Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleaned Infection But Not Sure If All Gone. Just Making Sure


  • This topic is locked This topic is locked
5 replies to this topic

#1 dudewithout

dudewithout

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 09 August 2008 - 11:09 PM

after i log in my user after starting the computer a text box pops up and says error load C:\windows\system32\sqveqam.dll. Another file that messes up is PCTAVSVC.exe (im not sure on all of the letters) i had some viruses that i got rid of (i think) with a few virus scans. I think one of them may have deleted a few files. Also another problem is when i use internet explorer i can not load yahoo or myspace or google and also a lot of other sites. but i can do youtube and some other sites. firefox can do a few more. also when i load a game called runescape. when i click on the world select page it exits any browser i use.

Deckard's System Scanner v20071014.68
Run by Danny1 on 2008-08-09 22:24:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-08-10 03:24:55 UTC - RP632 - Deckard's System Scanner Restore Point
10: 2008-08-09 23:05:45 UTC - RP631 - Removed iTunes
9: 2008-08-09 23:00:47 UTC - RP630 - Software Distribution Service 3.0
8: 2008-08-09 22:58:38 UTC - RP629 - Removed EarthLink setup files
7: 2008-08-09 21:58:44 UTC - RP628 - System Checkpoint


-- First Restore Point --
1: 2008-08-08 03:14:28 UTC - RP622 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 1.81 GiB (less than 15%) free.


-- HijackThis (run as Danny1.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:27 PM, on 8/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\system32\mpxu.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\SwiftKit\SwiftKit.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Danny1\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny1.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;*.prod.untd.com;*.2mdn.net;cf.netzero.net;qs.netzero.net;*.advertising.com;<local>;*.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2BFE8F3E-2EA9-4C80-B8B2-A69537810E41} - C:\WINDOWS\system32\jjarecap.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8D9F2D80-62C4-477A-914E-980C4D2B951B} - C:\Documents and Settings\Danny1\Local Settings\Temporary Internet Files\Content.IE5\20RGB7ZI\3077htsbdjyf[1].dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {aaccb056-56a8-4deb-a314-424dba256a4e} - {e4a652ab-d424-413a-bed4-8a65650bccaa} - C:\WINDOWS\system32\zirpbt.dll (file missing)
O2 - BHO: (no name) - {F3D4C86C-95CA-4A29-A631-9064106B056F} - C:\WINDOWS\system32\rqRkLDWm.dll (file missing)
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [7414c8e5] rundll32.exe "C:\WINDOWS\system32\sqvjeqam.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM7727fb79] Rundll32.exe "C:\WINDOWS\system32\urwwvqfr.dll",s
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZHxdm055YYUS
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200202971343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin...1448/MILive.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab
O20 - Winlogon Notify: awtsQhiJ - awtsQhiJ.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15976 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 nnrnstdi - c:\windows\system32\drivers\nnrnstdi.sys <Not Verified; The Nielsen Company; NielsenOnline>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 km_filter - c:\windows\system32\drivers\km_filter.sys <Not Verified; The Nielsen Company; NielsenOnline>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 21:33:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-08 18:00:01 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-07-31 04:45:26 374 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 22:28:03 0 d-------- C:\Program Files\Trend Micro
2008-08-09 12:54:31 0 d-------- C:\Documents and Settings\Danny1\Application Data\EuroTalk
2008-08-09 12:54:21 0 d-------- C:\Program Files\EuroTalk
2008-08-08 15:45:12 0 d-------- C:\Program Files\AVG
2008-08-08 15:24:26 7327744 --a------ C:\Documents and Settings\Danny1\ntuser.dat
2008-08-08 00:16:11 0 d-------- C:\WINDOWS\Prefetch
2008-08-07 23:57:20 0 d-------- C:\WINDOWS\system32\scripting
2008-08-07 23:57:19 0 d-------- C:\WINDOWS\l2schemas
2008-08-07 23:57:17 0 d-------- C:\WINDOWS\system32\en
2008-08-07 23:57:16 0 d-------- C:\WINDOWS\system32\bits
2008-08-07 23:47:49 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-07 23:41:27 0 d-------- C:\WINDOWS\network diagnostic
2008-08-07 23:30:52 0 d-------- C:\WINDOWS\EHome
2008-08-07 12:22:46 0 d-------- C:\Program Files\VirtualDJ
2008-08-07 11:42:05 0 d-------- C:\Documents and Settings\Danny1\Application Data\Auslogics
2008-08-07 11:41:55 0 d-------- C:\Program Files\Auslogics
2008-08-06 22:36:48 0 d--h----- C:\$AVG8.VAULT$
2008-08-06 22:30:31 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-06 17:27:29 2048 --a------ C:\WINDOWS\system32\qwagwdys.exe
2008-08-06 13:03:38 0 d-------- C:\Documents and Settings\Danny1\Application Data\PC Tools
2008-08-06 13:02:15 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-06 13:01:38 0 d-------- C:\Program Files\Common Files\PC Tools
2008-08-06 13:01:29 0 d-------- C:\Program Files\PC Tools AntiVirus
2008-08-06 13:01:29 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-06 12:45:12 0 d-------- C:\Program Files\LimeWire
2008-08-05 18:27:39 0 d-------- C:\Program Files\NetZeroInstallers
2008-08-05 18:27:35 0 d-------- C:\Program Files\XviD
2008-08-05 17:29:18 14336 --a------ C:\WINDOWS\system32\drivers\nnrnstdi.sys <Not Verified; The Nielsen Company; NielsenOnline>
2008-08-05 17:29:15 8832 --a------ C:\WINDOWS\system32\drivers\km_filter.sys <Not Verified; The Nielsen Company; NielsenOnline>
2008-08-05 17:03:56 2048 --a------ C:\WINDOWS\system32\ufsnmkru.exe
2008-08-05 17:00:16 96768 --a------ C:\WINDOWS\system32\gcynsg.dll
2008-08-05 17:00:13 96768 --a------ C:\WINDOWS\system32\stjmxabb.dll
2008-08-05 16:59:34 90112 --a------ C:\WINDOWS\system32\urwwvqfr.dll
2008-08-05 16:53:19 0 d-------- C:\Program Files\Common Files\Apple
2008-08-05 16:53:09 0 d-------- C:\Program Files\Apple Software Update
2008-08-05 16:53:00 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-08-05 16:52:47 0 d-------- C:\Program Files\Axife Mouse Recorder DEMO
2008-08-05 16:52:47 0 d-------- C:\Documents and Settings\Danny1\Application Data\BitTorrent
2008-08-05 16:52:46 0 d-------- C:\Program Files\Bonjour
2008-08-05 16:52:43 0 d-------- C:\Program Files\CCleaner
2008-08-05 16:52:35 0 d-------- C:\Program Files\Samsung
2008-08-05 16:52:33 0 d-------- C:\Documents and Settings\Danny1\Application Data\DNA
2008-08-05 16:52:27 0 d-------- C:\Program Files\Invoke Solutions
2008-08-05 16:51:58 0 d-------- C:\Program Files\NetRatingsNetSight
2008-08-05 16:19:19 0 d-------- C:\Program Files\NetRatingsNetSight(2)
2008-08-02 17:20:03 417 --ahs---- C:\WINDOWS\system32\mWDLkRqr.ini2
2008-08-02 17:18:59 0 d-------- C:\Program Files\Reference Assemblies
2008-08-02 17:13:07 25088 --a------ C:\WINDOWS\system32\jkkLDVoO.dll
2008-08-02 17:07:17 0 d-------- C:\Documents and Settings\Danny1\Application Data\Sony Setup
2008-07-16 15:51:52 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-11 16:32:41 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-11 16:29:40 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-10 17:05:09 0 d-------- C:\Program Files\Rosetta Stone
2008-07-10 16:10:16 0 d--h----- C:\Program Files\Zero G Registry
2008-07-10 16:08:56 0 d--h----- C:\Documents and Settings\Danny1\InstallAnywhere


-- Find3M Report ---------------------------------------------------------------

2008-08-09 22:04:17 0 d-------- C:\Documents and Settings\Danny1\Application Data\mIRC
2008-08-09 22:03:51 0 d-------- C:\Program Files\mIRC
2008-08-09 18:00:11 0 d-------- C:\Program Files\eMusic Download Manager
2008-08-07 23:58:34 0 d-------- C:\Program Files\Messenger
2008-08-07 23:57:16 0 d-------- C:\Program Files\Movie Maker
2008-08-07 23:47:10 0 d-------- C:\Program Files\Windows NT
2008-08-07 13:23:33 0 d-------- C:\Documents and Settings\Danny1\Application Data\dvdcss
2008-08-07 11:53:47 0 d-------- C:\Documents and Settings\Danny1\Application Data\Yahoo!
2008-08-07 11:49:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-07 11:47:53 0 d-------- C:\Program Files\Common Files
2008-08-06 23:36:25 0 d-------- C:\Program Files\GameSpy Arcade
2008-08-06 14:28:35 0 d-------- C:\Program Files\Lx_cats
2008-08-06 13:24:45 0 d-------- C:\Program Files\SwiftSwitch
2008-08-06 12:58:33 0 d-------- C:\Program Files\Norton Security Scan
2008-08-06 12:47:19 0 d-------- C:\Program Files\SwiftKit
2008-08-06 12:37:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-05 18:27:30 0 d-------- C:\Program Files\Common Files\AOL
2008-08-05 18:12:42 0 d-------- C:\Program Files\Common Files\aolshare
2008-08-05 16:52:06 0 d-------- C:\Program Files\NetWaiting
2008-08-05 16:51:53 0 d-------- C:\Program Files\Viewpoint
2008-08-05 14:37:28 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-05 14:26:06 0 d-------- C:\Program Files\Java
2008-08-05 13:31:16 0 d-------- C:\Program Files\Dell
2008-08-05 13:27:37 0 d-------- C:\Program Files\DNA
2008-08-02 11:57:50 0 d-------- C:\Documents and Settings\Danny1\Application Data\LimeWire
2008-08-01 10:34:04 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-01 10:34:04 56 -r-hs---- C:\WINDOWS\system32\22509E7438.sys
2008-07-11 16:32:58 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-09 11:16:10 0 d-------- C:\Program Files\Yahoo!
2008-07-05 20:53:07 0 d-------- C:\Documents and Settings\Danny1\Application Data\Macromedia
2008-06-29 14:51:02 58594 --a------ C:\WINDOWS\system32\mpx.exe
2008-06-29 00:33:18 18944 --a------ C:\WINDOWS\system32\mpxu.exe
2008-06-17 10:02:36 0 d-------- C:\Documents and Settings\Danny1\Application Data\Adobe
2008-06-11 15:25:04 0 d-------- C:\Documents and Settings\Danny1\Application Data\Corel
2008-05-30 22:59:54 89 --a------ C:\WINDOWS\system32\°j?


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BFE8F3E-2EA9-4C80-B8B2-A69537810E41}]
C:\WINDOWS\system32\jjarecap.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D9F2D80-62C4-477A-914E-980C4D2B951B}]
C:\Documents and Settings\Danny1\Local Settings\Temporary Internet Files\Content.IE5\20RGB7ZI\3077htsbdjyf[1].dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4a652ab-d424-413a-bed4-8a65650bccaa}]
C:\WINDOWS\system32\zirpbt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3D4C86C-95CA-4A29-A631-9064106B056F}]
C:\WINDOWS\system32\rqRkLDWm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 01:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 01:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 01:50 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 07:05 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [10/03/2006 09:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [11/21/2006 12:27 PM]
"lxcjmon.exe"="C:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [01/30/2007 09:32 AM]
"EzPrint"="C:\Program Files\Lexmark 8300 Series\ezprint.exe" [01/30/2007 09:35 AM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 08:35 AM]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [07/23/2007 12:25 PM]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [05/03/2007 02:12 PM]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [06/28/2007 05:09 PM]
"-FreedomNeedsReboot"="C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [06/28/2007 05:09 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 02:46 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [06/10/2005 10:44 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/29/2008 09:55 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [01/10/2008 11:41 AM]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [11/16/2007 06:55 PM]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [07/23/2008 02:37 PM]
"7414c8e5"="C:\WINDOWS\system32\sqvjeqam.dll" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"BM7727fb79"="C:\WINDOWS\system32\urwwvqfr.dll" [08/05/2008 04:59 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [10/03/2006 09:19 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/07/2008 10:14 PM]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/18/2008 09:32 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [01/10/2008 11:41 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"mpx"="c:\WINDOWS\system32\mpx.exe" [06/29/2008 02:51 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Danny1\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [7/14/2006 10:37:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/7/2006 10:20:59 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{77244082-D27E-416C-9661-FAD640973FCE}"= C:\WINDOWS\system32\awtsQhiJ.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsQhiJ]
awtsQhiJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRkLDWm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Danny1^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Danny1\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Danny1^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Danny1\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-09 22:36:01 ------------

Deckard's System Scanner v20071014.68
Run by Danny1 on 2008-08-09 22:24:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-08-10 03:24:55 UTC - RP632 - Deckard's System Scanner Restore Point
10: 2008-08-09 23:05:45 UTC - RP631 - Removed iTunes
9: 2008-08-09 23:00:47 UTC - RP630 - Software Distribution Service 3.0
8: 2008-08-09 22:58:38 UTC - RP629 - Removed EarthLink setup files
7: 2008-08-09 21:58:44 UTC - RP628 - System Checkpoint


-- First Restore Point --
1: 2008-08-08 03:14:28 UTC - RP622 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 1.81 GiB (less than 15%) free.


-- HijackThis (run as Danny1.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:27 PM, on 8/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\system32\mpxu.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\SwiftKit\SwiftKit.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Danny1\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny1.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;*.prod.untd.com;*.2mdn.net;cf.netzero.net;qs.netzero.net;*.advertising.com;<local>;*.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2BFE8F3E-2EA9-4C80-B8B2-A69537810E41} - C:\WINDOWS\system32\jjarecap.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8D9F2D80-62C4-477A-914E-980C4D2B951B} - C:\Documents and Settings\Danny1\Local Settings\Temporary Internet Files\Content.IE5\20RGB7ZI\3077htsbdjyf[1].dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {aaccb056-56a8-4deb-a314-424dba256a4e} - {e4a652ab-d424-413a-bed4-8a65650bccaa} - C:\WINDOWS\system32\zirpbt.dll (file missing)
O2 - BHO: (no name) - {F3D4C86C-95CA-4A29-A631-9064106B056F} - C:\WINDOWS\system32\rqRkLDWm.dll (file missing)
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [7414c8e5] rundll32.exe "C:\WINDOWS\system32\sqvjeqam.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM7727fb79] Rundll32.exe "C:\WINDOWS\system32\urwwvqfr.dll",s
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZHxdm055YYUS
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200202971343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin...1448/MILive.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab
O20 - Winlogon Notify: awtsQhiJ - awtsQhiJ.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15976 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 nnrnstdi - c:\windows\system32\drivers\nnrnstdi.sys <Not Verified; The Nielsen Company; NielsenOnline>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 km_filter - c:\windows\system32\drivers\km_filter.sys <Not Verified; The Nielsen Company; NielsenOnline>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 21:33:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-08 18:00:01 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-07-31 04:45:26 374 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 22:28:03 0 d-------- C:\Program Files\Trend Micro
2008-08-09 12:54:31 0 d-------- C:\Documents and Settings\Danny1\Application Data\EuroTalk
2008-08-09 12:54:21 0 d-------- C:\Program Files\EuroTalk
2008-08-08 15:45:12 0 d-------- C:\Program Files\AVG
2008-08-08 15:24:26 7327744 --a------ C:\Documents and Settings\Danny1\ntuser.dat
2008-08-08 00:16:11 0 d-------- C:\WINDOWS\Prefetch
2008-08-07 23:57:20 0 d-------- C:\WINDOWS\system32\scripting
2008-08-07 23:57:19 0 d-------- C:\WINDOWS\l2schemas
2008-08-07 23:57:17 0 d-------- C:\WINDOWS\system32\en
2008-08-07 23:57:16 0 d-------- C:\WINDOWS\system32\bits
2008-08-07 23:47:49 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-07 23:41:27 0 d-------- C:\WINDOWS\network diagnostic
2008-08-07 23:30:52 0 d-------- C:\WINDOWS\EHome
2008-08-07 12:22:46 0 d-------- C:\Program Files\VirtualDJ
2008-08-07 11:42:05 0 d-------- C:\Documents and Settings\Danny1\Application Data\Auslogics
2008-08-07 11:41:55 0 d-------- C:\Program Files\Auslogics
2008-08-06 22:36:48 0 d--h----- C:\$AVG8.VAULT$
2008-08-06 22:30:31 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-06 17:27:29 2048 --a------ C:\WINDOWS\system32\qwagwdys.exe
2008-08-06 13:03:38 0 d-------- C:\Documents and Settings\Danny1\Application Data\PC Tools
2008-08-06 13:02:15 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-06 13:01:38 0 d-------- C:\Program Files\Common Files\PC Tools
2008-08-06 13:01:29 0 d-------- C:\Program Files\PC Tools AntiVirus
2008-08-06 13:01:29 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-06 12:45:12 0 d-------- C:\Program Files\LimeWire
2008-08-05 18:27:39 0 d-------- C:\Program Files\NetZeroInstallers
2008-08-05 18:27:35 0 d-------- C:\Program Files\XviD
2008-08-05 17:29:18 14336 --a------ C:\WINDOWS\system32\drivers\nnrnstdi.sys <Not Verified; The Nielsen Company; NielsenOnline>
2008-08-05 17:29:15 8832 --a------ C:\WINDOWS\system32\drivers\km_filter.sys <Not Verified; The Nielsen Company; NielsenOnline>
2008-08-05 17:03:56 2048 --a------ C:\WINDOWS\system32\ufsnmkru.exe
2008-08-05 17:00:16 96768 --a------ C:\WINDOWS\system32\gcynsg.dll
2008-08-05 17:00:13 96768 --a------ C:\WINDOWS\system32\stjmxabb.dll
2008-08-05 16:59:34 90112 --a------ C:\WINDOWS\system32\urwwvqfr.dll
2008-08-05 16:53:19 0 d-------- C:\Program Files\Common Files\Apple
2008-08-05 16:53:09 0 d-------- C:\Program Files\Apple Software Update
2008-08-05 16:53:00 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-08-05 16:52:47 0 d-------- C:\Program Files\Axife Mouse Recorder DEMO
2008-08-05 16:52:47 0 d-------- C:\Documents and Settings\Danny1\Application Data\BitTorrent
2008-08-05 16:52:46 0 d-------- C:\Program Files\Bonjour
2008-08-05 16:52:43 0 d-------- C:\Program Files\CCleaner
2008-08-05 16:52:35 0 d-------- C:\Program Files\Samsung
2008-08-05 16:52:33 0 d-------- C:\Documents and Settings\Danny1\Application Data\DNA
2008-08-05 16:52:27 0 d-------- C:\Program Files\Invoke Solutions
2008-08-05 16:51:58 0 d-------- C:\Program Files\NetRatingsNetSight
2008-08-05 16:19:19 0 d-------- C:\Program Files\NetRatingsNetSight(2)
2008-08-02 17:20:03 417 --ahs---- C:\WINDOWS\system32\mWDLkRqr.ini2
2008-08-02 17:18:59 0 d-------- C:\Program Files\Reference Assemblies
2008-08-02 17:13:07 25088 --a------ C:\WINDOWS\system32\jkkLDVoO.dll
2008-08-02 17:07:17 0 d-------- C:\Documents and Settings\Danny1\Application Data\Sony Setup
2008-07-16 15:51:52 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-11 16:32:41 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-11 16:29:40 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-10 17:05:09 0 d-------- C:\Program Files\Rosetta Stone
2008-07-10 16:10:16 0 d--h----- C:\Program Files\Zero G Registry
2008-07-10 16:08:56 0 d--h----- C:\Documents and Settings\Danny1\InstallAnywhere


-- Find3M Report ---------------------------------------------------------------

2008-08-09 22:04:17 0 d-------- C:\Documents and Settings\Danny1\Application Data\mIRC
2008-08-09 22:03:51 0 d-------- C:\Program Files\mIRC
2008-08-09 18:00:11 0 d-------- C:\Program Files\eMusic Download Manager
2008-08-07 23:58:34 0 d-------- C:\Program Files\Messenger
2008-08-07 23:57:16 0 d-------- C:\Program Files\Movie Maker
2008-08-07 23:47:10 0 d-------- C:\Program Files\Windows NT
2008-08-07 13:23:33 0 d-------- C:\Documents and Settings\Danny1\Application Data\dvdcss
2008-08-07 11:53:47 0 d-------- C:\Documents and Settings\Danny1\Application Data\Yahoo!
2008-08-07 11:49:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-07 11:47:53 0 d-------- C:\Program Files\Common Files
2008-08-06 23:36:25 0 d-------- C:\Program Files\GameSpy Arcade
2008-08-06 14:28:35 0 d-------- C:\Program Files\Lx_cats
2008-08-06 13:24:45 0 d-------- C:\Program Files\SwiftSwitch
2008-08-06 12:58:33 0 d-------- C:\Program Files\Norton Security Scan
2008-08-06 12:47:19 0 d-------- C:\Program Files\SwiftKit
2008-08-06 12:37:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-05 18:27:30 0 d-------- C:\Program Files\Common Files\AOL
2008-08-05 18:12:42 0 d-------- C:\Program Files\Common Files\aolshare
2008-08-05 16:52:06 0 d-------- C:\Program Files\NetWaiting
2008-08-05 16:51:53 0 d-------- C:\Program Files\Viewpoint
2008-08-05 14:37:28 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-05 14:26:06 0 d-------- C:\Program Files\Java
2008-08-05 13:31:16 0 d-------- C:\Program Files\Dell
2008-08-05 13:27:37 0 d-------- C:\Program Files\DNA
2008-08-02 11:57:50 0 d-------- C:\Documents and Settings\Danny1\Application Data\LimeWire
2008-08-01 10:34:04 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-01 10:34:04 56 -r-hs---- C:\WINDOWS\system32\22509E7438.sys
2008-07-11 16:32:58 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-09 11:16:10 0 d-------- C:\Program Files\Yahoo!
2008-07-05 20:53:07 0 d-------- C:\Documents and Settings\Danny1\Application Data\Macromedia
2008-06-29 14:51:02 58594 --a------ C:\WINDOWS\system32\mpx.exe
2008-06-29 00:33:18 18944 --a------ C:\WINDOWS\system32\mpxu.exe
2008-06-17 10:02:36 0 d-------- C:\Documents and Settings\Danny1\Application Data\Adobe
2008-06-11 15:25:04 0 d-------- C:\Documents and Settings\Danny1\Application Data\Corel
2008-05-30 22:59:54 89 --a------ C:\WINDOWS\system32\°j?


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BFE8F3E-2EA9-4C80-B8B2-A69537810E41}]
C:\WINDOWS\system32\jjarecap.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D9F2D80-62C4-477A-914E-980C4D2B951B}]
C:\Documents and Settings\Danny1\Local Settings\Temporary Internet Files\Content.IE5\20RGB7ZI\3077htsbdjyf[1].dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4a652ab-d424-413a-bed4-8a65650bccaa}]
C:\WINDOWS\system32\zirpbt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3D4C86C-95CA-4A29-A631-9064106B056F}]
C:\WINDOWS\system32\rqRkLDWm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 01:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 01:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 01:50 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 07:05 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [10/03/2006 09:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [11/21/2006 12:27 PM]
"lxcjmon.exe"="C:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [01/30/2007 09:32 AM]
"EzPrint"="C:\Program Files\Lexmark 8300 Series\ezprint.exe" [01/30/2007 09:35 AM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 08:35 AM]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [07/23/2007 12:25 PM]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [05/03/2007 02:12 PM]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [06/28/2007 05:09 PM]
"-FreedomNeedsReboot"="C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [06/28/2007 05:09 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 02:46 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [06/10/2005 10:44 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/29/2008 09:55 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [01/10/2008 11:41 AM]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [11/16/2007 06:55 PM]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [07/23/2008 02:37 PM]
"7414c8e5"="C:\WINDOWS\system32\sqvjeqam.dll" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"BM7727fb79"="C:\WINDOWS\system32\urwwvqfr.dll" [08/05/2008 04:59 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [10/03/2006 09:19 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/07/2008 10:14 PM]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/18/2008 09:32 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [01/10/2008 11:41 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"mpx"="c:\WINDOWS\system32\mpx.exe" [06/29/2008 02:51 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Danny1\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [7/14/2006 10:37:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/7/2006 10:20:59 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{77244082-D27E-416C-9661-FAD640973FCE}"= C:\WINDOWS\system32\awtsQhiJ.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsQhiJ]
awtsQhiJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRkLDWm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Danny1^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Danny1\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Danny1^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Danny1\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-09 22:36:01 ------------

BC AdBot (Login to Remove)

 


m

#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:36 PM

Posted 21 August 2008 - 05:56 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Before running a new scan let's clean out the temporary folders.


Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.




Note: You must be logged on to the system with an account that has Administrator privileges to run this program.



  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit section click on Yes.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • Reg - BotCheck

      Reg - File Associations

      Reg - MountPoints2

      Reg - Safeboot Options

      Reg - Security Settings

      Reg - Uninstall List

      File - Additional Folder Scans

      File - Purity Scan

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].




If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.


Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with OTScanIt report, and Kaspersky report.

Regards
SNOWHITE
Posted Image

#3 dudewithout

dudewithout
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 21 August 2008 - 12:39 PM

OTScanIt logfile created on: 8/21/2008 12:25:13 PM

OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Documents and Settings\Danny1\Desktop\OTScanIt

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

502.07 Mb Total Physical Memory | 195.47 Mb Available Physical Memory | 38.93% Memory free

1.20 Gb Paging File | 0.71 Gb Available in Paging File | 59.39% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 52.70 Gb Total Space | 1.52 Gb Free Space | 2.89% Space Free | Partition Type: NTFS

Drive D: | 18.61 Gb Total Space | 18.54 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: DANNY

Current User Name: Danny1

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

fws.exe -> %ProgramFiles%\AT&T\AT&T Internet Security Suite\Fws.exe -> AT&T [Ver = 6.0.1.19994 | Size = 293104 bytes | Modified Date = 6/28/2007 5:09:14 PM | Attr =	]

ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 165488 bytes | Modified Date = 12/13/2004 3:30:10 PM | Attr =	]

ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 198256 bytes | Modified Date = 12/13/2004 3:30:04 PM | Attr =	]

aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1		 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr =	]

mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr =	]

gearsec.exe -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 12/7/2005 4:05:12 PM | Attr =	]

itmrtsvc.exe -> %ProgramFiles%\CA\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.24 | Size = 280080 bytes | Modified Date = 12/19/2006 2:45:16 PM | Attr =	]

lxcjcoms.exe -> %SystemRoot%\system32\lxcjcoms.exe ->   [Ver = 6.4.24.0 | Size = 537520 bytes | Modified Date = 1/30/2007 9:30:39 AM | Attr =	]

pdagent.exe -> %ProgramFiles%\Raxco\PerfectDisk\PDAgent.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 57 | Size = 407056 bytes | Modified Date = 3/2/2007 1:24:42 PM | Attr =	]

viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]

hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 1:46:34 PM | Attr =	]

igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 1:50:30 PM | Attr =	]

dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]

lxcjmon.exe -> %ProgramFiles%\Lexmark 8300 Series\lxcjmon.exe -> Lexmark International, Inc. [Ver = 3.98.0.0 | Size = 205744 bytes | Modified Date = 1/30/2007 9:32:06 AM | Attr =	]

ezprint.exe -> %ProgramFiles%\Lexmark 8300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.19.0 | Size = 103344 bytes | Modified Date = 1/30/2007 9:35:59 AM | Attr =	]

wrtmon.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\WrtMon.exe ->  [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 9/20/2006 8:35:26 AM | Attr =	]

sprtcmd.exe -> %ProgramFiles%\BellSouth\HelpCenter40b\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 7/23/2007 12:25:20 PM | Attr =	]

wrtproc.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\WrtProc.exe ->  [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/30/2006 4:59:34 PM | Attr =	]

isw.exe -> %ProgramFiles%\AT&T\Internet Security Wizard\ISW.exe -> AT&T [Ver = 1.5.11.17917 | Size = 2061816 bytes | Modified Date = 5/3/2007 2:12:14 PM | Attr =	]

rps.exe -> %ProgramFiles%\AT&T\AT&T Internet Security Suite\RPS.exe -> AT&T [Ver = 6.0.1.19994 | Size = 310000 bytes | Modified Date = 6/28/2007 5:09:34 PM | Attr =	]

realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 4/29/2008 9:55:43 AM | Attr =	]

mmdiag.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe -> Musicmatch, Inc. [Ver = 10.10.1061 | Size = 102400 bytes | Modified Date = 9/18/2006 2:46:30 PM | Attr =	]

searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2008, 1, 10, 1 | Size = 223984 bytes | Modified Date = 1/10/2008 11:41:26 AM | Attr =	]

nielsenonline.exe -> %ProgramFiles%\NetRatingsNetSight\NetSight\NielsenOnline.exe -> NetRatings, Inc. [Ver = 5.1.2.15r | Size = 45056 bytes | Modified Date = 11/16/2007 6:55:36 PM | Attr =	]

nielsenonline.exe -> %ProgramFiles%\NetRatingsNetSight\NetSight\NielsenOnline.exe -> NetRatings, Inc. [Ver = 5.1.2.15r | Size = 45056 bytes | Modified Date = 11/16/2007 6:55:36 PM | Attr =	]

mim.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mim.exe -> Musicmatch, Inc. [Ver = 10.10.1061 | Size = 481792 bytes | Modified Date = 9/18/2006 2:46:30 PM | Attr =	]

pctav.exe -> %ProgramFiles%\PC Tools AntiVirus\PCTAV.exe -> PC Tools Research Pty Ltd [Ver = 5, 0, 0, 16 | Size = 1259408 bytes | Modified Date = 7/23/2008 2:37:36 PM | Attr =	]

qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr =	]

ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr =	]

btdna.exe -> %ProgramFiles%\DNA\btdna.exe -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 5/7/2008 10:14:43 PM | Attr =	]

iswcomhandler.exe -> %ProgramFiles%\AT&T\Internet Security Wizard\ISWComHandler.exe -> Radialpoint Inc. [Ver = 1.5.11.17917 | Size = 286720 bytes | Modified Date = 5/3/2007 2:03:20 PM | Attr =	]

dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = R  ]

rpsupdaterr.exe -> %ProgramFiles%\AT&T\AT&T Internet Security Suite\rpsupdaterr.exe -> Radialpoint Inc. [Ver = 6.0.1.26541 | Size = 99056 bytes | Modified Date = 2/7/2008 2:46:16 PM | Attr = R  ]

webshots.scr -> %ProgramFiles%\Webshots\Webshots.scr -> Webshots.com [Ver = 2, 5, 1, 7008 | Size = 1650688 bytes | Modified Date = 7/3/2006 7:48:58 PM | Attr =	]

ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]

dvpapi.exe -> %CommonProgramFiles%\Authentium\AntiVirus\dvpapi.exe -> Authentium, Inc. [Ver = 4,94,107,129 | Size = 177672 bytes | Modified Date = 4/4/2007 6:41:28 PM | Attr = R  ]

otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 7/14/2006 1:19:29 PM | Attr =	]

(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1		 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr =	]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr =	]

(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 198256 bytes | Modified Date = 12/13/2004 3:30:04 PM | Attr =	]

(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 79472 bytes | Modified Date = 12/13/2004 3:30:08 PM | Attr =	]

(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 165488 bytes | Modified Date = 12/13/2004 3:30:10 PM | Attr =	]

(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 7:12:17 PM | Attr =	]

(dvpapi) dvpapi [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Authentium\AntiVirus\dvpapi.exe -> Authentium, Inc. [Ver = 4,94,107,129 | Size = 177672 bytes | Modified Date = 4/4/2007 6:41:28 PM | Attr = R  ]

(GEARSecurity) GEARSecurity [Win32_Own | Auto | Running] -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 12/7/2005 4:05:12 PM | Attr =	]

(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 4/29/2008 9:54:45 AM | Attr =	]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]

(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.24 | Size = 280080 bytes | Modified Date = 12/19/2006 2:45:16 PM | Attr =	]

(lxcj_device) lxcj_device [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lxcjcoms.exe ->   [Ver = 6.4.24.0 | Size = 537520 bytes | Modified Date = 1/30/2007 9:30:39 AM | Attr =	]

(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 11:26:40 AM | Attr =	]

(Norton Ghost) Norton Ghost [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Ghost\Agent\VProSvc.exe -> Symantec Corporation [Ver = 10.0.1.9528 | Size = 2066072 bytes | Modified Date = 12/7/2005 4:05:34 PM | Attr =	]

(PCTAVSvc) PC Tools AntiVirus Engine [Win32_Own | Auto | Stopped] -> %ProgramFiles%\PC Tools AntiVirus\PCTAVSvc.exe -> PC Tools Research Pty Ltd [Ver = 5, 0, 0, 10 | Size = 964496 bytes | Modified Date = 6/19/2008 2:47:54 PM | Attr =	]

(PDAgent) PDAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Raxco\PerfectDisk\PDAgent.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 57 | Size = 407056 bytes | Modified Date = 3/2/2007 1:24:42 PM | Attr =	]

(PDEngine) PDEngine [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Raxco\PerfectDisk\PDEngine.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 57 | Size = 734736 bytes | Modified Date = 3/2/2007 1:24:52 PM | Attr =	]

(RPSUpdaterR) AT&T Internet Security Suite Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\AT&T\AT&T Internet Security Suite\rpsupdaterr.exe -> Radialpoint Inc. [Ver = 6.0.1.26541 | Size = 99056 bytes | Modified Date = 2/7/2008 2:46:16 PM | Attr = R  ]

(RP_FWS) AT&T Internet Security Suite AT&T Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\AT&T\AT&T Internet Security Suite\Fws.exe -> AT&T [Ver = 6.0.1.19994 | Size = 293104 bytes | Modified Date = 6/28/2007 5:09:14 PM | Attr =	]

(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/1/2005 12:51:48 PM | Attr =	]

(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 822424 bytes | Modified Date = 7/7/2006 10:27:09 PM | Attr =	]

(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr =	]

(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 4/13/2008 1:36:39 PM | Attr =	]

(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr =	]

(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr =	]

(AVFilter) AVFilter [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AVFilter.sys -> PC Tools Research Pty Ltd [Ver = 1, 3, 0, 0 | Size = 21904 bytes | Modified Date = 2/12/2008 10:44:10 AM | Attr =	]

(AVHook) AVHook [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AVHook.sys -> PC Tools Research Pty Ltd. [Ver = 3.00.012 Build 012 | Size = 28568 bytes | Modified Date = 12/6/2007 3:51:44 PM | Attr =	]

(AVRec) AVRec [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AVRec.sys -> PC Tools Research Pty Ltd  [Ver = 3.00.012 Build 012 | Size = 21912 bytes | Modified Date = 12/6/2007 3:51:44 PM | Attr =	]

(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr =	]

(CSS DVP) Dynamic Virus Protection [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Css-Dvp.sys -> Authentium, Inc. [Ver = 4.94.107.403 | Size = 839880 bytes | Modified Date = 4/4/2007 6:15:02 PM | Attr =	]

(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr =	]

(DefragFS) DefragFS [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\DefragFs.sys -> Raxco Software, Inc. [Ver = 8.0011 built by: WinDDK | Size = 67352 bytes | Modified Date = 3/2/2007 11:26:18 AM | Attr =	]

(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 25628 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 12:16:52 PM | Attr =	]

(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 2496 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 86524 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 14684 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 6364 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 12:16:16 PM | Attr =	]

(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 94332 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 87036 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 1:44:48 PM | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 1:44:46 PM | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]

(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 3:30:00 AM | Attr =	]

(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 5:20:00 AM | Attr =	]

(E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.15.0 built by: WinDDK | Size = 155648 bytes | Modified Date = 10/14/2004 1:30:46 AM | Attr =	]

(GearAspiWDM) GearAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr =	]

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 11:36:05 AM | Attr =	]

(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 212224 bytes | Modified Date = 11/17/2003 2:59:20 PM | Attr =	]

(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 1042432 bytes | Modified Date = 11/17/2003 2:56:26 PM | Attr =	]

(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4410 | Size = 1302812 bytes | Modified Date = 10/14/2005 2:15:18 PM | Attr =	]

(km_filter) km_filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\km_filter.sys -> The Nielsen Company [Ver = 5.0.0.11r | Size = 8832 bytes | Modified Date = 6/27/2008 2:59:14 PM | Attr =	]

(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 11:48:08 AM | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr =	]

(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 11/22/2004 5:36:39 PM | Attr =	]

(nnrnstdi) nnrnstdi [Kernel | System | Running] -> %SystemRoot%\System32\drivers\nnrnstdi.sys -> The Nielsen Company [Ver = 5.1.3.15r | Size = 14336 bytes | Modified Date = 6/27/2008 2:58:44 PM | Attr =	]

(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 10:29:56 PM | Attr =	]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 12/1/2007 12:10:48 AM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]

(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]

(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr =	]

(RPPKT) Radialpoint Filter (x86) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rp_pkt32.sys -> Radialpoint, Inc. [Ver = 6.0.0.0 | Size = 48384 bytes | Modified Date = 4/19/2007 12:24:32 PM | Attr =	]

(RPSKT) Security Services Driver (x86) [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\rp_skt32.sys -> Radialpoint Inc. [Ver = 6.1.11.16607 | Size = 53192 bytes | Modified Date = 3/10/2008 4:03:20 PM | Attr =	]

(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]

(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 4/13/2008 1:36:39 PM | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr =	]

(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 642560 bytes | Modified Date = 7/14/2006 10:42:39 AM | Attr =	]

(StarOpen) StarOpen [File_System | System | Running] -> %SystemRoot%\System32\drivers\StarOpen.sys ->  [Ver =  | Size = 5632 bytes | Modified Date = 2/20/2007 3:07:56 PM | Attr = R  ]

(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4823.0  nd322 cp1 | Size = 1047816 bytes | Modified Date = 11/16/2005 2:36:00 PM | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr =	]

(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr =	]

(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 4608 bytes | Modified Date = 7/7/2006 10:27:09 PM | Attr =	]

(SymSnap) SymSnap [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\SymSnap.sys -> StorageCraft [Ver = 4.0.0.7894 | Size = 144880 bytes | Modified Date = 12/7/2005 4:05:26 PM | Attr =	]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr =	]

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr =	]

(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr =	]

(V2IMount) V2IMount [Kernel | System | Running] -> %SystemRoot%\System32\drivers\V2iMount.sys -> Symantec Corporation [Ver = 10.0.1.9528 | Size = 56240 bytes | Modified Date = 12/7/2005 4:05:24 PM | Attr =	]

(vaxscsi) vaxscsi [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vaxscsi.sys ->  [Ver =  | Size = 223128 bytes | Modified Date = 7/14/2006 12:22:51 PM | Attr =	]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr =	]

(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.06.00 built by: WinDDK | Size = 680704 bytes | Modified Date = 11/17/2003 2:58:02 PM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

7414c8e5 -> %SystemRoot%\system32\sqvjeqam.DLL [rundll32.exe "C:\WINDOWS\system32\sqvjeqam.dll",b] -> File not found

AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:24 PM | Attr =	]

AT&T Internet Security Suite -> %ProgramFiles%\AT&T\AT&T Internet Security Suite\RPS.exe ["C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"] -> AT&T [Ver = 6.0.1.19994 | Size = 310000 bytes | Modified Date = 6/28/2007 5:09:34 PM | Attr =	]

DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

EzPrint -> %ProgramFiles%\Lexmark 8300 Series\ezprint.exe ["C:\Program Files\Lexmark 8300 Series\ezprint.exe"] -> Lexmark International Inc. [Ver = 1.0.19.0 | Size = 103344 bytes | Modified Date = 1/30/2007 9:35:59 AM | Attr =	]

-FreedomNeedsReboot -> %ProgramFiles%\AT&T\AT&T Internet Security Suite\zkrunoncer.exe ["C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"] -> AT&T [Ver = 6.0.1.19994 | Size = 13552 bytes | Modified Date = 6/28/2007 5:09:56 PM | Attr =	]

HelpCenter4.1 -> %ProgramFiles%\BellSouth\HelpCenter40b\bin\sprtcmd.exe [C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1] -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 7/23/2007 12:25:20 PM | Attr =	]

igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 1:46:34 PM | Attr =	]

igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 1:50:30 PM | Attr =	]

igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 1:49:46 PM | Attr =	]

ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr =	]

ISW.exe -> %ProgramFiles%\AT&T\Internet Security Wizard\ISW.exe ["C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN] -> AT&T [Ver = 1.5.11.17917 | Size = 2061816 bytes | Modified Date = 5/3/2007 2:12:14 PM | Attr =	]

LXCJCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\lxcjtime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16] -> Lexmark International Inc. [Ver = 1.32.0.0 | Size = 106496 bytes | Modified Date = 11/21/2006 12:27:06 PM | Attr =	]

lxcjmon.exe -> %ProgramFiles%\Lexmark 8300 Series\lxcjmon.exe ["C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"] -> Lexmark International, Inc. [Ver = 3.98.0.0 | Size = 205744 bytes | Modified Date = 1/30/2007 9:32:06 AM | Attr =	]

MimBoot -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mimboot.exe [C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe] -> Musicmatch, Inc. [Ver = 10.10.1061 | Size = 8192 bytes | Modified Date = 9/18/2006 2:46:30 PM | Attr =	]

MSKDetectorExe ->  [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> File not found

MyWebSearch Email Plugin -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE [C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe] -> MyWebSearch.com [Ver = 1,2,2,4 | Size = 28672 bytes | Modified Date = 10/3/2006 9:19:12 PM | Attr =	]

NielsenOnline -> %ProgramFiles%\NetRatingsNetSight\NetSight\NielsenOnline.exe [C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe] -> NetRatings, Inc. [Ver = 5.1.2.15r | Size = 45056 bytes | Modified Date = 11/16/2007 6:55:36 PM | Attr =	]

PCTAVApp -> %ProgramFiles%\PC Tools AntiVirus\PCTAV.exe ["C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN] -> PC Tools Research Pty Ltd [Ver = 5, 0, 0, 16 | Size = 1259408 bytes | Modified Date = 7/23/2008 2:37:36 PM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]

TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 4/29/2008 9:55:43 AM | Attr =	]

WrtMon.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\WrtMon.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe] ->  [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 9/20/2006 8:35:26 AM | Attr =	]

YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> Yahoo! Inc. [Ver = 2008, 1, 10, 1 | Size = 223984 bytes | Modified Date = 1/10/2008 11:41:26 AM | Attr =	]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Aim6 ->  [] -> File not found

BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 5/7/2008 10:14:43 PM | Attr =	]

Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe [C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R] -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr =	]

MyWebSearch Email Plugin -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE [C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe] -> MyWebSearch.com [Ver = 1,2,2,4 | Size = 28672 bytes | Modified Date = 10/3/2006 9:19:12 PM | Attr =	]

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/18/2008 9:32:04 AM | Attr =	]

Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]

YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> Yahoo! Inc. [Ver = 2008, 1, 10, 1 | Size = 223984 bytes | Modified Date = 1/10/2008 11:41:26 AM | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = R  ]

< Danny1 Startup Folder > -> C:\Documents and Settings\Danny1\Start Menu\Programs\Startup -> 

%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr =	]

%UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> %ProgramFiles%\Webshots\Launcher.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 7/3/2006 7:41:22 PM | Attr =	]

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{77244082-D27E-416C-9661-FAD640973FCE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtsQhiJ.dll [] -> File not found

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 7:12:19 PM | Attr =	]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr =	]

*MultiFile Done* -> -> 

*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 

logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 7:12:24 PM | Attr =	]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 7:12:41 PM | Attr =	]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

awtsQhiJ ->  -> File not found

igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 1:45:38 PM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> 

< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 

SCSI miniport ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 1:40:46 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 

NEC	 MBR-7	->  -> File not found

NEC	 MBR-7.4  ->  -> File not found

PIONEER CHANGR DRM-1804X ->  -> File not found

PIONEER CD-ROM DRM-6324X ->  -> File not found

PIONEER CD-ROM DRM-624X  ->  -> File not found

TORiSAN CD-ROM CDR_C36 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_DVD-ROM_TS-H352C_______________DE02____\5&2b88f5e5&0&0.0.0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomHL-DT-ST_DVD+-RW_GWA4164B_______________E111____\5&2b88f5e5&0&0.1.0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_KQ0320U&Prod_XGN340M&Rev_2.0B\5&2dec51be&0&000 -> 

< Drives - Autoruns > ->  -> 

AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/10/2004 1:04:08 PM | Attr =	]

< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url] -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url] -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url] -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url] -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

HKEY_CURRENT_USER\: ProxyOverride -> 64.136.29.30;64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;*.prod.untd.com;*.2mdn.net;cf.netzero.net;qs.netzero.net;*.advertising.com;<local>;*.local -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{00A6FAF1-072E-44cf-8957-5838F569A31D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 3, 10, 1 | Size = 879856 bytes | Modified Date = 3/10/2008 7:58:58 AM | Attr =	]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 2:17:44 PM | Attr =	]

{2BFE8F3E-2EA9-4C80-B8B2-A69537810E41} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jjarecap.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 4/29/2008 9:56:41 AM | Attr =	]

{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] ->  [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr =	]

{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]

{8D9F2D80-62C4-477A-914E-980C4D2B951B} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\20RGB7ZI\3077htsbdjyf[1].dll [Reg Error: Value  does not exist or could not be read.] -> File not found

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 4/29/2008 9:54:44 AM | Attr = R  ]

{e4a652ab-d424-413a-bed4-8a65650bccaa} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\zirpbt.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

{F3D4C86C-95CA-4A29-A631-9064106B056F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRkLDWm.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{07B18EA9-A523-4961-B6BB-170DE4475CCA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSBAR.DLL [My &Web Search] -> MyWebSearch.com [Ver = 2, 1, 50, 3 | Size = 307200 bytes | Modified Date = 10/3/2006 9:19:12 PM | Attr =	]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 4/29/2008 9:54:44 AM | Attr = R  ]

{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] ->  [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr =	]

{C17590D2-ECB4-4b15-8820-F58798DCC118} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Webshots\WSToolbar4IE.dll [Webshots Toolbar] -> CNET-Networks [Ver = 1, 0, 0, 7008 | Size = 176128 bytes | Modified Date = 7/3/2006 7:41:56 PM | Attr =	]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 3, 10, 1 | Size = 879856 bytes | Modified Date = 3/10/2008 7:58:58 AM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSBAR.DLL [My &Web Search] -> MyWebSearch.com [Ver = 2, 1, 50, 3 | Size = 307200 bytes | Modified Date = 10/3/2006 9:19:12 PM | Attr =	]

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 4/29/2008 9:54:44 AM | Attr = R  ]

WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] ->  [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr =	]

WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{C17590D2-ECB4-4B15-8820-F58798DCC118} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Webshots\WSToolbar4IE.dll [Webshots Toolbar] -> CNET-Networks [Ver = 1, 0, 0, 7008 | Size = 176128 bytes | Modified Date = 7/3/2006 7:41:56 PM | Attr =	]

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 3, 10, 1 | Size = 879856 bytes | Modified Date = 3/10/2008 7:58:58 AM | Attr =	]

WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> [url=http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s]http://activex.microsoft.com/controls/find...=%s&mime=%s[/url] -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

FunWebProducts ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{63030C1D-072F-4FCC-ABBA-4144369FAE11} ->	(Intel® PRO/100 VE Network Connection) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000001 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000002 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000003 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000007 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000008 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000009 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000010 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000011 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000012 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000013 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000014 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000015 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000016 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000017 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000018 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000019 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 12/6/2007 3:51:40 PM | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> [url=http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab]http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab[/url][Creative Software AutoUpdate] -> 

{0CCA191D-13A6-4E29-B746-314DEE697D83}[HKEY_LOCAL_MACHINE] -> [url=http://upload.facebook.com/controls/FacebookPhotoUploader5.cab]http://upload.facebook.com/controls/Facebo...toUploader5.cab[/url][Facebook Photo Uploader 5] -> 

{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> [url=http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab]http://fpdownload.macromedia.com/get/shock...director/sw.cab[/url][Shockwave ActiveX Control] -> 

{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}[HKEY_LOCAL_MACHINE] -> [url=http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/HistorySwatterFWBInitialSetup1.0.0.15.cab]http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab[/url][Reg Error: Key does not exist or could not be opened.] -> 

{2019DC25-D1C0-11D6-97B3-0008A124F542}[HKEY_LOCAL_MACHINE] -> [url=http://www.streamplug.com/StreamPlug/beta/SP.cab]http://www.streamplug.com/StreamPlug/beta/SP.cab[/url][StreamPlug Class] -> 

{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> [url=http://lads.myspace.com/upload/MySpaceUploader1006.cab]http://lads.myspace.com/upload/MySpaceUploader1006.cab[/url][MySpace Uploader Control] -> 

{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> [url=http://download.divx.com/player/DivXBrowserPlugin.cab]http://download.divx.com/player/DivXBrowserPlugin.cab[/url][DivXBrowserPlugin Object] -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> [url=http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200202971343]http://www.update.microsoft.com/microsoftu...b?1200202971343[/url][MUWebControl Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_07] -> 

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab]http://java.sun.com/products/plugin/autodl...indows-i586.cab[/url][Java Plug-in 1.4.2_03] -> 

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab]http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.5.0_09] -> 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_05] -> 

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_07] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_07] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> [url=https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab]https://fpdownload.macromedia.com/get/shock...ash/swflash.cab[/url][Shockwave Flash Object] -> 

{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}[HKEY_LOCAL_MACHINE] -> [url=http://rms2.invokesolutions.com/events/bin/6.0.0.1448/MILive.cab]http://rms2.invokesolutions.com/events/bin...1448/MILive.cab[/url][Invoke Solutions Participant Control(MR)] -> 

{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> [url=http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab]http://www.creative.com/softwareupdate/su/...15034/CTPID.cab[/url][Creative Software AutoUpdate Support Package] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/AIM6/unicows.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/AIM6/unicows.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/AIM6/unicows.dll\\{48DD0448-9209-4F81-9F6D-D83562940134} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/StreamPlug.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/StreamPlug.dll\\.Owner -> {2019DC25-D1C0-11D6-97B3-0008A124F542} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/StreamPlug.dll\\{2019DC25-D1C0-11D6-97B3-0008A124F542} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> {F6ACF75C-C32C-447B-9BEF-46B766368D29} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\.Owner -> {0CCA191D-13A6-4E29-B746-314DEE697D83} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\{0CCA191D-13A6-4E29-B746-314DEE697D83} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\{48DD0448-9209-4F81-9F6D-D83562940134} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StreamPlug.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StreamPlug.dll\\.Owner -> {2019DC25-D1C0-11D6-97B3-0008A124F542} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StreamPlug.dll\\{2019DC25-D1C0-11D6-97B3-0008A124F542} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{48DD0448-9209-4F81-9F6D-D83562940134} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{0CCA191D-13A6-4E29-B746-314DEE697D83} ->  -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr =	]

C:\WINDOWS\system32\rqRkLDWm ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 7:11:56 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 7:12:08 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1068 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 7:12:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 31 86 D3 D7 5C B5 56 0D F8 1A 98 FA D1 27 A4 69 62 31 62 31 33 61 39 66 00 00 00 00 E7 09 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 BD 80 99 DB E3 11 B1 6D 98 9E 55 B1  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 3C 91 0E 25 31 99 6F CD 46  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> B2 1B B0 E4 6B 16  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 99 2A B1 11 84 AE 81 D9 56 AD 63 FB 3C EA 6E FD  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> [url=http://www.passport.com]http://www.passport.com[/url] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> A4 B0 CD BD 15 F9 C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18621 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 7:11:55 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1		 | Size = 496752 bytes | Modified Date = 4/7/2004 12:07:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1		 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1		 | Size = 496752 bytes | Modified Date = 4/7/2004 12:07:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1		 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo\halo.exe -> %ProgramFiles%\Microsoft Games\Halo\halo.exe [C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhdlc.exe -> %ProgramFiles%\NovaLogic\Delta Force Black Hawk Down\dfbhdlc.exe [C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhdlc.exe:*:Enabled:dfbhdlc] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 625664 bytes | Modified Date = 6/23/2008 4:20:52 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe -> %ProgramFiles%\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe [C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/13/2008 7:12:28 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SwiftSwitch\SwiftSwitch.exe -> %ProgramFiles%\SwiftSwitch\SwiftSwitch.exe [C:\Program Files\SwiftSwitch\SwiftSwitch.exe:*:Enabled:World Switcher for RuneScape] -> SwiftSwitch [Ver = 2.48 | Size = 3293184 bytes | Modified Date = 10/25/2007 12:31:21 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe -> %ProgramFiles%\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade] -> IGN Entertainment, Inc. [Ver = 2.0.2.5222	  | Size = 4161591 bytes | Modified Date = 4/6/2005 1:00:28 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\lxcjcoms.exe -> %SystemRoot%\system32\lxcjcoms.exe [C:\WINDOWS\system32\lxcjcoms.exe:*:Enabled:Lexmark Communications System] ->   [Ver = 6.4.24.0 | Size = 537520 bytes | Modified Date = 1/30/2007 9:30:39 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Danny1\Local Settings\Temp\nsz31.tmp\utorrent.exe -> %UserProfile%\Local Settings\Temp\nsz31.tmp\utorrent.exe [C:\Documents and Settings\Danny1\Local Settings\Temp\nsz31.tmp\utorrent.exe:*:Enabled:µTorrent] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Danny1\Local Settings\Temp\nsb35.tmp\utorrent.exe -> %UserProfile%\Local Settings\Temp\nsb35.tmp\utorrent.exe [C:\Documents and Settings\Danny1\Local Settings\Temp\nsb35.tmp\utorrent.exe:*:Enabled:µTorrent] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent_DNA\dna.exe -> %ProgramFiles%\BitTorrent_DNA\dna.exe [C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA] ->  [Ver =  | Size = 287040 bytes | Modified Date = 3/13/2008 1:36:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 587568 bytes | Modified Date = 9/18/2007 6:37:22 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\mIRC\mirc.exe -> %ProgramFiles%\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> mIRC Co. Ltd. [Ver = 6.31 | Size = 2756096 bytes | Modified Date = 11/1/2007 2:57:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 2:17:27 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Xfire\Xfire.exe -> %ProgramFiles%\Xfire\Xfire.exe [C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire] -> Xfire Inc. [Ver = 13133 | Size = 3007824 bytes | Modified Date = 5/13/2008 8:29:28 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe -> %ProgramFiles%\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe [C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> %ProgramFiles%\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 5/7/2008 10:14:43 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CCP\EVE\bin\ExeFile.exe -> %ProgramFiles%\CCP\EVE\bin\ExeFile.exe [C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 6/18/2008 1:46:56 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Discover.exe -> %ProgramFiles%\Rosetta Stone\RS2.1.4.2Asms\Discover.exe [C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool] -> Fairfield Language Technologies [Ver = 3.00 | Size = 90112 bytes | Modified Date = 6/13/2006 2:35:39 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Rosetta Stone.exe -> %ProgramFiles%\Rosetta Stone\RS2.1.4.2Asms\Rosetta Stone.exe [C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Rosetta Stone.exe:*:Enabled:Rosetta Stone Application] -> Macromedia, Inc. [Ver = 9.0r383 | Size = 3716614 bytes | Modified Date = 2/13/2006 3:22:05 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mpxu.exe -> %SystemRoot%\system32\mpxu.exe [C:\WINDOWS\system32\mpxu.exe:*:Enabled:mpxu] ->  [Ver =  | Size = 18944 bytes | Modified Date = 6/29/2008 12:33:18 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe -> %ProgramFiles%\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe [C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe:*:Enabled:dfbhd] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 7:12:11 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> 

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.bat [@ = batfile] ->  -> File not found

.cmd [@ = cmdfile] ->  -> File not found

.com [@ = comfile] ->  -> File not found

.exe [@ = exefile] ->  -> File not found

.pif [@ = piffile] ->  -> File not found

.scr [@ = scrfile] ->  -> File not found

< MountPoints2 > -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185642f-1359-11db-bcab-00038a000015}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185642f-1359-11db-bcab-00038a000015}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185642f-1359-11db-bcab-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 01 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185642f-1359-11db-bcab-00038a000015}\shell\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185642f-1359-11db-bcab-00038a000015}\shell\\ -> None -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185642f-1359-11db-bcab-00038a000015}\shell\Autoplay\ -> -> 

*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185642f-1359-11db-bcab-00038a000015}\shell\Autoplay\\MUIVerb -> 

@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

-8504 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185642f-1359-11db-bcab-00038a000015}\shell\Autoplay\DropTarget\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185642f-1359-11db-bcab-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185643a-1359-11db-bcab-00038a000015}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185643a-1359-11db-bcab-00038a000015}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185643a-1359-11db-bcab-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185643a-1359-11db-bcab-00038a000015}\_Autorun\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185643a-1359-11db-bcab-00038a000015}\_Autorun\DefaultIcon\ -> -> 

*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2185643a-1359-11db-bcab-00038a000015}\_Autorun\DefaultIcon\\ -> 

H:\Setup.exe -> H:\Setup.exe -> File not found

0 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755c-eacc-11d8-87d0-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755c-eacc-11d8-87d0-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755d-eacc-11d8-87d0-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755d-eacc-11d8-87d0-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755e-eacc-11d8-87d0-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755e-eacc-11d8-87d0-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755f-eacc-11d8-87d0-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755f-eacc-11d8-87d0-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b0-111a-11db-bca1-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b0-111a-11db-bca1-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b1-111a-11db-bca1-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b1-111a-11db-bca1-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F CF 5F 5F 5F 5F CF CF 5F 5F 5F CF 01 01 00 5F 5F EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 0C 00 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\Name\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\Name\\ -> Need for Speed Underground 2 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\name2\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\name2\\ -> Triple Play 2000 Setup -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\_Autorun\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\_Autorun\DefaultIcon\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b2-111a-11db-bca1-806d6172696f}\_Autorun\DefaultIcon\\ -> E:\Data\TalkNow.ico [E:\Data\TalkNow.ico] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b3-111a-11db-bca1-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b3-111a-11db-bca1-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b3-111a-11db-bca1-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 60 00 00 00 09 00 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b3-111a-11db-bca1-806d6172696f}\Name\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b3-111a-11db-bca1-806d6172696f}\Name\\ -> Need for Speed Underground 2 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b3-111a-11db-bca1-806d6172696f}\_Autorun\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b3-111a-11db-bca1-806d6172696f}\_Autorun\DefaultIcon\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d0e97b3-111a-11db-bca1-806d6172696f}\_Autorun\DefaultIcon\\ -> F:\autorun\autorun.ico [F:\autorun\autorun.ico] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52c60269-0e69-11db-8400-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52c60269-0e69-11db-8400-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52c6026a-0e69-11db-8400-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52c6026a-0e69-11db-8400-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52c6026b-0e69-11db-8400-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52c6026b-0e69-11db-8400-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646e17b0-0e2f-11db-9b56-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646e17b0-0e2f-11db-9b56-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646e17b1-0e2f-11db-9b56-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646e17b1-0e2f-11db-9b56-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646e17b1-0e2f-11db-9b56-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF DF DF DF 5F DF DF 01 01 FF FF FF FF FF FF FF FF FF 00 01 00 00 00 08 00 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646e17b2-0e2f-11db-9b56-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646e17b2-0e2f-11db-9b56-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646e17b3-0e2f-11db-9b56-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646e17b3-0e2f-11db-9b56-806d6172696f}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73626fe2-11ee-11db-bca4-00038a000015}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73626fe2-11ee-11db-bca4-00038a000015}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73626fe2-11ee-11db-bca4-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 05 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a337ac7d-7c1f-11dc-bf5f-00038a000015}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a337ac7d-7c1f-11dc-bf5f-00038a000015}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a337ac7d-7c1f-11dc-bf5f-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 07 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c539d4-bb99-11dc-bfda-0016768bf307}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c539d4-bb99-11dc-bfda-0016768bf307}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c539d4-bb99-11dc-bfda-0016768bf307}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 06 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c539d4-bb99-11dc-bfda-0016768bf307}\shell\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c539d4-bb99-11dc-bfda-0016768bf307}\shell\\ -> None -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c539d4-bb99-11dc-bfda-0016768bf307}\shell\Autoplay\ -> -> 

*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c539d4-bb99-11dc-bfda-0016768bf307}\shell\Autoplay\\MUIVerb -> 

@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

-8504 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c539d4-bb99-11dc-bfda-0016768bf307}\shell\Autoplay\DropTarget\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c539d4-bb99-11dc-bfda-0016768bf307}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396bffb-2437-11dd-809a-0016768bf307}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396bffb-2437-11dd-809a-0016768bf307}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396bffb-2437-11dd-809a-0016768bf307}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 01 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396bffb-2437-11dd-809a-0016768bf307}\shell\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396bffb-2437-11dd-809a-0016768bf307}\shell\\ -> None -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396bffb-2437-11dd-809a-0016768bf307}\shell\Autoplay\ -> -> 

*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396bffb-2437-11dd-809a-0016768bf307}\shell\Autoplay\\MUIVerb -> 

@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

-8504 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396bffb-2437-11dd-809a-0016768bf307}\shell\Autoplay\DropTarget\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396bffb-2437-11dd-809a-0016768bf307}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7700bb4-ba5d-11dc-bfd7-0016768bf307}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7700bb4-ba5d-11dc-bfd7-0016768bf307}\\BaseClass -> Drive -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7700bb4-ba5d-11dc-bfd7-0016768bf307}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 06 00 00  [binary data] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7700bb4-ba5d-11dc-bfd7-0016768bf307}\shell\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7700bb4-ba5d-11dc-bfd7-0016768bf307}\shell\\ -> None -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7700bb4-ba5d-11dc-bfd7-0016768bf307}\shell\Autoplay\ -> -> 

*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7700bb4-ba5d-11dc-bfd7-0016768bf307}\shell\Autoplay\\MUIVerb -> 

@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

-8504 ->  -> File not found

*MultiFile Done* -> -> 





HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7700bb4-ba5d-11dc-bfd7-0016768bf307}\shell\Autoplay\DropTarget\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7700bb4-ba5d-11dc-bfd7-0016768bf307}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{2185643a-1359-11db-bcab-00038a000015}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{2185643a-1359-11db-bcab-00038a000015}\\Data -> [Binary data over 100 bytes] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{2185643a-1359-11db-bcab-00038a000015}\\Generation -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b0-111a-11db-bca1-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b0-111a-11db-bca1-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b0-111a-11db-bca1-806d6172696f}\\Generation -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b1-111a-11db-bca1-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b1-111a-11db-bca1-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b1-111a-11db-bca1-806d6172696f}\\Generation -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b2-111a-11db-bca1-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b2-111a-11db-bca1-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b2-111a-11db-bca1-806d6172696f}\\Generation -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b3-111a-11db-bca1-806d6172696f}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b3-111a-11db-bca1-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3d0e97b3-111a-11db-bca1-806d6172696f}\\Generation -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a337ac7d-7c1f-11dc-bf5f-00038a000015}\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a337ac7d-7c1f-11dc-bf5f-00038a000015}\\Data -> [Binary data over 100 bytes] -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a337ac7d-7c1f-11dc-bf5f-00038a000015}\\Generation -> 1 -> 

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 

AlternatShell -> cmd.exe -> 

< Security Settings > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> 

Rpcss -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 7:12:04 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> %SystemRoot%\system32\qmgr.dll [C:\WINDOWS\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.7.2600.5512 (xpsp.080413-2108) | Size = 409088 bytes | Modified Date = 4/13/2008 7:12:03 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18621 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 7:11:55 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1		 | Size = 496752 bytes | Modified Date = 4/7/2004 12:07:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1		 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1		 | Size = 496752 bytes | Modified Date = 4/7/2004 12:07:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1		 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo\halo.exe -> %ProgramFiles%\Microsoft Games\Halo\halo.exe [C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhdlc.exe -> %ProgramFiles%\NovaLogic\Delta Force Black Hawk Down\dfbhdlc.exe [C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhdlc.exe:*:Enabled:dfbhdlc] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 625664 bytes | Modified Date = 6/23/2008 4:20:52 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe -> %ProgramFiles%\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe [C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/13/2008 7:12:28 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SwiftSwitch\SwiftSwitch.exe -> %ProgramFiles%\SwiftSwitch\SwiftSwitch.exe [C:\Program Files\SwiftSwitch\SwiftSwitch.exe:*:Enabled:World Switcher for RuneScape] -> SwiftSwitch [Ver = 2.48 | Size = 3293184 bytes | Modified Date = 10/25/2007 12:31:21 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe -> %ProgramFiles%\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade] -> IGN Entertainment, Inc. [Ver = 2.0.2.5222	  | Size = 4161591 bytes | Modified Date = 4/6/2005 1:00:28 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\lxcjcoms.exe -> %SystemRoot%\system32\lxcjcoms.exe [C:\WINDOWS\system32\lxcjcoms.exe:*:Enabled:Lexmark Communications System] ->   [Ver = 6.4.24.0 | Size = 537520 bytes | Modified Date = 1/30/2007 9:30:39 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Danny1\Local Settings\Temp\nsz31.tmp\utorrent.exe -> %UserProfile%\Local Settings\Temp\nsz31.tmp\utorrent.exe [C:\Documents and Settings\Danny1\Local Settings\Temp\nsz31.tmp\utorrent.exe:*:Enabled:µTorrent] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Danny1\Local Settings\Temp\nsb35.tmp\utorrent.exe -> %UserProfile%\Local Settings\Temp\nsb35.tmp\utorrent.exe [C:\Documents and Settings\Danny1\Local Settings\Temp\nsb35.tmp\utorrent.exe:*:Enabled:µTorrent] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent_DNA\dna.exe -> %ProgramFiles%\BitTorrent_DNA\dna.exe [C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA] ->  [Ver =  | Size = 287040 bytes | Modified Date = 3/13/2008 1:36:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 587568 bytes | Modified Date = 9/18/2007 6:37:22 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\mIRC\mirc.exe -> %ProgramFiles%\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> mIRC Co. Ltd. [Ver = 6.31 | Size = 2756096 bytes | Modified Date = 11/1/2007 2:57:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 2:17:27 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Xfire\Xfire.exe -> %ProgramFiles%\Xfire\Xfire.exe [C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire] -> Xfire Inc. [Ver = 13133 | Size = 3007824 bytes | Modified Date = 5/13/2008 8:29:28 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe -> %ProgramFiles%\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe [C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> %ProgramFiles%\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 5/7/2008 10:14:43 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CCP\EVE\bin\ExeFile.exe -> %ProgramFiles%\CCP\EVE\bin\ExeFile.exe [C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 6/18/2008 1:46:56 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Discover.exe -> %ProgramFiles%\Rosetta Stone\RS2.1.4.2Asms\Discover.exe [C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool] -> Fairfield Language Technologies [Ver = 3.00 | Size = 90112 bytes | Modified Date = 6/13/2006 2:35:39 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Rosetta Stone.exe -> %ProgramFiles%\Rosetta Stone\RS2.1.4.2Asms\Rosetta Stone.exe [C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Rosetta Stone.exe:*:Enabled:Rosetta Stone Application] -> Macromedia, Inc. [Ver = 9.0r383 | Size = 3716614 bytes | Modified Date = 2/13/2006 3:22:05 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mpxu.exe -> %SystemRoot%\system32\mpxu.exe [C:\WINDOWS\system32\mpxu.exe:*:Enabled:mpxu] ->  [Ver =  | Size = 18944 bytes | Modified Date = 6/29/2008 12:33:18 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe -> %ProgramFiles%\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe [C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe:*:Enabled:dfbhd] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 7:12:11 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 

{00203668-8170-44A0-BE44-B632FA4D780F} -> Adobe AIR

{02DFF6B1-1654-411C-8D7B-FD6052EF016F} -> Apple Software Update

{0345520E-2A04-4A36-BC31-353AE87A6092} -> RPS Diagnostic Utility

{075473F5-846A-448B-BCB3-104AA1760205} -> Roxio RecordNow Data

{0818687F-F41F-496D-9D6D-DB98F147FC62} -> RPS Firewall

{08CA9554-B5FE-4313-938F-D4A417B81175} -> QuickTime

{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} -> MSXML 6.0 Parser (KB933579)

{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} -> Microsoft Plus! Photo Story 2 LE

{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} -> Security Update for CAPICOM (KB931906)

{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Roxio DLA

{1ACE3F9D-CDA4-4F39-9605-334CF37A1579} -> Authentium AntiVirus SDK - 2

{1E164156-3FA1-4389-9B0B-28E88B879639} -> RPS AsRealtime

{212F5777-1190-4DEF-8E4D-6B2F313B45E7} -> PerfectDisk

{21657574-BD54-48A2-9450-EB03B2C7FC29} -> Roxio MyDVD LE

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer

{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2

{23E5C72C-CC08-4EE0-9CC2-D925B232B331} -> Microsoft MSDN 2005 Express Edition - ENU

{2750B389-A2D2-4953-99CA-27C1F2A8E6FD} -> Microsoft SQL Server 2005 Tools Express Edition

{295F5142-A223-4164-9A6D-6683C08409FC} -> RPS RpsCore

{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} -> Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC} -> Creative MediaSource

{2F4BFC9D-17D7-447A-AEA2-467892D876B3} -> RPS App Detector

{30120000-0011-0000-0000-0000000FF1CE} -> Microsoft Office Professional 2007 (Beta)

{30120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007 (Beta)

{30120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007 (Beta)

{30120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007 (Beta)

{30120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007 (Beta)

{30120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007 (Beta)

{30120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007 (Beta)

{30120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007 (Beta)

{30120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007 (Beta)

{30120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007 (Beta)

{30120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007 (Beta)

{30120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007 (Beta)

{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Sonic Update Manager

{310F26F3-C769-48E5-BD0D-53D4366C34CD} -> RPS PopupBlocker

{3248F0A8-6813-11D6-A77B-00B0D0150090} -> J2SE Runtime Environment 5.0 Update 9

{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(tm) 6 Update 3

{3248F0A8-6813-11D6-A77B-00B0D0160050} -> Java(tm) 6 Update 5

{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(tm) 6 Update 7

{32F720F5-2D0D-4245-A2B0-9EB3CECF8101} -> Norton Ghost 10.0

{33BB4982-DC52-4886-A03B-F4C5C80BEE89} -> Windows Media Player 10

{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP

{352310C3-E46B-42D3-8F32-54721FDD72D9} -> NetZeroInstallers

{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978)

{3DE72179-FEF4-4846-BF82-62CBFC61F8D7} -> RPS Performance Tool

{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting

{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54} -> Dell CinePlayer

{4667B940-BB01-428B-986E-A0CC46497BF7} -> ELIcon

{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} -> Bonjour

{48B82226-75E3-4E90-92CC-D30F79EA6380} -> Norton Security Scan

{491DD792-AD81-429C-9EB4-86DD3D22E333} -> Windows Communication Foundation

{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} -> Apple Mobile Device Support

{49FC50FC-F965-40D9-89B4-CBFF80941033} -> Windows Movie Maker 2.0

{4AA73DA8-8D69-44ED-B5D7-CB815C81F83E} -> RPS Zip

{537654FC-556A-4992-BF3D-ADC05E7009DC} -> RPS AntiFraud

{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} -> Microsoft SQL Server Setup Support Files (English)

{548EEA8E-8299-497F-8057-811D2D7097DC} -> Dell Support 3.1

{58A2663B-56DC-488F-8E29-D44C6DE053B5} -> RPS Security Cleanup

{5905F42D-3F5F-4916-ADA6-94A3646AEE76} -> Dell Driver Reset Tool

{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} -> Sonic Activation Module

{5BF2B19D-9C79-492A-8969-F059F06A627F} -> Print to Fax

{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF} -> Radialpoint Security Services

{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} -> AOLIcon

{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} -> Digital Content Portal

{7146B3EB-BDCF-4BEB-833A-B0A8213BFE6B} -> Samsung USB Driver

{7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03

{716E0306-8318-4364-8B8F-0CC4E9376BAC} -> MSXML 4.0 SP2 Parser and SDK

{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE} -> EarthLink setup files

{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable

{72CD4C5F-AB0B-4814-8780-9A4F26A2086B} -> Presto! PageManager 7.12.10

{74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore

{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com

{786C5747-1033-0000-B58E-000000000001} -> Adobe Stock Photos 1.0

{7D11FED9-4214-40A6-A6CA-3CFBAC20DA36} -> RPS Burn

{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper

{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} -> Intel® PROSet for Wired Connections

{85D3CC30-8859-481A-9654-FD9B74310BEF} -> Musicmatch® Jukebox

{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel® Graphics Media Accelerator Driver

{8EDBA74D-0686-4C99-BFDD-F894678E5B39} -> Adobe Common File Installer

{904847DA-FBC0-4726-BE73-830FCB9D4E8A} -> RPS Backup

{9799404D-E361-43FB-AFE4-527C9A36D316} -> Creative Zen Neeon

{99E6E9E1-BBCD-4294-93C6-08537A9E92CB} -> RPS AntiSpyware

{A06275F4-324B-4E85-95E6-87B2CD729401} -> Windows Defender

{A683A2C0-821C-486F-858C-FA634DB5E864} -> EducateU

{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5} -> Microsoft Visual C++ 2005 Express Edition - ENU

{AB708C9B-97C8-4AC9-899B-DBF226AC9382} -> Roxio RecordNow Audio

{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} -> Dell Media Experience

{AC76BA86-0000-0000-0000-6028747ADE01} -> Adobe Acrobat - Reader 6.0.2 Update

{AC76BA86-0000-7EC8-7489-000000000603} -> Adobe Acrobat and Reader 6.0.3 Update

{AC76BA86-0000-7EC8-7489-000000000604} -> Adobe Acrobat and Reader 6.0.4 Update

{AC76BA86-7AD7-1033-7B44-A00000000001} -> Adobe Reader 6.0.1

{AC82BF06-223B-42AA-A89F-2D3BCD247366} -> RPS Privacy Manager

{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} -> ABBYY FineReader 6.0 Sprint

{AEC0CEBC-0FC7-4716-8222-1C4A742719B1} -> Digimax Master

{AF19F291-F22F-4798-9662-525305AE9E48} -> WordPerfect Office 12

{B0DF58A2-40DF-4465-AA56-38623EC9938C} -> Documentation & Support Launcher

{B12665F4-4E93-4AB4-B7FC-37053B524629} -> Roxio RecordNow Copy

{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1

{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player

{B74D4E10-6884-0000-0000-000000000103} -> Adobe Bridge 1.0

{B79920F8-AB6E-45B2-B257-900BBA969FF7} -> Presto! Forms 3.50.02

{BAF99E78-879B-4811-BFEF-3CC7057BC00D} -> RPS Ad Blocker

{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)

{C869F4FF-E5FF-4FBB-9A31-33C23605E170} -> PPSDKRedistributables

{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1

{D050D7362D214723AD585B541FFB6C11} -> DivX Content Uploader

{D2988E9B-C73F-422C-AD4B-A66EBE257120} -> MCU

{D7DF917E-C963-42B4-AD48-837ACA6D8859} -> AT&T Internet Security Suite

{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}_is1 -> Invoke Solutions Participant 6.0.0.1448

{DA2D4D11-1811-4A24-B719-BF9F048C6106} -> Windows XP Creativity Fun Packs - Windows Movie Maker 2

{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer

{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 -> AusLogics Disk Defrag

{E42BD75A-FC23-4E3F-9F91-2658334C644F} -> Internet Service Offers Launcher

{E5E7B0D0-20E1-4B1A-B8C9-B9E2B93DE1DE} -> RPS ParentalControl

{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect

{E85A45C2-290F-4C4A-9363-B6399EE648A9} -> RPS AntiVirus

{E9787678-1033-0000-8E67-000000000001} -> Adobe Help Center 1.0

{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3} -> Microsoft SQL Server VSS Writer

{F9B3DD02-B0B3-42E9-8650-030DFF0D133D} -> Microsoft SQL Server Native Client

ActiveXControlPad -> Microsoft ActiveX Control Pad

Adobe AIR -> Adobe AIR

Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX

Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2

Adobe Shockwave Player -> Adobe Shockwave Player

AIM_6 -> AIM 6

America Online us -> America Online (Choose which version to remove)

AOL Connectivity Services -> AOL Connectivity Services

AOLCoach -> AOL Coach Version 1.0(Build:20040229.1 en)

Axife Mouse Recorder DEMO_is1 -> Axife Mouse Recorder DEMO 5.01

BellSouth Application Management -> BellSouth Application Management

BellSouth® Internet Services Dialer -> BellSouth® Internet Services Dialer

BellsouthHelpCenter4.0b_is1 -> FastAccess® DSL Help Center 4.1

blstoolbar -> BellSouth Toolbar 1.0

CCleaner -> CCleaner (remove only)

CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 -> Conexant D850 56K V.9x DFVc Modem

com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com

Creative Mass Storage Drivers -> Creative Mass Storage Drivers

D1A6F3FD-7B40-443F-8767-BADB25A0D222 -> Blasterball 2

Dell Digital Jukebox Driver -> Dell Digital Jukebox Driver

DVD Decrypter -> DVD Decrypter (Remove Only)

DVD Shrink_is1 -> DVD Shrink 3.2

EuroTalk Talk Now Plus! -> EuroTalk Talk Now Plus!

GameSpy Arcade -> GameSpy Arcade

HyperCam 2 -> HyperCam 2

IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs

ie7 -> Windows Internet Explorer 7

KB835221WXP -> High Definition Audio Driver Package - KB835221

KB892130 -> Windows Genuine Advantage Validation Tool (KB892130)

KB893803v2 -> Windows Installer 3.1 (KB893803)

KB895316 -> Windows Media Player 10 Hotfix - KB895316

KB898458 -> Security Update for Step By Step Interactive Training (KB898458)

KB911564 -> Security Update for Windows Media Player (KB911564)

KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734)

KB923689 -> Security Update for Windows XP (KB923689)

KB923723 -> Security Update for Step By Step Interactive Training (KB923723)

KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398)

KB928090-IE7 -> Security Update for Windows Internet Explorer 7 (KB928090)

KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)

KB929969 -> Security Update for Windows Internet Explorer 7 (KB929969)

KB931768-IE7 -> Security Update for Windows Internet Explorer 7 (KB931768)

KB931906 -> Security Update for CAPICOM (KB931906)

KB933566-IE7 -> Security Update for Windows Internet Explorer 7 (KB933566)

KB936782_WMP10 -> Security Update for Windows Media Player 10 (KB936782)

KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782)

KB937143-IE7 -> Security Update for Windows Internet Explorer 7 (KB937143)

KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127)

KB939653-IE7 -> Security Update for Windows Internet Explorer 7 (KB939653)

KB939683 -> Hotfix for Windows Media Player 11 (KB939683)

KB941569 -> Security Update for Windows XP (KB941569)

KB942615-IE7 -> Security Update for Windows Internet Explorer 7 (KB942615)

KB944533-IE7 -> Security Update for Windows Internet Explorer 7 (KB944533)

KB946648 -> Security Update for Windows XP (KB946648)

KB947864-IE7 -> Hotfix for Windows Internet Explorer 7 (KB947864)

KB948109_SQL9 -> GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)

KB948109_SQLTools9 -> GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)

KB950759-IE7 -> Security Update for Windows Internet Explorer 7 (KB950759)

KB950760 -> Security Update for Windows XP (KB950760)

KB950762 -> Security Update for Windows XP (KB950762)

KB950974 -> Security Update for Windows XP (KB950974)

KB951066 -> Security Update for Windows XP (KB951066)

KB951072-v2 -> Update for Windows XP (KB951072-v2)

KB951376-v2 -> Security Update for Windows XP (KB951376-v2)

KB951698 -> Security Update for Windows XP (KB951698)

KB951748 -> Security Update for Windows XP (KB951748)

KB951978 -> Update for Windows XP (KB951978)

KB952287 -> Hotfix for Windows XP (KB952287)

KB952954 -> Security Update for Windows XP (KB952954)

KB953838-IE7 -> Security Update for Windows Internet Explorer 7 (KB953838)

KB953839 -> Security Update for Windows XP (KB953839)

Lexmark 8300 Series -> Lexmark 8300 Series

LiveReg -> LiveReg (Symantec Corporation)

LiveUpdate -> LiveUpdate 2.6 (Symantec Corporation)

M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1

Microsoft MSDN 2005 Express Edition - ENU -> Microsoft MSDN 2005 Express Edition - ENU

Microsoft SQL Server 2005 -> Microsoft SQL Server 2005

Microsoft Visual C++ 2005 Express Edition - ENU -> Microsoft Visual C++ 2005 Express Edition - ENU

mIRC -> 

Mozilla Firefox (2.0.0.16) -> Mozilla Firefox (2.0.0.16)

MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP

MuVo Driver -> Creative Mass Storage Drivers

MyWebSearch bar Uninstall -> My Web Search (HistorySwatter)

Nero - Burning Rom!UninstallKey -> Nero 6 Ultra Edition

NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs

PC Tools AntiVirus_is1 -> PC Tools AntiVirus 5.0

PRO -> Microsoft Office Professional Plus 2007 (Beta)

PROSet -> Intel® PRO Network Connections Drivers

RadialpointClientGateway_is1 -> AT&T Internet Security Wizard 1.5.11

RealPlayer 6.0 -> RealPlayer

RegCure -> RegCure 1.0.0.43

SwiftKit -> SwiftKit

SwiftSwitch -> SwiftSwitch

SysInfo -> Creative System Information

ViewpointMediaPlayer -> Viewpoint Media Player

VLC media player -> VideoLAN VLC media player 0.8.5

WebCyberCoach_wtrb -> WebCyberCoach 3.2 Dell

Webshots Desktop_is1 -> Webshots Desktop

Webshots Toolbar -> Webshots Toolbar

WGA -> Windows Genuine Advantage Validation Tool (KB892130)

WgaNotify -> Windows Genuine Advantage Notifications (KB905474)

WIC -> Windows Imaging Component

WildTangent CDA -> WildTangent Web Driver

Windows Media Format Runtime -> Windows Media Format 11 runtime

Windows Media Player -> Windows Media Player 11

Windows XP Service Pack -> Windows XP Service Pack 3

WinRAR archiver -> WinRAR archiver

WMFDist11 -> Windows Media Format 11 runtime

wmp11 -> Windows Media Player 11

Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0

Xfire -> Xfire (remove only)

XpsEPSC -> XML Paper Specification Shared Components Pack 1.0

XviD_is1 -> XviD 1.1 final uninstall

Yahoo! Companion -> Yahoo! Toolbar

Yahoo! Messenger -> Yahoo! Messenger

Yahoo! Search Defender -> Yahoo! Search Protection

< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 

BitTorrent -> BitTorrent

BitTorrent DNA -> DNA





[Files/Folders - Created Within 30 days]

$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Created Date = 8/6/2008 10:36:48 PM | Attr =  H ]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 8/5/2008 4:51:34 PM | Attr =	]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 8/9/2008 10:23:36 PM | Attr =	]

adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 4255 bytes | Created Date = 8/7/2008 10:52:26 PM | Attr =	]

adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 3967 bytes | Created Date = 8/7/2008 10:52:26 PM | Attr =	]

adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 3615 bytes | Created Date = 8/7/2008 10:52:26 PM | Attr =	]

adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 3647 bytes | Created Date = 8/7/2008 10:52:26 PM | Attr =	]

adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 3135 bytes | Created Date = 8/7/2008 10:52:26 PM | Attr =	]

adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 3711 bytes | Created Date = 8/7/2008 10:52:26 PM | Attr =	]

adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 3775 bytes | Created Date = 8/7/2008 10:52:26 PM | Attr =	]

ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 8/7/2008 10:52:39 PM | Attr =	]

ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 8/7/2008 10:52:39 PM | Attr =	]

ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 8/7/2008 10:52:39 PM | Attr =	]

ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 8/7/2008 10:52:39 PM | Attr =	]

ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 8/7/2008 10:52:39 PM | Attr =	]

ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 8/7/2008 10:52:39 PM | Attr =	]

ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 8/7/2008 10:52:39 PM | Attr =	]

ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 8/7/2008 10:52:39 PM | Attr =	]

ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 8/7/2008 10:52:40 PM | Attr =	]

ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 8/7/2008 10:52:40 PM | Attr =	]

ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 8/7/2008 10:52:41 PM | Attr =	]

ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 8/7/2008 10:52:41 PM | Attr =	]

atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 8/7/2008 10:52:43 PM | Attr =	]

atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/7/2008 10:52:43 PM | Attr =	]

atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 8/7/2008 10:52:43 PM | Attr =	]

atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod ->  [Ver =  | Size = 64352 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 21183 bytes | Created Date = 8/7/2008 10:52:45 PM | Attr =	]

atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 11359 bytes | Created Date = 8/7/2008 10:52:45 PM | Attr =	]

atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Created Date = 8/7/2008 10:52:45 PM | Attr =	]

atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 14143 bytes | Created Date = 8/7/2008 10:52:45 PM | Attr =	]

atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 17279 bytes | Created Date = 8/7/2008 10:52:46 PM | Attr =	]

AVFilter.sys -> %SystemRoot%\System32\drivers\AVFilter.sys -> PC Tools Research Pty Ltd [Ver = 1, 3, 0, 0 | Size = 21904 bytes | Created Date = 8/6/2008 1:01:38 PM | Attr =	]

AVHook.sys -> %SystemRoot%\System32\drivers\AVHook.sys -> PC Tools Research Pty Ltd. [Ver = 3.00.012 Build 012 | Size = 28568 bytes | Created Date = 8/6/2008 1:01:38 PM | Attr =	]

AVRec.sys -> %SystemRoot%\System32\drivers\AVRec.sys -> PC Tools Research Pty Ltd  [Ver = 3.00.012 Build 012 | Size = 21912 bytes | Created Date = 8/6/2008 1:01:38 PM | Attr =	]

ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 15423 bytes | Created Date = 8/7/2008 10:52:52 PM | Attr =	]

cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty ->  [Ver =  | Size = 129045 bytes | Created Date = 8/7/2008 10:53:06 PM | Attr =	]

hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 8/7/2008 10:53:49 PM | Attr =	]

hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 8/7/2008 10:53:50 PM | Attr =	]

hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 8/7/2008 10:53:50 PM | Attr =	]

km_filter.sys -> %SystemRoot%\System32\drivers\km_filter.sys -> The Nielsen Company [Ver = 5.0.0.11r | Size = 8832 bytes | Created Date = 8/5/2008 5:29:15 PM | Attr =	]

mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 8/7/2008 10:57:42 PM | Attr =	]

mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 8/7/2008 10:57:42 PM | Attr =	]

mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 8/7/2008 10:57:44 PM | Attr =	]

netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img ->  [Ver =  | Size = 67866 bytes | Created Date = 8/7/2008 10:57:52 PM | Attr =	]

nnrnstdi.sys -> %SystemRoot%\System32\drivers\nnrnstdi.sys -> The Nielsen Company [Ver = 5.1.3.15r | Size = 14336 bytes | Created Date = 8/5/2008 5:29:18 PM | Attr =	]

ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 8/7/2008 10:58:07 PM | Attr =	]

recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 8/7/2008 10:59:24 PM | Attr =	]

s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 8/7/2008 10:59:35 PM | Attr =	]

siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 3901 bytes | Created Date = 8/7/2008 10:59:57 PM | Attr =	]

slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 8/7/2008 10:59:59 PM | Attr =	]

slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 8/7/2008 10:59:59 PM | Attr =	]

slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 8/7/2008 10:59:59 PM | Attr =	]

slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 8/7/2008 11:00:00 PM | Attr =	]

vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 11325 bytes | Created Date = 8/7/2008 11:01:30 PM | Attr =	]

wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 11807 bytes | Created Date = 8/7/2008 11:01:36 PM | Attr =	]

wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 11295 bytes | Created Date = 8/7/2008 11:01:36 PM | Attr =	]

wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 11871 bytes | Created Date = 8/7/2008 11:01:36 PM | Attr =	]

wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 11935 bytes | Created Date = 8/7/2008 11:01:36 PM | Attr =	]

watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 22271 bytes | Created Date = 8/7/2008 11:01:37 PM | Attr =	]

watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel® Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Created Date = 8/7/2008 11:01:37 PM | Attr =	]

ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 8/7/2008 10:52:40 PM | Attr =	]

ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 8/7/2008 10:52:40 PM | Attr =	]

ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 8/7/2008 10:52:40 PM | Attr =	]

ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 8/7/2008 10:52:41 PM | Attr =	]

ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 8/7/2008 10:52:43 PM | Attr =	]

ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc.  [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 8/7/2008 10:52:44 PM | Attr =	]

bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 8/7/2008 11:57:16 PM | Attr =	]

4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

bvniadbr.ini -> %SystemRoot%\System32\bvniadbr.ini ->  [Ver =  | Size = 1487794 bytes | Created Date = 8/4/2008 6:22:12 AM | Attr =  HS]

en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 8/7/2008 11:57:17 PM | Attr =	]

gimscejw.ini -> %SystemRoot%\System32\gimscejw.ini ->  [Ver =  | Size = 1487632 bytes | Created Date = 8/4/2008 2:36:44 AM | Attr =  HS]

gsffbcqo.ini -> %SystemRoot%\System32\gsffbcqo.ini ->  [Ver =  | Size = 1487932 bytes | Created Date = 8/2/2008 5:28:39 PM | Attr =  HS]

hrmtbgxs.ini -> %SystemRoot%\System32\hrmtbgxs.ini ->  [Ver =  | Size = 1491828 bytes | Created Date = 8/2/2008 11:29:56 PM | Attr =  HS]

hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 8/7/2008 10:53:49 PM | Attr =	]

java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/10/2008 9:59:36 PM | Attr =	]

javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/10/2008 9:59:36 PM | Attr =	]

javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 8/10/2008 9:59:36 PM | Attr =	]

jkkLDVoO.dll -> %SystemRoot%\System32\jkkLDVoO.dll ->  [Ver =  | Size = 25088 bytes | Created Date = 8/2/2008 5:13:07 PM | Attr =	]

kregqian.ini -> %SystemRoot%\System32\kregqian.ini ->  [Ver =  | Size = 1492610 bytes | Created Date = 8/5/2008 5:07:54 PM | Attr =  HS]

maqejvqs.ini -> %SystemRoot%\System32\maqejvqs.ini ->  [Ver =  | Size = 1492910 bytes | Created Date = 8/6/2008 5:32:23 PM | Attr =  HS]

mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 8/7/2008 10:57:44 PM | Attr =	]

mWDLkRqr.ini -> %SystemRoot%\System32\mWDLkRqr.ini ->  [Ver =  | Size = 417 bytes | Created Date = 8/2/2008 5:19:55 PM | Attr =  HS]

mWDLkRqr.ini2 -> %SystemRoot%\System32\mWDLkRqr.ini2 ->  [Ver =  | Size = 417 bytes | Created Date = 8/2/2008 5:20:03 PM | Attr =  HS]

pid.inf -> %SystemRoot%\System32\pid.inf ->  [Ver =  | Size = 1261 bytes | Created Date = 8/7/2008 10:54:03 PM | Attr =	]

s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 8/7/2008 10:59:35 PM | Attr =	]

scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 8/7/2008 11:57:20 PM | Attr =	]

slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 8/7/2008 10:59:58 PM | Attr =	]

slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 8/7/2008 10:59:58 PM | Attr =	]

slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 8/7/2008 10:59:59 PM | Attr =	]

slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/7/2008 10:59:59 PM | Attr =	]

slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 8/7/2008 10:59:59 PM | Attr =	]

venjbgjm.ini -> %SystemRoot%\System32\venjbgjm.ini ->  [Ver =  | Size = 1487794 bytes | Created Date = 8/4/2008 10:16:46 AM | Attr =  HS]

°j? -> %SystemRoot%\System32\°jˆ ->  [Ver =  | Size = 89 bytes | Modified Date = 5/30/2008 10:59:54 PM | Attr =	]

$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 8/7/2008 11:30:58 PM | Attr =  H ]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

BM7727fb79.xml -> %SystemRoot%\BM7727fb79.xml ->  [Ver =  | Size = 111606 bytes | Created Date = 8/2/2008 5:24:19 PM | Attr =	]

cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 2123 bytes | Created Date = 8/5/2008 7:55:09 PM | Attr =	]

EHome -> %SystemRoot%\EHome ->  [Folder | Created Date = 8/7/2008 11:30:52 PM | Attr =	]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 8/9/2008 10:24:55 PM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 8/7/2008 11:38:49 PM | Attr =	]

l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 8/7/2008 11:57:19 PM | Attr =	]

network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 8/7/2008 11:41:27 PM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 8/8/2008 12:16:11 AM | Attr =	]

pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Created Date = 8/2/2008 5:24:21 PM | Attr =	]

ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 8/7/2008 11:47:49 PM | Attr =	]

slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/7/2008 10:59:59 PM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Created Date = 8/12/2008 1:38:30 PM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Created Date = 8/6/2008 10:30:31 PM | Attr =	]

PC Tools -> %AllUsersProfile%\Application Data\PC Tools ->  [Folder | Created Date = 8/6/2008 1:01:29 PM | Attr =	]

TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 8/6/2008 1:02:15 PM | Attr =	]

@Alternate Data Stream - 118 bytes -> %AllUsersProfile%\Application Data\TEMP:7E95B6FD

Auslogics -> %AppData%\Auslogics ->  [Folder | Created Date = 8/7/2008 11:42:05 AM | Attr =	]

BitTorrent -> %AppData%\BitTorrent ->  [Folder | Created Date = 8/5/2008 4:52:47 PM | Attr =	]

DNA -> %AppData%\DNA ->  [Folder | Created Date = 8/5/2008 4:52:33 PM | Attr =	]

EuroTalk -> %AppData%\EuroTalk ->  [Folder | Created Date = 8/9/2008 12:54:31 PM | Attr =	]

PC Tools -> %AppData%\PC Tools ->  [Folder | Created Date = 8/6/2008 1:03:38 PM | Attr =	]

Sony Setup -> %AppData%\Sony Setup ->  [Folder | Created Date = 8/2/2008 5:07:17 PM | Attr =	]

BVRP Software -> %UserProfile%\Local Settings\Application Data\BVRP Software ->  [Folder | Created Date = 8/5/2008 4:52:05 PM | Attr =	]

DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Created Date = 8/5/2008 4:52:33 PM | Attr =	]

07-30-2008 03;24;31PM.rtf -> %UserProfile%\My Documents\07-30-2008 03;24;31PM.rtf ->  [Ver =  | Size = 6179 bytes | Created Date = 7/30/2008 3:24:41 PM | Attr =	]

07-30-2008 03;26;28PM.rtf -> %UserProfile%\My Documents\07-30-2008 03;26;28PM.rtf ->  [Ver =  | Size = 6084 bytes | Created Date = 7/30/2008 3:26:38 PM | Attr =	]

ACT.doc -> %UserProfile%\My Documents\ACT.doc ->  [Ver =  | Size = 87040 bytes | Created Date = 7/28/2008 2:03:20 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ACT.doc:Zone.Identifier

ACT2.doc -> %UserProfile%\My Documents\ACT2.doc ->  [Ver =  | Size = 86528 bytes | Created Date = 7/31/2008 11:09:54 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ACT2.doc:Zone.Identifier

algebra I -> %UserProfile%\My Documents\algebra I ->  [Folder | Created Date = 7/30/2008 3:34:13 PM | Attr =	]

Algebra II -> %UserProfile%\My Documents\Algebra II ->  [Folder | Created Date = 8/12/2008 5:51:57 PM | Attr =	]

Chemistry -> %UserProfile%\My Documents\Chemistry ->  [Ver =  | Size = 3924 bytes | Created Date = 7/31/2008 7:39:16 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Chemistry:Zone.Identifier

Chemistry handout for parents.rtf -> %UserProfile%\My Documents\Chemistry handout for parents.rtf ->  [Ver =  | Size = 4034 bytes | Created Date = 8/11/2008 11:51:07 AM | Attr =	]

Intent to Graduate Form.doc -> %UserProfile%\My Documents\Intent to Graduate Form.doc ->  [Ver =  | Size = 1550 bytes | Created Date = 7/29/2008 12:14:08 PM | Attr =	]

Me and pant owning kq0033.avi -> %UserProfile%\My Documents\Me and pant owning kq0033.avi ->  [Ver =  | Size = 44992244 bytes | Created Date = 7/25/2008 8:43:17 PM | Attr =	]

Me and pant owning kq0034.avi -> %UserProfile%\My Documents\Me and pant owning kq0034.avi ->  [Ver =  | Size = 231616700 bytes | Created Date = 7/26/2008 8:21:07 PM | Attr =	]

Me and pant owning kq0035.avi -> %UserProfile%\My Documents\Me and pant owning kq0035.avi ->  [Ver =  | Size = 375490024 bytes | Created Date = 7/28/2008 11:28:34 AM | Attr =	]

Me and pant owning kq0036.avi -> %UserProfile%\My Documents\Me and pant owning kq0036.avi ->  [Ver =  | Size = 115043462 bytes | Created Date = 7/28/2008 8:29:20 PM | Attr =	]

Me and pant owning kq0037.avi -> %UserProfile%\My Documents\Me and pant owning kq0037.avi ->  [Ver =  | Size = 139309426 bytes | Created Date = 7/29/2008 8:15:49 PM | Attr =	]

Me and pant owning kq0038.avi -> %UserProfile%\My Documents\Me and pant owning kq0038.avi ->  [Ver =  | Size = 105492882 bytes | Created Date = 7/29/2008 9:37:52 PM | Attr =	]

Me and pant owning kq0039.avi -> %UserProfile%\My Documents\Me and pant owning kq0039.avi ->  [Ver =  | Size = 24591144 bytes | Created Date = 7/29/2008 10:52:21 PM | Attr =	]

Me and pant owning kq0040.avi -> %UserProfile%\My Documents\Me and pant owning kq0040.avi ->  [Ver =  | Size = 14474748 bytes | Created Date = 7/29/2008 11:09:15 PM | Attr =	]

Me and pant owning kq0041.avi -> %UserProfile%\My Documents\Me and pant owning kq0041.avi ->  [Ver =  | Size = 47594600 bytes | Created Date = 7/31/2008 8:18:24 PM | Attr =	]

Me and pant owning kq0042.avi -> %UserProfile%\My Documents\Me and pant owning kq0042.avi ->  [Ver =  | Size = 281955376 bytes | Created Date = 7/31/2008 8:39:32 PM | Attr =	]

Me and pant owning kq0043.avi -> %UserProfile%\My Documents\Me and pant owning kq0043.avi ->  [Ver =  | Size = 71214 bytes | Created Date = 7/31/2008 10:37:35 PM | Attr =	]

Me and pant owning kq0044.avi -> %UserProfile%\My Documents\Me and pant owning kq0044.avi ->  [Ver =  | Size = 251644740 bytes | Created Date = 7/31/2008 10:37:37 PM | Attr =	]

Me and pant owning kq0045.avi -> %UserProfile%\My Documents\Me and pant owning kq0045.avi ->  [Ver =  | Size = 292513776 bytes | Created Date = 8/1/2008 2:46:00 PM | Attr =	]

Me and pant owning kq0046.avi -> %UserProfile%\My Documents\Me and pant owning kq0046.avi ->  [Ver =  | Size = 29630630 bytes | Created Date = 8/1/2008 8:08:20 PM | Attr =	]

Me and pant owning kq0047.avi -> %UserProfile%\My Documents\Me and pant owning kq0047.avi ->  [Ver =  | Size = 126375112 bytes | Created Date = 8/2/2008 12:29:04 AM | Attr =	]

Me and pant owning kq0048.avi -> %UserProfile%\My Documents\Me and pant owning kq0048.avi ->  [Ver =  | Size = 103775852 bytes | Created Date = 8/2/2008 1:12:43 AM | Attr =	]

Me and pant owning kq0049.avi -> %UserProfile%\My Documents\Me and pant owning kq0049.avi ->  [Ver =  | Size = 58161754 bytes | Created Date = 8/2/2008 8:15:38 PM | Attr =	]

Me and pant owning kq0050.avi -> %UserProfile%\My Documents\Me and pant owning kq0050.avi ->  [Ver =  | Size = 25996216 bytes | Created Date = 8/2/2008 8:46:56 PM | Attr =	]

Me and pant owning kq0051.avi -> %UserProfile%\My Documents\Me and pant owning kq0051.avi ->  [Ver =  | Size = 48979978 bytes | Created Date = 8/2/2008 8:52:57 PM | Attr =	]

Me and pant owning kq0052.avi -> %UserProfile%\My Documents\Me and pant owning kq0052.avi ->  [Ver =  | Size = 32265442 bytes | Created Date = 8/13/2008 12:56:41 PM | Attr =	]

Me and pant owning kq0053.avi -> %UserProfile%\My Documents\Me and pant owning kq0053.avi ->  [Ver =  | Size = 24481496 bytes | Created Date = 8/13/2008 1:34:15 PM | Attr =	]

Me and pant owning kq0054.avi -> %UserProfile%\My Documents\Me and pant owning kq0054.avi ->  [Ver =  | Size = 14675330 bytes | Created Date = 8/14/2008 8:52:49 PM | Attr =	]

Paper about myself.wpd -> %UserProfile%\My Documents\Paper about myself.wpd ->  [Ver =  | Size = 4019 bytes | Created Date = 8/18/2008 4:39:50 PM | Attr =	]

Spanish Disc 1.pdf -> %UserProfile%\My Documents\Spanish Disc 1.pdf ->  [Ver =  | Size = 328250 bytes | Created Date = 8/9/2008 12:23:46 PM | Attr =	]

spider.sav -> %UserProfile%\My Documents\spider.sav ->  [Ver =  | Size = 492 bytes | Created Date = 7/30/2008 10:51:07 AM | Attr =	]

VirtualDJ -> %UserProfile%\My Documents\VirtualDJ ->  [Folder | Created Date = 8/7/2008 12:22:46 PM | Attr =	]

PC Tools AntiVirus.lnk -> %AllUsersProfile%\Desktop\PC Tools AntiVirus.lnk ->  [Ver =  | Size = 661 bytes | Created Date = 8/6/2008 1:01:41 PM | Attr =	]

Talk Now Plus!.lnk -> %AllUsersProfile%\Desktop\Talk Now Plus!.lnk ->  [Ver =  | Size = 1661 bytes | Created Date = 8/11/2008 7:20:41 PM | Attr =	]

AusLogics Disk Defrag.lnk -> %UserProfile%\Desktop\AusLogics Disk Defrag.lnk ->  [Ver =  | Size = 801 bytes | Created Date = 8/7/2008 11:41:57 AM | Attr =	]

dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 8/9/2008 10:22:05 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier

jxpiinstall.exe -> %UserProfile%\Desktop\jxpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 382352 bytes | Created Date = 8/10/2008 9:55:09 PM | Attr =	]

LimeWire 4.18.3.lnk -> %UserProfile%\Desktop\LimeWire 4.18.3.lnk ->  [Ver =  | Size = 1580 bytes | Created Date = 8/6/2008 12:45:33 PM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 8/21/2008 12:22:11 PM | Attr =	]

Apple -> %CommonProgramFiles%\Apple ->  [Folder | Created Date = 8/5/2008 4:53:19 PM | Attr =	]

PC Tools -> %CommonProgramFiles%\PC Tools ->  [Folder | Created Date = 8/6/2008 1:01:38 PM | Attr =	]

Abbyy FineReader 6.0 Sprint -> %ProgramFiles%\Abbyy FineReader 6.0 Sprint ->  [Folder | Created Date = 8/5/2008 4:53:00 PM | Attr =	]

Apple Software Update -> %ProgramFiles%\Apple Software Update ->  [Folder | Created Date = 8/12/2008 1:38:22 PM | Attr =	]

Auslogics -> %ProgramFiles%\Auslogics ->  [Folder | Created Date = 8/7/2008 11:41:55 AM | Attr =	]

AVG -> %ProgramFiles%\AVG ->  [Folder | Created Date = 8/8/2008 3:45:12 PM | Attr =	]

Axife Mouse Recorder DEMO -> %ProgramFiles%\Axife Mouse Recorder DEMO ->  [Folder | Created Date = 8/5/2008 4:52:47 PM | Attr =	]

Bonjour -> %ProgramFiles%\Bonjour ->  [Folder | Created Date = 8/5/2008 4:52:46 PM | Attr =	]

CCleaner -> %ProgramFiles%\CCleaner ->  [Folder | Created Date = 8/5/2008 4:52:43 PM | Attr =	]

EuroTalk -> %ProgramFiles%\EuroTalk ->  [Folder | Created Date = 8/9/2008 12:54:21 PM | Attr =	]

Invoke Solutions -> %ProgramFiles%\Invoke Solutions ->  [Folder | Created Date = 8/5/2008 4:52:27 PM | Attr =	]

LimeWire -> %ProgramFiles%\LimeWire ->  [Folder | Created Date = 8/6/2008 12:45:12 PM | Attr =	]

NetRatingsNetSight -> %ProgramFiles%\NetRatingsNetSight ->  [Folder | Created Date = 8/5/2008 4:51:58 PM | Attr =	]

NetRatingsNetSight(2) -> %ProgramFiles%\NetRatingsNetSight(2) ->  [Folder | Created Date = 8/5/2008 4:19:19 PM | Attr =	]

NetZeroInstallers -> %ProgramFiles%\NetZeroInstallers ->  [Folder | Created Date = 8/5/2008 6:27:39 PM | Attr =	]

PC Tools AntiVirus -> %ProgramFiles%\PC Tools AntiVirus ->  [Folder | Created Date = 8/6/2008 1:01:29 PM | Attr =	]

QuickTime -> %ProgramFiles%\QuickTime ->  [Folder | Created Date = 8/12/2008 1:46:15 PM | Attr =	]

Reference Assemblies -> %ProgramFiles%\Reference Assemblies ->  [Folder | Created Date = 8/2/2008 5:18:59 PM | Attr =	]

Samsung -> %ProgramFiles%\Samsung ->  [Folder | Created Date = 8/5/2008 4:52:35 PM | Attr =	]

Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 8/9/2008 10:28:03 PM | Attr =	]

XviD -> %ProgramFiles%\XviD ->  [Folder | Created Date = 8/5/2008 6:27:35 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Modified Date = 8/7/2008 12:56:10 AM | Attr =  H ]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 8/21/2008 9:44:14 AM | Attr =	]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 8/9/2008 10:23:36 PM | Attr =	]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 526536704 bytes | Modified Date = 8/21/2008 9:15:52 AM | Attr =  HS]

i386 -> %SystemDrive%\i386 ->  [Folder | Modified Date = 8/3/2008 10:14:48 PM | Attr =	]

My Music -> %SystemDrive%\My Music ->  [Folder | Modified Date = 8/7/2008 12:56:47 PM | Attr =	]

ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 8/7/2008 11:40:13 PM | Attr = RHS]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/19/2008 3:11:09 PM | Attr =	]

RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 8/21/2008 9:44:18 AM | Attr =  HS]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/20/2008 1:34:52 PM | Attr =	]

sptd3597.sys -> %SystemRoot%\System32\drivers\sptd3597.sys ->  [Ver =  | Size = 96384 bytes | Modified Date = 8/8/2008 12:14:00 AM | Attr =	]

22509E7438.sys -> %SystemRoot%\System32\22509E7438.sys ->  [Ver =  | Size = 56 bytes | Modified Date = 8/21/2008 9:46:30 AM | Attr = RHS]

bits -> %SystemRoot%\System32\bits ->  [Folder | Modified Date = 8/7/2008 11:57:16 PM | Attr =	]

4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

bvniadbr.ini -> %SystemRoot%\System32\bvniadbr.ini ->  [Ver =  | Size = 1487794 bytes | Modified Date = 8/4/2008 6:22:15 AM | Attr =  HS]

CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 8/12/2008 1:36:32 PM | Attr =	]

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/21/2008 9:39:11 AM | Attr =	]

Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 8/7/2008 11:47:17 PM | Attr =	]

config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 8/10/2008 4:33:19 PM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/19/2008 9:42:53 AM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/21/2008 9:16:33 AM | Attr =	]

DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 8/12/2008 1:34:51 PM | Attr =	]

en -> %SystemRoot%\System32\en ->  [Folder | Modified Date = 8/7/2008 11:57:17 PM | Attr =	]

en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 8/7/2008 11:57:23 PM | Attr =	]

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 356952 bytes | Modified Date = 8/8/2008 12:14:57 AM | Attr =	]

FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 8/21/2008 9:46:48 AM | Attr =	]

gimscejw.ini -> %SystemRoot%\System32\gimscejw.ini ->  [Ver =  | Size = 1487632 bytes | Modified Date = 8/4/2008 2:36:53 AM | Attr =  HS]

gsffbcqo.ini -> %SystemRoot%\System32\gsffbcqo.ini ->  [Ver =  | Size = 1487932 bytes | Modified Date = 8/2/2008 10:12:01 PM | Attr =  HS]

hrmtbgxs.ini -> %SystemRoot%\System32\hrmtbgxs.ini ->  [Ver =  | Size = 1491828 bytes | Modified Date = 8/2/2008 11:32:53 PM | Attr =  HS]

jkkLDVoO.dll -> %SystemRoot%\System32\jkkLDVoO.dll ->  [Ver =  | Size = 25088 bytes | Modified Date = 8/5/2008 12:42:10 PM | Attr =	]

KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys ->  [Ver =  | Size = 4184 bytes | Modified Date = 8/21/2008 9:46:30 AM | Attr =  HS]

kregqian.ini -> %SystemRoot%\System32\kregqian.ini ->  [Ver =  | Size = 1492610 bytes | Modified Date = 8/6/2008 5:30:56 PM | Attr =  HS]

maqejvqs.ini -> %SystemRoot%\System32\maqejvqs.ini ->  [Ver =  | Size = 1492910 bytes | Modified Date = 8/6/2008 10:38:40 PM | Attr =  HS]

MRT.INI -> %SystemRoot%\System32\MRT.INI ->  [Ver =  | Size = 118 bytes | Modified Date = 8/14/2008 1:04:53 AM | Attr =	]

mWDLkRqr.ini -> %SystemRoot%\System32\mWDLkRqr.ini ->  [Ver =  | Size = 417 bytes | Modified Date = 8/7/2008 1:02:29 AM | Attr =  HS]

mWDLkRqr.ini2 -> %SystemRoot%\System32\mWDLkRqr.ini2 ->  [Ver =  | Size = 417 bytes | Modified Date = 8/7/2008 1:00:46 AM | Attr =  HS]

npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 8/7/2008 11:47:29 PM | Attr =	]

oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 8/7/2008 11:46:36 PM | Attr =	]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 82686 bytes | Modified Date = 8/8/2008 12:22:44 AM | Attr =	]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 457282 bytes | Modified Date = 8/8/2008 12:22:45 AM | Attr =	]

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 549732 bytes | Modified Date = 8/8/2008 12:22:44 AM | Attr =	]

ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 8/7/2008 11:38:40 PM | Attr =	]

Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 8/7/2008 11:47:30 PM | Attr =	]

scripting -> %SystemRoot%\System32\scripting ->  [Folder | Modified Date = 8/7/2008 11:57:21 PM | Attr =	]

Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 8/8/2008 12:14:48 AM | Attr =	]

usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 8/7/2008 11:57:23 PM | Attr =	]

venjbgjm.ini -> %SystemRoot%\System32\venjbgjm.ini ->  [Ver =  | Size = 1487794 bytes | Modified Date = 8/4/2008 10:16:48 AM | Attr =  HS]

wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 8/10/2008 4:32:50 PM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 8/21/2008 9:38:00 AM | Attr =	]

°j? -> %SystemRoot%\System32\°jˆ ->  [Ver =  | Size = 89 bytes | Modified Date = 5/30/2008 10:59:54 PM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/14/2008 1:05:11 AM | Attr =  H ]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 8/7/2008 11:38:04 PM | Attr =  H ]

AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 8/8/2008 12:14:48 AM | Attr =	]

assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 8/2/2008 5:52:58 PM | Attr = R S]

BM7727fb79.xml -> %SystemRoot%\BM7727fb79.xml ->  [Ver =  | Size = 111606 bytes | Modified Date = 8/14/2008 2:27:58 PM | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/21/2008 9:15:53 AM | Attr =   S]

cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 137 bytes | Modified Date = 8/4/2008 5:01:12 PM | Attr =	]

cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 2123 bytes | Modified Date = 8/6/2008 5:36:29 PM | Attr =	]

Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 8/9/2008 2:33:32 PM | Attr =	]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 8/10/2008 3:42:30 PM | Attr =   S]

EHome -> %SystemRoot%\EHome ->  [Folder | Modified Date = 8/7/2008 11:30:52 PM | Attr =	]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 8/9/2008 10:24:55 PM | Attr =	]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 8/19/2008 3:11:05 PM | Attr = R S]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 8/18/2008 5:00:25 PM | Attr =	]

ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 8/7/2008 11:58:06 PM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/14/2008 1:05:14 AM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/19/2008 12:54:45 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/21/2008 9:44:15 AM | Attr =  HS]

l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Modified Date = 8/7/2008 11:57:20 PM | Attr =	]

Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 8/2/2008 5:52:23 PM | Attr =	]

Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 8/14/2008 11:25:23 PM | Attr =	]

msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 8/7/2008 11:47:27 PM | Attr =	]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 7/31/2008 5:24:28 AM | Attr =	]

network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 8/7/2008 11:58:09 PM | Attr =	]

PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 8/7/2008 11:57:16 PM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/21/2008 12:23:25 PM | Attr =	]

pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Modified Date = 8/14/2008 4:43:57 PM | Attr =	]

QTW.INI -> %SystemRoot%\QTW.INI ->  [Ver =  | Size = 190 bytes | Modified Date = 8/1/2008 6:42:44 PM | Attr =	]

Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 8/10/2008 4:32:49 PM | Attr =	]

security -> %SystemRoot%\security ->  [Folder | Modified Date = 8/8/2008 12:07:09 AM | Attr =	]

ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Modified Date = 8/7/2008 11:58:23 PM | Attr =	]

srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 8/7/2008 11:47:24 PM | Attr =	]

system -> %SystemRoot%\system ->  [Folder | Modified Date = 8/7/2008 11:46:25 PM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/21/2008 9:46:33 AM | Attr =	]

Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 8/21/2008 9:19:00 AM | Attr =   S]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/21/2008 12:23:10 PM | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 776 bytes | Modified Date = 8/19/2008 4:43:43 PM | Attr =	]

WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 8/7/2008 11:58:49 PM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 8/12/2008 1:38:31 PM | Attr =	]

MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 8/21/2008 9:19:01 AM | Attr =  H ]

Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job ->  [Ver =  | Size = 410 bytes | Modified Date = 8/20/2008 6:00:00 PM | Attr =	]

RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 374 bytes | Modified Date = 7/31/2008 4:45:26 AM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/21/2008 9:15:59 AM | Attr =  H ]

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 7/13/2006 4:23:18 PM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 8/19/2008 4:00:22 PM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5481 bytes | Modified Date = 8/19/2008 4:00:22 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 2/1/2007 12:08:21 PM | Attr =	]

opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8440 bytes | Modified Date = 8/11/2008 11:51:17 AM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0 ->  [Folder | Modified Date = 9/16/2007 12:59:12 PM | Attr =	]

VCExpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0\VCExpress000223.dat ->  [Ver =  | Size = 677178 bytes | Modified Date = 9/16/2007 12:58:52 PM | Attr =  H ]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

AOL -> %AllUsersProfile%\Application Data\AOL ->  [Folder | Modified Date = 8/5/2008 6:09:20 PM | Attr =	]

Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Modified Date = 8/12/2008 1:46:03 PM | Attr =	]

avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Modified Date = 8/8/2008 3:24:10 PM | Attr =	]

Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help ->  [Folder | Modified Date = 8/5/2008 4:51:52 PM | Attr =	]

PC Tools -> %AllUsersProfile%\Application Data\PC Tools ->  [Folder | Modified Date = 8/6/2008 1:03:18 PM | Attr =	]

TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 8/21/2008 9:40:40 AM | Attr =	]

@Alternate Data Stream - 118 bytes -> %AllUsersProfile%\Application Data\TEMP:7E95B6FD

yahoo! -> %AllUsersProfile%\Application Data\yahoo! ->  [Folder | Modified Date = 8/7/2008 11:53:47 AM | Attr = RH ]

AdobeUM -> %AppData%\AdobeUM ->  [Folder | Modified Date = 8/11/2008 5:28:39 PM | Attr =	]

Auslogics -> %AppData%\Auslogics ->  [Folder | Modified Date = 8/7/2008 11:42:05 AM | Attr =	]

BitTorrent -> %AppData%\BitTorrent ->  [Folder | Modified Date = 8/6/2008 3:58:52 PM | Attr =	]

DNA -> %AppData%\DNA ->  [Folder | Modified Date = 8/21/2008 12:19:18 PM | Attr =	]

dvdcss -> %AppData%\dvdcss ->  [Folder | Modified Date = 8/7/2008 1:23:33 PM | Attr =	]

EuroTalk -> %AppData%\EuroTalk ->  [Folder | Modified Date = 8/9/2008 12:56:37 PM | Attr =	]

LimeWire -> %AppData%\LimeWire ->  [Folder | Modified Date = 8/20/2008 11:59:00 PM | Attr =	]

mIRC -> %AppData%\mIRC ->  [Folder | Modified Date = 8/10/2008 4:32:11 PM | Attr =	]

PC Tools -> %AppData%\PC Tools ->  [Folder | Modified Date = 8/6/2008 1:03:38 PM | Attr =	]

Sony Setup -> %AppData%\Sony Setup ->  [Folder | Modified Date = 8/2/2008 5:07:58 PM | Attr =	]

Yahoo! -> %AppData%\Yahoo! ->  [Folder | Modified Date = 8/7/2008 11:53:47 AM | Attr =	]

Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Modified Date = 8/12/2008 10:27:11 PM | Attr =	]

BVRP Software -> %UserProfile%\Local Settings\Application Data\BVRP Software ->  [Folder | Modified Date = 8/11/2008 11:53:11 AM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 102912 bytes | Modified Date = 7/30/2008 7:03:01 PM | Attr =	]

DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Modified Date = 8/5/2008 4:52:33 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 96672 bytes | Modified Date = 8/8/2008 12:22:27 AM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 2112198 bytes | Modified Date = 8/8/2008 12:12:34 AM | Attr =  H ]

07-30-2008 03;24;31PM.rtf -> %UserProfile%\My Documents\07-30-2008 03;24;31PM.rtf ->  [Ver =  | Size = 6179 bytes | Modified Date = 7/30/2008 3:24:42 PM | Attr =	]

07-30-2008 03;26;28PM.rtf -> %UserProfile%\My Documents\07-30-2008 03;26;28PM.rtf ->  [Ver =  | Size = 6084 bytes | Modified Date = 7/30/2008 3:26:38 PM | Attr =	]

ACT.doc -> %UserProfile%\My Documents\ACT.doc ->  [Ver =  | Size = 87040 bytes | Modified Date = 7/28/2008 2:03:25 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ACT.doc:Zone.Identifier

ACT2.doc -> %UserProfile%\My Documents\ACT2.doc ->  [Ver =  | Size = 86528 bytes | Modified Date = 7/31/2008 11:09:54 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ACT2.doc:Zone.Identifier

AdobeStockPhotos -> %UserProfile%\My Documents\AdobeStockPhotos ->  [Folder | Modified Date = 8/12/2008 12:33:02 PM | Attr =	]

algebra I -> %UserProfile%\My Documents\algebra I ->  [Folder | Modified Date = 8/19/2008 4:43:44 PM | Attr =	]

Algebra II -> %UserProfile%\My Documents\Algebra II ->  [Folder | Modified Date = 8/18/2008 5:04:23 PM | Attr =	]

Caleb's Phone Videos -> %UserProfile%\My Documents\Caleb's Phone Videos ->  [Folder | Modified Date = 8/18/2008 5:03:08 PM | Attr =	]

Chemistry -> %UserProfile%\My Documents\Chemistry ->  [Ver =  | Size = 3924 bytes | Modified Date = 7/31/2008 7:39:18 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Chemistry:Zone.Identifier

Chemistry handout for parents.rtf -> %UserProfile%\My Documents\Chemistry handout for parents.rtf ->  [Ver =  | Size = 4034 bytes | Modified Date = 8/11/2008 11:54:04 AM | Attr =	]

Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 8/7/2008 12:31:27 PM | Attr =	]

Intent to Graduate Form.doc -> %UserProfile%\My Documents\Intent to Graduate Form.doc ->  [Ver =  | Size = 1550 bytes | Modified Date = 7/29/2008 12:28:00 PM | Attr =	]

Me and pant owning kq0033.avi -> %UserProfile%\My Documents\Me and pant owning kq0033.avi ->  [Ver =  | Size = 44992244 bytes | Modified Date = 7/25/2008 10:14:40 PM | Attr =	]

Me and pant owning kq0034.avi -> %UserProfile%\My Documents\Me and pant owning kq0034.avi ->  [Ver =  | Size = 231616700 bytes | Modified Date = 7/26/2008 9:36:40 PM | Attr =	]

Me and pant owning kq0035.avi -> %UserProfile%\My Documents\Me and pant owning kq0035.avi ->  [Ver =  | Size = 375490024 bytes | Modified Date = 7/28/2008 12:08:07 PM | Attr =	]

Me and pant owning kq0036.avi -> %UserProfile%\My Documents\Me and pant owning kq0036.avi ->  [Ver =  | Size = 115043462 bytes | Modified Date = 7/28/2008 9:42:47 PM | Attr =	]

Me and pant owning kq0037.avi -> %UserProfile%\My Documents\Me and pant owning kq0037.avi ->  [Ver =  | Size = 139309426 bytes | Modified Date = 7/29/2008 9:09:40 PM | Attr =	]

Me and pant owning kq0038.avi -> %UserProfile%\My Documents\Me and pant owning kq0038.avi ->  [Ver =  | Size = 105492882 bytes | Modified Date = 7/29/2008 9:57:47 PM | Attr =	]

Me and pant owning kq0039.avi -> %UserProfile%\My Documents\Me and pant owning kq0039.avi ->  [Ver =  | Size = 24591144 bytes | Modified Date = 7/29/2008 11:09:13 PM | Attr =	]

Me and pant owning kq0040.avi -> %UserProfile%\My Documents\Me and pant owning kq0040.avi ->  [Ver =  | Size = 14474748 bytes | Modified Date = 7/29/2008 11:21:53 PM | Attr =	]

Me and pant owning kq0041.avi -> %UserProfile%\My Documents\Me and pant owning kq0041.avi ->  [Ver =  | Size = 47594600 bytes | Modified Date = 7/31/2008 8:38:31 PM | Attr =	]

Me and pant owning kq0042.avi -> %UserProfile%\My Documents\Me and pant owning kq0042.avi ->  [Ver =  | Size = 281955376 bytes | Modified Date = 7/31/2008 9:39:56 PM | Attr =	]

Me and pant owning kq0043.avi -> %UserProfile%\My Documents\Me and pant owning kq0043.avi ->  [Ver =  | Size = 71214 bytes | Modified Date = 7/31/2008 10:37:35 PM | Attr =	]

Me and pant owning kq0044.avi -> %UserProfile%\My Documents\Me and pant owning kq0044.avi ->  [Ver =  | Size = 251644740 bytes | Modified Date = 7/31/2008 11:51:47 PM | Attr =	]

Me and pant owning kq0045.avi -> %UserProfile%\My Documents\Me and pant owning kq0045.avi ->  [Ver =  | Size = 292513776 bytes | Modified Date = 8/1/2008 4:24:21 PM | Attr =	]

Me and pant owning kq0046.avi -> %UserProfile%\My Documents\Me and pant owning kq0046.avi ->  [Ver =  | Size = 29630630 bytes | Modified Date = 8/1/2008 8:51:03 PM | Attr =	]

Me and pant owning kq0047.avi -> %UserProfile%\My Documents\Me and pant owning kq0047.avi ->  [Ver =  | Size = 126375112 bytes | Modified Date = 8/2/2008 12:57:49 AM | Attr =	]

Me and pant owning kq0048.avi -> %UserProfile%\My Documents\Me and pant owning kq0048.avi ->  [Ver =  | Size = 103775852 bytes | Modified Date = 8/2/2008 1:35:12 AM | Attr =	]

Me and pant owning kq0049.avi -> %UserProfile%\My Documents\Me and pant owning kq0049.avi ->  [Ver =  | Size = 58161754 bytes | Modified Date = 8/2/2008 8:35:17 PM | Attr =	]

Me and pant owning kq0050.avi -> %UserProfile%\My Documents\Me and pant owning kq0050.avi ->  [Ver =  | Size = 25996216 bytes | Modified Date = 8/2/2008 8:52:55 PM | Attr =	]

Me and pant owning kq0051.avi -> %UserProfile%\My Documents\Me and pant owning kq0051.avi ->  [Ver =  | Size = 48979978 bytes | Modified Date = 8/2/2008 9:08:56 PM | Attr =	]

Me and pant owning kq0052.avi -> %UserProfile%\My Documents\Me and pant owning kq0052.avi ->  [Ver =  | Size = 32265442 bytes | Modified Date = 8/13/2008 1:34:13 PM | Attr =	]

Me and pant owning kq0053.avi -> %UserProfile%\My Documents\Me and pant owning kq0053.avi ->  [Ver =  | Size = 24481496 bytes | Modified Date = 8/13/2008 1:49:55 PM | Attr =	]

Me and pant owning kq0054.avi -> %UserProfile%\My Documents\Me and pant owning kq0054.avi ->  [Ver =  | Size = 14675330 bytes | Modified Date = 8/14/2008 9:00:20 PM | Attr =	]

My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 8/12/2008 3:18:26 PM | Attr =	]

My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 8/13/2008 12:29:34 PM | Attr =	]

My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Modified Date = 8/10/2008 12:16:02 AM | Attr =	]

My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 7/30/2008 3:42:06 PM | Attr =	]

Paper about myself.wpd -> %UserProfile%\My Documents\Paper about myself.wpd ->  [Ver =  | Size = 4019 bytes | Modified Date = 8/19/2008 2:50:39 PM | Attr =	]

Spanish Disc 1.pdf -> %UserProfile%\My Documents\Spanish Disc 1.pdf ->  [Ver =  | Size = 328250 bytes | Modified Date = 8/9/2008 12:23:46 PM | Attr =	]

spider.sav -> %UserProfile%\My Documents\spider.sav ->  [Ver =  | Size = 492 bytes | Modified Date = 8/10/2008 4:28:37 PM | Attr =	]

VirtualDJ -> %UserProfile%\My Documents\VirtualDJ ->  [Folder | Modified Date = 8/19/2008 3:11:05 PM | Attr =	]

Norton Security Scan.lnk -> %AllUsersProfile%\Desktop\Norton Security Scan.lnk ->  [Ver =  | Size = 2185 bytes | Modified Date = 8/5/2008 7:59:25 PM | Attr =	]

PC Tools AntiVirus.lnk -> %AllUsersProfile%\Desktop\PC Tools AntiVirus.lnk ->  [Ver =  | Size = 661 bytes | Modified Date = 8/6/2008 1:01:41 PM | Attr =	]

Talk Now Plus!.lnk -> %AllUsersProfile%\Desktop\Talk Now Plus!.lnk ->  [Ver =  | Size = 1661 bytes | Modified Date = 8/11/2008 7:20:41 PM | Attr =	]

AusLogics Disk Defrag.lnk -> %UserProfile%\Desktop\AusLogics Disk Defrag.lnk ->  [Ver =  | Size = 801 bytes | Modified Date = 8/7/2008 11:41:57 AM | Attr =	]

dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 8/9/2008 10:22:15 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier

jxpiinstall.exe -> %UserProfile%\Desktop\jxpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 382352 bytes | Modified Date = 8/10/2008 9:55:06 PM | Attr =	]

LimeWire 4.18.3.lnk -> %UserProfile%\Desktop\LimeWire 4.18.3.lnk ->  [Ver =  | Size = 1580 bytes | Modified Date = 8/6/2008 12:45:33 PM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 8/21/2008 12:25:04 PM | Attr =	]

Webshots.lnk -> %UserProfile%\Start Menu\Programs\Startup\Webshots.lnk ->  [Ver =  | Size = 676 bytes | Modified Date = 8/12/2008 12:41:28 PM | Attr =	]

AOL -> %CommonProgramFiles%\AOL ->  [Folder | Modified Date = 8/5/2008 6:27:30 PM | Attr =	]

aolshare -> %CommonProgramFiles%\aolshare ->  [Folder | Modified Date = 8/5/2008 6:12:42 PM | Attr =	]

Apple -> %CommonProgramFiles%\Apple ->  [Folder | Modified Date = 8/5/2008 4:53:19 PM | Attr =	]

PC Tools -> %CommonProgramFiles%\PC Tools ->  [Folder | Modified Date = 8/6/2008 1:01:38 PM | Attr =	]

Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 8/6/2008 12:37:51 PM | Attr =	]

System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 8/7/2008 11:47:03 PM | Attr =	]



[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]



[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s0"=dword:b3f37c22

"s1"=dword:525c53eb

"s2"=dword:d2a48946

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:25,ac,f1,e5,ce,19,07,1d,06,03,ab,e3,89,7f,e8,3b,ab,89,39,ba,d6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:25,ac,f1,e5,ce,19,07,1d,06,03,ab,e3,89,7f,e8,3b,ab,89,39,ba,d6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:25,ac,f1,e5,ce,19,07,1d,06,03,ab,e3,89,7f,e8,3b,ab,89,39,ba,d6,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

< Document and Settings folder & sub folders >

scanning hidden files ...

IPC error: 2 The system cannot find the file specified.

C:\Documents and Settings\All Users\Application Data\Symantec\hpc:468323563 61 bytes

C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD 118 bytes

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\Favorites\Freewebs Site Builder - Kate's Dream.url:favicon 1406 bytes

C:\Documents and Settings\Danny1\Favorites\Caution - the fake job scam..url:favicon 1406 bytes

C:\Documents and Settings\Danny1\Favorites\Christianity.com.url:favicon 1150 bytes

C:\Documents and Settings\Danny1\Favorites\RuneScape - the massive online adventure game by Jagex Ltd.url:favicon 1150 bytes

C:\Documents and Settings\Danny1\Favorites\Special Deals!.url:favicon 3638 bytes

C:\Documents and Settings\Danny1\Favorites\Welcome to Pro-Tech Auto Auction!.url:favicon 1406 bytes

C:\Documents and Settings\Danny1\Favorites\YouTube - The Mom Song Sung to William Tell Overture with Lyrics.url:favicon 1150 bytes

C:\Documents and Settings\Danny1\Favorites\Learn Spanish A Free Online Grammar Tutorial.url:favicon 318 bytes

C:\Documents and Settings\Danny1\Favorites\National Weather Service Forecast Office - Nashville, Tennessee.url:favicon 318 bytes

C:\Documents and Settings\Danny1\My Documents\My Videos\Creativity Fun Packs\Video Titles and End Credits\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Videos\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\Smash Mouth\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\The Greatest Hits\P.O.D\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\The Greatest Hits\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\Danny's Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\Dowloaded\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\Downloaded LM\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\The Strokes - Is this It\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\iTunes\iTunes Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\iTunes\Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\iTunes\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\PLAYLIST\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\Poodle Hat\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Music\Poodle Hat\Weird Al\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\2008_01_03\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\2008_01_04\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\2008_01_06\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\Camp 08\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\July Stuff\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\June Stuff\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\March Stuff\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\May Stuff\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\Picts with Camera\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\April stuff\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Pictures\August STuff 08\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Danny1\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes

scan completed successfully

hidden files: 75



< End of report >


#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:36 PM

Posted 23 August 2008 - 08:21 AM

Hello dudewithout,

While I am making a fix, please also run Kaspersky online scan following my instructions in previous post and post back here with the report.

Regards
SNOWHITE
Posted Image

#5 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:36 PM

Posted 06 September 2008 - 07:51 PM

dudewithout, do you still need help ?
SNOWHITE
Posted Image

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:36 PM

Posted 21 September 2008 - 04:14 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users