Member
Member
************************************************** **********************************
ISeeYouXP v2.0 Beta 13
ISeeYouXP v1.3.0-v2.0 Beta 13 Copyright - ShadowPuterDude
ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan
------------------------------------------------------------------------------------
**** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! ****
**** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. ****
************************************************** **********************************
Windows/Browser/Java Versions:
Microsoft Windows XP Professional
Version: 5.1.2600
Service Pack: 2.0
Windows Directory: H:\WINDOWS
Internet Explorer
Version: 6.0.2900.2180
Build: 62900.2180
Language: English (United States)
Path: H:\Program Files\Internet Explorer
Boot State: Normal boot
Scan done at 18:21:12.18, Tue 27/11/2007
------------------------------------------------------------------------------------
ISeeYouXP installation folder and files
H:\ISEEYO~1\
bootst~1.vbs Mon 28 May 2007 14:26:48 A.... 359 0.35 K
change.log Wed 17 Oct 2007 18:49:26 A.... 4,902 4.79 K
chodefix.bat Wed 18 Apr 2007 13:57:18 A.... 5,387 5.26 K
fixchode.reg Wed 18 Apr 2007 13:22:12 A.... 528 0.52 K
fixexp~1.bat Sat 24 Feb 2007 13:29:40 A.... 487 0.47 K
getunk~1.bat Sat 12 Aug 2006 13:24:58 A.... 1,478 1.44 K
grep.exe Fri 24 Dec 2004 19:33:28 A.... 160,768 157.00 K
hideit.bat Wed 17 Oct 2007 21:00:56 A.... 1,072 1.05 K
ieinfo.vbs Mon 28 May 2007 13:51:28 A.... 514 0.50 K
iesecu~1.bat Sun 28 Oct 2007 22:52:32 A.... 72 0.07 K
iesecu~1.vbs Wed 7 Nov 2007 23:17:40 A.... 2,399 2.34 K
iseeyo~1.bat Wed 17 Oct 2007 21:00:34 A.... 209,237 204.33 K
libico~1.dll Tue 16 Mar 2004 18:37:50 A.... 898,048 877.00 K
libintl3.dll Sat 9 Oct 2004 12:25:46 A.... 101,888 99.50 K
locate.com Fri 14 Jan 2005 1:41:48 A.... 11,254 10.99 K
md5sum.exe Sun 5 Aug 2007 19:56:56 A.... 49,152 48.00 K
msconf~1.bat Sat 24 Feb 2007 1:40:10 A.... 578 0.56 K
osinfo.vbs Mon 28 May 2007 14:00:10 A.... 598 0.58 K
pcbutts.txt Sun 25 Mar 2007 9:04:02 A.... 5,167 5.04 K
pcre.dll Sun 14 Nov 2004 13:29:04 A.... 183,313 179.02 K
pv.exe Thu 2 Mar 2006 23:42:40 A.... 73,728 72.00 K
regedi~1.bat Fri 30 Mar 2007 20:16:02 A.... 650 0.63 K
regfix.bat Wed 18 Apr 2007 13:55:40 A.... 145 0.14 K
servic~1.vbs Mon 28 May 2007 17:06:48 A.... 672 0.66 K
showit.bat Wed 17 Oct 2007 21:01:22 A.... 1,013 0.99 K
swreg.exe Thu 5 Apr 2007 6:58:52 A.... 139,776 136.50 K
system~1.bat Wed 28 Feb 2007 21:55:02 A.... 369 0.36 K
taskmg~1.bat Sat 24 Feb 2007 13:24:08 A.... 288 0.28 K
28 items found: 28 files, 0 directories.
Total of file sizes: 1,853,842 bytes 1.77 M
3 Dir(s) 139,142,103,040 bytes free
------------------------------------------------------------------------------------
System Environment Variables
ALLUSERSPROFILE=H:\Documents and Settings\All Users
APPDATA=H:\Documents and Settings\Damian\Application Data
CLASSPATH=.;H:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=H:\Program Files\Common Files
COMPUTERNAME=DT-32F7CC931ADE
ComSpec=H:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=H:
HOMEPATH=\Documents and Settings\Damian
LOGONSERVER=\\DT-32F7CC931ADE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=H:\WINDOWS\system32;H:\WINDOWS;H:\WINDOWS\sys tem32\wbem;H:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=H:\Program Files
PROMPT=$P$G
QTJAVA=H:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=H:
SystemRoot=H:\WINDOWS
TEMP=H:\DOCUME~1\Damian\LOCALS~1\Temp
TMP=H:\DOCUME~1\Damian\LOCALS~1\Temp
USERDOMAIN=DT-32F7CC931ADE
USERNAME=Damian
USERPROFILE=H:\Documents and Settings\Damian
windir=H:\WINDOWS
------------------------------------------------------------------------------------
Showing any Pocket Killbox backup files
H:\!KILLBOX\
sstts.dll Wed 14 Nov 2007 17:43:56 A.... 320,608 313.09 K
sstts~1.dll Wed 14 Nov 2007 17:43:56 A.... 320,608 313.09 K
2 items found: 2 files, 0 directories.
Total of file sizes: 641,216 bytes 626.19 K
------------------------------------------------------------------------------------
Displaying BOOT.INI:
[boot loader]
timeout=1
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
------------------------------------------------------------------------------------
Displaying SYSTEM.INI:
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=app850.FON
EGA80WOA.FON=EGA80850.FON
EGA40WOA.FON=EGA40850.FON
CGA80WOA.FON=CGA80850.FON
CGA40WOA.FON=CGA40850.FON
------------------------------------------------------------------------------------
Displaying WIN.INI:
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
------------------------------------------------------------------------------------
Displaying Running Processes:
PROCESS PID PRIO PATH
smss.exe 788 Normal H:\WINDOWS\System32\smss.exe
csrss.exe 840 Normal H:\WINDOWS\system32\csrss.exe
winlogon.exe 868 High H:\WINDOWS\system32\winlogon.exe
services.exe 912 Normal H:\WINDOWS\system32\services.exe
lsass.exe 924 Normal H:\WINDOWS\system32\lsass.exe
svchost.exe 1112 Normal H:\WINDOWS\system32\svchost.exe
svchost.exe 1196 Normal H:\WINDOWS\system32\svchost.exe
svchost.exe 1260 Normal H:\WINDOWS\System32\svchost.exe
svchost.exe 1384 Normal H:\WINDOWS\system32\svchost.exe
svchost.exe 1448 Normal H:\WINDOWS\system32\svchost.exe
ccProxy.exe 1500 Normal H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
ccSetMgr.exe 1540 Normal H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
ISSVC.exe 1552 Normal H:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
SNDSrvc.exe 1564 Normal H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
ccEvtMgr.exe 1604 Normal H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Explorer.EXE 1912 Normal H:\WINDOWS\Explorer.EXE
spoolsv.exe 200 Normal H:\WINDOWS\system32\spoolsv.exe
SOUNDMAN.EXE 732 Normal H:\WINDOWS\SOUNDMAN.EXE
ALCWZRD.EXE 812 Normal H:\WINDOWS\ALCWZRD.EXE
ccApp.exe 992 Normal H:\Program Files\Common Files\Symantec Shared\ccApp.exe
VPTray.exe 1180 Normal H:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
RUNDLL32.EXE 1352 Normal H:\WINDOWS\system32\RUNDLL32.EXE
OfficeKB.EXE 1780 Normal H:\PROGRA~1\OfficeKB\OfficeKB.EXE
guard.exe 1876 Normal H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
DefWatch.exe 232 Normal H:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
jusched.exe 444 Normal H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
LxrSII1s.exe 508 Normal H:\WINDOWS\system32\LxrSII1s.exe
MDM.EXE 520 Normal H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
THGuard.exe 572 Normal H:\Program Files\TrojanHunter 5.0\THGuard.exe
ctfmon.exe 1124 Normal H:\WINDOWS\system32\ctfmon.exe
nvsvc32.exe 616 Normal H:\WINDOWS\system32\nvsvc32.exe
svchost.exe 820 Normal H:\WINDOWS\system32\svchost.exe
AnyDVD.exe 928 High H:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
Rtvscan.exe 1240 Normal H:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
SymSPort.exe 1364 Normal H:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
AcroTray.exe 1444 Normal H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
K9.exe 2068 Normal H:\Program Files\KeirNet\K9\K9.exe
alg.exe 2984 Normal H:\WINDOWS\System32\alg.exe
igfxsrvc.exe 3292 Normal H:\WINDOWS\system32\igfxsrvc.exe
svchost.exe 3656 Normal H:\WINDOWS\System32\svchost.exe
WgaTray.exe 3760 Normal H:\WINDOWS\system32\WgaTray.exe
wuauclt.exe 3828 Normal H:\WINDOWS\system32\wuauclt.exe
wuauclt.exe 400 Normal H:\WINDOWS\system32\wuauclt.exe
cmd.exe 3260 Normal H:\WINDOWS\system32\cmd.exe
ntvdm.exe 2052 Normal H:\WINDOWS\system32\ntvdm.exe
wmiprvse.exe 3752 Normal H:\WINDOWS\system32\wbem\wmiprvse.exe
pv.exe 3964 Normal H:\ISEEYO~1\pv.exe
------------------------------------------------------------------------------------
Member
Displaying Windows Services:
Name: Alerter
Display Name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped
Name: ALG
Display Name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Path Name: H:\WINDOWS\System32\alg.exe
Start Mode: Manual
State: Running
Name: AppMgmt
Display Name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: AudioSrv
Display Name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: AVG Anti-Spyware Guard
Display Name: AVG Anti-Spyware Guard
Description:
Path Name: H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Start Mode: Auto
State: Running
Name: BITS
Display Name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped
Name: Browser
Display Name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: ccEvtMgr
Display Name: Symantec Event Manager
Description: Event propagation and logging service
Path Name: "H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Start Mode: Auto
State: Running
Name: ccProxy
Display Name: Symantec Network Proxy
Description: Symantec Proxy Service
Path Name: "H:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
Start Mode: Auto
State: Running
Name: ccPwdSvc
Display Name: Symantec Password Validation
Description: User account management service
Path Name: "H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
Start Mode: Manual
State: Stopped
Name: ccSetMgr
Display Name: Symantec Settings Manager
Description: Settings storage and management service
Path Name: "H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Start Mode: Auto
State: Running
Name: CiSvc
Display Name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Path Name: H:\WINDOWS\system32\cisvc.exe
Start Mode: Manual
State: Stopped
Name: ClipSrv
Display Name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled
State: Stopped
Name: COMSysApp
Display Name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual
State: Stopped
Name: CryptSvc
Display Name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: DcomLaunch
Display Name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Path Name: H:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto
State: Running
Name: DefWatch
Display Name: Symantec AntiVirus Definition Watcher
Description: Monitors and maintains virus definitions.
Path Name: "H:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"
Start Mode: Auto
State: Running
Name: Dhcp
Display Name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: dmadmin
Display Name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Path Name: H:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual
State: Stopped
Name: dmserver
Display Name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Dnscache
Display Name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k NetworkService
Start Mode: Auto
State: Running
Name: ERSvc
Display Name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Eventlog
Display Name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Path Name: H:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running
Name: EventSystem
Display Name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: FastUserSwitchingCompatibility
Display Name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: helpsvc
Display Name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: HidServ
Display Name: HID Input Service
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: HTTPFilter
Display Name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual
State: Running
Name: IDriverT
Display Name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Path Name: "H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Start Mode: Manual
State: Stopped
Name: ImapiService
Display Name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\imapi.exe
Start Mode: Manual
State: Stopped
Name: ISSVC
Display Name: IS Service
Description: Internet Security Service
Path Name: "H:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe"
Start Mode: Auto
State: Running
Name: lanmanserver
Display Name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: lanmanworkstation
Display Name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: LmHosts
Display Name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: LxrSII1s
Display Name: Lexar Secure II
Description:
Path Name: LxrSII1s.exe
Start Mode: Auto
State: Running
Name: MDM
Display Name: Machine Debug Manager
Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
Path Name: "H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Start Mode: Auto
State: Running
Name: Messenger
Display Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: mnmsrvc
Display Name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Manual
State: Stopped
Name: MSDTC
Display Name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\msdtc.exe
Start Mode: Manual
State: Stopped
Name: MSIServer
Display Name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual
State: Stopped
Name: NetDDE
Display Name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped
Name: NetDDEdsdm
Display Name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped
Name: Netlogon
Display Name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped
Name: Netman
Display Name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: Nla
Display Name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: NtLmSsp
Display Name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped
Name: NtmsSvc
Display Name: Removable Storage
Description:
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: NVSvc
Display Name: WinFast(R) Display Driver Service
Description: Provides system and desktop level support to the WinFast(R) display driver
Path Name: H:\WINDOWS\system32\nvsvc32.exe
Start Mode: Auto
State: Running
Name: ose
Display Name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Path Name: "H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Start Mode: Manual
State: Stopped
Name: PlugPlay
Display Name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path Name: H:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running
Name: PolicyAgent
Display Name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: ProtectedStorage
Display Name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: RasAuto
Display Name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: RDSessMgr
Display Name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Path Name: H:\WINDOWS\system32\sessmgr.exe
Start Mode: Manual
State: Stopped
Name: RemoteAccess
Display Name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: RemoteRegistry
Display Name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: RpcLocator
Display Name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Path Name: H:\WINDOWS\system32\locator.exe
Start Mode: Manual
State: Stopped
Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Path Name: H:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto
State: Running
Name: RSVP
Display Name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Path Name: H:\WINDOWS\system32\rsvp.exe
Start Mode: Manual
State: Stopped
Name: SamSs
Display Name: Security Accounts Manager
Description: Stores security information for local user accounts.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: SavRoam
Display Name: SAVRoam
Description: Symantec AntiVirus Roaming Service
Path Name: "H:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"
Start Mode: Manual
State: Stopped
Name: SCardSvr
Display Name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual
State: Stopped
Member
Name: Schedule
Display Name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: seclogon
Display Name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SENS
Display Name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SharedAccess
Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: ShellHWDetection
Display Name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SNDSrvc
Display Name: Symantec Network Drivers Service
Description: Symantec Network Drivers Service
Path Name: "H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Start Mode: Auto
State: Running
Name: SPBBCSvc
Display Name: Symantec SPBBCSvc
Description: Symantec SPBBC
Path Name: "H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
Start Mode: Manual
State: Stopped
Name: Spooler
Display Name: Print Spooler
Description: Loads files to memory for later printing.
Path Name: H:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto
State: Running
Name: srservice
Display Name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped
Name: SSDPSRV
Display Name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Running
Name: stisvc
Display Name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Path Name: H:\WINDOWS\system32\svchost.exe -k imgsvc
Start Mode: Auto
State: Running
Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\dllhost.exe /Processid:{AD984AA9-A233-48CF-B24B-9BAB0259E029}
Start Mode: Manual
State: Stopped
Name: Symantec AntiVirus
Display Name: Symantec AntiVirus
Description: Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.
Path Name: "H:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"
Start Mode: Auto
State: Running
Name: SymSecurePort
Display Name: Symantec SecurePort
Description: Symantec SecurePort Service
Path Name: "H:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"
Start Mode: Auto
State: Running
Name: SysmonLog
Display Name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\smlogsvc.exe
Start Mode: Manual
State: Stopped
Name: TapiSrv
Display Name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: TermService
Display Name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Path Name: H:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual
State: Running
Name: Themes
Display Name: Themes
Description: Provides user experience theme management.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: TlntSvr
Display Name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\tlntsvr.exe
Start Mode: Disabled
State: Stopped
Name: TrkWks
Display Name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: UMWdf
Display Name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Path Name: H:\WINDOWS\system32\wdfmgr.exe
Start Mode: Manual
State: Stopped
Name: upnphost
Display Name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Stopped
Name: UPS
Display Name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Path Name: H:\WINDOWS\System32\ups.exe
Start Mode: Manual
State: Stopped
Name: usnjsvc
Display Name: Messenger Sharing Folders USN Journal Reader service
Description: Service installed by Messenger to enable sharing scenarios
Path Name: "H:\Program Files\MSN Messenger\usnsvc.exe"
Start Mode: Manual
State: Stopped
Name: VSS
Display Name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\vssvc.exe
Start Mode: Manual
State: Stopped
Name: W32Time
Display Name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WebClient
Display Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: winmgmt
Display Name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WMConnectCDS
Display Name: Windows Media Connect Service
Description: Shares media with media devices using Universal Plug and Play
Path Name: H:\Program Files\Windows Media Connect 2\wmccds.exe
Start Mode: Manual
State: Stopped
Name: WmdmPmSN
Display Name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: Wmi
Display Name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: WmiApSrv
Display Name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Path Name: H:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual
State: Stopped
Name: wscsvc
Display Name: Security Center
Description: Monitors system security settings and configurations.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: wuauserv
Display Name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WZCSVC
Display Name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: xmlprov
Display Name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Member
------------------------------------------------------------------------------------
Displaying LOG for Microsoft Windows Malicious Software Removal Tool:
*** Microsoft Windows MRT Log NOT Found! ****
----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\advanced
Hidden REG_DWORD 1 (0x1)
SuperHidden REG_DWORD 1 (0x1)
ShowSuperHidden REG_DWORD 1 (0x1)
HideFileExt REG_DWORD 0 (0x0)
************************************************** **********************************
Examining Select Windows Registry Keys
------------------------------------------------------------------------------------
--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\internet settings\zonemap\domains
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\internet settings\zonemap\domains\msn.com
----------------------------------------------------------------------------
Current User ZoneMap ProtocolDefaults
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\internet settings\zonemap\protocoldefaults
<NO NAME> REG_SZ
http REG_DWORD 3 (0x3)
https REG_DWORD 3 (0x3)
ftp REG_DWORD 3 (0x3)
file REG_DWORD 3 (0x3)
@ivt REG_DWORD 1 (0x1)
shell REG_DWORD 0 (0x0)
----------------------------------------------------------------------------
Default URL Prefix Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url\DefaultPrefix
<NO NAME> REG_SZ http://
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url\Prefixes
ftp REG_SZ ftp://
gopher REG_SZ gopher://
home REG_SZ http://
mosaic REG_SZ http://
www REG_SZ http://
--------------------------------------------------------------------------
Startup Items Disabled via MSCONFIG:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Select AutoRun Registry Keys:
--------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run
ctfmon.exe REG_SZ H:\WINDOWS\system32\ctfmon.exe
AnyDVD REG_SZ H:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run
High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe
SoundMan REG_SZ SOUNDMAN.EXE
AlcWzrd REG_SZ ALCWZRD.EXE
ccApp REG_SZ "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray REG_SZ H:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
NeroFilterCheck REG_SZ H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
NvCplDaemon REG_SZ RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
QuickTime Task REG_SZ "H:\Program Files\QuickTime\qttask.exe" -atboottime
OfficeKB REG_SZ H:\PROGRA~1\OfficeKB\OfficeKB.EXE
Easy-PrintToolBox REG_SZ H:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
SunJavaUpdateSched REG_SZ "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
THGuard REG_SZ "H:\Program Files\TrojanHunter 5.0\THGuard.exe"
000000af REG_SZ rundll32.exe "H:\WINDOWS\system32\bbatbpwm.dll",b
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run
HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run
--------------------------------------------------------------------------
WinLogon Notify Registry Key:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ crypt32.dll
Logoff REG_SZ ChainWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ cryptnet.dll
Logoff REG_SZ CryptnetWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
DLLName REG_SZ cscdll.dll
Logon REG_SZ WinlogonLogonEvent
Logoff REG_SZ WinlogonLogoffEvent
ScreenSaver REG_SZ WinlogonScreenSaverEvent
Startup REG_SZ WinlogonStartupEvent
Shutdown REG_SZ WinlogonShutdownEvent
StartShell REG_SZ WinlogonStartShellEvent
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui
<NO NAME> REG_SZ
DLLName REG_SZ igfxdev.dll
Asynchronous REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Unlock REG_SZ WinlogonUnlockEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon
Logoff REG_SZ NavLogoffEvent
DllName REG_SZ H:\WINDOWS\system32\NavLogon.dll
StartShell REG_SZ NavStartShellEvent
LoginDomain REG_SZ DT-32F7CC931ADE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
DLLName REG_SZ wlnotify.dll
Logon REG_SZ SCardStartCertProp
Logoff REG_SZ SCardStopCertProp
Lock REG_SZ SCardSuspendCertProp
Unlock REG_SZ SCardResumeCertProp
Enabled REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
StartShell REG_SZ SchedStartShell
Logoff REG_SZ SchedEventLogOff
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
Logoff REG_SZ WLEventLogoff
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
DllName REG_EXPAND_SZ sclgntfy.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
DLLName REG_SZ WlNotify.dll
Lock REG_SZ SensLockEvent
Logon REG_SZ SensLogonEvent
Logoff REG_SZ SensLogoffEvent
Safe REG_DWORD 1 (0x1)
MaxWait REG_DWORD 600 (0x258)
StartScreenSaver REG_SZ SensStartScreenSaverEvent
StopScreenSaver REG_SZ SensStopScreenSaverEvent
Startup REG_SZ SensStartupEvent
Shutdown REG_SZ SensShutdownEvent
StartShell REG_SZ SensStartShellEvent
PostShell REG_SZ SensPostShellEvent
Disconnect REG_SZ SensDisconnectEvent
Reconnect REG_SZ SensReconnectEvent
Unlock REG_SZ SensUnlockEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
Logoff REG_SZ TSEventLogoff
Logon REG_SZ TSEventLogon
PostShell REG_SZ TSEventPostShell
Shutdown REG_SZ TSEventShutdown
StartShell REG_SZ TSEventStartShell
Startup REG_SZ TSEventStartup
MaxWait REG_DWORD 600 (0x258)
Reconnect REG_SZ TSEventReconnect
Disconnect REG_SZ TSEventDisconnect
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
Asynchronous REG_DWORD 0 (0x0)
Disconnect REG_SZ WLEventDisconnect
DllName REG_EXPAND_SZ WgaLogon.dll
Event REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Lock REG_SZ WLEventLock
Logoff REG_SZ WLEventLogoff
Logon REG_SZ WLEventLogon
MaxWait REG_DWORD -1 (0xffffffff)
PostShell REG_SZ WLEventPostShell
Reconnect REG_SZ WLEventReconnect
SafeMode REG_DWORD 1 (0x1)
Shutdown REG_SZ WLEventShutdown
StartScreenSaver REG_SZ WLEventStartScreenSaver
StartShell REG_SZ WLEventStartShell
Startup REG_SZ WLEventStartup
StopScreenSaver REG_SZ WLEventStopScreenSaver
Unlock REG_SZ WLEventUnlock
InstallNotifyShown REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Setting s
Data REG_BINARY 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030 8f29276ba1ec4885e936a0775e922504000000040000005300 000003660000a800000010000000160f3d03a57f72f8d0b54a 57dc824ca00000000004800000a00000001000000017f5af32 5926cdaa65b61d35b48c942c18020000fd2df09ade7c3e3832 3a403c09329a2a4609061d1fc618b43b5306b00d1c9a6359fd ffded999c9f6a42cd1e5b20a0e00425e2272a0c1135edc1d1e d0bf0138d72a5ba7143916a73b73c88da73117f996cdd08c83 f59ea9ea803757550c68398f0aa22700eb4c4e9d96ea525052 5ebe4a5255536c1c29f339ebdb7b00c1b613d15f855cd3f122 8575a3a873b8924226fbf54935e1c1a1a419b5e9934fa517b3 ea8ac6196aaaa02482c35006a5639cb2e9b771f3621b2fc90e a42b328feca5e0e1bfd857038a110bb6f95d698555b9be8c04 47d2573ae09bcaf161b0d66ef4da938529cadd5cb98802bfe5 97b241b895b332e4a6cfcb892a465238ced4e873e5106ca59b 0fe31977b407a9ac7d439110db2eb680e734f0f31e151f7206 cf1b03a74cb8e0a982758e1ef6d1ee77eda4968487fa457d92 2b1925318cca0fe98cd2ee51bea6518a56ab7af7c580ead2dd 5c8dcf4218fbf39bf6802d990fd0bda86235c073392daddd1f 7a8b357c0f992d278cbcf33fc80b69a523a3203418ccf06464 3ebc965fb41ffd213239ddb895ee9b412b649ed3a2d3f09d0f 19bc7046420f9119a02d5a6288332568fbe4dff4228f9587be 4cb1079d474cc52cc97ec6fd321abf207721f333f5729fd954 806dcefe0631192b16d91bc1aaa33ce843f5f8f51ef6d1dbb0 c83393409ceefd79ff78b8b559804b322e482a91a5f23046e5 17c93680a4274d8887e78b66b97a86b27688ae48f297a0b0bd 35c41400000079820b823f5604aec7f578cb84f5021915c893 7b
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
DLLName REG_SZ wlnotify.dll
Logon REG_SZ RegisterTicketExpiredNotificationEvent
Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
--------------------------------------------------------------------------
Shared Task Scheduler Registry Items:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
--------------------------------------------------------------------------
Scheduled Tasks:
--------------------------------------------------------------------------
Volume in drive H has no label.
Volume Serial Number is 9CA1-B56F
Directory of H:\WINDOWS\tasks
01/05/2007 10:02 PM <DIR> .
01/05/2007 10:02 PM <DIR> ..
27/11/2007 10:35 AM 256 Check Updates for Windows Live Toolbar.job
23/08/2001 10:30 PM 65 desktop.ini
27/11/2007 06:16 PM 6 SA.DAT
23/07/2006 08:38 AM 366 Symantec NetDetect.job
4 File(s) 693 bytes
Total Files Listed:
4 File(s) 693 bytes
2 Dir(s) 139,141,967,872 bytes free
A H:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
HR H:\WINDOWS\tasks\desktop.ini
A H H:\WINDOWS\tasks\SA.DAT
A H:\WINDOWS\tasks\Symantec NetDetect.job
----------------------------------------------------------------------------
ShellExecuteHooks Registry Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} REG_SZ AVG Anti-Spyware 7.5
{60E2746A-9C2E-45A2-85CE-7E1A8A890961} REG_SZ
----------------------------------------------------------------------------
ShellServiceObjectDelayLoad Registry Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
----------------------------------------------------------------------------
ModuleUsage Registry Keys:
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage
----------------------------------------------------------------------------
BHO Registry Keys:
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}
<NO NAME> REG_SZ Canon Easy Web Print Helper
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{7449713A-4B98-4047-A24D-9DB184991C05}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
NoExplorer REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer
<NO NAME> REG_DWORD 1 (0x1)
--------------------------------------------------------------------------
Select Policy Keys:
--------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)
HKEY_CURRENT_USER\software\policies\microsoft\inte rnet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_CURRENT_USER\software\policies\microsoft\inte rnet explorer\Control Panel
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\Explorer
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system
HKEY_USERS\.default\software\policies\microsoft\in ternet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\system
HKEY_USERS\s-1-5-18\software\policies\microsoft\internet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_USERS\s-1-5-19\software\policies\microsoft\internet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_USERS\s-1-5-19\software\policies\microsoft\internet explorer
Windows Update Menu Text REG_SZ Microsoft Update
Member
************************************************** **********************************
Checking File System for suspicious Files
--------------------------------------------------------------------------
Items in the Root Directory:
--------------------------------------------------------------------------
Locating all files created in H:\
H:\
!KILLBOX Sat 24 Nov 2007 22:57:18 .D... <Dir>
587FBB~1 Sat 18 Nov 2006 19:35:56 .D... <Dir>
A4D986~1 Sat 18 Nov 2006 19:35:48 .D... <Dir>
BJPRIN~1 Mon 18 Sep 2006 10:25:30 .D.H. <Dir>
boot.ini Sun 23 Jul 2006 3:43:46 ..SH. 210 0.20 K
CLONED~1 Mon 31 Jul 2006 14:32:58 .D... <Dir>
DECKARD Tue 20 Nov 2007 6:53:54 .D... <Dir>
DOCUME~1 Sun 23 Jul 2006 3:44:42 .D... <Dir>
ETAX2006 Tue 8 Aug 2006 17:19:34 .D... <Dir>
ETAX2007 Thu 23 Aug 2007 18:12:54 .D... <Dir>
hiberfil.sys Tue 27 Nov 2007 18:15:54 A.SH. 1,609,945,088 1535.36 M
ISEEYO~1 Tue 27 Nov 2007 10:32:24 .D... <Dir>
MSOCACHE Sun 23 Jul 2006 8:44:12 .D.HR <Dir>
ntdetect.com Wed 4 Aug 2004 7:08:34 A.SHR 47,564 46.45 K
ntldr Wed 4 Aug 2004 7:29:34 A.SHR 250,032 244.17 K
pagefile.sys Tue 27 Nov 2007 18:15:54 A.SH. 792,723,456 756.00 M
PROGRA~1 Sun 23 Jul 2006 3:46:26 .D..R <Dir>
RECYCLER Mon 26 Nov 2007 10:14:16 .DSH. <Dir>
S400 Mon 18 Sep 2006 10:20:12 .D... <Dir>
sq13b0~1.sqm Sat 2 Jun 2007 11:48:24 A..H. 244 0.24 K
sq13b4~1.sqm Sat 2 Jun 2007 12:11:08 A..H. 244 0.24 K
sq13b8~1.sqm Mon 20 Aug 2007 8:41:44 A..H. 244 0.24 K
sq13bc~1.sqm Mon 20 Aug 2007 8:42:16 A..H. 244 0.24 K
sq23b0~1.sqm Sat 2 Jun 2007 12:11:30 A..H. 244 0.24 K
sq23b4~1.sqm Sat 16 Jun 2007 17:01:10 A..H. 244 0.24 K
sq23b8~1.sqm Sat 2 Jun 2007 12:11:12 A..H. 244 0.24 K
sq23bc~1.sqm Sat 2 Jun 2007 12:11:28 A..H. 244 0.24 K
sq2fa0~1.sqm Thu 19 Jul 2007 21:32:14 A..H. 244 0.24 K
sq2fa4~1.sqm Thu 19 Jul 2007 21:32:38 A..H. 244 0.24 K
sq2fa8~1.sqm Mon 16 Jul 2007 21:42:16 A..H. 244 0.24 K
sq2fac~1.sqm Tue 17 Jul 2007 20:56:24 A..H. 244 0.24 K
sq33b8~1.sqm Sat 16 Jun 2007 17:01:12 A..H. 244 0.24 K
sq33bc~1.sqm Sat 16 Jun 2007 17:01:20 A..H. 244 0.24 K
sq3fa8~1.sqm Fri 20 Jul 2007 18:00:00 A..H. 244 0.24 K
sq3fac~1.sqm Fri 20 Jul 2007 19:34:40 A..H. 244 0.24 K
sqa368~1.sqm Mon 20 Aug 2007 8:41:46 A..H. 232 0.23 K
sqa378~1.sqm Sat 2 Jun 2007 12:11:12 A..H. 232 0.23 K
sqa37a~1.sqm Mon 16 Jul 2007 21:42:16 A..H. 232 0.23 K
sqa388~1.sqm Sat 16 Jun 2007 17:01:12 A..H. 232 0.23 K
sqa38a~1.sqm Fri 20 Jul 2007 18:00:00 A..H. 232 0.23 K
sqa768~1.sqm Mon 20 Aug 2007 8:42:16 A..H. 232 0.23 K
sqa778~1.sqm Sat 2 Jun 2007 12:11:28 A..H. 232 0.23 K
sqa77a~1.sqm Tue 17 Jul 2007 20:56:24 A..H. 232 0.23 K
sqa788~1.sqm Sat 16 Jun 2007 17:01:20 A..H. 232 0.23 K
sqa78a~1.sqm Fri 20 Jul 2007 19:34:40 A..H. 232 0.23 K
sqab68~1.sqm Sat 2 Jun 2007 11:48:24 A..H. 232 0.23 K
sqab78~1.sqm Sat 2 Jun 2007 12:11:30 A..H. 232 0.23 K
sqab7a~1.sqm Thu 19 Jul 2007 21:32:14 A..H. 232 0.23 K
sqaf68~1.sqm Sat 2 Jun 2007 12:11:08 A..H. 232 0.23 K
sqaf78~1.sqm Sat 16 Jun 2007 17:01:10 A..H. 232 0.23 K
sqaf7a~1.sqm Thu 19 Jul 2007 21:32:38 A..H. 232 0.23 K
sqmdat~1.sqm Sun 1 Jul 2007 22:50:22 A..H. 232 0.23 K
sqmdat~2.sqm Mon 2 Jul 2007 21:00:22 A..H. 268 0.26 K
sqmdat~3.sqm Mon 2 Jul 2007 21:00:22 A..H. 136 0.13 K
sqmdat~4.sqm Mon 2 Jul 2007 21:00:22 A..H. 160 0.16 K
sqmnoo~1.sqm Sun 1 Jul 2007 22:50:22 A..H. 244 0.24 K
sqmnoo~2.sqm Mon 2 Jul 2007 21:00:22 A..H. 244 0.24 K
sqmnoo~3.sqm Mon 2 Jul 2007 21:00:22 A..H. 244 0.24 K
sqmnoo~4.sqm Mon 2 Jul 2007 21:00:22 A..H. 172 0.17 K
STUDIO~1 Sun 7 Oct 2007 21:35:30 .D... <Dir>
SYSTEM~1 Sun 23 Jul 2006 3:44:42 .DSH. <Dir>
VIDEO Sun 23 Jul 2006 8:21:18 .D... <Dir>
WINDOWS Sun 23 Jul 2006 3:39:52 .D... <Dir>
63 items found: 45 files (45 H/S), 18 directories (4 H/S).
Total of file sizes: 2,402,975,666 bytes 2.23 G
--------------------------------------------------------------------------
Locating all Backup files on H:
--------------------------------------------------------------------------
Locating all *.BAK* files
H:\ETAX2006\
damian~1.bak Tue 29 Aug 2006 19:21:12 A.... 3,168 3.09 K
H:\ETAX2007\
damian.bak Thu 23 Aug 2007 18:53:14 A.... 2,880 2.81 K
damian07.bak Fri 24 Aug 2007 14:14:20 A.... 3,008 2.94 K
H:\STUDIO~1\
slddin~1.bak Sun 28 Oct 2007 0:18:16 A.... 5,016 4.90 K
H:\PROGRA~1\STUDIO~1\
relaxi~1.bak Sun 28 Oct 2007 0:18:16 A.... 931 0.91 K
H:\PROGRA~1\COMMON~1\SYMANT~1\
firewall.bak Sat 5 May 2007 19:23:32 A.... 46,516 45.43 K
persist.bak Thu 22 Nov 2007 12:14:46 A.... 2,212 2.16 K
H:\PROGRA~1\ELABOR~1\CLONED~1\
cloned~1.bak Wed 13 Jul 2005 5:28:38 A.... 4,636,672 4.42 M
rgdrvl~1.bak Wed 13 Jul 2005 5:28:38 A.... 128,000 125.00 K
H:\PROGRA~1\SLYSOFT\ANYDVD\
anydvd~1.bak Mon 27 Nov 2006 4:29:38 A.... 498,176 486.50 K
H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\
idssettg.bak Sat 24 Nov 2007 7:41:44 A.... 3,788 3.70 K
H:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\INTERN~1\
brndlog.bak Sat 22 Jul 2006 18:28:14 A.... 113 0.11 K
H:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\COMMON~1\
settings.bak Tue 27 Nov 2007 10:43:24 A.... 5,318,164 5.07 M
H:\DOCUME~1\DAMIAN\APPLIC~1\MICROS~1\INTERN~1\
brndlog.bak Sat 22 Jul 2006 18:28:34 A.... 141 0.14 K
H:\DOCUME~1\DEFAUL~1\APPLIC~1\MICROS~1\INTERN~1\
brndlog.bak Sat 22 Jul 2006 18:28:14 A.... 113 0.11 K
H:\WINDOWS\PCHEALTH\HELPCTR\CONFIG\CACHE\
profes~1.bak Tue 27 Nov 2007 9:56:36 A.... 268,934 262.63 K
H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA \
opa11.bak Thu 17 Oct 2002 22:23:16 A.... 8,200 8.01 K
H:\DOCUME~1\DAMIAN\APPLIC~1\MOZILLA\FIREFOX\PROFIL ES\B1GKMR~1.DEF\
bookma~1.bak Tue 27 Nov 2007 18:19:58 A.... 41,475 40.50 K
bookma~2.bak Sat 24 Nov 2007 20:59:40 A.... 32,924 32.15 K
H:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\MICRO S~1\INTERN~1\
brndlog.bak Sat 22 Jul 2006 18:28:14 A.... 113 0.11 K
20 items found: 20 files, 0 directories.
Total of file sizes: 11,000,544 bytes 10.49 M
--------------------------------------------------------------------------
Locating all copies of Internet Explorer on H:
--------------------------------------------------------------------------
Locating all copies of Internet Explorer
H:\PROGRA~1\INTERN~1\
iexplore.exe Wed 4 Aug 2004 9:26:52 A.... 93,184 91.00 K
H:\WINDOWS\SYSTEM32\DLLCACHE\
iexplore.exe Wed 4 Aug 2004 9:26:52 A.... 93,184 91.00 K
2 items found: 2 files, 0 directories.
Total of file sizes: 186,368 bytes 182.00 K
--------------------------------------------------------------------------
Locating all copies of Windows Explorer on H:
--------------------------------------------------------------------------
Locating all copies of Windows Explorer
H:\WINDOWS\
explorer.exe Wed 13 Jun 2007 21:56:04 A.... 1,033,216 1009.00 K
H:\WINDOWS\$N7CCA~1\
explorer.exe Thu 20 Jul 2006 6:45:58 ..... 1,032,192 1008.00 K
H:\WINDOWS\SYSTEM32\DLLCACHE\
explorer.exe Wed 13 Jun 2007 21:56:04 A.... 1,033,216 1009.00 K
3 items found: 3 files, 0 directories.
Total of file sizes: 3,098,624 bytes 2.95 M
--------------------------------------------------------------------------
Items in Document and Settings:
--------------------------------------------------------------------------
Listing contents of H:\Documents and Settings
No matches found.
--------------------------------------------------------------------------
Desktop Items:
--------------------------------------------------------------------------
Locating all files created in H:\Documents and Settings\Damian\Desktop within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\All Users\Desktop\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
Start Menu Items:
--------------------------------------------------------------------------
Locating all files created inH:\Documents and Settings\Damian\Start Menu within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\Damian\Start Menu\Programs\Startup within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\All Users\Start Menu within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
Application Data Items:
--------------------------------------------------------------------------
Locating all files created in H:\Documents and Settings\Damian\Application Data\ within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\Damian\Local Settings\Application Data\ within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\All Users\Application Data\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\Documents and Settings\Damian\Local Settings\TEMP:
--------------------------------------------------------------------------
Locating all files created in H:\Documents and Settings\Damian\Local Settings\TEMP within the last 90 days.
--------------------------------------------------------------------------
Items in Templates Folder:
--------------------------------------------------------------------------
Locating all files created in H:\Documents and Settings\Damian\Templates
No matches found.
--------------------------------------------------------------------------
Items in Program Files:
--------------------------------------------------------------------------
Locating all files created in H:\Program Files\ within the last 90 days.
No matches found.
Locating all files created in H:\Program Files\Common Files\ within the last 90 days.
No matches found.
Locating all files created in H:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days.
--------------------------------------------------------------------------
Items in the Windows Directory:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\ within the last 90 days.
H:\WINDOWS\
$N28DE~1 Fri 31 Aug 2007 16:46:18 .D.H. <Dir>
$N30AC~1 Thu 11 Oct 2007 9:45:40 .D.H. <Dir>
$N38D4~1 Wed 14 Nov 2007 6:25:54 .D.H. <Dir>
$N48EA~1 Thu 11 Oct 2007 9:46:38 .D.H. <Dir>
$N88B6~1 Thu 11 Oct 2007 9:46:50 .D.H. <Dir>
0.log Tue 27 Nov 2007 18:16:56 A.... 0 0.00 K
alcfdrtm.ver Sat 24 Nov 2007 18:11:26 A.... 81,920 80.00 K
bootstat.dat Tue 27 Nov 2007 18:16:00 A.S.. 2,048 2.00 K
ERDNT Tue 20 Nov 2007 6:54:36 .D... <Dir>
FTPCACHE Sun 21 Oct 2007 0:54:50 .DSH. <Dir>
MINIDUMP Tue 16 Oct 2007 9:17:00 .D... <Dir>
nerodi~1.ini Fri 23 Nov 2007 8:58:02 A.... 116 0.11 K
nsreg.dat Fri 16 Nov 2007 12:23:48 A.... 0 0.00 K
relax.ini Sun 7 Oct 2007 21:35:44 A.... 52 0.05 K
s1650e~1.tmp Sun 14 Oct 2007 22:54:04 ..SH. 24 0.02 K
schedlgu.txt Tue 27 Nov 2007 10:43:24 A.... 14,712 14.37 K
sti_tr~1.log Sun 25 Nov 2007 8:11:58 A.... 0 0.00 K
SUN Thu 8 Nov 2007 19:56:26 .D... <Dir>
thumbs.db Fri 14 Sep 2007 17:49:04 A.SH. 7,680 7.50 K
wiadebug.log Tue 27 Nov 2007 18:16:52 A.... 159 0.15 K
wiaservc.log Tue 27 Nov 2007 18:16:38 A.... 50 0.05 K
window~1.log Tue 27 Nov 2007 18:21:40 A.... 203,781 199.00 K
wininit.ini Mon 19 Nov 2007 13:53:34 A.... 449 0.44 K
23 items found: 14 files (3 H/S), 9 directories (6 H/S).
Total of file sizes: 310,991 bytes 303.70 K
--------------------------------------------------------------------------
H:\WINDOWS\Downloaded Program Files:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\Downloaded Program Files\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\PCHealth\HelpCtr\Binaries:
--------------------------------------------------------------------------
Locating all files in H:\WINDOWS\PCHealth\HelpCtr\Binaries
H:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\
brpinfo.dll Thu 23 Aug 2001 22:30:00 A.... 21,504 21.00 K
hcappres.dll Thu 23 Aug 2001 22:30:00 A.... 6,656 6.50 K
helpctr.exe Wed 4 Aug 2004 9:26:50 A.... 768,512 750.50 K
helphost.exe Thu 23 Aug 2001 22:30:00 A.... 99,840 97.50 K
helpsvc.exe Wed 4 Aug 2004 9:26:52 A.... 743,936 726.50 K
hscmui.cab Sat 17 Jul 2004 20:09:14 A.... 68,327 66.72 K
hscsp_w3.cab Sat 17 Jul 2004 20:09:16 A.... 305,145 297.99 K
hscupd.exe Wed 4 Aug 2004 9:26:52 A.... 18,944 18.50 K
msconfig.exe Thu 20 Jul 2006 6:46:18 A.... 169,984 166.00 K
msinfo.dll Wed 4 Aug 2004 9:26:44 A.... 376,320 367.50 K
notiflag.exe Thu 23 Aug 2001 22:30:00 A.... 35,328 34.50 K
pchdt_w3.cab Wed 4 Aug 2004 7:19:10 A.... 2,737,914 2.61 M
pchshell.dll Wed 4 Aug 2004 9:26:46 A.... 102,400 100.00 K
pchsvc.dll Wed 4 Aug 2004 9:26:46 A.... 38,912 38.00 K
14 items found: 14 files, 0 directories.
Total of file sizes: 5,493,722 bytes 5.24 M
--------------------------------------------------------------------------
H:\WINDOWS\system:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\system32:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32 within the last 90 days.
H:\WINDOWS\SYSTEM32\
ADOBE Mon 26 Nov 2007 21:44:16 .D... <Dir>
aiqegays.ini Sun 25 Nov 2007 23:01:54 ..SH. 776,132 757.94 K
bassmod.dll Sun 21 Oct 2007 13:45:34 A.... 34,308 33.50 K
bbatbpwm.dll Tue 27 Nov 2007 10:30:50 A.... 86,080 84.06 K
java.exe Mon 24 Sep 2007 22:30:28 A.... 135,168 132.00 K
javacpl.cpl Mon 24 Sep 2007 23:31:42 A.... 69,632 68.00 K
javaw.exe Mon 24 Sep 2007 22:30:30 A.... 135,168 132.00 K
javaws.exe Mon 24 Sep 2007 23:31:42 A.... 139,264 136.00 K
jupdat~1.log Thu 8 Nov 2007 19:56:08 A.... 5,387 5.26 K
KASPER~1 Wed 21 Nov 2007 8:02:24 .D... <Dir>
mcrh.tmp Mon 26 Nov 2007 14:03:08 A.... 143 0.14 K
mrt.exe Fri 2 Nov 2007 0:12:58 A.... 18,238,072 17.39 M
mwpbtabb.ini Tue 27 Nov 2007 18:16:52 ..SH. 781,415 763.10 K
nvapps.xml Tue 27 Nov 2007 18:16:26 A.... 61,465 60.02 K
paaivpcd.ini Tue 27 Nov 2007 10:30:16 ..SH. 778,838 760.58 K
perfc009.dat Sun 28 Oct 2007 9:01:58 A.... 40,952 39.99 K
perfh009.dat Sun 28 Oct 2007 9:01:58 A.... 314,816 307.44 K
perfst~1.ini Sun 28 Oct 2007 9:01:58 A.... 360,124 351.68 K
profile.dat Tue 27 Nov 2007 10:43:24 A.... 40 0.04 K
shell32.dll Fri 26 Oct 2007 14:04:02 A.... 8,460,288 8.07 M
sstts.dll Wed 14 Nov 2007 17:43:56 ..... 320,608 313.09 K
stream~1.dll Tue 20 Nov 2007 15:09:42 ....R 59,392 58.00 K
sttss.ini Tue 27 Nov 2007 18:21:50 A.SH. 91,384 89.24 K
sttss~1.ini Tue 27 Nov 2007 18:19:24 A.SH. 93,754 91.55 K
sybsaoxe.ini Mon 26 Nov 2007 17:12:04 ..SH. 776,492 758.29 K
sytmwgpx.ini Sat 24 Nov 2007 7:42:02 ..SH. 775,832 757.65 K
tzlog.log Fri 31 Aug 2007 16:46:18 A.... 253,934 247.98 K
wpa.dbl Sun 18 Nov 2007 14:49:04 A.... 2,206 2.15 K
xpgwmtys.dll Sat 24 Nov 2007 7:41:40 A.... 86,080 84.06 K
xpsp3res.dll Mon 29 Oct 2007 20:34:04 A.... 350,720 342.50 K
30 items found: 28 files (7 H/S), 2 directories.
Total of file sizes: 33,227,694 bytes 31.69 M
--------------------------------------------------------------------------
H:\WINDOWS\system32\com:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32\com within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\system32\components:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32\components within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\system32\drivers:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32\drivers within the last 90 days.
H:\WINDOWS\SYSTEM32\DRIVERS\
anydvd.sys Wed 21 Nov 2007 10:29:48 A.... 97,216 94.94 K
tmcomm.sys Thu 15 Nov 2007 15:25:36 A.... 102,664 100.26 K
2 items found: 2 files, 0 directories.
Total of file sizes: 199,880 bytes 195.20 K
--------------------------------------------------------------------------
H:\WINDOWS\system32\drivers\etc:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32\drivers\etc within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\TEMP:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\TEMP within the last 90 days.
H:\WINDOWS\TEMP\
wgaerr~1.txt Tue 27 Nov 2007 18:16:14 A.... 255 0.25 K
wganot~1.set Tue 27 Nov 2007 18:17:18 A.... 409 0.40 K
2 items found: 2 files, 0 directories.
Total of file sizes: 664 bytes 0.65 K
************************************************** **********************************
Member
************************************************** **********************************
Dumping HKLM Uninstall Programs list
DisplayName REG_SZ Adobe Acrobat 5.0
DisplayName REG_SZ Adobe Flash Player 9 ActiveX
DisplayName REG_SZ Adobe Flash Player Plugin
DisplayName REG_SZ Agere Systems PCI Soft Modem
DisplayName REG_SZ AnyDVD
DisplayName REG_SZ AVG Anti-Rootkit Free
DisplayName REG_SZ AVG Anti-Spyware 7.5
DisplayName REG_SZ Camera Window
DisplayName REG_SZ Canon Camera Window for ZoomBrowser EX
DisplayName REG_SZ Canon iP4300
DisplayName REG_SZ Canon PhotoRecord
DisplayName REG_SZ Canon Setup Utility 2.3
DisplayName REG_SZ Canon Utilities Easy-PhotoPrint
DisplayName REG_SZ Canon Utilities Easy-PrintToolBox
DisplayName REG_SZ Canon Utilities File Viewer Utility 1.2
DisplayName REG_SZ Canon Utilities PhotoStitch 3.1
DisplayName REG_SZ Canon Utilities RemoteCapture 2.7
DisplayName REG_SZ Canon Utilities ZoomBrowser EX
DisplayName REG_SZ CCleaner (remove only)
DisplayName REG_SZ CD-LabelPrint
DisplayName REG_SZ CDex extraction audio
DisplayName REG_SZ CloneDVD 3.9.4
DisplayName REG_SZ CloneDVD2
DisplayName REG_SZ Diamond View V4.08
DisplayName REG_SZ DVD Decrypter (Remove Only)
DisplayName REG_SZ DVD Shrink 3.2
DisplayName REG_SZ Dynalink ADSL Router USB Driver
DisplayName REG_SZ e-tax 2006
DisplayName REG_SZ e-tax 2007
DisplayName REG_SZ Easy-WebPrint
DisplayName REG_SZ File Viewer Utility 1.2.2
DisplayName REG_SZ HijackThis 1.99.1
DisplayName REG_SZ Hotfix for Windows XP (KB929120)
DisplayName REG_SZ Hotfix for Windows XP (KB935448)
DisplayName REG_SZ Intel(R) Graphics Media Accelerator Driver
DisplayName REG_SZ Java(TM) 6 Update 3
DisplayName REG_SZ K9
DisplayName REG_SZ Kaspersky Online Scanner
DisplayName REG_SZ LiveUpdate 2.6 (Symantec Corporation)
DisplayName REG_SZ Media & Office Keyboard
DisplayName REG_SZ Microsoft Money 2006
DisplayName REG_SZ Microsoft Office Professional Edition 2003
DisplayName REG_SZ Movie Downloader
DisplayName REG_SZ Movie Joiner
DisplayName REG_SZ Mozilla Firefox (2.0.0.9)
DisplayName REG_SZ MSXML 4.0 SP2 (KB925672)
DisplayName REG_SZ MSXML 4.0 SP2 (KB927978)
DisplayName REG_SZ MSXML 4.0 SP2 (KB936181)
DisplayName REG_SZ MSXML 6.0 Parser (KB933579)
DisplayName REG_SZ Nero 7 Ultra Edition
DisplayName REG_SZ ninemsn Internet Software
DisplayName REG_SZ OneCare Advisor (Windows Live Toolbar)
DisplayName REG_SZ PhotoStitch
DisplayName REG_SZ Popup Blocker (Windows Live Toolbar)
DisplayName REG_SZ PowerDVD
DisplayName REG_SZ QuickTime
DisplayName REG_SZ QuickTime
DisplayName REG_SZ Realtek High Definition Audio Driver
DisplayName REG_SZ RemoteCapture 2.7.2
DisplayName REG_SZ S400
DisplayName REG_SZ ScanButton
DisplayName REG_SZ Security Update for CAPICOM (KB931906)
DisplayName REG_SZ Security Update for CAPICOM (KB931906)
DisplayName REG_SZ Security Update for Windows Media Player 10 (KB936782)
DisplayName REG_SZ Security Update for Windows Media Player 6.4 (KB925398)
DisplayName REG_SZ Security Update for Windows XP (KB917422)
DisplayName REG_SZ Security Update for Windows XP (KB918118)
DisplayName REG_SZ Security Update for Windows XP (KB918899)
DisplayName REG_SZ Security Update for Windows XP (KB919007)
DisplayName REG_SZ Security Update for Windows XP (KB920213)
DisplayName REG_SZ Security Update for Windows XP (KB920214)
DisplayName REG_SZ Security Update for Windows XP (KB920670)
DisplayName REG_SZ Security Update for Windows XP (KB920683)
DisplayName REG_SZ Security Update for Windows XP (KB920685)
DisplayName REG_SZ Security Update for Windows XP (KB921398)
DisplayName REG_SZ Security Update for Windows XP (KB921503)
DisplayName REG_SZ Security Update for Windows XP (KB921883)
DisplayName REG_SZ Security Update for Windows XP (KB922616)
DisplayName REG_SZ Security Update for Windows XP (KB922760)
DisplayName REG_SZ Security Update for Windows XP (KB922819)
DisplayName REG_SZ Security Update for Windows XP (KB923191)
DisplayName REG_SZ Security Update for Windows XP (KB923414)
DisplayName REG_SZ Security Update for Windows XP (KB923689)
DisplayName REG_SZ Security Update for Windows XP (KB923694)
DisplayName REG_SZ Security Update for Windows XP (KB923980)
DisplayName REG_SZ Security Update for Windows XP (KB924191)
DisplayName REG_SZ Security Update for Windows XP (KB924270)
DisplayName REG_SZ Security Update for Windows XP (KB924496)
DisplayName REG_SZ Security Update for Windows XP (KB924667)
DisplayName REG_SZ Security Update for Windows XP (KB925454)
DisplayName REG_SZ Security Update for Windows XP (KB925486)
DisplayName REG_SZ Security Update for Windows XP (KB925902)
DisplayName REG_SZ Security Update for Windows XP (KB926255)
DisplayName REG_SZ Security Update for Windows XP (KB926436)
DisplayName REG_SZ Security Update for Windows XP (KB927779)
DisplayName REG_SZ Security Update for Windows XP (KB927802)
DisplayName REG_SZ Security Update for Windows XP (KB928090)
DisplayName REG_SZ Security Update for Windows XP (KB928255)
DisplayName REG_SZ Security Update for Windows XP (KB928843)
DisplayName REG_SZ Security Update for Windows XP (KB929123)
DisplayName REG_SZ Security Update for Windows XP (KB929969)
DisplayName REG_SZ Security Update for Windows XP (KB930178)
DisplayName REG_SZ Security Update for Windows XP (KB931261)
DisplayName REG_SZ Security Update for Windows XP (KB931768)
DisplayName REG_SZ Security Update for Windows XP (KB931784)
DisplayName REG_SZ Security Update for Windows XP (KB932168)
DisplayName REG_SZ Security Update for Windows XP (KB933566)
DisplayName REG_SZ Security Update for Windows XP (KB933729)
DisplayName REG_SZ Security Update for Windows XP (KB935839)
DisplayName REG_SZ Security Update for Windows XP (KB935840)
DisplayName REG_SZ Security Update for Windows XP (KB936021)
DisplayName REG_SZ Security Update for Windows XP (KB937143)
DisplayName REG_SZ Security Update for Windows XP (KB938127)
DisplayName REG_SZ Security Update for Windows XP (KB938829)
DisplayName REG_SZ Security Update for Windows XP (KB939653)
DisplayName REG_SZ Security Update for Windows XP (KB941202)
DisplayName REG_SZ Security Update for Windows XP (KB943460)
DisplayName REG_SZ Smart Menus (Windows Live Toolbar)
DisplayName REG_SZ Software Update for Web Folders
DisplayName REG_SZ Spybot - Search & Destroy 1.4
DisplayName REG_SZ StudioLine Photo Basic
DisplayName REG_SZ Symantec Client Security
DisplayName REG_SZ Tabbed Browsing (Windows Live Toolbar)
DisplayName REG_SZ TrojanHunter 5.0
DisplayName REG_SZ Ultimate Label Printer Pro Version 5.5.2
DisplayName REG_SZ Update for Windows Media Player 10 (KB926251)
DisplayName REG_SZ Update for Windows XP (KB920872)
DisplayName REG_SZ Update for Windows XP (KB922582)
DisplayName REG_SZ Update for Windows XP (KB927891)
DisplayName REG_SZ Update for Windows XP (KB929338)
DisplayName REG_SZ Update for Windows XP (KB930916)
DisplayName REG_SZ Update for Windows XP (KB931836)
DisplayName REG_SZ Update for Windows XP (KB933360)
DisplayName REG_SZ Update for Windows XP (KB936357)
DisplayName REG_SZ Update for Windows XP (KB938828)
DisplayName REG_SZ Windows Live Favorites for Windows Live Toolbar
DisplayName REG_SZ Windows Live Messenger
DisplayName REG_SZ Windows Live Outlook Toolbar (Windows Live Toolbar)
DisplayName REG_SZ Windows Live Sign-in Assistant
DisplayName REG_SZ Windows Live Toolbar
DisplayName REG_SZ Windows Live Toolbar
DisplayName REG_SZ Windows Live Toolbar Extension (Windows Live Toolbar)
DisplayName REG_SZ Windows Live Toolbar Feed Detector (Windows Live Toolbar)
DisplayName REG_SZ WinFast(R) Display Driver
DisplayName REG_SZ WinRAR archiver
DisplayName REG_SZ WinZip
ParentDisplayName REG_SZ CAPICOM
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
################################################## ################################################## #
-- All DONE!
~ ShadowPuterDude ~
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote