACD7E} 0
{85C2C2A1-3F20-4EAD-ADC3-BD3217391543} 0
{85C76FBD-6218-4379-95C1-B4F37BF6180} 0
{85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} 0
{85DDD882-701E-401B-8A7D-D51227048214} 0
{862fb893-b24b-4fad-80d3-a1158eb34db4} 0
{86B09C4E-4137-4863-B585-380205F1F774} 0
{86BCA93E-457B-4054-AFB0-E428DA1563E1} 0
{86EA4148-BEE6-4CEE-A72F-DA27A5112BD1} 0
{87766247-311C-43B4-8499-3D5FEC94A183} 0
{8786386E-4B22-11D6-9C60-E5DA06D87378} 0
{87B1E57C-FF70-4C69-9CE8-57CB8F67ABA8} 0
{88C5C070-8C60-4F45-9345-3Ffb96334Cad} 0
{88DECE3E-B7BB-4B13-96FE-924AF77C3780} 0
{89044184-F260-4FDD-8FAB-2662814846E5} 0
{8952A998-1E7E-4716-B23D-3DBE03910972} 0
{89AEAB46-8E8A-4045-9003-5614BFBFE90B} 0
{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} 0
{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} 0
{8A321C7D-9CED-45A8-870D-DAE843A45FD0} 0
{8B224779-3B0E-4FEA-8AE1-B66C20DD840F} 0
{8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} 0
{8B68564D-53FD-4293-B80C-993A9F3988EE} 0
{8C6685AB-43FF-4BF0-822C-03F03E0B47EA} 0
{8C8BE7D9-EB66-4472-A839-CDF72443B2DE} 0
{8DB3D69D-DA5E-4165-B781-72A761790672} 0
{8DB672BD-330F-11D8-8168-00C02623048A} 0
{8E09B2CC-C2A0-4786-B099-0B9101E92CA1} 0
{8E1E80F3-A3F0-41d4-BAA7-470442CFC906} 0
{8E2FF476-C576-4637-9F73-5FFE2116CC12} 0
{8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} 0
{8E718888-423F-11D2-876E-00A0C9082467} 0
{8E85E48B-7FD4-423D-BFAD-FA345D497EB5} 0
{8E929F51-5914-11D6-971F-0050FC3F9161} 0
{8E9C4F32-BD3F-4C49-9AF5-3F4C5D32EBD7} 0
{8EA2F0B0-CA9F-4EAA-A21E-7D14D35E8D68} 0
{8EDAB5C0-B061-11D1-801D-204C4F4F5021} 0
{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} 0
{8F0D6EED-BC11-4E7F-8276-9748947E4A50} 0
{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} 0
{8F5A62E2-71F2-72D3-E045-DDF234CAE228} 0
{8F6E45AE-F89E-4E54-AAC5-16232008816E} 0
{8FA29996-D0A6-444F-85F6-9691A0EAE6F3} 0
{8FB0F3E2-5193-11d7-9F88-0050FC5441CB} 0
{8FE3B060-4574-4691-B15A-B8A6703EBF6F} 0
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} 0
{904691A1-C588-4B27-BC47-D8599EDB3F97} 0
{9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} 0
{907CA0E5-CE84-11D6-9508-02608CDD2841} 0
{907CA0E5-CE84-11D6-9508-02608CDD2842} 0
{907CA0E5-CE84-11D6-9508-02608CDD2846} 0
{90DA654C-083C-11D6-8A9D-0050BA8452C0} 0
{90E34F98-E3E6-4CD7-A592-E964FED8AF78} 0
{91397D20-1446-11D4-8AF4-0040CA1127B6} 0
{914AFB33-550B-4BD0-B4EF-8DA185504836} 0
{91DE4477-9CDC-4806-9BCB-28A963988E94} 0
{92C7D65C-52F3-4545-8A35-213D730DB1ED} 0
{92CBA277-292B-461f-9DEA-67A5C834E101} 0
{92F02779-6D88-4958-8AD3-83C12D86ADC7} 0
{930E4DE1-973D-42D6-BF6E-6788E06BD003} 0
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} 0
{94326E3F-F51F-4863-A832-4ACD0D7D4BC3} 0
{947E6D5A-4B9F-4CF4-91B3-562CA8D03313} 0
{94927A13-4AAA-476A-989D-392456427688} 0
{95188727-288F-4581-A48D-EAB3BD027314} 0
{9527D42F-D666-11D3-B8DD-00600838CD5F} 0
{954F618B-0DEC-4D1A-9317-E0FC96F87865} 0
{9595C62C-76C6-49A6-9BDA-3253DD7A34FF} 0
{95E02C52-05FC-425D-8378-9DA70F9CD763} 0
{965E6B07-6832-4738-BDBE-25F226BA2AB0} 0
{9677F3F1-E994-451F-805F-7148CC8AE040} 0
{96BBDFE1-2951-4F81-811E-31DF6436A329} 0
{96BE1D9A-9E54-4344-A27A-37C088D64FB4} 0
{96DA5BEE-4ACC-476C-B3EC-54C6730C4293} 0
{9819C369-5F62-4D37-9A42-44043A742C1E} 0
{9885224C-1217-4c5f-83C2-00002E6CEF2B} 0
{9896231A-C487-43A5-8369-6EC9B0A96CC0} 0
{98C92840-EB1C-40bd-B6A5-395EC9CD6510} 0
{98D7B53E-B1D2-4755-B0A4-703E18FF91E8} 0
{98DBBF16-CA43-4c33-BE80-99E6694468A4} 0
{98DE779A-2364-4293-AB71-2B97C61C4640} 0
{9961627E-4059-41B4-8E0E-A7D6B3854ADF} 0
{99A10100-66BB-11D4-A02A-00600818E7D8} 0
{99AFC088-C0DD-40ED-92D8-0C53E8997510} 0
{99C06C01-BB1C-11D4-9A4A-00C04F018885} 0
{99EBA16F-C13A-40a6-A9C7-5F3EEC4E7BE6} 0
{9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} 0
{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} 0
{9AD55269-A21C-4260-BA7F-866FD09E8A8E} 0
{9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} 0
{9B7AA30F-8FEF-4896-8DA0-D858AE072976} 0
{9C5B2F29-1F46-4639-A6B4-828942301D3E} 0
{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} 0
{9C777253-3E17-42d6-897A-11B8617A8F7C} 0
{9DD4258A-7138-49C4-8D34-587879A5C7A4} 0
{9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} 0
{9E1128F1-53FA-11d5-8490-0048548030CA} 0
{9E3849D6-41EF-4B2F-86B7-632EF90758E4} 0
{9E5BD40E-6287-11D6-9772-0002A5DD2483} 0
{9E992732-295F-4987-8BE3-16FAC1639198} 0
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} 0
{9EEE0111-E81A-11D6-B1B2-444553540000} 0
{9F6A22E6-1682-4F82-9B72-6314794CB253} 0
{9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} 0
{9FD12933-810D-4526-B7C4-0914E098D384} 0
{9FF528A9-7314-4658-B497-3D1D4597B300} 0
{A045DC85-FC44-45be-8A50-E4F9C62C9A84} 0
{A096A159-4E58-45A9-8EE6-B11466851181} 0
{A097840A-61F8-4B89-8693-F68F641CC838} 0
{A09790E7-DD00-4A83-B632-5B563423CFBB} 0
{A114D52B-870C-4F15-8021-B6D7F91A054B} 0
{A116A5C1-AD77-446C-992A-F56200B112DB} 0
{A1A70944-467A-4080-8BB0-13F0B2069F45} 0
{A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} 0
{A2833482-B023-4C65-B09D-EE47A4E8CC56} 0
{A28C2A31-3AB0-4118-922F-F6B3184F5495} 0
{A3DFDA85-1D92-4E28-8C0C-522574ACDC8A} 0
{A3E02B37-8608-4f57-AD58-AB91F32BA4F4} 0
{A3E3F04C-F98C-4295-95EF-41C57425B077} 0
{A3FDD654-A057-4971-9844-4ED8E67DBBB8} 0
{A44B961C-8C36-470f-8555-EDA0EFC1E710} 0
{A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} 0
{A491D208-B353-490F-B81A-A8A3DC97042D} 0
{A49AA76F-7215-4F80-97D6-9A7E16A5FEE1} 0
{A5366673-E8CA-11D3-9CD9-0090271D075B} 0
{A5483501-070C-41DD-AF44-9BD8864B3015} 0
{A55581DC-2CDB-4089-8878-71A080B22342} 0
{A58686ED-FC46-44C3-95C6-4A812AB776F1} 0
{A586BE00-52AC-11D3-A075-E51A86A6C62B} 0
{A6250FB8-2206-499E-A7AA-E1EC437E71C0} 0
{A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} 0
{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} 0
{A6890AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} 0
{A6927151-F5B4-11D4-AE7A-00D00925CF52} 0
{A6F42CAD-2559-48DF-AF30-89E480AF5DFA} 0
{A7327C09-B521-4EDB-8509-7D2660C9EC98} 0
{A76066C9-941B-4209-9D96-0AC80501100D} 0
{A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} 0
{A8415B7A-F661-4D31-92D7-4398E50483DF} 0
{A84859C9-EEE9-4686-9059-A89242BB4BEF} 0
{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} 0
{A8B9F08F-2FC4-4ADE-9049-CFBA586971BA} 0
{A8E16533-7A2A-43F1-9EE9-901136EBA5D8} 0
{A8FB8EB3-183B-4598-924D-86F0E5E37085} 0
{A94EDD52-85B3-472F-8BC0-D651D760FBF8} 0
{A9A674BF-771F-42E5-A440-D20DDA85A862} 0
{A9EEF0D7-5695-45BA-8943-ED3B95A50BD2} 0
{AA58ED58-01DD-4d91-8333-CF10577473F7} 0
{AA7BC78C-2AD5-4C6C-8014-B1F5E75CB0F4} 0
{AB77A7BF-8C5B-486A-B547-F9AD2B41A904} 0
{AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} 0
{AE113CC0-1115-BDD1-1B3D-229549C10001} 0
{AE7CD045-E861-484f-8273-0445EE161910} 0
{AEE46806-2C5A-4A4E-A5DD-B4531F64A187} 0
{AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41} 0
{AF657644-964C-4348-A8AD-72524B3A3FF1} 0
{B0000209-50CF-11D1-A140-0000F802C250} 0
{B195B3B3-8A05-11D3-97A4-0004ACA6948E} 0
{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} 0
{B24BA06E-FB7B-4757-95C2-DC01125F750E} 0
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} 0
{B3269F9A-6521-4793-A951-3E9A9B2E55E7} 0
{B3ECCAC9-C7FA-462C-894B-8E9930A70E14} 0
{B405EE45-1AA2-410D-A6CF-1A74371DCD62} 0
{B40A6610-1D16-11D3-80B2-005004994DA2} 0
{B418B139-414D-4374-820F-EE74520C5A0D} 0
{B427BF1E-A970-47DA-9BC3-02E8C5EC667D} 0
{B50FCD28-C2CC-4f3b-B755-62B086EDE4D5} 0
{B549456D-F5D0-4641-BCED-8648A0C13D83} 0
{B57F2FF0-F338-4ED0-BD82-FB074FEFAA1F} 0
{B580CF65-E151-49C3-B73F-70B13FCA8E86} 0
{B5A34A93-D538-43A7-8371-864CB6148D12} 0
{B5B57F4F-EFA5-11D4-A971-444553540000} 0
{B602FDE0-843C-40D4-880D-D007FBF120D4} 0
{B6598677-4B54-42A9-BA67-8B64E3FCD92D} 0
{B75F81F9-584E-42AE-97D7-721B4FBBE81D} 0
{B7DB7E5A-81FD-11D1-8B75-0080C83788F7} 0
{B7FDA31E-A16D-47F9-B374-78A866AC813D} 0
{B824E7B0-E8E3-4D75-895E-2C309EA4CC5D} 0
{B847676D-72AC-4393-BFFF-43A1EB979352} 0
{B88D6F42-A1AC-11D3-8424-00105A9B8D85} 0
{B8C0220D-763D-49A4-95F4-61DFDEC66EE6} 0
{B930BA63-9E5A-11D3-A288-0000E80E2EDE} 0
{B957F25D-F812-44c4-A23C-249CCFE0AAE0} 0
{B98F79F4-3619-49FB-A7E7-B737E58C5727} 0
{B9D6B3C2-09AD-464A-8162-8C55114C808A} 0
{B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} 0
{B9F633F6-EA44-45F4-91EB-FABFC65A0634} 0
{B9F7135C-B512-4CC3-9316-FA0044083914} 0
{BA25708B-154D-4D40-8607-67AA5190C395} 0
{BA3D9F56-5EC1-497D-881A-93A28F58D9AD} 0
{BA52B914-B692-46c4-B683-905236F6F655} 0
{BA7270AE-5636-4618-BAF3-F86ADA39F036} 0
{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} 0
{BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} 0
{BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A} 0
{BC207F7D-3E63-4ACA-99B5-FB5F8428200C} 0
{BC246652-868E-11d5-9C62-000102117FC3} 0
{BC97B254-B2B9-4D40-971D-78E0978F5F26} 0
{BCF96FB4-5F1B-497B-AECC-910304A55011} 0
{BD0BA5CD-7C8E-47ED-935E-1ABBAC9B29E0} 0
{BD51AEC6-7991-4A60-94D6-D5FEBB655D10} 0
{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} 0
{BEB133E5-FD72-43b7-8AFF-681831CC72D9} 0
{BEBF337B-9073-4574-9FC1-E0175BB25292} 0
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} 0
{C08DF07A-3E49-4E25-9AB0-D3882835F153} 0
{C09C9904-FD44-11D6-A711-00105AC8F168} 0
{C0D5D8B0-D626-4C77-8ED4-CFE4C41BCDA1} 0
{C109664B-CEB1-420b-B353-D55A561536DD} 0
{C10A16B7-70FE-4CE3-A261-6FBA7CC3DD5B} 0
{C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} 0
{C1D458F1-B97C-11D5-B3DF-00B0D0A5B433} 0
{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} 0
{C2614DA1-D197-11d3-9765-ED762A928249} 0
{C29797C5-D550-4530-9207-B2D447887F7E} 0
{C298fb42-e3e2-11d3-adcd-0050dac24e8f} 0
{C331BD6E-06AB-41A0-B95F-D7CA379ACEAA} 0
{C333CF63-767F-4831-94AC-E683D962C63C} 0
{C338BA09-B77C-11D5-9214-00104B3195F0} 0
{C3BCC488-1AE7-11D4-AB82-0010A4EC2338} 0
{C3EBC7C0-CF8B-11D4-9F90-006008DFE22A} 0
{C41A1C0E-EA6C-11D4-B1B8-444553540000} 0
{C4CA6559-2CF1-48B6-96B2-8340A06FD129} 0
{C4D99500-4C77-11D4-93B7-0040950570BA} 0
{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} 0
{C52149CE-7962-4C8D-95A4-8733F63199BF} 0
{C56CB6B0-0D96-11D6-8C65-B2868B609932} 0
{C5941EE5-6DFA-11D8-86B0-0002441A9695} 0
{C6335B00-E8D9-423e-A691-48D17CBB6C5A} 0
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE51} 0
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} 0
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE56} 0
{C6CEAC32-D45C-11D4-94AF-0050BABD5FD6} 0
{C6EA5A8D-8B01-4498-8B9A-B40AA281035F} 0
{C733AE47-6AC0-4837-93DA-70278E88E7B2} 0
{C77E900A-FF55-400E-9BAA-E042C8212898} 0
{C7967580-5F17-11D4-AAC2-0000B4936E0C} 0
{C7ADE150-743D-11D4-8141-00E029626F6A} 0
{C82B55F0-60E0-478C-BC55-E4E22F11301D} 0
{C84F7AEA-636B-4882-AD5D-56A1DC837FE1} 0
{C8847EEA-72D6-11D4-AB4F-00B0D02332EE} 0
{C900B400-CDFE-11D3-976A-00E02913A9E0} 0
{C9176930-9C9F-4cba-9723-0F58C3E7CED6} 0
{C966C82E-DAEA-4A30-B788-EF32D6F7C3D4} 0
{CA0B9B71-C2AF-11D3-B376-0800460222F0} 0
{CA1D1B05-9C66-11D5-A009-000103C1E50B} 0
{CA8A9780-280D-11CF-A24D-444553540000} 0
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} 0
{CAAE9D7F-FFCC-46CF-8DEE-00DCC6CDF5A1} 0
{CADC957A-EF3E-4a08-B6DA-366BFFB97321} 0
{CB7CE223-955E-11D3-81AA-344203C10000} 0
{CBA523B2-1906-4D14-95A2-CD8E233701C7} 0
{CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} 0
{CBAA6F21-985C-11D4-A02B-00B0D073E889} 0
{CBB0A6A0-8430-11D4-814D-0050047090B1} 0
{CC7C8206-344B-45AB-B898-78D06229268F} 0
{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} 0
{CC916B4B-BE44-4026-A19D-8C74BBD23361} 0
{CCE83E45-30B2-4BAE-B1F5-25D128D27A43} 0
{CD209A08-98B5-4669-AF9F-447AC5253356} 0
{CD2A865B-6C0F-44F9-BAA1-7CDB31E04BC8} 0
{CD4C3CF0-4B15-11D1-ABED-709549C10000} 0
{CD5B5E2B-DB49-4299-B587-B0283A825D32} 0
{CD915D28-FBE3-44D3-94B8-1CDA1DA11587} 0
{CDBCFEAE-10BA-482C-9F6E-FC67207082D8} 0
{CE000992-A58C-4441-8938-744CD72AB27F} 0
{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} 0
{CE7C3CF0-4B15-11D1-ABED-709549C10000} 0
{CE7C3CF0-4B15-11D1-ABED-709549C10001} 0
{CE7EF827-47CC-48EB-B570-C367F1E1277E} 0
{CE92F0E4-87AD-11D3-B713-00C04F8F6C86} 0
{CECFF8DE-C145-4570-B030-10105AA82920} 0
{CF021F40-3E14-23A5-CBA2-716D61788264} 0
{CF021F40-3E14-23A5-CBA2-717177657972} 0
{CF021F40-3E14-23A5-CBA2-717177658264} 0
{CF021F40-3E14-23A5-CBA2-71766C641306} 0
{CF021F40-3E14-23A5-CBA2-717765721306} 0
{CF021F40-3E14-23A5-CBA2-717965726032} 0
{CF7C3CF0-4B15-11D1-ABED-709549C10000} 0
{CFB25594-4D5F-11D6-AB7B-00B0D094B576} 0
{D123A09F-32E2-44EF-BF8C-A850C5F77BB3} 0
{D14641FA-445B-448E-9994-209f7AF15641} 0
{D14D6793-9B65-11D3-80B6-00500487BDBA} 0
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} 0
{D1F6ABEF-B889-11D2-8E3C-DCCA155F9A71} 0
{D2000F80-ABC6-11D3-9794-0090274D4CCA} 0
{D2F63D33-C571-41E9-9525-A17CA1804D3B} 0
{D2F719F3-106A-402B-9996-3A5B12ACA564} 0
{D319662B-D5BF-4538-ADF3-8D3E36362608} 0
{D34F08C5-4F18-477c-86CB-1A9BEECFE37B} 0
{D34F641F-5210-4EB0-8ED5-9179F47E15B7} 0
{D3919E1A-D6A5-11D6-AC3E-00B0D094B576} 0
{D3AF1D75-A9ED-4C69-9A52-A9366010A1BE} 0
{D3EA3B57-9A3E-4E80-BFF0-595F7A91D55E} 0
{D3F01312-8A3D-4D41-A4FA-FB61D295CB6B} 0
{D4003A01-9B2C-4e24-9CD2-8D7DB1BDE096} 0
{D44B5436-B3E4-4595-B0E9-106690E70A58} 0
{D44BBB61-E17F-4AE6-A502-8D7E0B29E616} 0
{D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} 0
{D4D505DF-D582-400c-91B6-84921012AFE3} 0
{D4E7C68D-37FD-11D4-9D32-0000A00B0B0B} 0
{D537A3D0-8C07-4D62-953F-162207F5090D} 0
{D593DE91-7B41-45C2-830E-E9A99AB142AA} 0
{D5B72AED-E54A-11D6-B1B2-444553540000} 0
{D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} 0
{D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} 0
{D6862A22-1DD6-11D3-BB7C-444553540000} 0
{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} 0
{D6E66235-7AA6-44ED-A06C-6F2033B1D993} 0
{D6FC35D1-04AB-4D40-94CF-2E5AE4D0F8D2} 0
{D714A94F-123A-45CC-8F03-040BCAF82AD6} 0
{D7258ABE-571F-4DC2-ABD1-8393B13B1269} 0
{D7D7004C-A763-4F8C-B0D4-55A7E017E69D} 0
{D7EEF1C5-B053-4a70-B378-3462074D3226} 0
{D8073790-84C7-4602-BF77-C6ACBF1612E4} 0
{D80E1356-AC78-4218-961C-A7689B4CB7FE} 0
{D81AB57B-7327-4347-B7C7-9EF7CA87CE09} 0
{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} 0
{D8569837-3CD6-4AD7-9A77-65975B581925} 0
{D879A0F1-2B3B-4409-8879-FAD6E49E1EA9} 0
{D8E25C53-9508-4f5c-9249-D98D438891D5} 0
{D8FA0364-7866-40A7-B340-A6069265AD9F} 0
{D97287B6-4018-4060-948D-54D2122FC5C3} 0
{D985E70B-97F1-477E-AF6C-66E496DEDBD6} 0
{D9A5A49C-60EB-4C07-8570-8FB8FE825E7C} 0
{DB0018A2-F7D9-4B71-9651-640143DF23F9} 0
{DB43E4E6-FF8A-4018-8C8E-F68587A44A73} 0
{DB96792F-834A-40FC-97CD-9A8ECDF484FE} 0
{DC3EB972-8628-4C46-B7CE-25EBD05EA362} 0
{DD41D66E-CE4F-11D2-8DA9-00A0249EABF4} 0
{DE614603-6320-4046-A7A7-6A69CEC26F14} 0
{DEBDD6EC-E81A-4987-9C9C-06DDC5ADDECE} 0
{DEDEDE03-0000-0000-C000-00A300000043} 0
{E0000C3F-8DE9-4FCB-9294-22FC06851B37} 0
{E01D96AB-DBBD-451D-BDCB-0EE420BC91B1} 0
{E02E86EB-220B-4B59-A251-F849405E1D64} 0
{E07201D0-8DA2-4bb4-87B1-C1BAACEBF8BD} 0
{E0B9B5FE-B66E-4FB0-A1D9-726F0E743CFD} 0
{E0E899AB-F487-11D5-8D29-0050BA6940E3} 0
{E0F0E0E1-5D45-11D4-BC00-2DCC73302D70} 0
{E166B4A2-83E7-11D3-B4FD-004005A47AAA} 0
{E19569C7-DBCA-4576-96A6-97DE7C5A22EF} 0
{E22F9B9D-1A1F-473E-BED6-D8BC152441F4} 0
{E24AD748-155E-4254-B674-4EDF86E7E1DF} 0
{E26FDEC1-053B-11D6-B969-CEEBA9E95046} 0
{E29983D9-A3FB-483B-8E36-138D275C0D43} 0
{E2B1672A-DA31-4F7D-A2BF-C18C50BF8F6F} 0
{E2DDF680-9905-4dee-8C64-0A5DE7FE133C} 0
{E3215F20-3212-11D6-9F8B-00D0B743919D} 0
{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6} 0
{E412F14A-E998-4543-9E7A-1031A3189A87} 0
{E479EDE1-923E-11D3-B82B-00E09871521B} 0
{E539DEA3-BA67-4F1F-A897-5F2F4F29A063} 0
{E5A1691B-D188-4419-AD02-90002030B8EE} 0
{E5E4E352-6947-44EE-A420-DB84EFD3FE93} 0
{E60D9E2D-2AFD-11D3-80DC-0060B086599E} 0
{E626DA33-FCDD-4918-833D-FD39900B11F0} 0
{E6B64F67-B100-4636-8D51-D113E1F5FF93} 0
{E720B458-B65A-438C-9FF3-B1DF65D7DB3E} 0
{E720B458-B65A-438C-9FF3-B1DF65D7DB3F} 0
{E75B287F-2D04-11D5-BBE0-0050047AA3D1} 0
{E7AFFF2A-1B57-49C7-BF6B-E5123394C970} 0
{E7DC02F7-A213-4866-B800-FDCB4555FB79} 0
{E868656B-F0D3-4A61-8FE8-F47C90119E39} 0
{E8B4F3AA-9509-4081-9A85-914D5E9BEC81} 0
{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} 0
{E9147A0A-A866-4214-B47C-DA821891240F} 0
{E915E62E-41DA-40D0-8106-3438B4D24394} 0
{E97DAE80-0305-427e-ABA1-BDD775EF53B0} 0
{EA4587EB-3106-448a-8B31-F1572E981765} 0
{EA7F9A52-0A05-11D2-98C5-00104B7229C2} 0
{EAD0B31D-9DAE-42CE-9821-EF9794AEC515} 0
{EAE191BA-FB87-40CA-80D2-D639A2595150} 0
{EB23F789-F17F-4bcc-988B-6B70A3A67E9C} 0
{EB386233-65D7-46DC-A73D-0E02F2F844A9} 0
{EBB03E3E-020A-418D-B322-761B730CA860} 0
{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} 0
{EBBFE27C-BDF0-11D2-BBE5-00609419F467} 0
{EBCDDA60-2A68-11D3-8A43-0060083CFB9C} 0
{EBDCEF51-9973-49E5-BBE8-5CC880CE2030} 0
{EC1EB3CD-9916-4869-9AAF-441BD28F462D} 0
{EC2D89DE-6936-4CB3-A641-94DB2CAAF67F} 0
{EC788B03-A743-4274-AC9E-DB4F2A03F515} 0
{ECAD9C14-ED46-D58A-E847-ADBEFC8D37EB} 0
{ED24BB32-17E8-422E-993F-159800A392E7} 0
{ED657BAF-1EE5-4A07-9D2E-6D0525EFC69B} 0
{ED8DB0FD-D8F4-4b2c-BB5B-9EF040FE104D} 0
{EDFB8B62-59EE-11d5-86C2-00E02975242F} 0
{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} 0
{EE9DD090-902D-4623-9360-FB7D8666202B} 0
{EF99BD32-C1FB-11D2-892F-0090271D4F88} 0
{EFA24E62-B078-11d0-89E4-00C04FC9E26E} 0
{EFD440C0-0943-11d3-9D65-00A0CC22CBC4} 0
{EFD84954-6B46-42f4-81F3-94CE9A77052D} 0
{EFEE6B59-ADDB-40eb-BA2C-AF860F5B42B5} 0
{EFF80427-F837-4B74-8834-BAF18E0553FD} 0
{F0DC0CFE-D11A-489B-84C0-63748AFAABF3} 0
{F101D8F9-9E90-4401-9FBF-9B515CAA045F} 0
{F104576A-91BA-40AD-91DE-2C20801339AB} 0
{F14AABDD-0232-4e5a-9B52-4178AC0A62B5} 0
{F16E9E5F-92DD-4000-8701-FBDD48F24B86} 0
{F195A1A9-4033-4E5B-B85C-848C3E31A83A} 0
{F1FABE79-25FC-46de-8C5A-2C6DB9D64333} 0
{F264E777-7AB7-4BEB-8A42-5C37C8F4B6B4} 0
{F281FFC7-6C63-4bf9-83F2-AB7A6157B109} 0
{F2863EDE-7980-443A-AEA2-0F46076D590F} 0
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} 0
{F325E940-45EE-11D7-A420-444553540000} 0
{F34EA099-67D1-40c7-97A0-74E4C663E8DC} 0
{F36C1198-FC6B-4012-9928-DFA76FB56CC3} 0
{F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} 0
{F4A645D0-D4D5-439E-9DBC-B31BBD9CB890} 0
{F50CE767-AE72-45EB-AECD-E8786C240373} 0
{F5528ECB-D64C-479D-AFEB-89C90FA191A3} 0
{F5735C15-1FB2-41FE-BA12-242757E69DDE} 0
{F585D290-1BF4-480A-AEC2-4182593F1E32} 0
{F59D88CF-939A-4E50-9587-65A2E22EF077} 0
{F61CAB7A-1E02-4cc2-8832-54B5AB28601D} 0
{F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} 0
{F760CB9E-C60F-4A89-890E-FAE8B849493E} 0
{F79AD27F-8140-4E33-8B1D-C4FC6B663CCA} 0
{F7B040B5-307B-4FAC-BB93-556A08156BAC} 0
{F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} 0
{F8A53FBE-5846-11D2-A022-006097D2400E} 0
{F8AC5CE3-4B50-49D6-B632-FAEA1734FD29} 0
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} 0
{F9765480-72D1-11D4-A75A-004F49045A87} 0
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am

Unread postby Kimberly » December 31st, 2005, 10:59 am

The winpfind log did get cut of, you will have to post it in several parts to make it fit in. Can you do that please ?

Also post the results of the peek.txt

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby creepers » December 31st, 2005, 11:08 am

1.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
=

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}
C:\WINDOWS\adsldpbf.dll = C:\WINDOWS\adsldpbf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{8B224779-3B0E-4FEA-8AE1-B66C20DD840F} = :
{014DA6C9-189F-421a-88CD-07CFE51CFF10} = :
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{08BEC6AA-49FC-4379-3587-4B21E286C19E} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{FE6BC4EF-5676-484B-88AE-883323913256} = :
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{1C78AB3F-A857-482E-80C0-3A1E5238A565} = :
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{08BEC6AA-49FC-4379-3587-4B21E286C19E} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
LDM C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Weather C:\Program Files\AWS\WeatherBug\Weather.exe 1
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
desktop C:\WINDOWS\system32\idemlog.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
item Acrobat Assistant
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
item Acrobat Assistant
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am

Unread postby creepers » December 31st, 2005, 11:09 am

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Go!Zilla.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Go!Zilla.lnk
backup C:\WINDOWS\pss\Go!Zilla.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Go!Zilla\gozilla.exe
item Go!Zilla
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Go!Zilla.lnk
backup C:\WINDOWS\pss\Go!Zilla.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Go!Zilla\gozilla.exe
item Go!Zilla

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NORTON~2\SYSDOC32.EXE /STARTUP
item Norton System Doctor
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NORTON~2\SYSDOC32.EXE /STARTUP
item Norton System Doctor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gator
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gator
hkey HKLM
command "C:\Program Files\Gator.com\Gator\Gator.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gator
hkey HKLM
command "C:\Program Files\Gator.com\Gator\Gator.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Go!Zilla dial-up fix
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Go
hkey HKLM
command "C:\PROGRA~1\GoZilla\Go.exe" /FIXRAS
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Go
hkey HKLM
command "C:\PROGRA~1\GoZilla\Go.exe" /FIXRAS
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mozilla Quick Launch
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Netscp
hkey HKCU
command "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Netscp
hkey HKCU
command "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioAudioCentral
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RxMon
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RxMon
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioDragToDisc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DrgToDsc
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DrgToDsc
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioEngineUtility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EngUtil
hkey HKLM
command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EngUtil
hkey HKLM
command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
SpecifyDefaultButtons 1
Btn_Search 2
NoBandCustomize 1
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am

Unread postby creepers » December 31st, 2005, 11:10 am

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{00000000-0000-0000-0000-000000000000} 0
{00000000-0000-0000-0000-000000000001} 0
{00000000-0000-0000-0000-000000000221} 0
{00000000-0000-0000-0000-000000000240} 0
{00000000-0000-0000-8835-3EFF76BF2657} 0
{00000000-0000-0000-BFA1-D7EE6696B865} 0
{00000000-0000-41a3-98CF-00000000168B} 0
{00000000-0000-47c5-A90F-2CDE8F7638DB} 0
{00000000-0000-5DFC-5652-1705043F6518} 0
{00000000-0000-7EBF-57C6-0BAE047EA682} 0
{00000000-0001-0345-2280-0287F27A63EE} 0
{00000000-0001-1DBE-075A-39EC04BD88AF} 0
{00000000-0001-F7A6-1F38-0204019E355E} 0
{00000000-0002-0002-0000-000000000000} 0
{00000000-0002-53D4-0622-35EA0235778E} 0
{00000000-0007-5041-4354-0020e48020af} 0
{00000000-0008-5041-4354-0020e48020af} 0
{00000000-0008-D357-0798-004401965D4A} 0
{00000000-0009-1C42-7D61-6CFF050894A7} 0
{00000000-0015-BD9C-263A-493001BA0C6C} 0
{00000000-002B-EFE6-6B08-560C01922D3B} 0
{00000000-0033-C1AC-0E62-0C1F0537605D} 0
{00000000-008C-1E65-6AA6-3A270279F027} 0
{00000000-00FA-71ED-4ABA-348801BAA0A9} 0
{00000000-0C95-B1F8-547A-405204D6961A} 0
{00000000-10D6-4e5f-8F7F-29B32C1C0FC4} 0
{00000000-167B-41bc-95FF-86A07B14712C} 0
{00000000-2565-4c5b-A455-A74C8A2247AB} 0
{00000000-5eb9-11d5-9d45-009027c14662} 0
{00000000-623A-11D4-BCDB-005004131771} 0
{00000000-64C4-4a64-9767-895AB4921E41} 0
{00000000-6CB0-410C-8C3D-8FA8D2011D0A} 0
{00000000-6c30-11d8-9363-000ae6309654} 0
{00000000-D9E3-4BC6-A0BD-3D0CA4BE5271} 0
{00000000-F183-11D1-BE1C-00000100C596} 0
{00000010-6F7D-442C-93E3-4A4827C2E4C8} 0
{0000001D-BA9B-11D2-BDF1-0090272A6D78} 0
{000000DA-0786-4633-87C6-1AA7A4429EF1} 0
{000000F1-34E3-4633-87C6-1AA7A44296DA} 0
{00000178-CD4A-447a-BCF9-6FD0096B5527} 0
{00000185-B716-11D3-92F3-00D0B709A7D8} 0
{00000185-C745-43D2-44F1-01A1C789C738} 0
{00000250-0320-4DD4-BE4F-7566D2314352} 0
{0000026A-8230-4DD4-BE4F-6889D1E74167} 0
{00000273-8230-4DD4-BE4F-6889D1E74167} 0
{00000285-B716-11D3-92F3-00D0B709A7D8} 0
{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} 0
{00000580-C637-11D5-831C-00105AD6ACF0} 0
{000006B1-19B5-414A-849F-2A3C64AE6939} 0
{00000762-3965-4A1A-98CE-3D4BF457D4C8} 0
{00000EF1-0786-4633-87C6-1AA7A44296DA} 0
{00000EF1-34E3-4633-87C6-1AA7A44296DA} 0
{000020DD-C72E-4113-AF77-DD56626C6C42} 0
{0000607D-D204-42C7-8E46-216055BF9918} 0
{0000CC75-ACF3-4cac-A0A9-DD3868E06852} 0
{00010a21-b924-4cd6-893c-eea1071ae8b3} 0
{000277A3-7D84-406a-9799-D12A81594693} 0
{00041A26-7033-432C-94C7-6371DE343822} 0
{000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} 0
{000E7270-CC7A-0786-8E7A-DA09B51938A6} 0
{00110011-4B0B-44D5-9718-90C88817369B} 0
{0019C3E2-DD48-4A6D-AB2D-8D32436313D9} 0
{0019C3E2-DD48-4A6D-ABCD-8D32436313D9} 0
{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} 0
{001B3456-4ADE-44D0-8C23-D69D32658D84} 0
{001DAE60-95C0-11d3-924E-009027950886} 0
{001F2470-5DF5-11d3-B991-00A0C9BB0874} 0
{001F2570-5DF5-11d3-B991-00A0C9BB0874} 0
{00320615-B6C2-40A6-8F99-F1C52D674FAD} 0
{0036F389-FEF8-43AC-9220-16430E0012ED} 0
{004A5840-FF59-11d2-B50D-0090271D3FD4} 0
{004B23E0-1E63-4ED6-BCAC-922BA26CF096} 0
{0055C089-8582-441B-A0BF-17B458C2A3A8} 0
{00673769-777F-4814-BE0F-74CBA1D823B8} 0
{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} 0
{00A0A40C-F432-4C59-BA11-B25D142C7AB7} 0
{00A6FAF1-072E-44cf-8957-5838F569A31D} 0
{00C6482D-C502-44C8-8409-FCE54AD9C208} 0
{00D6A7E7-4A97-456f-848A-3B75BF7554D7} 0
{00F16DC8-1B2A-42F4-B18B-E21DA9D2D7FD} 0
{0140DF95-9128-4053-AE72-F43F0CFCA062} 0
{014DA6C1-189F-421a-88CD-07CFE51CFF10} 0
{014DA6C9-189F-421a-88CD-07CFE51CFF10} 0
{01A7812B-59E8-4A4F-BFD6-EEE6D4CB6BA2} 0
{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} 0
{01CD4DDA-166D-4831-A373-ACCC27E1BB9D} 0
{01E04581-4EEE-11D0-BFE9-00AA005B4383} 0
{01F44A8A-8C97-4325-A378-76E68DC4AB2E} 0
{021BB032-80A8-4FB6-B3D5-CF27B1553B95} 0
{02336F51-24CA-4422-AB63-18841ADF35E6} 0
{02478D28-C3F9-4efb-9B51-7695ECA05670} 0
{02478D38-C3F9-4efb-9B51-7695ECA05670} 0
{024DE5EB-3649-445E-8D57-C09A9A33D479} 0
{02681612-869A-4a07-9D7D-984F42217890} 0
{029BB53A-C312-4b09-9B4F-ED57AF027B28} 0
{029CA12C-89C1-46a7-A3C7-82F2F98635CB} 0
{02DCA195-602B-4B1F-83FF-381B7E804BDB} 0
{0315AA2C-10C7-4504-A1C4-F552ABA8A095} 0
{0345B059-8731-42BC-B7B7-5121014B02C6} 0
{0352960F-47BE-11D5-AB93-00D0B760B4EB} 0
{04047354-D353-11D2-B3EB-0060B03C5581} 0
{04079851-5845-4dea-848C-3ECD647AA554} 0
{04164EC4-1E48-4279-818E-3721931E7636} 0
{0421701D-CF13-4E70-ADF0-45A953E7CB8B} 0
{0428FFC7-1931-45b7-95CB-3CBB919777E1} 0
{046D6EA4-15E3-4b27-8010-45BD78A9219E} 0
{04719991-296F-4958-AA0F-FA25FFA5008B} 0
{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} 0
{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} 0
{0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} 0
{058FC709-D5CD-4A95-92DB-59E6488ECDA4} 0
{059B2FC0-741D-40F8-AEFA-D2C919EB9217} 0
{05BBB56A-2A69-4A5C-BFDA-43295DD67434} 0
{06594350-D723-11D8-9669-0800200C9A66} 0
{06DFEDAA-6196-11D5-BFC8-00508B4A487D} 0
{074E3AA7-7718-4404-B3F8-FF8FB5414E0E} 0
{07B18EA1-A523-4961-B6BB-170DE4475CCA} 0
{07B18EA9-A523-4961-B6BB-170DE4475CCA} 0
{08227B4B-54FE-4C4D-809F-BCA46292FC5B} 0
{08351226-6472-43BD-8A40-D9221FF1C4CE} 0
{08351227-6472-43BD-8A40-D9221FF1C4CE} 0
{08442457-929D-4522-AE24-9D3E4664A0C1} 0
{086AE192-23A6-48D6-96EC-715F53797E85} 0
{086CEFD5-A88D-4981-8915-D51F04360ED1} 0
{087173EF-9829-4F49-8340-A524177D3F60} 0
{08C63920-DC18-11D2-9E1E-00A0247061AB} 0
{08DBDE36-DF28-11D5-8CA5-0050DA44A764} 0
{08E1C8E1-E565-44fc-A766-C9539BB3ABB7} 0
{08E74C67-99A6-45C7-94DA-A397A8FD8082} 0
{0950C008-880D-46F3-AFE0-AE85C6458044} 0
{09549E9B-8BC0-40A4-B5D6-BD761338D631} 0
{0982868C-47F0-4EFB-A664-C7B0B1015808} 0
{09AF76DD-6988-4664-97D0-362F1011E311} 0
{09F0F280-FB9A-481B-B69A-CB00DC44D027} 0
{0A1375E1-56C2-11D6-8E45-8933A0FB5235} 0
{0A1A2A3A-4A5A-6A7A-8A9A-AABACADAEAFA} 0
{0A4DC360-26A5-4FC1-8FB2-ADD00738A99B} 0
{0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} 0
{0A68C5A2-64AE-4415-88A2-6542304A4745} 0
{0A6A6F79-BBE3-4A8B-8A64-9D1D1100A347} 0
{0AAF602E-72A1-45FE-BAB1-06971E07EAA2} 0
{0ADCDFE7-8490-406D-91BF-88F71FD7F8AE} 0
{0AEE4D0C-4B38-4196-AE32-70ACE5656647} 0
{0B519E07-7824-4adc-8890-93D5EABBF285} 0
{0B90AA1B-F649-44C3-9FD3-736C332CBBCF} 0
{0BA1C6EB-D062-4E37-9DB5-B07743276324} 0
{0C9CBFE1-91CD-40C2-BB64-1EC84C4C46AF} 0
{0D245396-8535-11D3-B3F9-00A0C9424626} 0
{0D7DC475-59EB-4781-985F-A6F5D4E2BC73} 0
{0D929918-C804-4756-B0AC-640EF3F061E9} 0
{0DDBB570-0396-44C9-986A-8F6F61A51C2F} 0
{0E1230F8-EA50-42A9-983C-D22ABC2E0099} 0
{0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} 0
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} 0
{0E5CBF21-D15F-11D0-8301-00AA005B4383} 0
{0EEDB912-C5FA-486F-8334-57288578C627} 0
{0F660F64-F4C9-477F-8529-44181B717472} 0
{0FC817C2-3B45-11D4-8340-0050DA825906} 0
{0FFE2F08-3AC9-4A91-A61D-4FF24F91A561} 0
{1028F737-81E7-452B-A860-E50CAD90A08C} 0
{10384d0e-2bc1-48b6-844b-ad0e9e6d2511} 0
{10955232-B671-11D7-8066-0040F6F477E4} 0
{11359F4A-B191-42d7-905A-594F8CF0387B} 0
{118CE65F-5D86-4AEA-A9BD-94F92B89119F} 0
{11904CE8-632A-4856-A7CC-00B33FE71BD8} 0
{11990E9F-2A4D-11D6-9507-02608CDD2842} 0
{11F6B95F-0774-4B8D-8C9E-6B552CBCAD14} 0
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am

Unread postby creepers » December 31st, 2005, 11:13 am

{FA040B34-FBE9-4BEF-9D85-F90BECAACA99} 0
{FA6548E9-78F5-4025-9D7B-FC1367789C38} 0
{FA79FA22-8DB3-43D1-997B-6DBFD8845569} 0
{FA91B828-F937-4568-82C1-843627E63ED7} 0
{FAC6E0E1-5D45-4907-BC00-302D702DCC73} 0
{FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} 0
{FB986A68-EAE4-11D4-9BD1-0080C6F60B6A} 0
{FBAA0B9E-A059-43E4-9699-76EB0AEB975B} 0
{FBED6A02-71FB-11D8-86B0-0002441A9695} 0
{FC2593E3-3E5A-410F-AF3D-82613CCE58E5} 0
{FC4C5EAE-66EE-11D4-BC67-0000E8E582D2} 0
{FCADDC14-BD46-408A-9842-111111111111} 0
{FCADDC14-BD46-408A-9842-CDB57890086B} 0
{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} 0
{FD7D6851-616E-48DE-AF55-EE2E34F389B0} 0
{FD9BC004-8331-4457-B830-4759FF704C22} 0
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} 0
{FE6BC4EF-5676-484B-88AE-883323913256} 0
{FEFAFFDD-573B-4795-BDB7-85F2D68743D8} 0
{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} 0
{FF284F5C-7CF9-4682-8701-D467C1DBB99F} 0
{FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} 0
{FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} 0
{FF905E0C-CFE9-4A90-AFFF-C13AF5D908F0} 0
{FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} 0
{FFD2825E-0785-40C5-9A41-518F53A8261F} 0
{FFFF08F5-F6F8-42AB-B62A-5531F1F42CE2} 0
{FFFFFEF0-5B30-21D4-945D-000000000000} 0
{FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E9} 0
{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFD} 0
{ba727652-f90e-4d82-9ce4-98766dffc375} 0
{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43} 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela
= C:\WINDOWS\system32\browsela.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/31/2005 8:50:26 AM
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am

Unread postby creepers » December 31st, 2005, 11:14 am

2.
Volume in drive C is DRV1_VOL1
Volume Serial Number is 91B2-3A40

Directory of C:\WINDOWS

08/04/2004 01:56 AM 146,432 regedit.exe
09/18/2004 11:22 PM <DIR> RegisteredPackages
07/10/2004 10:19 PM <DIR> Registration
07/13/2004 06:45 PM 8,192 REGLOCS.OLD
07/10/2004 05:09 PM 1,052 regopt.log
3 File(s) 155,676 bytes

Directory of C:\WINDOWS\$MSI31Uninstall_KB893803$

04/15/2005 02:00 AM 8,192 reg00012
04/15/2005 02:00 AM 8,192 reg00013
04/15/2005 02:00 AM 8,192 reg00014
04/15/2005 02:00 AM 8,192 reg00015
04/15/2005 02:00 AM 8,192 reg00016
04/15/2005 02:00 AM 8,192 reg00017
04/15/2005 02:00 AM 8,192 reg00018
04/15/2005 02:00 AM 8,192 reg00019
04/15/2005 02:00 AM 8,192 reg00020
04/15/2005 02:00 AM 8,192 reg00021
04/15/2005 02:00 AM 8,192 reg00022
04/15/2005 02:00 AM 8,192 reg00023
04/15/2005 02:00 AM 8,192 reg00024
04/15/2005 02:00 AM 8,192 reg00025
04/15/2005 02:00 AM 8,192 reg00026
04/15/2005 02:00 AM 8,192 reg00027
04/15/2005 02:00 AM 8,192 reg00028
04/15/2005 02:00 AM 8,192 reg00029
04/15/2005 02:00 AM 8,192 reg00030
04/15/2005 02:00 AM 8,192 reg00031
04/15/2005 02:00 AM 8,192 reg00032
04/15/2005 02:00 AM 8,192 reg00033
04/15/2005 02:00 AM 8,192 reg00034
04/15/2005 02:00 AM 8,192 reg00035
04/15/2005 02:00 AM 8,192 reg00036
04/15/2005 02:00 AM 8,192 reg00037
04/15/2005 02:00 AM 8,192 reg00038
04/15/2005 02:00 AM 8,192 reg00039
04/15/2005 02:00 AM 8,192 reg00040
04/15/2005 02:00 AM 8,192 reg00041
04/15/2005 02:00 AM 8,192 reg00042
04/15/2005 02:00 AM 8,192 reg00043
04/15/2005 02:00 AM 8,192 reg00044
04/15/2005 02:00 AM 8,192 reg00045
04/15/2005 02:00 AM 8,192 reg00046
04/15/2005 02:00 AM 8,192 reg00047
04/15/2005 02:00 AM 8,192 reg00050
04/15/2005 02:00 AM 8,192 reg00051
04/15/2005 02:00 AM 8,192 reg00052
04/15/2005 02:00 AM 8,192 reg00053
04/15/2005 02:00 AM 8,192 reg00054
04/15/2005 02:00 AM 8,192 reg00055
04/15/2005 02:00 AM 8,192 reg00056
04/15/2005 02:00 AM 8,192 reg00057
04/15/2005 02:00 AM 8,192 reg00058
04/15/2005 02:00 AM 8,192 reg00059
04/15/2005 02:00 AM 8,192 reg00060
04/15/2005 02:00 AM 8,192 reg00061
04/15/2005 02:00 AM 8,192 reg00062
04/15/2005 02:00 AM 8,192 reg00063
04/15/2005 02:00 AM 8,192 reg00064
04/15/2005 02:00 AM 8,192 reg00065
04/15/2005 02:00 AM 8,192 reg00066
04/15/2005 02:00 AM 8,192 reg00067
04/15/2005 02:00 AM 8,192 reg00068
04/15/2005 02:00 AM 8,192 reg00069
04/15/2005 02:00 AM 8,192 reg00070
04/15/2005 02:00 AM 8,192 reg00071
04/15/2005 02:00 AM 8,192 reg00072
04/15/2005 02:00 AM 8,192 reg00073
04/15/2005 02:00 AM 8,192 reg00074
04/15/2005 02:00 AM 8,192 reg00075
04/15/2005 02:00 AM 8,192 reg00076
04/15/2005 02:00 AM 8,192 reg00077
04/15/2005 02:00 AM 8,192 reg00078
04/15/2005 02:00 AM 8,192 reg00079
04/15/2005 02:00 AM 8,192 reg00080
04/15/2005 02:00 AM 8,192 reg00081
04/15/2005 02:00 AM 8,192 reg00082
04/15/2005 02:00 AM 8,192 reg00083
04/15/2005 02:00 AM 8,192 reg00084
04/15/2005 02:00 AM 8,192 reg00085
04/15/2005 02:00 AM 8,192 reg00086
04/15/2005 02:00 AM 8,192 reg00087
04/15/2005 02:00 AM 8,192 reg00088
04/15/2005 02:00 AM 8,192 reg00089
04/15/2005 02:00 AM 8,192 reg00090
04/15/2005 02:00 AM 8,192 reg00091
04/15/2005 02:00 AM 8,192 reg00092
04/15/2005 02:00 AM 8,192 reg00093
04/15/2005 02:00 AM 8,192 reg00094
04/15/2005 02:00 AM 8,192 reg00095
04/15/2005 02:00 AM 8,192 reg00096
04/15/2005 02:00 AM 8,192 reg00097
04/15/2005 02:00 AM 8,192 reg00098
04/15/2005 02:00 AM 8,192 reg00099
04/15/2005 02:00 AM 8,192 reg00100
04/15/2005 02:00 AM 8,192 reg00101
04/15/2005 02:00 AM 8,192 reg00102
04/15/2005 02:00 AM 8,192 reg00103
04/15/2005 02:00 AM 8,192 reg00104
04/15/2005 02:00 AM 8,192 reg00105
04/15/2005 02:00 AM 8,192 reg00106
04/15/2005 02:00 AM 8,192 reg00107
04/15/2005 02:00 AM 8,192 reg00108
04/15/2005 02:00 AM 8,192 reg00109
04/15/2005 02:00 AM 8,192 reg00110
04/15/2005 02:00 AM 8,192 reg00111
04/15/2005 02:00 AM 8,192 reg00112
04/15/2005 02:00 AM 8,192 reg00113
04/15/2005 02:00 AM 8,192 reg00114
04/15/2005 02:00 AM 8,192 reg00115
102 File(s) 835,584 bytes

Directory of C:\WINDOWS\$MSI31Uninstall_KB893803v2$

05/20/2005 11:05 PM 8,192 reg00003
05/20/2005 11:05 PM 8,192 reg00004
05/20/2005 11:05 PM 8,192 reg00005
05/20/2005 11:05 PM 8,192 reg00006
05/20/2005 11:05 PM 8,192 reg00007
05/20/2005 11:05 PM 8,192 reg00008
05/20/2005 11:05 PM 8,192 reg00009
05/20/2005 11:05 PM 8,192 reg00010
05/20/2005 11:05 PM 8,192 reg00011
05/20/2005 11:05 PM 8,192 reg00012
05/20/2005 11:05 PM 8,192 reg00013
05/20/2005 11:05 PM 8,192 reg00014
05/20/2005 11:05 PM 8,192 reg00015
05/20/2005 11:05 PM 8,192 reg00016
05/20/2005 11:05 PM 8,192 reg00017
05/20/2005 11:05 PM 8,192 reg00018
05/20/2005 11:05 PM 8,192 reg00019
05/20/2005 11:05 PM 8,192 reg00020
05/20/2005 11:05 PM 8,192 reg00021
05/20/2005 11:05 PM 8,192 reg00022
05/20/2005 11:05 PM 8,192 reg00023
05/20/2005 11:05 PM 8,192 reg00024
05/20/2005 11:05 PM 8,192 reg00025
05/20/2005 11:05 PM 8,192 reg00026
05/20/2005 11:05 PM 8,192 reg00027
05/20/2005 11:05 PM 8,192 reg00028
05/20/2005 11:05 PM 8,192 reg00029
05/20/2005 11:05 PM 8,192 reg00030
05/20/2005 11:05 PM 8,192 reg00031
05/20/2005 11:05 PM 8,192 reg00032
05/20/2005 11:05 PM 8,192 reg00033
05/20/2005 11:05 PM 8,192 reg00034
05/20/2005 11:05 PM 8,192 reg00035
05/20/2005 11:05 PM 8,192 reg00036
05/20/2005 11:05 PM 8,192 reg00037
05/20/2005 11:05 PM 8,192 reg00038
05/20/2005 11:05 PM 8,192 reg00039
05/20/2005 11:05 PM 8,192 reg00040
05/20/2005 11:05 PM 8,192 reg00041
05/20/2005 11:05 PM 8,192 reg00042
05/20/2005 11:05 PM 8,192 reg00043
05/20/2005 11:05 PM 8,192 reg00044
05/20/2005 11:05 PM 8,192 reg00045
05/20/2005 11:05 PM 8,192 reg00046
05/20/2005 11:05 PM 8,192 reg00047
05/20/2005 11:05 PM 8,192 reg00048
05/20/2005 11:05 PM 8,192 reg00051
05/20/2005 11:05 PM 8,192 reg00052
05/20/2005 11:05 PM 8,192 reg00053
05/20/2005 11:05 PM 8,192 reg00054
05/20/2005 11:05 PM 8,192 reg00055
05/20/2005 11:05 PM 8,192 reg00056
05/20/2005 11:05 PM 8,192 reg00057
05/20/2005 11:05 PM 8,192 reg00058
05/20/2005 11:05 PM 8,192 reg00059
05/20/2005 11:05 PM 8,192 reg00060
05/20/2005 11:05 PM 8,192 reg00061
05/20/2005 11:05 PM 8,192 reg00062
05/20/2005 11:05 PM 8,192 reg00063
05/20/2005 11:05 PM 8,192 reg00064
05/20/2005 11:05 PM 8,192 reg00065
05/20/2005 11:05 PM 8,192 reg00066
05/20/2005 11:05 PM 8,192 reg00067
05/20/2005 11:05 PM 8,192 reg00068
05/20/2005 11:05 PM 8,192 reg00069
05/20/2005 11:05 PM 8,192 reg00070
05/20/2005 11:05 PM 8,192 reg00071
05/20/2005 11:05 PM 8,192 reg00072
05/20/2005 11:05 PM 8,192 reg00073
05/20/2005 11:05 PM 8,192 reg00074
05/20/2005 11:05 PM 8,192 reg00075
05/20/2005 11:05 PM 8,192 reg00076
05/20/2005 11:05 PM 8,192 reg00077
05/20/2005 11:05 PM 8,192 reg00078
05/20/2005 11:05 PM 8,192 reg00079
05/20/2005 11:05 PM 8,192 reg00080
05/20/2005 11:05 PM 8,192 reg00081
05/20/2005 11:05 PM 8,192 reg00082
05/20/2005 11:05 PM 8,192 reg00083
05/20/2005 11:05 PM 8,192 reg00084
05/20/2005 11:05 PM 8,192 reg00085
05/20/2005 11:05 PM 8,192 reg00086
05/20/2005 11:05 PM 8,192 reg00087
05/20/2005 11:05 PM 8,192 reg00088
05/20/2005 11:05 PM 8,192 reg00089
05/20/2005 11:05 PM 8,192 reg00090
05/20/2005 11:05 PM 8,192 reg00091
05/20/2005 11:05 PM 8,192 reg00092
05/20/2005 11:05 PM 8,192 reg00093
05/20/2005 11:05 PM 8,192 reg00094
05/20/2005 11:05 PM 8,192 reg00095
05/20/2005 11:05 PM 8,192 reg00096
05/20/2005 11:05 PM 8,192 reg00097
05/20/2005 11:05 PM 8,192 reg00098
05/20/2005 11:05 PM 8,192 reg00099
05/20/2005 11:05 PM 8,192 reg00100
05/20/2005 11:05 PM 8,192 reg00101
05/20/2005 11:05 PM 8,192 reg00102
05/20/2005 11:05 PM 8,192 reg00103
05/20/2005 11:05 PM 8,192 reg00104
05/20/2005 11:05 PM 8,192 reg00105
05/20/2005 11:05 PM 8,192 reg00106
05/20/2005 11:05 PM 8,192 reg00107
05/20/2005 11:05 PM 8,192 reg00108
05/20/2005 11:05 PM 8,192 reg00109
05/20/2005 11:05 PM 8,192 reg00110
05/20/2005 11:05 PM 8,192 reg00111
05/20/2005 11:05 PM 8,192 reg00112
05/20/2005 11:05 PM 8,192 reg00113
05/20/2005 11:05 PM 8,192 reg00114
05/20/2005 11:05 PM 8,192 reg00115
05/20/2005 11:05 PM 8,192 reg00116
112 File(s) 917,504 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/29/2002 04:41 AM 48,128 reg.exe
08/25/2004 06:03 PM 8,192 reg00001
08/25/2004 06:03 PM 8,192 reg00005
08/25/2004 06:03 PM 8,192 reg00013
08/25/2004 06:03 PM 8,192 reg00017
08/25/2004 06:03 PM 12,288 reg00018
08/25/2004 06:03 PM 8,192 reg00019
08/25/2004 06:03 PM 49,152 reg00020
08/25/2004 06:03 PM 8,192 reg00021
08/25/2004 06:03 PM 12,288 reg00070
08/25/2004 06:03 PM 8,192 reg00071
08/25/2004 06:03 PM 8,192 reg00072
08/25/2004 06:03 PM 24,576 reg00073
08/25/2004 06:03 PM 8,192 reg00139
08/25/2004 06:03 PM 8,192 reg00140
08/25/2004 06:03 PM 8,192 reg00141
08/25/2004 06:03 PM 8,192 reg00142
08/25/2004 06:03 PM 8,192 reg00166
08/25/2004 06:03 PM 8,192 reg00167
08/25/2004 06:03 PM 8,192 reg00168
08/25/2004 06:03 PM 8,192 reg00169
08/25/2004 06:03 PM 8,192 reg00170
08/25/2004 06:03 PM 8,192 reg00171
08/25/2004 06:03 PM 8,192 reg00172
08/25/2004 06:03 PM 8,192 reg00173
08/25/2004 06:03 PM 8,192 reg00174
08/25/2004 06:03 PM 8,192 reg00176
08/25/2004 06:03 PM 8,192 reg00177
08/25/2004 06:03 PM 8,192 reg00178
08/25/2004 06:03 PM 8,192 reg00179
08/25/2004 06:03 PM 8,192 reg00180
08/25/2004 06:03 PM 8,192 reg00181
08/25/2004 06:03 PM 8,192 reg00182
08/25/2004 06:03 PM 8,192 reg00183
08/25/2004 06:03 PM 8,192 reg00184
08/25/2004 06:03 PM 8,192 reg00185
08/25/2004 06:03 PM 8,192 reg00186
08/25/2004 06:03 PM 8,192 reg00187
08/25/2004 06:03 PM 8,192 reg00188
08/25/2004 06:03 PM 8,192 reg00189
08/25/2004 06:03 PM 8,192 reg00190
08/25/2004 06:03 PM 8,192 reg00191
08/25/2004 06:03 PM 8,192 reg00192
08/25/2004 06:03 PM 8,192 reg00193
08/25/2004 06:03 PM 8,192 reg00194
08/25/2004 06:03 PM 8,192 reg00195
08/25/2004 06:03 PM 8,192 reg00196
08/25/2004 06:03 PM 8,192 reg00197
08/25/2004 06:03 PM 8,192 reg00198
08/25/2004 06:03 PM 8,192 reg00199
08/25/2004 06:03 PM 8,192 reg00200
08/25/2004 06:03 PM 8,192 reg00201
08/25/2004 06:03 PM 8,192 reg00202
08/25/2004 06:03 PM 8,192 reg00203
08/25/2004 06:03 PM 8,192 reg00204
08/25/2004 06:03 PM 8,192 reg00205
08/25/2004 06:03 PM 8,192 reg00206
08/25/2004 06:03 PM 8,192 reg00207
08/25/2004 06:03 PM 8,192 reg00208
08/25/2004 06:03 PM 8,192 reg00209
08/25/2004 06:03 PM 8,192 reg00210
08/25/2004 06:03 PM 8,192 reg00211
08/25/2004 06:03 PM 8,192 reg00212
08/25/2004 06:03 PM 8,192 reg00213
08/25/2004 06:03 PM 8,192 reg00214
08/25/2004 06:03 PM 8,192 reg00215
08/25/2004 06:03 PM 8,192 reg00216
08/25/2004 06:04 PM 8,192 reg00217
08/25/2004 06:04 PM 8,192 reg00218
08/25/2004 06:04 PM 8,192 reg00219
08/25/2004 06:04 PM 8,192 reg00220
08/25/2004 06:04 PM 8,192 reg00221
08/25/2004 06:04 PM 8,192 reg00222
08/25/2004 06:04 PM 8,192 reg00223
08/25/2004 06:04 PM 8,192 reg00224
08/25/2004 06:04 PM 8,192 reg00225
08/25/2004 06:04 PM 8,192 reg00226
08/25/2004 06:04 PM 8,192 reg00227
08/25/2004 06:04 PM 8,192 reg00228
08/25/2004 06:04 PM 8,192 reg00229
08/25/2004 06:04 PM 8,192 reg00230
08/25/2004 06:04 PM 8,192 reg00231
08/25/2004 06:04 PM 8,192 reg00232
08/25/2004 06:04 PM 8,192 reg00233
08/25/2004 06:04 PM 8,192 reg00234
08/25/2004 06:04 PM 8,192 reg00235
08/25/2004 06:04 PM 8,192 reg00236
08/25/2004 06:04 PM 8,192 reg00237
08/25/2004 06:04 PM 8,192 reg00238
08/25/2004 06:04 PM 8,192 reg00239
08/25/2004 06:04 PM 8,192 reg00240
08/25/2004 06:04 PM 8,192 reg00241
08/25/2004 06:04 PM 8,192 reg00242
08/25/2004 06:04 PM 8,192 reg00243
08/25/2004 06:04 PM 143,360 reg00244
08/25/2004 06:04 PM 8,192 reg00245
08/25/2004 06:04 PM 8,192 reg00246
08/25/2004 06:04 PM 8,192 reg00247
08/25/2004 06:04 PM 8,192 reg00248
08/25/2004 06:04 PM 8,192 reg00249
08/25/2004 06:04 PM 8,192 reg00250
08/25/2004 06:04 PM 8,192 reg00251
08/25/2004 06:04 PM 8,192 reg00252
08/25/2004 06:04 PM 8,192 reg00253
08/25/2004 06:04 PM 8,192 reg00264
08/25/2004 06:04 PM 8,192 reg00265
08/25/2004 06:04 PM 8,192 reg00266
08/25/2004 06:04 PM 8,192 reg00267
08/25/2004 06:04 PM 8,192 reg00268
08/25/2004 06:04 PM 8,192 reg00269
08/25/2004 06:04 PM 8,192 reg00270
08/25/2004 06:04 PM 8,192 reg00271
08/25/2004 06:04 PM 8,192 reg00272
08/25/2004 06:04 PM 8,192 reg00273
08/25/2004 06:04 PM 8,192 reg00274
08/25/2004 06:04 PM 8,192 reg00275
08/25/2004 06:04 PM 8,192 reg00276
08/25/2004 06:04 PM 8,192 reg00277
08/25/2004 06:04 PM 8,192 reg00278
08/25/2004 06:04 PM 8,192 reg00279
08/25/2004 06:04 PM 8,192 reg00280
08/25/2004 06:04 PM 8,192 reg00281
08/25/2004 06:04 PM 8,192 reg00282
08/25/2004 06:04 PM 8,192 reg00283
08/25/2004 06:04 PM 8,192 reg00284
08/25/2004 06:04 PM 8,192 reg00285
08/25/2004 06:04 PM 8,192 reg00286
08/25/2004 06:04 PM 8,192 reg00287
08/25/2004 06:04 PM 8,192 reg00288
08/25/2004 06:04 PM 8,192 reg00289
08/25/2004 06:04 PM 8,192 reg00290
08/25/2004 06:04 PM 8,192 reg00291
08/25/2004 06:04 PM 8,192 reg00292
08/25/2004 06:04 PM 8,192 reg00293
08/25/2004 06:04 PM 8,192 reg00294
08/25/2004 06:04 PM 8,192 reg00299
08/25/2004 06:04 PM 8,192 reg00301
08/25/2004 06:04 PM 8,192 reg00303
08/25/2004 06:04 PM 8,192 reg00305
08/25/2004 06:04 PM 8,192 reg00307
08/25/2004 06:04 PM 8,192 reg00309
08/25/2004 06:04 PM 8,192 reg00311
08/25/2004 06:04 PM 8,192 reg00313
08/25/2004 06:04 PM 8,192 reg00315
08/25/2004 06:04 PM 8,192 reg00316
08/25/2004 06:04 PM 8,192 reg00317
08/25/2004 06:04 PM 8,192 reg00318
08/25/2004 06:04 PM 8,192 reg00319
08/25/2004 06:04 PM 8,192 reg00320
08/25/2004 06:04 PM 8,192 reg00321
08/25/2004 06:04 PM 8,192 reg00322
08/25/2004 06:04 PM 8,192 reg00323
08/25/2004 06:04 PM 8,192 reg00324
08/25/2004 06:04 PM 8,192 reg00325
08/25/2004 06:04 PM 8,192 reg00326
08/25/2004 06:04 PM 8,192 reg00327
08/25/2004 06:04 PM 8,192 reg00328
08/25/2004 06:04 PM 8,192 reg00329
08/25/2004 06:04 PM 8,192 reg00330
08/25/2004 06:04 PM 8,192 reg00331
08/25/2004 06:04 PM 8,192 reg00332
08/25/2004 06:04 PM 8,192 reg00333
08/25/2004 06:04 PM 8,192 reg00334
08/25/2004 06:04 PM 8,192 reg00335
08/25/2004 06:04 PM 8,192 reg00336
08/25/2004 06:04 PM 8,192 reg00337
08/25/2004 06:04 PM 8,192 reg00338
08/25/2004 06:04 PM 8,192 reg00339
08/25/2004 06:04 PM 8,192 reg00340
08/25/2004 06:04 PM 8,192 reg00341
08/25/2004 06:04 PM 8,192 reg00342
08/25/2004 06:04 PM 8,192 reg00343
08/25/2004 06:04 PM 8,192 reg00344
08/25/2004 06:04 PM 8,192 reg00345
08/25/2004 06:04 PM 8,192 reg00346
08/25/2004 06:04 PM 8,192 reg00347
08/25/2004 06:04 PM 8,192 reg00348
08/25/2004 06:04 PM 8,192 reg00349
08/25/2004 06:04 PM 8,192 reg00350
08/25/2004 06:04 PM 8,192 reg00351
08/25/2004 06:04 PM 8,192 reg00352
08/25/2004 06:04 PM 8,192 reg00353
08/25/2004 06:04 PM 8,192 reg00355
08/25/2004 06:04 PM 143,360 reg00356
08/25/2004 06:04 PM 8,192 reg00357
08/25/2004 06:04 PM 49,152 reg00358
08/25/2004 06:04 PM 8,192 reg00359
08/25/2004 06:04 PM 8,192 reg00360
08/25/2004 06:04 PM 8,192 reg00361
08/25/2004 06:04 PM 8,192 reg00362
08/25/2004 06:04 PM 8,192 reg00363
08/25/2004 06:04 PM 8,192 reg00365
08/25/2004 06:04 PM 8,192 reg00366
08/25/2004 06:04 PM 8,192 reg00367
08/25/2004 06:04 PM 8,192 reg00368
08/25/2004 06:04 PM 8,192 reg00369
08/25/2004 06:04 PM 8,192 reg00370
08/25/2004 06:04 PM 8,192 reg00373
08/25/2004 06:04 PM 8,192 reg00374
08/25/2004 06:04 PM 8,192 reg00375
08/25/2004 06:04 PM 8,192 reg00392
08/25/2004 06:04 PM 8,192 reg00396
08/25/2004 06:04 PM 8,192 reg00397
08/25/2004 06:04 PM 8,192 reg00404
08/25/2004 06:04 PM 8,192 reg00405
08/25/2004 06:04 PM 8,192 reg00410
08/25/2004 06:04 PM 8,192 reg00411
08/25/2004 06:04 PM 8,192 reg00412
08/25/2004 06:04 PM 8,192 reg00413
08/25/2004 06:04 PM 8,192 reg00414
08/25/2004 06:04 PM 8,192 reg00415
08/25/2004 06:04 PM 8,192 reg00416
08/25/2004 06:04 PM 8,192 reg00417
08/25/2004 06:04 PM 8,192 reg00418
08/25/2004 06:04 PM 8,192 reg00419
08/25/2004 06:04 PM 8,192 reg00420
08/25/2004 06:04 PM 8,192 reg00421
08/25/2004 06:04 PM 8,192 reg00422
08/25/2004 06:04 PM 8,192 reg00423
08/25/2004 06:04 PM 8,192 reg00424
08/25/2004 06:04 PM 8,192 reg00425
08/25/2004 06:04 PM 8,192 reg00426
08/25/2004 06:04 PM 8,192 reg00460
08/25/2004 06:04 PM 8,192 reg00461
08/25/2004 06:04 PM 8,192 reg00462
08/25/2004 06:04 PM 8,192 reg00463
08/25/2004 06:04 PM 8,192 reg00464
08/25/2004 06:04 PM 8,192 reg00465
08/25/2004 06:04 PM 8,192 reg00466
08/25/2004 06:04 PM 8,192 reg00467
08/25/2004 06:04 PM 8,192 reg00468
08/25/2004 06:04 PM 8,192 reg00469
08/25/2004 06:04 PM 8,192 reg00470
08/25/2004 06:04 PM 8,192 reg00471
08/25/2004 06:04 PM 8,192 reg00472
08/25/2004 06:04 PM 8,192 reg00473
08/25/2004 06:04 PM 8,192 reg00474
08/25/2004 06:04 PM 8,192 reg00475
08/25/2004 06:04 PM 8,192 reg00476
08/25/2004 06:04 PM 8,192 reg00477
08/25/2004 06:04 PM 8,192 reg00478
08/25/2004 06:04 PM 8,192 reg00479
08/25/2004 06:04 PM 8,192 reg00480
08/25/2004 06:04 PM 8,192 reg00481
08/25/2004 06:04 PM 8,192 reg00482
08/25/2004 06:04 PM 8,192 reg00483
08/25/2004 06:04 PM 8,192 reg00484
08/25/2004 06:04 PM 8,192 reg00485
08/25/2004 06:04 PM 8,192 reg00486
08/25/2004 06:04 PM 8,192 reg00487
08/25/2004 06:04 PM 8,192 reg00488
08/25/2004 06:04 PM 8,192 reg00489
08/25/2004 06:04 PM 8,192 reg00490
08/25/2004 06:04 PM 8,192 reg00491
08/25/2004 06:04 PM 8,192 reg00492
08/25/2004 06:04 PM 8,192 reg00493
08/25/2004 06:04 PM 8,192 reg00494
08/25/2004 06:04 PM 8,192 reg00495
08/25/2004 06:04 PM 8,192 reg00496
08/25/2004 06:04 PM 8,192 reg00497
08/25/2004 06:04 PM 8,192 reg00498
08/25/2004 06:04 PM 8,192 reg00576
08/25/2004 06:04 PM 8,192 reg00577
08/25/2004 06:04 PM 8,192 reg00578
08/25/2004 06:04 PM 8,192 reg00606
08/25/2004 06:04 PM 8,192 reg00607
08/25/2004 06:04 PM 8,192 reg00608
08/25/2004 06:04 PM 8,192 reg00610
08/25/2004 06:04 PM 8,192 reg00626
08/25/2004 06:04 PM 8,192 reg00627
08/25/2004 06:04 PM 8,192 reg00628
08/25/2004 06:04 PM 8,192 reg00629
08/25/2004 06:04 PM 8,192 reg00630
08/25/2004 06:04 PM 8,192 reg00631
08/25/2004 06:04 PM 8,192 reg00632
08/25/2004 06:04 PM 8,192 reg00633
08/25/2004 06:04 PM 8,192 reg00634
08/25/2004 06:04 PM 8,192 reg00635
08/25/2004 06:04 PM 8,192 reg00636
08/25/2004 06:04 PM 8,192 reg00637
08/25/2004 06:04 PM 8,192 reg00638
08/25/2004 06:04 PM 8,192 reg00639
08/25/2004 06:04 PM 8,192 reg00660
08/25/2004 06:04 PM 8,192 reg00661
08/25/2004 06:04 PM 8,192 reg00662
08/25/2004 06:04 PM 8,192 reg00663
08/25/2004 06:04 PM 8,192 reg00664
08/25/2004 06:04 PM 8,192 reg00665
08/25/2004 06:04 PM 8,192 reg00666
08/25/2004 06:04 PM 8,192 reg00667
08/25/2004 06:04 PM 8,192 reg00668
08/25/2004 06:04 PM 8,192 reg00669
08/25/2004 06:04 PM 8,192 reg00670
08/25/2004 06:04 PM 8,192 reg00671
08/25/2004 06:04 PM 8,192 reg00672
08/25/2004 06:04 PM 8,192 reg00673
08/25/2004 06:04 PM 8,192 reg00674
08/25/2004 06:04 PM 8,192 reg00675
08/25/2004 06:04 PM 8,192 reg00676
08/25/2004 06:04 PM 8,192 reg00677
08/25/2004 06:04 PM 8,192 reg00678
08/25/2004 06:04 PM 8,192 reg00679
08/25/2004 06:04 PM 8,192 reg00698
08/25/2004 06:04 PM 12,288 reg00726
08/25/2004 06:04 PM 8,192 reg00727
08/25/2004 06:04 PM 8,192 reg00728
08/25/2004 06:04 PM 8,192 reg00729
08/25/2004 06:04 PM 8,192 reg00730
08/25/2004 06:04 PM 8,192 reg00731
08/25/2004 06:04 PM 8,192 reg00732
08/25/2004 06:04 PM 8,192 reg00733
08/25/2004 06:04 PM 8,192 reg00734
08/25/2004 06:04 PM 8,192 reg00735
08/25/2004 06:04 PM 8,192 reg00736
08/25/2004 06:04 PM 8,192 reg00737
08/25/2004 06:04 PM 8,192 reg00738
08/25/2004 06:04 PM 8,192 reg00739
08/25/2004 06:04 PM 8,192 reg00740
08/25/2004 06:04 PM 8,192 reg00741
08/25/2004 06:04 PM 8,192 reg00742
08/25/2004 06:04 PM 8,192 reg00743
08/25/2004 06:04 PM 8,192 reg00744
08/25/2004 06:04 PM 8,192 reg00745
08/25/2004 06:04 PM 8,192 reg00746
08/25/2004 06:04 PM 8,192 reg00747
08/25/2004 06:04 PM 8,192 reg00748
08/25/2004 06:04 PM 8,192 reg00749
08/25/2004 06:04 PM 8,192 reg00750
08/25/2004 06:04 PM 8,192 reg00751
08/25/2004 06:04 PM 8,192 reg00752
08/25/2004 06:04 PM 8,192 reg00753
08/25/2004 06:04 PM 8,192 reg00754
08/25/2004 06:04 PM 8,192 reg00755
08/25/2004 06:04 PM 8,192 reg00756
08/25/2004 06:04 PM 8,192 reg00757
08/25/2004 06:04 PM 8,192 reg00758
08/25/2004 06:04 PM 8,192 reg00759
08/25/2004 06:04 PM 8,192 reg00760
08/25/2004 06:04 PM 8,192 reg00761
08/25/2004 06:04 PM 8,192 reg00762
08/25/2004 06:04 PM 8,192 reg00763
08/25/2004 06:04 PM 8,192 reg00764
08/25/2004 06:04 PM 8,192 reg00765
08/25/2004 06:04 PM 8,192 reg00766
08/25/2004 06:04 PM 8,192 reg00767
08/25/2004 06:04 PM 8,192 reg00768
08/25/2004 06:04 PM 8,192 reg00769
08/25/2004 06:04 PM 8,192 reg00770
08/25/2004 06:04 PM 8,192 reg00771
08/25/2004 06:04 PM 8,192 reg00772
08/25/2004 06:04 PM 8,192 reg00773
08/25/2004 06:04 PM 8,192 reg00774
08/25/2004 06:04 PM 8,192 reg00775
08/25/2004 06:04 PM 8,192 reg00776
08/25/2004 06:04 PM 8,192 reg00777
08/25/2004 06:04 PM 8,192 reg00778
08/25/2004 06:04 PM 8,192 reg00779
08/25/2004 06:04 PM 8,192 reg00780
08/25/2004 06:04 PM 8,192 reg00781
08/25/2004 06:04 PM 8,192 reg00782
08/25/2004 06:04 PM 8,192 reg00783
08/25/2004 06:04 PM 8,192 reg00784
08/25/2004 06:04 PM 8,192 reg00785
08/25/2004 06:04 PM 8,192 reg00786
08/25/2004 06:04 PM 8,192 reg00787
08/25/2004 06:04 PM 8,192 reg00788
08/25/2004 06:04 PM 8,192 reg00789
08/25/2004 06:04 PM 8,192 reg00790
08/25/2004 06:04 PM 8,192 reg00791
08/25/2004 06:04 PM 8,192 reg00792
08/25/2004 06:04 PM 8,192 reg00793
08/25/2004 06:04 PM 8,192 reg00794
08/25/2004 06:04 PM 8,192 reg00795
08/25/2004 06:04 PM 8,192 reg00796
08/25/2004 06:04 PM 8,192 reg00797
08/25/2004 06:04 PM 8,192 reg00798
08/25/2004 06:04 PM 8,192 reg00799
08/25/2004 06:04 PM 8,192 reg00800
08/25/2004 06:04 PM 8,192 reg00801
08/25/2004 06:04 PM 8,192 reg00802
08/25/2004 06:04 PM 8,192 reg00803
08/25/2004 06:04 PM 8,192 reg00804
08/25/2004 06:04 PM 8,192 reg00805
08/25/2004 06:04 PM 8,192 reg00806
08/25/2004 06:04 PM 8,192 reg00807
08/25/2004 06:04 PM 8,192 reg00808
08/25/2004 06:04 PM 8,192 reg00809
08/25/2004 06:04 PM 8,192 reg00810
08/25/2004 06:04 PM 8,192 reg00811
08/25/2004 06:04 PM 8,192 reg00812
08/25/2004 06:04 PM 8,192 reg00813
08/25/2004 06:04 PM 8,192 reg00814
08/25/2004 06:04 PM 8,192 reg00815
08/25/2004 06:04 PM 8,192 reg00816
08/25/2004 06:04 PM 8,192 reg00817
08/25/2004 06:04 PM 8,192 reg00818
08/25/2004 06:04 PM 8,192 reg00819
08/25/2004 06:04 PM 8,192 reg00820
08/25/2004 06:04 PM 8,192 reg00821
08/25/2004 06:04 PM 8,192 reg00822
08/25/2004 06:04 PM 8,192 reg00823
08/25/2004 06:04 PM 8,192 reg00824
08/25/2004 06:04 PM 8,192 reg00825
08/25/2004 06:04 PM 8,192 reg00826
08/25/2004 06:04 PM 8,192 reg00827
08/25/2004 06:04 PM 8,192 reg00828
08/25/2004 06:04 PM 8,192 reg00829
08/25/2004 06:04 PM 8,192 reg00830
08/25/2004 06:04 PM 8,192 reg00831
08/25/2004 06:04 PM 8,192 reg00832
08/25/2004 06:04 PM 8,192 reg00833
08/25/2004 06:04 PM 8,192 reg00834
08/25/2004 06:04 PM 8,192 reg00835
08/25/2004 06:04 PM 8,192 reg00836
08/25/2004 06:04 PM 8,192 reg00837
08/25/2004 06:04 PM 8,192 reg00838
08/25/2004 06:04 PM 8,192 reg00839
08/25/2004 06:04 PM 8,192 reg00840
08/25/2004 06:04 PM 8,192 reg00841
08/25/2004 06:04 PM 8,192 reg00842
08/25/2004 06:04 PM 8,192 reg00843
08/25/2004 06:04 PM 8,192 reg00844
08/25/2004 06:04 PM 8,192 reg00845
08/25/2004 06:04 PM 8,192 reg00846
08/25/2004 06:04 PM 8,192 reg00847
08/25/2004 06:04 PM 8,192 reg00850
08/25/2004 06:04 PM 8,192 reg00851
08/25/2004 06:04 PM 16,384 reg00852
08/25/2004 06:04 PM 8,192 reg00853
08/25/2004 06:04 PM 8,192 reg00854
08/25/2004 06:04 PM 8,192 reg00855
08/25/2004 06:04 PM 8,192 reg00856
08/25/2004 06:04 PM 8,192 reg00857
08/25/2004 06:04 PM 192,512 reg00858
08/25/2004 06:04 PM 163,840 reg00859
08/25/2004 06:04 PM 8,192 reg00860
08/25/2004 06:04 PM 8,192 reg00864
08/25/2004 06:04 PM 8,192 reg00865
08/25/2004 06:04 PM 8,192 reg00866
08/25/2004 06:04 PM 8,192 reg00867
08/25/2004 06:04 PM 8,192 reg00868
08/25/2004 06:04 PM 8,192 reg00869
08/25/2004 06:04 PM 8,192 reg00870
08/25/2004 06:04 PM 8,192 reg00871
08/25/2004 06:04 PM 8,192 reg00872
08/25/2004 06:04 PM 8,192 reg00873
08/25/2004 06:04 PM 8,192 reg00874
08/25/2004 06:04 PM 8,192 reg00875
08/25/2004 06:04 PM 8,192 reg00876
08/25/2004 06:04 PM 8,192 reg00877
08/25/2004 06:04 PM 8,192 reg00878
08/25/2004 06:04 PM 8,192 reg00879
08/25/2004 06:04 PM 8,192 reg00880
08/25/2004 06:04 PM 8,192 reg00881
08/25/2004 06:04 PM 8,192 reg00882
08/25/2004 06:04 PM 8,192 reg00883
08/25/2004 06:04 PM 8,192 reg00884
08/25/2004 06:04 PM 8,192 reg00885
08/25/2004 06:04 PM 8,192 reg00886
08/25/2004 06:04 PM 8,192 reg00887
08/25/2004 06:04 PM 8,192 reg00888
08/25/2004 06:04 PM 8,192 reg00889
08/25/2004 06:04 PM 8,192 reg00890
08/25/2004 06:04 PM 8,192 reg00891
08/25/2004 06:04 PM 8,192 reg00892
08/25/2004 06:04 PM 8,192 reg00893
08/25/2004 06:04 PM 8,192 reg00894
08/25/2004 06:04 PM 8,192 reg00895
08/25/2004 06:04 PM 8,192 reg00896
08/25/2004 06:04 PM 8,192 reg00897
08/25/2004 06:04 PM 8,192 reg00898
08/25/2004 06:04 PM 8,192 reg00899
08/25/2004 06:04 PM 8,192 reg00900
08/25/2004 06:04 PM 8,192 reg00901
08/25/2004 06:04 PM 8,192 reg00902
08/25/2004 06:04 PM 28,672 reg00903
08/25/2004 06:04 PM 8,192 reg00904
08/25/2004 06:04 PM 8,192 reg00905
08/25/2004 06:04 PM 8,192 reg00906
08/25/2004 06:04 PM 8,192 reg00907
08/25/2004 06:04 PM 8,192 reg00921
08/25/2004 06:04 PM 8,192 reg00923
08/25/2004 06:04 PM 8,192 reg00924
08/25/2004 06:04 PM 8,192 reg00925
08/25/2004 06:04 PM 8,192 reg00926
08/25/2004 06:04 PM 8,192 reg00927
08/25/2004 06:04 PM 8,192 reg00928
08/25/2004 06:04 PM 8,192 reg00929
08/25/2004 06:04 PM 8,192 reg00930
08/25/2004 06:04 PM 8,192 reg00931
08/25/2004 06:04 PM 8,192 reg00932
08/25/2004 06:04 PM 8,192 reg00933
08/25/2004 06:04 PM 8,192 reg00934
08/25/2004 06:04 PM 8,192 reg00935
08/25/2004 06:04 PM 8,192 reg00936
08/25/2004 06:04 PM 8,192 reg01396
08/25/2004 06:04 PM 8,192 reg01397
08/25/2004 06:04 PM 8,192 reg01399
08/25/2004 06:04 PM 8,192 reg01400
08/25/2004 06:04 PM 8,192 reg01401
08/25/2004 06:04 PM 8,192 reg01402
08/25/2004 06:04 PM 8,192 reg01403
08/25/2004 06:04 PM 8,192 reg01408
08/25/2004 06:04 PM 8,192 reg01414
08/25/2004 06:04 PM 8,192 reg01427
08/25/2004 06:04 PM 8,192 reg01428
08/25/2004 06:04 PM 8,192 reg01429
08/25/2004 06:04 PM 8,192 reg01430
08/25/2004 06:04 PM 8,192 reg01431
08/25/2004 06:04 PM 8,192 reg01432
08/25/2004 06:04 PM 8,192 reg01433
08/25/2004 06:04 PM 8,192 reg01434
08/25/2004 06:04 PM 8,192 reg01437
08/25/2004 06:04 PM 8,192 reg01438
08/25/2004 06:04 PM 8,192 reg01439
08/25/2004 06:04 PM 8,192 reg01440
08/25/2004 06:04 PM 8,192 reg01441
08/25/2004 06:04 PM 8,192 reg01442
08/25/2004 06:04 PM 8,192 reg01443
08/25/2004 06:04 PM 8,192 reg01444
08/25/2004 06:04 PM 8,192 reg01445
08/25/2004 06:04 PM 8,192 reg01446
08/25/2004 06:04 PM 8,192 reg01447
08/25/2004 06:04 PM 8,192 reg01448
08/25/2004 06:04 PM 8,192 reg01449
08/25/2004 06:04 PM 8,192 reg01450
08/25/2004 06:04 PM 8,192 reg01451
08/25/2004 06:04 PM 8,192 reg01452
08/25/2004 06:04 PM 8,192 reg01453
08/25/2004 06:04 PM 8,192 reg01454
08/25/2004 06:04 PM 8,192 reg01455
08/25/2004 06:04 PM 8,192 reg01456
08/25/2004 06:04 PM 8,192 reg01457
08/25/2004 06:04 PM 8,192 reg01458
08/25/2004 06:04 PM 8,192 reg01459
08/25/2004 06:04 PM 8,192 reg01460
08/25/2004 06:04 PM 8,192 reg01461
08/25/2004 06:04 PM 8,192 reg01462
08/25/2004 06:04 PM 8,192 reg01463
08/25/2004 06:04 PM 8,192 reg01464
08/25/2004 06:04 PM 8,192 reg01465
08/25/2004 06:04 PM 8,192 reg01466
08/25/2004 06:04 PM 8,192 reg01467
08/25/2004 06:04 PM 8,192 reg01468
08/25/2004 06:04 PM 8,192 reg01469
08/25/2004 06:04 PM 8,192 reg01470
08/25/2004 06:04 PM 8,192 reg01471
08/25/2004 06:04 PM 8,192 reg01472
08/25/2004 06:04 PM 8,192 reg01473
08/25/2004 06:04 PM 8,192 reg01474
08/25/2004 06:04 PM 8,192 reg01475
08/25/2004 06:04 PM 8,192 reg01476
08/25/2004 06:04 PM 8,192 reg01477
08/25/2004 06:04 PM 8,192 reg01478
08/25/2004 06:04 PM 8,192 reg01479
08/25/2004 06:04 PM 8,192 reg01480
08/25/2004 06:04 PM 8,192 reg01483
08/25/2004 06:04 PM 8,192 reg01484
08/25/2004 06:04 PM 8,192 reg01485
08/25/2004 06:04 PM 8,192 reg01486
08/25/2004 06:04 PM 8,192 reg01487
08/25/2004 06:04 PM 8,192 reg01488
08/25/2004 06:04 PM 8,192 reg01489
08/25/2004 06:04 PM 8,192 reg01490
08/25/2004 06:04 PM 8,192 reg01491
08/25/2004 06:04 PM 8,192 reg01492
08/25/2004 06:04 PM 8,192 reg01493
08/25/2004 06:04 PM 8,192 reg01494
08/25/2004 06:04 PM 8,192 reg01495
08/25/2004 06:04 PM 8,192 reg01496
08/25/2004 06:04 PM 8,192 reg01497
08/25/2004 06:04 PM 8,192 reg01498
08/25/2004 06:04 PM 8,192 reg01499
08/25/2004 06:04 PM 8,192 reg01500
08/25/2004 06:04 PM 8,192 reg01501
08/25/2004 06:04 PM 8,192 reg01502
08/25/2004 06:04 PM 8,192 reg01503
08/25/2004 06:04 PM 8,192 reg01504
08/25/2004 06:04 PM 8,192 reg01505
08/25/2004 06:04 PM 8,192 reg01506
08/25/2004 06:04 PM 8,192 reg01507
08/25/2004 06:04 PM 8,192 reg01508
08/25/2004 06:04 PM 8,192 reg01509
08/25/2004 06:04 PM 8,192 reg01510
08/25/2004 06:04 PM 8,192 reg01511
08/25/2004 06:04 PM 8,192 reg01512
08/25/2004 06:04 PM 8,192 reg01513
08/25/2004 06:04 PM 8,192 reg01514
08/25/2004 06:04 PM 8,192 reg01515
08/25/2004 06:04 PM 8,192 reg01516
08/25/2004 06:04 PM 8,192 reg01517
08/25/2004 06:04 PM 8,192 reg01518
08/25/2004 06:04 PM 8,192 reg01519
08/25/2004 06:04 PM 8,192 reg01520
08/25/2004 06:04 PM 8,192 reg01521
08/25/2004 06:04 PM 8,192 reg01522
08/25/2004 06:04 PM 8,192 reg01523
08/25/2004 06:04 PM 8,192 reg01524
08/25/2004 06:04 PM 8,192 reg01525
08/25/2004 06:04 PM 8,192 reg01526
08/25/2004 06:04 PM 8,192 reg01527
08/25/2004 06:04 PM 8,192 reg01528
08/25/2004 06:04 PM 8,192 reg01529
08/25/2004 06:04 PM 8,192 reg01530
08/25/2004 06:04 PM 8,192 reg01531
08/25/2004 06:04 PM 8,192 reg01532
08/25/2004 06:04 PM 8,192 reg01543
08/25/2004 06:04 PM 8,192 reg01544
08/25/2004 06:04 PM 8,192 reg01545
08/25/2004 06:04 PM 8,192 reg01546
08/25/2004 06:04 PM 8,192 reg01547
08/25/2004 06:04 PM 8,192 reg01548
08/25/2004 06:04 PM 8,192 reg01549
08/25/2004 06:04 PM 8,192 reg01550
08/25/2004 06:04 PM 8,192 reg01551
08/25/2004 06:04 PM 8,192 reg01552
08/25/2004 06:04 PM 8,192 reg01553
08/25/2004 06:04 PM 8,192 reg01554
08/25/2004 06:04 PM 8,192 reg01555
08/25/2004 06:04 PM 8,192 reg01556
08/25/2004 06:04 PM 8,192 reg01557
08/25/2004 06:04 PM 8,192 reg01558
08/25/2004 06:04 PM 8,192 reg01559
08/25/2004 06:04 PM 8,192 reg01560
08/25/2004 06:04 PM 8,192 reg01561
08/25/2004 06:04 PM 8,192 reg01562
08/25/2004 06:04 PM 8,192 reg01565
08/25/2004 06:04 PM 8,192 reg01566
08/25/2004 06:04 PM 8,192 reg01567
08/25/2004 06:04 PM 8,192 reg01568
08/25/2004 06:04 PM 8,192 reg01569
08/25/2004 06:04 PM 8,192 reg01571
08/25/2004 06:04 PM 8,192 reg01572
08/25/2004 06:04 PM 8,192 reg01573
08/25/2004 06:04 PM 8,192 reg01574
08/25/2004 06:04 PM 8,192 reg01576
08/25/2004 06:04 PM 8,192 reg01581
08/25/2004 06:04 PM 8,192 reg01594
08/25/2004 06:04 PM 8,192 reg01599
08/25/2004 06:04 PM 8,192 reg01600
08/25/2004 06:04 PM 8,192 reg01602
08/25/2004 06:04 PM 8,192 reg01603
08/25/2004 06:04 PM 8,192 reg01604
08/25/2004 06:04 PM 8,192 reg01610
08/25/2004 06:04 PM 8,192 reg01611
08/25/2004 06:04 PM 8,192 reg01612
08/25/2004 06:04 PM 8,192 reg01613
08/25/2004 06:04 PM 8,192 reg01615
08/25/2004 06:04 PM 8,192 reg01616
08/25/2004 06:04 PM 8,192 reg01619
08/25/2004 06:04 PM 8,192 reg01620
08/25/2004 06:04 PM 8,192 reg01622
08/25/2004 06:04 PM 8,192 reg01623
08/25/2004 06:04 PM 8,192 reg01624
08/25/2004 06:04 PM 8,192 reg01625
08/25/2004 06:04 PM 8,192 reg01626
08/25/2004 06:04 PM 8,192 reg01627
08/25/2004 06:04 PM 8,192 reg01628
08/25/2004 06:04 PM 8,192 reg01629
08/25/2004 06:04 PM 8,192 reg01630
08/25/2004 06:04 PM 8,192 reg01631
08/25/2004 06:04 PM 8,192 reg01632
08/25/2004 06:04 PM 8,192 reg01633
08/25/2004 06:04 PM 8,192 reg01634
08/25/2004 06:04 PM 8,192 reg01635
08/25/2004 06:04 PM 8,192 reg01636
08/25/2004 06:04 PM 8,192 reg01637
08/25/2004 06:04 PM 8,192 reg01639
08/25/2004 06:04 PM 8,192 reg01654
08/25/2004 06:04 PM 8,192 reg01658
08/25/2004 06:04 PM 8,192 reg01659
08/29/2002 04:41 AM 44,032 regapi.dll
08/29/2002 04:41 AM 134,144 regedit.exe
08/18/2001 06:00 AM 51,712 regsvc.dll
08/18/2001 06:00 AM 9,728 regsvr32.exe
08/18/2001 06:00 AM 387,584 regwizc.dll
676 File(s) 6,913,536 bytes

Directory of C:\WINDOWS\$NtUninstallKB820291$

07/10/2004 11:59 PM 28,672 reg00005
1 File(s) 28,672 bytes

Directory of C:\WINDOWS\$NtUninstallKB826942$

07/10/2004 11:58 PM 8,192 reg00003
07/10/2004 11:58 PM 8,192 reg00004
2 File(s) 16,384 bytes

Directory of C:\WINDOWS\$NtUninstallKB835732$

07/10/2004 11:18 PM 8,192 reg00004
07/10/2004 11:18 PM 8,192 reg00005
07/10/2004 11:18 PM 8,192 reg00006
07/10/2004 11:18 PM 8,192 reg00008
07/10/2004 11:18 PM 8,192 reg00009
5 File(s) 40,960 bytes

Directory of C:\WINDOWS\$NtUninstallKB842773$

07/13/2004 06:43 PM 8,192 reg00002
07/13/2004 06:43 PM 8,192 reg00005
07/13/2004 06:43 PM 8,192 reg00006
07/13/2004 06:43 PM 8,192 reg00007
07/13/2004 06:43 PM 8,192 reg00008
07/13/2004 06:43 PM 8,192 reg00009
07/13/2004 06:43 PM 8,192 reg00010
07/13/2004 06:43 PM 8,192 reg00011
07/13/2004 06:43 PM 8,192 reg00012
07/13/2004 06:43 PM 8,192 reg00013
07/13/2004 06:43 PM 8,192 reg00014
07/13/2004 06:43 PM 8,192 reg00015
07/13/2004 06:43 PM 8,192 reg00016
07/13/2004 06:43 PM 8,192 reg00017
07/13/2004 06:43 PM 8,192 reg00018
07/13/2004 06:43 PM 8,192 reg00019
07/13/2004 06:43 PM 8,192 reg00020
07/13/2004 06:43 PM 8,192 reg00021
07/13/2004 06:43 PM 8,192 reg00022
07/13/2004 06:43 PM 8,192 reg00023
07/13/2004 06:43 PM 8,192 reg00032
07/13/2004 06:43 PM 8,192 reg00033
07/13/2004 06:43 PM 8,192 reg00034
23 File(s) 188,416 bytes

Directory of C:\WINDOWS\$NtUninstallKB867282$

02/11/2005 06:31 AM 184,320 reg00001
02/11/2005 06:31 AM 8,192 reg00002
2 File(s) 192,512 bytes

Directory of C:\WINDOWS\$NtUninstallKB883939$

06/14/2005 08:40 PM 184,320 reg00001
06/14/2005 08:40 PM 8,192 reg00002
06/14/2005 08:40 PM 8,192 reg00003
3 File(s) 200,704 bytes

Directory of C:\WINDOWS\$NtUninstallKB890923$

04/15/2005 02:01 AM 184,320 reg00001
04/15/2005 02:01 AM 8,192 reg00002
04/15/2005 02:01 AM 8,192 reg00003
3 File(s) 200,704 bytes

Directory of C:\WINDOWS\$NtUninstallKB896358$

06/14/2005 08:40 PM 8,192 reg00001
06/14/2005 08:40 PM 8,192 reg00002
2 File(s) 16,384 bytes

Directory of C:\WINDOWS\$NtUninstallKB896688$

10/14/2005 02:01 AM 8,192 reg00001
10/14/2005 02:01 AM 8,192 reg00002
10/14/2005 02:01 AM 8,192 reg00003
10/14/2005 02:01 AM 8,192 reg00004
10/14/2005 02:01 AM 8,192 reg00005
10/14/2005 02:01 AM 8,192 reg00006
10/14/2005 02:01 AM 8,192 reg00007
10/14/2005 02:01 AM 8,192 reg00008
10/14/2005 02:01 AM 8,192 reg00009
10/14/2005 02:01 AM 8,192 reg00010
10/14/2005 02:01 AM 8,192 reg00011
10/14/2005 02:01 AM 8,192 reg00012
10/14/2005 02:01 AM 200,704 reg00013
13 File(s) 299,008 bytes

Directory of C:\WINDOWS\$NtUninstallKB896727$

08/13/2005 02:01 AM 8,192 reg00001
08/13/2005 02:01 AM 8,192 reg00002
08/13/2005 02:01 AM 188,416 reg00003
3 File(s) 204,800 bytes

Directory of C:\WINDOWS\$NtUninstallKB903235$

07/14/2005 02:00 AM 188,416 reg00001
1 File(s) 188,416 bytes

Directory of C:\WINDOWS\$NtUninstallKB905915$

12/14/2005 09:25 PM 8,192 reg00001
12/14/2005 09:25 PM 8,192 reg00002
12/14/2005 09:25 PM 8,192 reg00003
12/14/2005 09:25 PM 8,192 reg00004
12/14/2005 09:25 PM 8,192 reg00005
12/14/2005 09:25 PM 8,192 reg00006
12/14/2005 09:25 PM 8,192 reg00007
12/14/2005 09:25 PM 8,192 reg00008
12/14/2005 09:25 PM 8,192 reg00009
12/14/2005 09:25 PM 8,192 reg00010
12/14/2005 09:25 PM 8,192 reg00011
12/14/2005 09:25 PM 8,192 reg00012
12/14/2005 09:25 PM 217,088 reg00013
12/14/2005 09:25 PM 8,192 reg00016
12/14/2005 09:25 PM 8,192 reg00017
12/14/2005 09:25 PM 8,192 reg00019
12/14/2005 09:25 PM 8,192 reg00020
17 File(s) 348,160 bytes

Directory of C:\WINDOWS\$NtUninstallQ327979$

07/11/2004 12:02 AM 8,192 reg00003
07/11/2004 12:02 AM 8,192 reg00004
07/11/2004 12:02 AM 8,192 reg00006
07/11/2004 12:02 AM 8,192 reg00007
07/11/2004 12:02 AM 8,192 reg00010
07/11/2004 12:02 AM 8,192 reg00011
07/11/2004 12:02 AM 8,192 reg00012
07/11/2004 12:02 AM 8,192 reg00013
07/11/2004 12:02 AM 8,192 reg00014
07/11/2004 12:02 AM 8,192 reg00015
07/11/2004 12:02 AM 8,192 reg00016
07/11/2004 12:02 AM 8,192 reg00017
07/11/2004 12:02 AM 8,192 reg00018
07/11/2004 12:02 AM 8,192 reg00019
07/11/2004 12:02 AM 8,192 reg00020
07/11/2004 12:02 AM 8,192 reg00021
07/11/2004 12:02 AM 8,192 reg00022
07/11/2004 12:02 AM 8,192 reg00023
07/11/2004 12:02 AM 8,192 reg00024
07/11/2004 12:02 AM 8,192 reg00025
07/11/2004 12:02 AM 8,192 reg00026
07/11/2004 12:02 AM 8,192 reg00027
07/11/2004 12:02 AM 8,192 reg00028
07/11/2004 12:02 AM 8,192 reg00029
07/11/2004 12:02 AM 8,192 reg00030
07/11/2004 12:02 AM 8,192 reg00031
07/11/2004 12:02 AM 8,192 reg00032
07/11/2004 12:02 AM 8,192 reg00033
07/11/2004 12:02 AM 8,192 reg00034
07/11/2004 12:02 AM 8,192 reg00035
07/11/2004 12:02 AM 8,192 reg00036
31 File(s) 253,952 bytes

Directory of C:\WINDOWS\Help

08/18/2001 06:00 AM 46,684 regedit.chm
08/18/2001 06:00 AM 12,886 regedit.hlp
07/17/2002 04:32 AM 24,567 regopt.chm
3 File(s) 84,137 bytes

Directory of C:\WINDOWS\Prefetch

12/31/2005 06:52 AM 17,940 REGEDIT.EXE-1B606482.pf
12/29/2005 04:11 PM 17,374 REGSVR32.EXE-25EEFE2F.pf
2 File(s) 35,314 bytes

Directory of C:\WINDOWS\provisioning\schemas

07/17/2004 12:35 PM 1,032 register.xdr
1 File(s) 1,032 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

08/04/2004 01:56 AM 50,176 reg.exe
08/04/2004 01:56 AM 49,664 regapi.dll
08/04/2004 01:56 AM 146,432 regedit.exe
07/17/2002 04:32 AM 24,567 regopt.chm
08/04/2004 01:56 AM 59,904 regsvc.dll
08/04/2004 01:56 AM 11,776 regsvr32.exe
08/04/2004 01:56 AM 397,824 regwizc.dll
7 File(s) 740,343 bytes

Directory of C:\WINDOWS\SoftwareDistribution\SelfUpdate

12/31/2005 08:34 AM <DIR> Registered
0 File(s) 0 bytes

Directory of C:\WINDOWS\system32

08/04/2004 01:56 AM 50,176 reg.exe
08/04/2004 01:56 AM 49,664 regapi.dll
08/18/2001 06:00 AM 3,584 regedt32.exe
08/18/2001 06:00 AM 33,792 regini.exe
08/04/2004 01:56 AM 59,904 regsvc.dll
08/04/2004 01:56 AM 11,776 regsvr32.exe
08/18/2001 06:00 AM 4,608 regwiz.exe
08/04/2004 01:56 AM 397,824 regwizc.dll
8 File(s) 611,328 bytes

Directory of C:\WINDOWS\system32\dllcache

08/18/2001 06:00 AM 3,584 regedt32.exe
08/18/2001 06:00 AM 33,792 regini.exe
08/18/2001 06:00 AM 14,848 register.exe
08/18/2001 06:00 AM 4,608 regwiz.exe
4 File(s) 56,832 bytes

Directory of C:\WINDOWS\system32\oobe

08/18/2001 06:00 AM 124 reg.isp
07/10/2004 10:17 PM <DIR> regerror
1 File(s) 124 bytes

Directory of C:\WINDOWS\system32\oobe\setup

08/18/2001 06:00 AM 6,457 reg1.htm
08/18/2001 06:00 AM 8,477 reg3.htm
08/18/2001 06:00 AM 2,411 regdial.htm
3 File(s) 17,345 bytes

Directory of C:\WINDOWS\system32\wbem

08/18/2001 06:00 AM 38,578 regevent.mfl
08/18/2001 06:00 AM 46,372 regevent.mof
2 File(s) 84,950 bytes

Directory of C:\WINDOWS\Temp

08/21/2004 07:47 AM 88 RegisteringDLLs.log
1 File(s) 88 bytes

Total Files Listed:
1031 File(s) 12,632,865 bytes
4 Dir(s) 3,905,019,904 bytes free


I hope this is what you wanted.
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am

Unread postby Kimberly » December 31st, 2005, 12:09 pm

Yes, this is what I did want. Nothing shows that the registry should be disabled, the regedit tool is present too. Just noticed a typo, could have been that. :oops:

Click Start > Run > type in regedit and hit enter.

Does the registry editor open or not ?

If it does not open, stop immediately and let me know. Otherwise proceed with the rest of the fix.

Please print out or copy these instructions\tutorials to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Disable Microsoft AntiSpyware, it will interfer with the fix.
  1. Open Microsoft AntiSpyware.
  2. Click on Options, Settings.
  3. In the left pane, click on Real-time Protection.
  4. Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  5. Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
  6. After you unchecked these, click on the Save button and close Microsoft AntiSpyware.
  7. Right click on the Microsoft AntiSpyware Icon on the taskbar and select Shutdown Microsoft AntiSpyware.
______________________________

Make sure that you can see hidden files.
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading select Show hidden files and folders.
  6. Uncheck the Hide protected operating system files (recommended) option.
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.
______________________________

Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{31EE3286-D785-4E3F-95FC-51D00FDABC01}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}]


Save it to your desktop as Fixme.reg. Save it as :
File Type: All Files (not as a text document or it wont work).
Name: Fixme.reg

Locate Fixme.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt.
______________________________

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A312C3A-80A0-4CC5-818C-2233FFDAA992}: NameServer = 85.255.113.130,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1600FA7-729C-414B-B226-E11309F241FC}: NameServer = 85.255.113.130,85.255.112.67

Close ALL windows and browsers except HijackThis and click Fix Checked
______________________________

Reset your DNS servers
  1. Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.
  2. Right-click the network connection that you want to configure, and then click Properties.
  3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click Internet Protocol (TCP/IP), and then click Properties.
  4. If you want to obtain DNS server addresses from a DHCP server, click Obtain DNS server address automatically. (Recommended)
  5. If you want to manually configure DNS server addresses, click Use the following DNS server addresses, and then type the preferred DNS server and alternate DNS server IP addresses in the Preferred DNS server and Alternate DNS server boxes.
Reboot your PC
______________________________

Please download FixWareout from
http://swandog46.geekstogo.com/Fixwareout.exe

Note: Leave your internet connection running, the fixwareout may prompt you to download BFU from merijn.

Save it to your Desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch.

Put a check in the box on the left side of the following items if still present:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A312C3A-80A0-4CC5-818C-2233FFDAA992}: NameServer = 85.255.113.130,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1600FA7-729C-414B-B226-E11309F241FC}: NameServer = 85.255.113.130,85.255.112.67

Close ALL windows and browsers except HijackThis and click Fix Checked

At the end of the fix, you may need to restart your computer again. A log will be created, C:\fixwareout\report.txt, I will need that file later on.

If present, delete the folder C:\Program Files\WareOut
______________________________

Download win32delfkil.exe from:
http://users.telenet.be/marcvn/tools/win32delfkil.exe.
Save it on your desktop. Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer should reboot automatically, if not you'll need to reboot the computer manually, by turning the power off and then back on.
It will create a log named c:\windelf.txt, I will need that later on.
______________________________

Download Registry Search by Bobbi Flekman
http://www.bleepingcomputer.com/files/regsearch.php
Create a folder named C:\Reg for it and unzip into that folder.
______________________________

Please download SmitRem.exe by noahdfear to your Desktop.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double-click the smitRem.exe and it will extract the files to a smitRem folder on your Desktop.
______________________________

Please download the trial version of Ewido Security Suite 3.5 from here:
http://www.ewido.net/en/download/
  • Install Ewido Security Suite.
  • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
  • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
  • The program will prompt you to update. Click the Ok button.
  • The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

If you already have the latest Ad-Aware SE 1.06 version, skip to Run Ad-Aware. Otherwise download Ad-Aware SE 1.06 from here and install it. Uncheck all the options before leaving the Install Wizard.

Run Ad-Aware and Click on the World Icon. Click the Connect button on the webupdate screen. If an update is available download it and install it. Click the Finish button to go back to the main screen.

Click on the Gear Icon (second from the left at the top of the window) to access the Configuration Window.

Click on the General Button on the left and select in green
  • Under Safety
    • Automatically save log-file
    • Automatically quarantine objects prior to removal
    • Safe Mode (always request confirmation)
  • Under Definitions
    • Prompt to udate outdated definitions - set to 7 days
Click on the Scanning Button of the left and select in green
  • Under Driver, Folders & Files
    • Scan Within Archives
  • Under Select drives & folders to scan
    • choose all hard drives
  • Under Memory & Registry
    • Scan Active Processes
    • Scan Registry
    • Deep Scan Registry
    • Scan my IE favorites for banned URL’s
    • Scan my Hosts file
Click on the Advanced Button on the left and select in green
  • Under Shell Integration
    • Move deleted files to Recycle Bin
  • Under Logfile Detail Level
    • Include addtional object information
    • DESELECT - Include negligible objects information (make it show a red X)
    • Include environment information
  • Under Alternate Data Streams
    • Don't log streams smaller than 0 bytes
    • Don't log ADS with the following names: CA_INOCULATEIT
Click the Tweak Button and select in green
  • Under the Scanning Engine (Click on the + sign to expand)
    • DESELECT Unload recognized processes & modules during scan (make it show a red X)
    • Scan registry for all users instead of current user only
  • Under the Cleaning Engine (Click on the + sign to expand)
    • Always try to unload modules before deletion
    • During Removal, unload Explorer and IE if necessary
    • Let Windows remove files in use at next reboot
  • Under the Log Files (Click on the + sign to expand)
    • Include basic Ad-aware SE settings in logfile
    • Include additional Ad-aware SE settings in logfile
    • Include reference summarry in log file
    • Include alternate data stream details in log file
Click on Proceed to save the settings and close the program.
______________________________

If not already installed, download and install the VX2 Cleaner 2.0 plugin from Lavasoft by following the instructions below.

Installing VX2 Cleaner 2.0
  1. Close Ad-Aware, if it is currently open.
  2. Download the VX2 Cleaner 2.0 Plug-in here.
  3. Install the VX2 Cleaner by clicking on vx2cleaner_inst.exe.
______________________________

If Spybot - S&D 1.4 is already installed on your system, skip to Update Spybot - S&D before using it. Otherwise download Spybot - S&D from the following link:
Spybot - Search and Destroy

When you have downloaded the program, double click on the downloaded file to start the installation. Follow the default selections, pressing the Next button until you get to the Select Additional Tasks screen.

Under Permanent protection, make sure to uncheck the following items for now:
  • Use Internet Explorer Protection
  • Use system settings Protection (TeaTimer)
Press the Next button and then the Install button to start the installation process. When the installation process is complete, make sure that Run Teatimer is unchecked.

Launch Spybot - S&D

If you told Spybot to launch when it was done installing, the program should now be open. Otherwise find the icon on your desktop and double-click on it. When you use Spybot - S&D for the first time, it will prompt you for certain tasks to complete. Skip all tasks for now by pressing the Next button. Click on the button labeled Start using this program to begin using Spybot - Search & Destroy.

Update Spybot - S&D before using it

Click on the Search for Updates button. If there are available updates, they will be listed. Click on the Download Updates button and Spybot - S&D will download the updates and install them.
______________________________

MySearch comes with WeatherBug, it's is questionable and mostly identified as adware bordering on spyware..
Alternatives and more info here:

WeatherBug Removal Instructions and Help
http://www.pchell.com/support/weatherbug.shtml

A good read on weatherbug here :
http://www.searchlores.org/weatherbug.htm

May I suggest you remove this application.

In order to avoid future problems with Weatherbug, make sure the program is not running before uninstalling it. If there is a WeatherBug icon in the system tray (in the lower right hand corner of the screen) you'll need to right-click on it and choose "Exit WeatherBug" or "Terminate Weatherbug".

Click on Start, Control Panel, click on Add/Remove Programs
Look through the installed programs for the following items and remove them if present:

Logitech Desktop Manager
WeatherBug
My Search


During the uninstall process, you might be presented with several prompts to guide you through uninstalling the product. Read these carefully to make sure you are actually choosing to uninstall rather than keep the software.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
______________________________

Double-click the icon for RegSearch.exe in the C:\reg folder to launch the program.
Enter contextplus to search for and click "OK".
After completion Notepad will be opened with all the found instances of the string.
The resulting file is saved in the same folder location as RegSearch.exe. I will need that file later on.
______________________________

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php ... ect1&term=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php ... ect1&term=
R3 - Default URLSearchHook is missing
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {E0051273-5988-41EC-A891-11D4A1BABF35} (KDreg class) - http://193.242.125.31/player/kdreg.cab

All O18 lines with \Logitech\Desktop Messenger

O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll

Close ALL windows and browsers except HijackThis and click Fix Checked.
______________________________

Open the smitRem Folder, then double-click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Using Windows Explorer, Search and Delete these Folders if listed:

C:\Program Files\Logitech\DesktopMessenger
C:\Program Files\AWS
C:\Program Files\mysearch
C:\Program Files\WareOut <--- if not yet done

Using Windows Explorer, Search and Delete these Files if listed:

C:\WINDOWS\adsldpbf.dll
C:\WINDOWS\alt.exe
C:\WINDOWS\system32\kernels64.exe
C:\WINDOWS\system32\idemlog.exe
C:\WINDOWS\system32\browsela.dll

If you get an error when deleting a file, right click on the file and check to see if the read only attribute is checked. If it is uncheck it and try again.
______________________________

Navigate to C:\Windows\Prefetch
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Procede like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, click to select the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see an checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido Security Suite, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido.
______________________________

Start Ad-Aware SE
  • Click on Add-ons
  • Select the VX2 Cleaner plug-in and click Run Tool
  • If your computer isn’t infected, click Close.
    OR
  • If you computer is infected with VX2, a dialog box with text such as New VX2 variant found or VX2 variant 1 found will appear.
  • Press Clean and a dialog box with text The first phase completed. Please reboot and perform a Smart Scan will appear.
  • Reboot your computer
  • Run Ad-Aware and Click on the Scan Now Button
    • Choose Perform Full System Scan
    • DESELECT Search for negligible risk entries, as negligible risk entries (MRU's) are not considered to be a threat. (make it show a red X)
    Click Next to begin the scan. When the scan is completed, the Performing System Scan screen will change name to Scan Complete.

    Click the Next Button to get to the Scanning Results Window where more information about the objects detected during the scan is available. Click the Critical Objects Tab. In general all of the items listed will be bad. To fix all the bad critical objects, right click on one of them, click the Select All entry in the pop-up menu to mark all entries. Click Next and then OK in the dialog box to confirm the removal.
Repeat this until the VX2 Cleaner reports System clean. Press Close to exit.

Run Ad-Aware one more time and perform a Perform Full System Scan of your computer to make sure VX2 has been found and removed. Reboot in Normal Mode
______________________________

Run Spybot - S&D

Click the button Check for Problems
When Spybot is complete, it will be showing RED entries, BLACK entries and GREEN entries in the window.
Make sure that there is a check mark beside all of the RED entries ONLY.
Choose Fix Selected Problems and allow Spybot to fix the RED entries.

If it has trouble removing any spyware, you will get a message window, asking if it would be ok to run Spybot - S&D on the next reboot before any other applications start running. You should reply Yes to this. The next time you start Windows, Spybot will run automatically and fix any of the programs it could not fix previously.

At this point you will be presented with the list of found entries again, but now there will be large green checkmarks next to the items that Spybot - S&D was able to remove. The ones that are still checked but do not have the large green checkmark next to them will be fixed on the next reboot of windows. Reboot the PC.
______________________________

Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
______________________________

Download WinPFind.zip to your Desktop or to your usual Download Folder.
http://www.bleepingcomputer.com/files/winpfind.php
Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
Open the C:\WinPFind folder and double-click on WinPFind.exe.
Click on Configure Scan Options.
Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
Click on the Start Scan button and wait for it to finish.

Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named C:\WinPFind\WinPFind.txt. Please copy that log into your next reply.
______________________________

Please post :
  1. C:\fixwareout\report.txt
  2. c:\windelf.txt
  3. The results from the RegSearch.exe
  4. smitfiles.txt
  5. Ewido log
  6. Kaspersky results
  7. C:\WinPFind\WinPFind.txt
  8. a new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby creepers » January 1st, 2006, 11:27 am

OK here goes:


Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\hylmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSBBM.EXE
C:\WINDOWS\SYSTEM32\DMLYH.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

************************
* WIN32DELFKIL LOGFILE *
************************


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

Notify key
----------
subkey browsela is present!



AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

Notify key
----------
creepers
Regular Member
 
Posts: 26
Joined: December 30th, 2005, 10:46 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware