Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Windows Security Alert Pop-up


  • Please log in to reply
9 replies to this topic

#1 atv76

atv76

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 22 August 2008 - 10:23 PM

Hi, I have been having problems with the fake windows security alert window popping up. i have tried many anti-virus software but unsuccessful.

This is my result from Malwarebytes;

Malwarebytes' Anti-Malware 1.25
Database version: 1076
Windows 5.1.2600 Service Pack 2

11:14:05 PM 8/22/2008
mbam-log-08-22-2008 (23-14-05).txt

Scan type: Quick Scan
Objects scanned: 55084
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:33 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wxqlmpmn.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\WTY\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PicasaNet] "C:\Documents and Settings\Wee Tang Yee\My Documents\Meiyen\Pictures\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EnChkDb] C:\WINDOWS\system32\wbybohyz.exe
O4 - HKCU\..\Run: [SmartMonEn] C:\WINDOWS\system32\wxqlmpmn.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\Policies\Explorer\Run: [B1OZAADLI0] C:\Documents and Settings\All Users\Application Data\uzityven\cbwpened.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127787423232
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14157 bytes


Appreciate any help i can get.

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:04 PM

Posted 24 August 2008 - 11:50 AM

Hello atv76

Welcome to BleepingComputer :thumbsup:
========================
download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Edited by kahdah, 24 August 2008 - 12:11 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 atv76

atv76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 25 August 2008 - 10:47 PM

Thanks for your attention.

Here's what i got:

OTScanIt logfile created on: 8/25/2008 11:27:58 PM
OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Documents and Settings\WTY\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.92 Mb Total Physical Memory | 308.83 Mb Available Physical Memory | 60.45% Memory free
1.30 Gb Paging File | 0.93 Gb Available in Paging File | 71.85% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.99 Gb Total Space | 16.76 Gb Free Space | 23.94% Space Free | Partition Type: NTFS
Drive D: | 443.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM-9CA14E6390D
Current User Name: WTY
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %SystemRoot%\system32\ibmpmsvc.exe ->  [Ver =  | Size = 57344 bytes | Modified Date = 2/26/2004 2:26:00 AM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe ->  [Ver =  | Size = 397312 bytes | Modified Date = 2/11/2004 12:40:48 AM | Attr =	]
s24evmon.exe -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation  [Ver = 8, 0, 0, 164 | Size = 311363 bytes | Modified Date = 2/9/2004 12:39:16 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr =	]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 9:01:00 PM | Attr =	]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 11/10/2007 2:04:07 PM | Attr =	]
rrpcsb.exe -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ->  [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 3/19/2004 4:21:10 PM | Attr =	]
mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 8/18/2004 9:00:00 AM | Attr =	]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 8/18/2004 9:00:00 AM | Attr =	]
qconsvc.exe -> %SystemRoot%\system32\QCONSVC.EXE -> IBM Corp. [Ver = 3, 2, 0, 0 | Size = 73728 bytes | Modified Date = 5/19/2004 4:21:00 AM | Attr =	]
regsrvc.exe -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 164 | Size = 122880 bytes | Modified Date = 2/9/2004 12:38:44 PM | Attr =	]
tpkmpsvc.exe -> %SystemRoot%\system32\TpKmpSvc.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 7/11/2003 9:19:22 PM | Attr =	]
uaservice7.exe -> %SystemRoot%\system32\UAService7.exe ->  [Ver =  | Size = 126976 bytes | Modified Date = 5/9/2005 5:18:39 AM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe ->  [Ver =  | Size = 397312 bytes | Modified Date = 2/11/2004 12:40:48 AM | Attr =	]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ->  [Ver =  | Size = 94208 bytes | Modified Date = 3/10/2004 1:10:40 PM | Attr =	]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ->  [Ver =  | Size = 77824 bytes | Modified Date = 3/10/2004 1:10:44 PM | Attr =	]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.10 08Apr04 | Size = 110592 bytes | Modified Date = 4/8/2004 7:12:06 PM | Attr =	]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> IBM Corporation [Ver = 1.06 | Size = 65536 bytes | Modified Date = 1/10/2002 6:01:34 PM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.10 08Apr04 | Size = 512000 bytes | Modified Date = 4/8/2004 7:11:26 PM | Attr =	]
qcwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE -> IBM Corp. [Ver = 3, 2, 0, 0 | Size = 53248 bytes | Modified Date = 5/19/2004 4:21:00 AM | Attr =	]
searchsettings.exe -> %ProgramFiles%\Search Settings\SearchSettings.exe -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1069920 bytes | Modified Date = 12/6/2007 12:58:18 PM | Attr =	]
searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc [Ver = 2008, 5, 29, 1 | Size = 111856 bytes | Modified Date = 6/26/2008 7:01:12 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 11/10/2007 2:04:15 PM | Attr =	]
wxqlmpmn.exe -> %SystemRoot%\system32\wxqlmpmn.exe ->  [Ver =  | Size = 77824 bytes | Modified Date = 8/19/2008 6:19:35 PM | Attr =	]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 5:06:00 AM | Attr = R  ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 9/16/2003 8:19:24 AM | Attr =	]
wincinemamgr.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.1 | Size = 184320 bytes | Modified Date = 12/18/2003 10:29:04 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 532264 bytes | Modified Date = 7/10/2008 10:51:22 AM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe ->  [Ver =  | Size = 397312 bytes | Modified Date = 2/11/2004 12:40:48 AM | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 9:01:00 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 11/10/2007 2:04:07 PM | Attr =	]
(IBM Rapid Restore Ultra Service) IBM Rapid Restore Ultra Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ->  [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 3/19/2004 4:21:10 PM | Attr =	]
(IBMPMSVC) IBM PM Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ibmpmsvc.exe ->  [Ver =  | Size = 57344 bytes | Modified Date = 2/26/2004 2:26:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 532264 bytes | Modified Date = 7/10/2008 10:51:22 AM | Attr =	]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 8/6/2004 4:50:00 AM | Attr =	]
(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 8/18/2004 9:00:00 AM | Attr =	]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 8/18/2004 9:00:00 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\hpzipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 2/26/2004 2:18:00 AM | Attr =	]
(PsaSrv) IBM PSA Access Driver Control [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\PsaSrv.exe -> File not found
(QCONSVC) QCONSVC [Win32_Own | Auto | Running] -> %SystemRoot%\system32\QCONSVC.EXE -> IBM Corp. [Ver = 3, 2, 0, 0 | Size = 73728 bytes | Modified Date = 5/19/2004 4:21:00 AM | Attr =	]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 164 | Size = 122880 bytes | Modified Date = 2/9/2004 12:38:44 PM | Attr =	]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation  [Ver = 8, 0, 0, 164 | Size = 311363 bytes | Modified Date = 2/9/2004 12:39:16 PM | Attr =	]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TpKmpSvc.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 7/11/2003 9:19:22 PM | Attr =	]
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %SystemRoot%\system32\UAService7.exe ->  [Ver =  | Size = 126976 bytes | Modified Date = 5/9/2005 5:18:39 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 3:20:04 PM | Attr =	]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.36 | Size = 100384 bytes | Modified Date = 10/23/2003 2:17:10 PM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 4:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 2:07:42 AM | Attr =	]
(ANC) ANC [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ANC.sys -> IBM Corp. [Ver = 8.3 | Size = 11520 bytes | Modified Date = 5/19/2004 4:21:00 AM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 4:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 4:51:58 PM | Attr =	]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6422 | Size = 672256 bytes | Modified Date = 2/11/2004 12:42:18 AM | Attr =	]
(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> D:\INSTAL~E\Core\BVRPMPR5.SYS -> File not found
(CmdIde) CmdIde [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 4:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 4:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 2:07:17 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 2:07:16 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94c | Size = 87168 bytes | Modified Date = 8/17/2004 4:21:00 AM | Attr =	]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.45a | Size = 40448 bytes | Modified Date = 7/14/2004 3:56:00 AM | Attr =	]
(E1000) Intel(R) PRO/1000 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e1000325.sys -> Intel Corporation [Ver = 7.2.17.0 built by: WinDDK | Size = 125952 bytes | Modified Date = 8/14/2003 5:46:48 PM | Attr =	]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 3:12:10 PM | Attr =	]
(Eacfilt) Eacfilt Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\eacfilt.sys -> Nortel Networks [Ver = 4.60.0.0 | Size = 9433 bytes | Modified Date = 3/28/2003 2:37:10 PM | Attr =	]
(EGATHDRV) IBM Access Support [Kernel | Auto | Running] -> %SystemRoot%\system32\egathdrv.sys -> IBM Corporation [Ver = 2.05 | Size = 11712 bytes | Modified Date = 6/29/2006 5:11:08 PM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpzid412.sys -> HP [Ver = 7, 0, 0, 0 | Size = 51056 bytes | Modified Date = 2/26/2004 2:18:00 AM | Attr = R  ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 7, 0, 0, 0 | Size = 16496 bytes | Modified Date = 2/26/2004 2:18:00 AM | Attr = R  ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 7, 0, 0, 0 | Size = 21488 bytes | Modified Date = 2/26/2004 2:18:02 AM | Attr =	]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.02.02.00 | Size = 197888 bytes | Modified Date = 1/21/2004 3:02:14 PM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.02.02.00 | Size = 1041152 bytes | Modified Date = 1/21/2004 2:57:58 PM | Attr =	]
(ibmfilter) ibmfilter [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ibmfilter.sys -> IBM [Ver = 3.00 built by: WinDDK | Size = 63872 bytes | Modified Date = 3/19/2004 3:05:36 PM | Attr =	]
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ibmpmdrv.sys -> IBM Corp. [Ver = 1.26 | Size = 11344 bytes | Modified Date = 2/26/2004 2:26:00 AM | Attr =	]
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %SystemRoot%\system32\drivers\IBMBLDID.SYS ->  [Ver =  | Size = 2295 bytes | Modified Date = 5/19/2004 4:21:00 AM | Attr =	]
(IPSECEXT) Nortel Extranet Access Protocol [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\ipsecw2k.sys -> Nortel Networks [Ver = 4.10 | Size = 115008 bytes | Modified Date = 3/28/2003 2:36:48 PM | Attr =	]
(IPSECSHM) Nortel IPSECSHM Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ipsecw2k.sys -> Nortel Networks [Ver = 4.10 | Size = 115008 bytes | Modified Date = 3/28/2003 2:36:48 PM | Attr =	]
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Modified Date = 8/4/2004 1:41:35 AM | Attr =	]
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.2.1.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.2.1.0 | Size = 14037 bytes | Modified Date = 7/16/2004 4:13:28 PM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 4:48:08 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 4:52:12 PM | Attr =	]
(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 108256 bytes | Modified Date = 8/18/2004 9:00:00 AM | Attr =	]
(NaiAvTdi1) NaiAvTdi1 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 58016 bytes | Modified Date = 8/18/2004 9:00:00 AM | Attr =	]
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/4/2004 2:00:50 AM | Attr =	]
(PD0620VID) Creative WebCam Instant [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\P0620Vid.sys -> Creative Technology Ltd. [Ver = 1.00.01.00 | Size = 90700 bytes | Modified Date = 4/16/2004 2:20:14 AM | Attr = R  ]
(Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 9/19/2003 4:47:00 AM | Attr =	]
(PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PfModNT.sys -> Creative Technology Ltd. [Ver = 3.0.0.3 | Size = 15840 bytes | Modified Date = 3/5/2003 12:19:28 PM | Attr =	]
(psadd) IBM PSA Access Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\psadd.sys -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 13312 bytes | Modified Date = 7/16/2004 4:28:54 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.28a | Size = 20640 bytes | Modified Date = 3/23/2005 6:15:57 PM | Attr =	]
(QCNDISIF) QCNDISIF [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\qcndisif.sys -> IBM Corporation. [Ver = 1. 0. 0. 0 | Size = 12288 bytes | Modified Date = 5/19/2004 4:21:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 4:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 4:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 4:52:18 PM | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 1, 0, 0, 0 | Size = 11258 bytes | Modified Date = 9/15/2003 1:20:18 PM | Attr =	]
(S3SSavage) S3SSavage [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s3ssavm.sys -> S3 Graphics, Inc. [Ver = 6.13.10.1236-12.90.36 | Size = 95104 bytes | Modified Date = 11/1/2001 6:57:14 AM | Attr =	]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS ->  SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 5/28/2008 10:33:38 AM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr =	]
(ShockMgr) ShockMgr [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\ShockMgr.sys -> IBM Corporation [Ver = 1.20.00 | Size = 4433 bytes | Modified Date = 12/15/2003 8:29:10 PM | Attr =	]
(Shockprf) Shockprf [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\shockprf.sys -> IBM Corporation [Ver = 1.20.00 | Size = 58568 bytes | Modified Date = 12/17/2003 4:50:10 PM | Attr =	]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 2:07:42 AM | Attr =	]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3624 | Size = 578432 bytes | Modified Date = 10/27/2003 5:09:06 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 5:07:44 PM | Attr =	]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 12:29:04 PM | Attr =	]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 12:28:50 PM | Attr =	]
(StMp3Rec) Player Recovery Device Control Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\StMp3Rec.sys -> Generic [Ver = 1, 521, 0, 139 | Size = 38422 bytes | Modified Date = 8/16/2005 11:23:10 AM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 5:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 5:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 5:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 5:07:42 PM | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.10 08Apr04 | Size = 270320 bytes | Modified Date = 4/8/2004 7:07:22 PM | Attr =	]
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TDSMAPI.SYS ->  [Ver =  | Size = 8831 bytes | Modified Date = 10/24/2003 4:35:00 AM | Attr =	]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %SystemRoot%\System32\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 16195 bytes | Modified Date = 3/10/2004 11:10:32 AM | Attr =	]
(TPPWR) TPPWR [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TPPWR.SYS -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 15360 bytes | Modified Date = 12/25/2003 4:36:00 AM | Attr =	]
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TSMAPIP.SYS ->  [Ver =  | Size = 7168 bytes | Modified Date = 12/18/2003 5:30:00 AM | Attr =	]
(TwoTrack) IBM PS/2 TrackPoint Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 8/17/2001 4:48:14 PM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 4:52:22 PM | Attr =	]
(w22n51) Intel(R) PRO/Wireless 2200 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w22n51.sys -> Intel® Corporation [Ver = 80012-20000 Driver | Size = 1657344 bytes | Modified Date = 3/8/2004 5:43:10 AM | Attr =	]
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.37 Driver | Size = 2210048 bytes | Modified Date = 7/25/2007 6:44:28 PM | Attr =	]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.02.02.00 built by: WinDDK | Size = 675840 bytes | Modified Date = 1/21/2004 2:59:34 PM | Attr =	]
(EntDrv51) EntDrv51 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\entdrv51.sys -> Network Associates, Inc [Ver = 8.0.0.240 | Size = 8320 bytes | Modified Date = 8/18/2004 9:00:00 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =	]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr =	]
ATIModeChange -> %SystemRoot%\system32\Ati2mdxx.exe [Ati2mdxx.exe] -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 9/4/2001 7:24:26 PM | Attr =	]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> ATI Technologies, Inc. [Ver = 6.14.10.5093 | Size = 335872 bytes | Modified Date = 2/11/2004 12:10:00 AM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr =	]
PicasaNet -> %UserProfile%\My Documents\MY\Pictures\Hello\Hello.exe ["C:\Documents and Settings\WTY\My Documents\MY\Pictures\Hello\Hello.exe" -b] -> File not found
QCWLICON -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE [C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE] -> IBM Corp. [Ver = 3, 2, 0, 0 | Size = 53248 bytes | Modified Date = 5/19/2004 4:21:00 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr =	]
SearchSettings -> %ProgramFiles%\Search Settings\SearchSettings.exe [C:\Program Files\Search Settings\SearchSettings.exe] -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1069920 bytes | Modified Date = 12/6/2007 12:58:18 PM | Attr =	]
SemanticInsight -> %ProgramFiles%\RXToolBar\Semantic Insight\SemanticInsight.exe [C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe] -> File not found
SNM -> %ProgramFiles%\SpyNoMore\SNM.exe [C:\Program Files\SpyNoMore\SNM.exe /startup] -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.5.17.10 08Apr04 | Size = 512000 bytes | Modified Date = 4/8/2004 7:11:26 PM | Attr =	]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.5.17.10 08Apr04 | Size = 110592 bytes | Modified Date = 4/8/2004 7:12:06 PM | Attr =	]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe] ->  [Ver =  | Size = 94208 bytes | Modified Date = 3/10/2004 1:10:40 PM | Attr =	]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> Yahoo! Inc [Ver = 2008, 5, 29, 1 | Size = 111856 bytes | Modified Date = 6/26/2008 7:01:12 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
CPQHotkeys ->  [hotkeysvc.exe] -> File not found
CTHelper ->  [cthelper.exe] -> File not found
EnChkDb -> %SystemRoot%\system32\wbybohyz.exe [C:\WINDOWS\system32\wbybohyz.exe] ->  [Ver =  | Size = 73728 bytes | Modified Date = 8/19/2008 12:39:34 AM | Attr =	]
Search Protection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> Yahoo! Inc [Ver = 2008, 5, 29, 1 | Size = 111856 bytes | Modified Date = 6/26/2008 7:01:12 AM | Attr =	]
SmartMonEn -> %SystemRoot%\system32\wxqlmpmn.exe [C:\WINDOWS\system32\wxqlmpmn.exe] ->  [Ver =  | Size = 77824 bytes | Modified Date = 8/19/2008 6:19:35 PM | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 11/10/2007 2:04:15 PM | Attr =	]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> Yahoo! Inc [Ver = 2008, 5, 29, 1 | Size = 111856 bytes | Modified Date = 6/26/2008 7:01:12 AM | Attr =	]
< RunServices [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
CPQHotkeys ->  [hotkeysvc.exe] -> File not found
CTHelper ->  [cthelper.exe] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 5:06:00 AM | Attr = R  ]
%AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 9/16/2003 8:19:24 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.1 | Size = 184320 bytes | Modified Date = 12/18/2003 10:29:04 PM | Attr =	]
< WTY Startup Folder > -> C:\Documents and Settings\WTY\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll schannel.dll digest.dll msnsspc.dll ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 3:56:50 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll ->  [Ver =  | Size = 86016 bytes | Modified Date = 2/11/2004 12:40:52 AM | Attr =	]
QConGina -> %SystemRoot%\system32\QConGina.dll -> IBM Corp. [Ver = 3, 2, 0, 0 | Size = 94208 bytes | Modified Date = 5/19/2004 4:21:00 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\B1OZAADLI0 -> %AllUsersProfile%\Application Data\uzityven\cbwpened.exe [C:\Documents and Settings\All Users\Application Data\uzityven\cbwpened.exe] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 1:59:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATbleepA_DVD-RAM_UJ-822Sy_______________RC01____\5&3ccf215&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 6, 2, 01 | Size = 880880 bytes | Modified Date = 7/15/2008 9:46:04 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 61 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 21 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 6, 2, 01 | Size = 880880 bytes | Modified Date = 7/15/2008 9:46:04 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 1, 5, 1 | Size = 181752 bytes | Modified Date = 1/6/2006 12:52:14 PM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 9/2/2004 2:05:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 11/10/2007 2:04:54 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 7/25/2008 11:40:41 PM | Attr =	]
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> Yahoo! Inc [Ver = 2008, 6, 2, 01 | Size = 160496 bytes | Modified Date = 7/15/2008 9:46:06 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 11/10/2007 2:04:54 PM | Attr = R  ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 6, 2, 01 | Size = 880880 bytes | Modified Date = 7/15/2008 9:46:04 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 11/10/2007 2:04:54 PM | Attr = R  ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 6, 2, 01 | Size = 880880 bytes | Modified Date = 7/15/2008 9:46:04 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 1, 5, 1 | Size = 181752 bytes | Modified Date = 1/6/2006 12:52:14 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 1, 5, 1 | Size = 181752 bytes | Modified Date = 1/6/2006 12:52:14 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
AntivirXP08 -> AntivirXP08 -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{235D7C74-801B-449C-A5F3-D953CC8C6871} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
{5AA3BED3-B491-4B27-926F-759AF160F00B} ->	() -> 
{5DF4B852-1A2E-497C-8624-7C4895D60DC4} ->	(Intel(R) PRO/1000 MT Mobile Connection) -> 
{ABFB81A1-AF24-47CB-A0A9-60627DB1CEB4} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 3:54:56 PM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 9/24/2007 2:11:50 PM | Attr = R  ]
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 
text/html:[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> http://www.activation.rr.com/install/download/tgctlcm.cab[Support.com Configuration Class] -> 
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15015/CTSUEng.cab[Creative Software AutoUpdate] -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=48835[Windows Genuine Advantage Validation Tool] -> 
{230C3D02-DA27-11D2-8612-00A0C93EEA3C}[HKEY_LOCAL_MACHINE] -> http://www.winkflash.com/photo/loaders/SAXFile.cab[SAXFile FileUpload ActiveX Control] -> 
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> http://www-307.ibm.com/pc/support/acpir.cab[IASRunner Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}[HKEY_LOCAL_MACHINE] -> http://dl.tvunetworks.com/TVUAx.cab[CTVUAxCtrl Object] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 
{6BEA1C48-1850-486C-8F58-C7354BA3165E}[HKEY_LOCAL_MACHINE] -> http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab[Install Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127787423232[MUWebControl Class] -> 
{74FFE28D-2378-11D5-990C-006094235084}[HKEY_LOCAL_MACHINE] -> http://www-307.ibm.com/pc/support/IbmEgath.cab[IBM Access Support] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9600F64D-755F-11D4-A47F-0001023E6D5A}[HKEY_LOCAL_MACHINE] -> http://web1.shutterfly.com/downloads/Uploader.cab[Shutterfly Picture Upload Plugin] -> 
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> 
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab[Java Plug-in 1.4.1] -> 
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab[Java Plug-in 1.4.2] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab[Facebook Photo Uploader 4] -> 
{E9A7F56F-C40F-4928-8C6F-7A72F2A25222}[HKEY_LOCAL_MACHINE] -> http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37[AxRUploadControl Object] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15021/CTPID.cab[Creative Software AutoUpdate Support Package] -> 
{FA9740A2-5802-42E2-B509-81186EEB3C42}[HKEY_LOCAL_MACHINE] -> https://www.linkedin.com/cab/wabctrl.cab[WABControl Class] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\@»Ým‘|/ImageUploader4.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\@»Ým‘|/ImageUploader4.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\@»Ým‘|/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/acpir2.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/acpir2.dll\\.Owner -> {2DAD3559-2923-4935-AD49-B673D2539944} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/acpir2.dll\\{2DAD3559-2923-4935-AD49-B673D2539944} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxRUploadServer.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxRUploadServer.dll\\.Owner -> {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxRUploadServer.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> {F6ACF75C-C32C-447B-9BEF-46B766368D29} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathvxd.vxd\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathvxd.vxd\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathvxd.vxd\\{74FFE28D-2378-11D5-990C-006094235084} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExifParser.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExifParser.dll\\.Owner -> {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExifParser.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FNFotoKioskImg.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FNFotoKioskImg.dll\\.Owner -> {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FNFotoKioskImg.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.1.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.1.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.1.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4_5.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4_5.ocx\\.Owner -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4_5.ocx\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\.Owner -> {0CCA191D-13A6-4E29-B746-314DEE697D83} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\{0CCA191D-13A6-4E29-B746-314DEE697D83} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll\\.Owner -> {205FF73B-CA67-11D5-99DD-444553540000} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll\\{205FF73B-CA67-11D5-99DD-444553540000} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LtXmlLib3.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LtXmlLib3.dll\\.Owner -> {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LtXmlLib3.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaAccX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaAccX.dll\\.Owner -> {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaAccX.dll\\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\.Owner -> {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pinstall.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pinstall.dll\\.Owner -> {6BEA1C48-1850-486C-8F58-C7354BA3165E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pinstall.dll\\{6BEA1C48-1850-486C-8F58-C7354BA3165E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\.Owner -> {9600F64D-755F-11D4-A47F-0001023E6D5A} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\{9600F64D-755F-11D4-A47F-0001023E6D5A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlcm.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlcm.dll\\.Owner -> {01113300-3E00-11D2-8470-0060089874ED} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlcm.dll\\{01113300-3E00-11D2-8470-0060089874ED} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TVUAx.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TVUAx.dll\\.Owner -> {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TVUAx.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wabctrl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wabctrl.dll\\.Owner -> {FA9740A2-5802-42E2-B509-81186EEB3C42} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wabctrl.dll\\{FA9740A2-5802-42E2-B509-81186EEB3C42} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/capicom.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/capicom.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/capicom.dll\\{2DAD3559-2923-4935-AD49-B673D2539944} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/egathdrv.sys\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/egathdrv.sys\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/egathdrv.sys\\{74FFE28D-2378-11D5-990C-006094235084} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/IbmEgath.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/IbmEgath.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/IbmEgath.dll\\{74FFE28D-2378-11D5-990C-006094235084} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{0CCA191D-13A6-4E29-B746-314DEE697D83} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\˜Ôïm‘|/ImageUploader4.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\˜Ôïm‘|/ImageUploader4.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\˜Ôïm‘|/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> N -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\CPQHotkeys -> hotkeysvc.exe -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\CTHelper -> cthelper.exe -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 632 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr =	]
pwdmon -> %SystemRoot%\system32\pwdmon.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 3/19/2004 3:12:10 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\CPQHotkeys -> hotkeysvc.exe -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\CTHelper -> cthelper.exe -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> D1 E2 9D CC 3A E6 A6 C6 13 03 FC 97 CB 7E 11 65 37 33 63 36 66 64 61 65 00 00 00 00 01 00 00 00 B4 01 00 00 B8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 DE 0A 6E 39  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> A1 29 BB A3 3C 47 5D 3D 6F  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 01 7C B1 79 8F D0  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 2A EB B8 26 8B 73 60 7D 91 FB 02 3C A5 2F 77 4A  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 80 C4 B8 F5 C0 01 C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 228747 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IBM\Updater\jre\bin\javaw.exe -> %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe [C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Disabled:Java launcher] -> IBM [Ver = 141,0,2003,0522 | Size = 42072 bytes | Modified Date = 5/22/2003 8:06:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FuquaNet At Home\Extranet.exe -> %ProgramFiles%\FuquaNet At Home\Extranet.exe [C:\Program Files\FuquaNet At Home\Extranet.exe:*:Enabled:Contivity VPN Client] -> Nortel Networks NA, Inc. [Ver = V04_10.00 | Size = 626688 bytes | Modified Date = 3/28/2003 2:29:08 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mshta.exe -> %SystemRoot%\system32\mshta.exe [C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host] -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 45568 bytes | Modified Date = 10/17/2006 12:56:10 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 625664 bytes | Modified Date = 6/23/2008 5:20:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\WTY\My Documents\Temp\Boggle Supreme\BoggleSupreme.exe -> %UserProfile%\My Documents\Temp\Boggle Supreme\BoggleSupreme.exe [C:\Documents and Settings\WTY\My Documents\Temp\Boggle Supreme\BoggleSupreme.exe:*:Enabled:Boggle Supreme] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe -> %ProgramFiles%\Kazaa\kazaa.exe [C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\hotkeysvc.exe -> %SystemRoot%\system32\hotkeysvc.exe [C:\WINDOWS\system32\hotkeysvc.exe:*:Disabled:hotkeysvc] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\cthelper.exe -> %SystemRoot%\system32\cthelper.exe [C:\WINDOWS\system32\cthelper.exe:*:Disabled:cthelper] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%WINDIR%\\system32\\explore.exe -> %SystemRoot%\system32\explore.exe [%WINDIR%\\system32\\explore.exe:*:Enabled:Microsoft Windows Update Machine] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%WINDIR%\\system32\\MSOICONS.EXE -> %SystemRoot%\system32\MSOICONS.EXE [%WINDIR%\\system32\\MSOICONS.EXE:*:Enabled:Microsoft Windows Firewall Update Wizard] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%WINDIR%\\system32\\TASKMAN.EXE -> %SystemRoot%\system32\TASKMAN.EXE [%WINDIR%\\system32\\TASKMAN.EXE:*:Enabled:Microsoft Windows Firewall Update] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\MSOICONS.EXE -> %SystemRoot%\system32\MSOICONS.EXE [C:\WINDOWS\system32\MSOICONS.EXE:*:Enabled:MSOICONS] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%WINDIR%\\system32\\WINFRW.EXE -> %SystemRoot%\system32\WINFRW.EXE [%WINDIR%\\system32\\WINFRW.EXE:*:Enabled:Microsoft Windows Firewall Update] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe -> %ProgramFiles%\Yahoo! Games\Scrabble\Scrabble.exe [C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe:*:Enabled:SCRABBLE ®] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameHouse\TextTwist\TextTwist.exe -> %ProgramFiles%\GameHouse\TextTwist\TextTwist.exe [C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Enabled:Super TextTwist] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLive\PPLive.exe -> %ProgramFiles%\PPLive\PPLive.exe [C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 0 | Size = 91128 bytes | Modified Date = 9/13/2006 2:17:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Trillian\trillian.exe -> %ProgramFiles%\Trillian\trillian.exe [C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian] -> Cerulean Studios [Ver = 3, 1, 9, 0 | Size = 1873280 bytes | Modified Date = 12/11/2007 1:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Synacast\SynaLive\PE.exe -> %CommonProgramFiles%\Synacast\SynaLive\PE.exe [C:\Program Files\Common Files\Synacast\SynaLive\PE.exe:*:Enabled:PE] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1662 | Size = 214296 bytes | Modified Date = 11/10/2007 2:09:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitSpirit\BitSpirit.exe -> %ProgramFiles%\BitSpirit\BitSpirit.exe [C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe -> %ProgramFiles%\VoipStunt.com\VoipStunt\voipstunt.exe [C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt] -> VoipStunt [Ver = 4, 2, 487, 0 | Size = 8824112 bytes | Modified Date = 1/3/2008 9:44:27 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> %SystemDrive%\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 10/31/2005 11:56:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 9/17/2007 10:19:14 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 2:17:28 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\SopCast.exe -> %ProgramFiles%\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast] -> www.sopcast.com [Ver = 3.0.3.501 | Size = 1892352 bytes | Modified Date = 4/30/2008 4:32:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\STC\QA_07_05\wwwroot\cbt.exe -> %ProgramFiles%\STC\QA_07_05\wwwroot\cbt.exe [C:\Program Files\STC\QA_07_05\wwwroot\cbt.exe:*:Enabled:Local Web Server] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\WTY\Application Data\SopCast\adv\SopAdver.exe -> %AppData%\SopCast\adv\SopAdver.exe [C:\Documents and Settings\WTY\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopAdver] ->  [Ver =  | Size = 499712 bytes | Modified Date = 10/5/2006 5:56:28 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TVAnts\Tvants.exe -> %ProgramFiles%\TVAnts\Tvants.exe [C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TVUPlayer\TVUPlayer.exe -> %ProgramFiles%\TVUPlayer\TVUPlayer.exe [C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\adv\SopAdver.exe -> %ProgramFiles%\SopCast\adv\SopAdver.exe [C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> www.sopcast.com [Ver = 3, 0, 0, 301 | Size = 567384 bytes | Modified Date = 3/7/2007 6:27:12 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 9/24/2007 2:11:50 PM | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.0.43 | Size = 20246824 bytes | Modified Date = 7/10/2008 10:51:26 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6200:TCP -> 6200:TCP:*:Enabled:ppLive -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\4265:UDP -> 4265:UDP:*:Enabled:ppLive -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{AE5D0C68-A763-4668-9201-0841C4B435CE} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 535810048 bytes | Created Date = 8/22/2008 12:15:54 AM | Attr =  HS]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/19/2008 1:04:34 AM | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/19/2008 1:04:33 AM | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 8/19/2008 1:33:51 AM | Attr =  H ]
9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/21/2008 12:49:38 AM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/21/2008 12:49:38 AM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 8/21/2008 12:49:38 AM | Attr =	]
wbybohyz.exe -> %SystemRoot%\System32\wbybohyz.exe ->  [Ver =  | Size = 73728 bytes | Created Date = 8/19/2008 12:39:34 AM | Attr =	]
wxqlmpmn.exe -> %SystemRoot%\System32\wxqlmpmn.exe ->  [Ver =  | Size = 77824 bytes | Created Date = 8/19/2008 6:19:35 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 8/19/2008 1:16:28 AM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Avg8 -> %AllUsersProfile%\Application Data\Avg8 ->  [Folder | Created Date = 8/22/2008 1:09:56 AM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 8/19/2008 1:04:29 AM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 8/21/2008 11:11:07 PM | Attr =	]
uzityven -> %AllUsersProfile%\Application Data\uzityven ->  [Folder | Created Date = 8/19/2008 12:39:35 AM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 8/19/2008 1:05:01 AM | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 8/21/2008 11:04:49 PM | Attr =	]
EOB July 3 and July 15.pdf -> %UserProfile%\My Documents\EOB July 3 and July 15.pdf ->  [Ver =  | Size = 134873 bytes | Created Date = 8/5/2008 6:32:59 PM | Attr =	]
EOB July 3 July 9 July 15.pdf -> %UserProfile%\My Documents\EOB July 3 July 9 July 15.pdf ->  [Ver =  | Size = 134873 bytes | Created Date = 8/5/2008 6:43:20 PM | Attr =	]
EOB July 9 2nd filing.pdf -> %UserProfile%\My Documents\EOB July 9 2nd filing.pdf ->  [Ver =  | Size = 129415 bytes | Created Date = 8/5/2008 6:55:00 PM | Attr =	]
EOB June 26.pdf -> %UserProfile%\My Documents\EOB June 26.pdf ->  [Ver =  | Size = 126034 bytes | Created Date = 8/5/2008 6:29:33 PM | Attr =	]
intrainj[1].pdf -> %UserProfile%\My Documents\intrainj[1].pdf ->  [Ver =  | Size = 102476 bytes | Created Date = 7/29/2008 12:12:56 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 707 bytes | Created Date = 8/19/2008 1:04:35 AM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 791 bytes | Created Date = 8/21/2008 11:04:58 PM | Attr =	]
ATF-Cleaner.lnk -> %UserProfile%\Desktop\ATF-Cleaner.lnk ->  [Ver =  | Size = 767 bytes | Created Date = 8/21/2008 11:02:33 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 8/25/2008 11:23:38 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 8/21/2008 11:04:06 PM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 8/19/2008 1:04:28 AM | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 8/21/2008 11:04:49 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
BOOT.INI -> %SystemDrive%\BOOT.INI ->  [Ver =  | Size = 211 bytes | Modified Date = 8/19/2008 1:17:25 AM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 535810048 bytes | Modified Date = 8/24/2008 6:40:31 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/22/2008 1:09:56 AM | Attr =	]
quarantine -> %SystemDrive%\quarantine ->  [Folder | Modified Date = 8/21/2008 6:31:56 AM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 8/19/2008 1:30:59 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/22/2008 1:09:42 AM | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:04:36 PM | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:04:40 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/24/2008 6:43:48 AM | Attr =	]
9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/13/2008 11:17:09 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/22/2008 1:09:42 AM | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Modified Date = 8/19/2008 1:33:53 AM | Attr =  H ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 72554 bytes | Modified Date = 8/14/2008 9:38:44 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 445096 bytes | Modified Date = 8/14/2008 9:38:44 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 524158 bytes | Modified Date = 8/14/2008 9:38:44 PM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 8/19/2008 1:30:59 AM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 8/14/2008 9:38:45 PM | Attr =	]
wbybohyz.exe -> %SystemRoot%\System32\wbybohyz.exe ->  [Ver =  | Size = 73728 bytes | Modified Date = 8/19/2008 12:39:34 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2278 bytes | Modified Date = 8/24/2008 6:42:11 AM | Attr =	]
wxqlmpmn.exe -> %SystemRoot%\System32\wxqlmpmn.exe ->  [Ver =  | Size = 77824 bytes | Modified Date = 8/19/2008 6:19:35 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/13/2008 11:16:53 AM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/24/2008 6:40:34 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 8/22/2008 10:11:25 PM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 8/19/2008 1:58:36 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 8/7/2008 3:13:17 PM | Attr =	]
hpoins03.dat -> %SystemRoot%\hpoins03.dat ->  [Ver =  | Size = 29694 bytes | Modified Date = 8/14/2008 11:49:19 PM | Attr =	]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 8/13/2008 11:10:26 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/13/2008 11:17:01 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/13/2008 8:01:17 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/21/2008 11:05:07 PM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/25/2008 11:22:20 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 8/19/2008 1:17:20 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 274 bytes | Modified Date = 8/19/2008 1:17:25 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/24/2008 6:41:52 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 8/24/2008 6:43:45 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/25/2008 2:14:42 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 8/13/2008 8:01:35 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1331 bytes | Modified Date = 8/19/2008 1:17:25 AM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 8/21/2008 1:01:19 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 8/23/2008 10:29:16 PM | Attr =	]
BMMTask.job -> %SystemRoot%\tasks\BMMTask.job ->  [Ver =  | Size = 458 bytes | Modified Date = 8/25/2008 11:05:35 PM | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 8/25/2008 2:00:24 PM | Attr =  H ]
Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job ->  [Ver =  | Size = 422 bytes | Modified Date = 8/22/2008 11:03:57 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/24/2008 6:40:40 AM | Attr =  H ]
User_Feed_Synchronization-{88511650-21C9-45D8-8C3F-44D881133BE3}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{88511650-21C9-45D8-8C3F-44D881133BE3}.job ->  [Ver =  | Size = 436 bytes | Modified Date = 8/25/2008 9:48:21 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 7/16/2004 4:37:56 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 8/21/2008 2:03:44 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5450 bytes | Modified Date = 8/21/2008 2:03:44 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 8/15/2004 1:51:51 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11090 bytes | Modified Date = 8/15/2004 8:10:47 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data ->  [Folder | Modified Date = 3/17/2005 4:02:26 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat ->  [Ver =  | Size = 11860 bytes | Modified Date = 3/17/2005 4:02:46 PM | Attr =	]
C:\Documents and Settings\WTY\Local Settings\Temp\ -> C:\Documents and Settings\WTY\Local Settings\Temp ->  [Folder | Modified Date = 8/25/2008 11:25:48 PM | Attr =	]
msgup810_249_us.exe -> C:\Documents and Settings\WTY\Local Settings\Temp\msgup810_249_us.exe -> Yahoo! Inc. [Ver = 2007.03.30.01 | Size = 12643624 bytes | Modified Date = 4/3/2007 6:21:54 PM | Attr =	]
msgup810_401_us.exe -> C:\Documents and Settings\WTY\Local Settings\Temp\msgup810_401_us.exe -> Yahoo! Inc. [Ver = 2007.06.08.01 | Size = 12876072 bytes | Modified Date = 6/8/2007 11:00:48 PM | Attr =	]
msgup810_421_us.exe -> C:\Documents and Settings\WTY\Local Settings\Temp\msgup810_421_us.exe -> Yahoo! Inc. [Ver = 2007.09.06.01 | Size = 13617432 bytes | Modified Date = 9/10/2007 2:51:07 PM | Attr =	]
setup_wm.exe -> C:\Documents and Settings\WTY\Local Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 10.00.00.3802 | Size = 819200 bytes | Modified Date = 1/28/2005 1:44:28 PM | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\WTY\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1034 | Size = 158960 bytes | Modified Date = 5/28/2008 10:33:32 AM | Attr =	]
ytb_7.2.1.0_1.5.1_ysp_1.2.6_mail_bts_pub_us_setup_.exe -> C:\Documents and Settings\WTY\Local Settings\Temp\ytb_7.2.1.0_1.5.1_ysp_1.2.6_mail_bts_pub_us_setup_.exe -> Yahoo! Inc. [Ver = 2008.07.15.01 | Size = 2541648 bytes | Modified Date = 7/18/2008 6:33:41 AM | Attr =	]
189 C:\Documents and Settings\WTY\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\WTY\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\WTY\Local Settings\Temp\pr_tutor\ -> C:\Documents and Settings\WTY\Local Settings\Temp\pr_tutor ->  [Folder | Modified Date = 3/30/2006 9:10:28 AM | Attr =	]
Glorious_Tutorial.exe -> C:\Documents and Settings\WTY\Local Settings\Temp\pr_tutor\Glorious_Tutorial.exe -> Canon Information Systems Research Australia Pty Ltd. [Ver = 2, 0, 0, 1 | Size = 266240 bytes | Modified Date = 7/30/2003 5:49:26 PM | Attr =	]
Tutorial.exe -> C:\Documents and Settings\WTY\Local Settings\Temp\pr_tutor\Tutorial.exe -> Canon Information Systems Research Australia Pty Ltd. [Ver = 2, 0, 0, 1 | Size = 266240 bytes | Modified Date = 7/30/2003 5:49:26 PM | Attr =	]
C:\Documents and Settings\WTY\Local Settings\Temp\ -> C:\Documents and Settings\WTY\Local Settings\Temp ->  [Folder | Modified Date = 8/25/2008 11:25:48 PM | Attr =	]
ywiseext.dll -> C:\Documents and Settings\WTY\Local Settings\Temp\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 3, 7, 1 | Size = 102400 bytes | Modified Date = 3/7/2007 11:52:18 AM | Attr =	]
189 C:\Documents and Settings\WTY\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\WTY\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\WTY\Local Settings\Temp\{78390DA3-000A-499F-88D1-257132FE1A86}\{333340F7-8966-42A9-8AD6-9C803ABAB6DD}\ -> C:\Documents and Settings\WTY\Local Settings\Temp\{78390DA3-000A-499F-88D1-257132FE1A86}\{333340F7-8966-42A9-8AD6-9C803ABAB6DD} ->  [Folder | Modified Date = 8/22/2008 10:16:07 PM | Attr =	]
AcpController.dll -> C:\Documents and Settings\WTY\Local Settings\Temp\{78390DA3-000A-499F-88D1-257132FE1A86}\{333340F7-8966-42A9-8AD6-9C803ABAB6DD}\AcpController.dll ->  [Ver = 1, 2, 7, 0 | Size = 204800 bytes | Modified Date = 6/29/2006 11:50:52 AM | Attr =	]
IbmEgath.dll -> C:\Documents and Settings\WTY\Local Settings\Temp\{78390DA3-000A-499F-88D1-257132FE1A86}\{333340F7-8966-42A9-8AD6-9C803ABAB6DD}\IbmEgath.dll -> IBM Corporation [Ver = 3, 0, 0, 14 | Size = 180224 bytes | Modified Date = 3/15/2004 10:17:06 AM | Attr =	]
C:\Documents and Settings\WTY\Local Settings\Temp\nsd4E.tmp\ -> C:\Documents and Settings\WTY\Local Settings\Temp\nsd4E.tmp\ ->  [Folder | Modified Date = 8/19/2008 12:37:36 AM | Attr =	]
System.dll -> C:\Documents and Settings\WTY\Local Settings\Temp\nsd4E.tmp\System.dll ->  [Ver =  | Size = 10240 bytes | Modified Date = 8/19/2008 12:37:36 AM | Attr =	]
C:\Documents and Settings\WTY\Local Settings\Temp\nsm60.tmp\ -> C:\Documents and Settings\WTY\Local Settings\Temp\nsm60.tmp\ ->  [Folder | Modified Date = 8/21/2008 1:34:56 AM | Attr =	]
MachineKey.dll -> C:\Documents and Settings\WTY\Local Settings\Temp\nsm60.tmp\MachineKey.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 8/19/2008 12:42:28 AM | Attr =	]
Mutex.dll -> C:\Documents and Settings\WTY\Local Settings\Temp\nsm60.tmp\Mutex.dll ->  [Ver =  | Size = 3072 bytes | Modified Date = 8/19/2008 12:42:32 AM | Attr =	]
rc4hex.dll -> C:\Documents and Settings\WTY\Local Settings\Temp\nsm60.tmp\rc4hex.dll ->  [Ver =  | Size = 49152 bytes | Modified Date = 8/19/2008 12:42:36 AM | Attr =	]
C:\Documents and Settings\WTY\Local Settings\Temp\ -> C:\Documents and Settings\WTY\Local Settings\Temp ->  [Folder | Modified Date = 8/25/2008 11:25:48 PM | Attr =	]
{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\Documents and Settings\WTY\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini ->  [Ver =  | Size = 793 bytes | Modified Date = 2/15/2008 8:53:24 AM | Attr =	]
{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\WTY\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini ->  [Ver =  | Size = 602 bytes | Modified Date = 2/15/2008 8:55:58 AM | Attr =	]
189 C:\Documents and Settings\WTY\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\WTY\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\WTY\Local Settings\Temp\LANWizard\Temp\ -> C:\Documents and Settings\WTY\Local Settings\Temp\LANWizard\Temp ->  [Folder | Modified Date = 8/21/2008 11:20:08 PM | Attr =	]
NetworkMedic.ini -> C:\Documents and Settings\WTY\Local Settings\Temp\LANWizard\Temp\NetworkMedic.ini ->  [Ver =  | Size = 171 bytes | Modified Date = 3/28/2005 3:26:30 PM | Attr =	]
C:\Documents and Settings\WTY\Local Settings\Temp\nsm60.tmp\ -> C:\Documents and Settings\WTY\Local Settings\Temp\nsm60.tmp\ ->  [Folder | Modified Date = 8/21/2008 1:34:56 AM | Attr =	]
lastpage.ini -> C:\Documents and Settings\WTY\Local Settings\Temp\nsm60.tmp\lastpage.ini ->  [Ver =  | Size = 214 bytes | Modified Date = 8/19/2008 12:42:32 AM | Attr =	]
update.ini -> C:\Documents and Settings\WTY\Local Settings\Temp\nsm60.tmp\update.ini ->  [Ver =  | Size = 479 bytes | Modified Date = 8/19/2008 12:42:32 AM | Attr =	]
C:\WINDOWS\Temp\gise8f49c\ -> C:\WINDOWS\Temp\gise8f49c ->  [Folder | Modified Date = 6/3/2008 6:48:05 AM | Attr =	]
GoogleUpdater.exe -> C:\WINDOWS\Temp\gise8f49c\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
GoogleUpdaterAdminPrefs.exe -> C:\WINDOWS\Temp\gise8f49c\GoogleUpdaterAdminPrefs.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 187064 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
GoogleUpdaterInstallMgr.exe -> C:\WINDOWS\Temp\gise8f49c\GoogleUpdaterInstallMgr.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 666296 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
GoogleUpdaterService.exe -> C:\WINDOWS\Temp\gise8f49c\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 6/2/2008 10:50:40 AM | Attr =	]
GoogleUpdaterSetup.exe -> C:\WINDOWS\Temp\gise8f49c\GoogleUpdaterSetup.exe -> Google Inc. [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
gtfirstboot.exe -> C:\WINDOWS\Temp\gise8f49c\gtfirstboot.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 8/25/2008 11:25:57 PM | Attr =	]
MpEngine.dll -> C:\WINDOWS\Temp\MpEngine.dll -> Microsoft Corporation [Ver = 1.1.1440.0 | Size = 2610520 bytes | Modified Date = 5/16/2006 4:34:24 PM | Attr =	]
C:\WINDOWS\Temp\gise8f49c\ -> C:\WINDOWS\Temp\gise8f49c ->  [Folder | Modified Date = 6/3/2008 6:48:05 AM | Attr =	]
ci.dll -> C:\WINDOWS\Temp\gise8f49c\ci.dll -> Google [Ver = 2.2.1111.1511.beta | Size = 877056 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
cires_en.dll -> C:\WINDOWS\Temp\gise8f49c\cires_en.dll ->  [Ver =  | Size = 125952 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
npCIDetect11.dll -> C:\WINDOWS\Temp\gise8f49c\npCIDetect11.dll -> Google [Ver = 2.2.1111.1511.beta | Size = 83968 bytes | Modified Date = 6/2/2008 10:50:39 AM | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 8/25/2008 11:25:57 PM | Attr =	]
Perflib_Perfdata_6bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6bc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/12/2008 11:13:46 AM | Attr =	]
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies ->  [Folder | Modified Date = 8/23/2008 10:29:21 PM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/23/2008 10:29:16 PM | Attr =  HS]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 8/23/2008 10:29:16 PM | Attr =	]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 8/23/2008 10:29:16 PM | Attr =	]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\65KW09E2\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\65KW09E2 ->  [Folder | Modified Date = 8/23/2008 10:29:26 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\65KW09E2\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O5US8Z84\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O5US8Z84 ->  [Folder | Modified Date = 8/13/2004 10:06:03 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O5US8Z84\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S46O2ZTS\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S46O2ZTS ->  [Folder | Modified Date = 8/13/2004 10:06:03 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S46O2ZTS\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SOIQ2BD4\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SOIQ2BD4 ->  [Folder | Modified Date = 8/13/2004 10:06:03 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SOIQ2BD4\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/13/2004 10:06:03 AM | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Avg8 -> %AllUsersProfile%\Application Data\Avg8 ->  [Folder | Modified Date = 8/22/2008 1:09:56 AM | Attr =	]
Google Updater -> %AllUsersProfile%\Application Data\Google Updater ->  [Folder | Modified Date = 8/24/2008 3:00:29 PM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Modified Date = 8/19/2008 1:04:29 AM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 8/21/2008 11:11:07 PM | Attr =	]
uzityven -> %AllUsersProfile%\Application Data\uzityven ->  [Folder | Modified Date = 8/21/2008 1:06:33 AM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 8/19/2008 1:05:01 AM | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 8/21/2008 11:04:49 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 8/15/2008 12:09:54 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 167936 bytes | Modified Date = 8/17/2008 9:25:04 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 8/19/2008 1:37:31 AM | Attr =	]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 8/22/2008 11:20:24 PM | Attr =	]
EOB July 3 and July 15.pdf -> %UserProfile%\My Documents\EOB July 3 and July 15.pdf ->  [Ver =  | Size = 134873 bytes | Modified Date = 8/5/2008 6:32:59 PM | Attr =	]
EOB July 3 July 9 July 15.pdf -> %UserProfile%\My Documents\EOB July 3 July 9 July 15.pdf ->  [Ver =  | Size = 134873 bytes | Modified Date = 8/5/2008 6:43:20 PM | Attr =	]
EOB July 9 2nd filing.pdf -> %UserProfile%\My Documents\EOB July 9 2nd filing.pdf ->  [Ver =  | Size = 129415 bytes | Modified Date = 8/5/2008 6:55:00 PM | Attr =	]
EOB June 26.pdf -> %UserProfile%\My Documents\EOB June 26.pdf ->  [Ver =  | Size = 126034 bytes | Modified Date = 8/5/2008 6:44:07 PM | Attr =	]
intrainj[1].pdf -> %UserProfile%\My Documents\intrainj[1].pdf ->  [Ver =  | Size = 102476 bytes | Modified Date = 7/29/2008 12:12:57 PM | Attr =	]
MY -> %UserProfile%\My Documents\MY ->  [Folder | Modified Date = 7/30/2008 8:01:21 PM | Attr =	]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 8/24/2008 3:26:20 PM | Attr = R  ]
My Scans -> %UserProfile%\My Documents\My Scans ->  [Folder | Modified Date = 8/15/2008 12:03:54 AM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 707 bytes | Modified Date = 8/19/2008 1:04:35 AM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 791 bytes | Modified Date = 8/21/2008 11:04:58 PM | Attr =	]
ATF-Cleaner.lnk -> %UserProfile%\Desktop\ATF-Cleaner.lnk ->  [Ver =  | Size = 767 bytes | Modified Date = 8/21/2008 11:02:33 PM | Attr =	]
Etsy  clippyhut  Clippy Hut.url -> %UserProfile%\Desktop\Etsy  clippyhut  Clippy Hut.url ->  [Ver =  | Size = 260 bytes | Modified Date = 8/25/2008 9:48:14 AM | Attr =	]
@Alternate Data Stream - 894 bytes -> %UserProfile%\Desktop\Etsy  clippyhut  Clippy Hut.url:favicon
EXCEL.lnk -> %UserProfile%\Desktop\EXCEL.lnk ->  [Ver =  | Size = 2495 bytes | Modified Date = 8/19/2008 4:37:33 PM | Attr =	]
Facebook.url -> %UserProfile%\Desktop\Facebook.url ->  [Ver =  | Size = 343 bytes | Modified Date = 8/25/2008 10:15:43 PM | Attr =	]
@Alternate Data Stream - 1150 bytes -> %UserProfile%\Desktop\Facebook.url:favicon
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 8/25/2008 11:23:39 PM | Attr =	]
Twinies.url -> %UserProfile%\Desktop\Twinies.url ->  [Ver =  | Size = 1745 bytes | Modified Date = 8/25/2008 7:00:20 AM | Attr =	]
@Alternate Data Stream - 3638 bytes -> %UserProfile%\Desktop\Twinies.url:favicon
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 8/21/2008 1:01:20 AM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 8/22/2008 3:01:17 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 8/21/2008 11:04:06 PM | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\\xdc\2\xd4]
".Owner"="{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}"
"{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"\xdc\2\xd4?\xef?\6?m?\5?\30 |?\1?\?I?m?a?g?e?U?p?l?o?a?d?e?r?4?.?o?c?x?"=dword:00000001
scanning hidden files ...
C:\WINDOWS\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\Desktop\Twinies.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Desktop\Unused Desktop Shortcuts\Show Desktop.scf:SummaryInformation 88 bytes
C:\Documents and Settings\WTY\Desktop\Unused Desktop Shortcuts\Show Desktop.scf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\WTY\Desktop\Etsy  clippyhut  Clippy Hut.url:favicon 894 bytes
C:\Documents and Settings\WTY\Desktop\Facebook.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Jo-Ann.url:favicon 2862 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Andy In Da House Sis is coming over today....url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\BabySmooches.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Beauty & Health.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Breastfeeding With PCOS.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Bunny web abnerd.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Buried Treasury.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Carolina Etsy.url:favicon 6598 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Cherished Trinkets.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Chicy Creations.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\crazyguyonabike.com Bicycle Touring Long Way Home, by Tzuo Hann Law.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Critiques and Reviews.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\DailyStrength.org.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\JustaGirl Creations.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Kuan Cheen.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Last of the Dragon.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Legendary Double E Nick.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Malaysian or World citizen.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Mixed Crumbs Abnerd.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\My amplification.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\My Weblog KS.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\nomadicsonglines.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\PCOS - Polycystic Ovarian Syndrome Support Blog » 2007 » October.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\PCOS Message Board - Powered by vBulletin.url:favicon 10134 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Ravenhill.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\RR Heavenly Loft.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Spot of Leymond Cha.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Tales of a Graphic Designer.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Team Chen.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\The Wonderful World of Hand Crafted.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Transplanted To Fukuoka.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\vegemaniac and other stories April 2008.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\VideoJug - Life Explained. On Film..url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Wahm How to get Free targeted traffic to my website you ask.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Wonderful World of Etsy.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Di@per Talk.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\EDUCATION IN MALAYSIA.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Etsymom Street Team.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Fertility Help.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Food4Thot.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\FXe PXe.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Handmade Beaded Jewellery & more.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\Hullabaloo.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\I Sew Cute... and draw pretty nifty also!.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Blogs\inCYST on the Best!.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Charlotte\Camden Connect.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Charlotte\DMV Change of Address.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Charlotte\Guardian Protection Services Welcome to Customer Care.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Charlotte\http--www.pixagogo.com-6072705226.url:favicon 4398 bytes
C:\Documents and Settings\WTY\Favorites\Charlotte\Piedmont Natural Gas - Home.url:favicon 12862 bytes
C:\Documents and Settings\WTY\Favorites\Charlotte\raine's Site - New york SUmmer 2006.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Charlotte\Time Warner Cable.url:favicon 1078 bytes
C:\Documents and Settings\WTY\Favorites\Charlotte\WCNC.com.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Cheapest magazines search website.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Cholesterol in Foods.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Entertainment\Charlotte TV Guide.url:favicon 2550 bytes
C:\Documents and Settings\WTY\Favorites\Entertainment\MyP2P.eu  Live sports .url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Entertainment\Netflix Welcome To Netflix.url:favicon 318 bytes
C:\Documents and Settings\WTY\Favorites\Entertainment\USATODAY.com TV listing.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\FinanceAsia.com.url:favicon 318 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\AAA Bank of America Online Banking .url:favicon 3574 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Access Your TreasuryDirect Account.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Capital IQ .url:favicon 26694 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Home Depot.url:favicon 318 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Macy's Credit Card.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Maybank2u.com.url:favicon 766 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\OANDA, The Currency Site Foreign Exchange Services and Trading.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\OCBC Bank.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Recent Bill Auction Results.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Street.com.url:favicon 10134 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Thomson One Analytics.url:favicon 318 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Thomson ONE Banker.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\TreasuryDirect.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\TurboTax Online.url:favicon 4838 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Vanguard - Personal investors homepage.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Financial Sites\Yahoo! Finance.url:favicon 6598 bytes
C:\Documents and Settings\WTY\Favorites\Fuqua Sites\Alumni-The Fuqua School of Business.url:favicon 2494 bytes
C:\Documents and Settings\WTY\Favorites\Fuqua Sites\Duke University.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Fuqua Sites\Fuqua Asian Business Club.url:favicon 2494 bytes
C:\Documents and Settings\WTY\Favorites\Fuqua Sites\FuquaNet - An E-Newsletter for Duke's Fuqua School of Business.url:favicon 2494 bytes
C:\Documents and Settings\WTY\Favorites\Fuqua Sites\FuquaWorld.url:favicon 318 bytes
C:\Documents and Settings\WTY\Favorites\Google.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\JARING Communications Sdn. Bhd..url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Jobs\j-hunter.com -- The Integrated Recruitment Solution.url:favicon 2550 bytes
C:\Documents and Settings\WTY\Favorites\Maps and Driving Directions.url:favicon 6598 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\1st Birthday Party Supplies - Birthday Party Supplies at Discount Prices from Birthday Direct.url:favicon 318 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\AAP - Car Safety Seats A Guide for Families - 2008.url:favicon 2862 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\American Diabetes Association Home Page.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Audrey cooks.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Babies r Us Chase Card.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Baby Finger Foods, Baby's First Finger Foods Recipes and Ideas for Healthy Baby Finger Foods!.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Baby Food Suggested Feeding Schedule.url:favicon 1366 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Baby Twinkle Clippies.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Banner Maker 2.url:favicon 766 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Like.com .url:favicon 1430 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Little Pearly.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\MadeItMyself - Think It. Make It. Sell It..url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Make Homemade Baby Food Recipes, Homemade Baby Food Recipes, Solid Food Baby Tips, Baby Nutrition & more!.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Malaysian Food on MalaysianFood.net.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\OLX.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Outlet Bound Search Outlets.url:favicon 2550 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\http--www.wholesometoddlerfood.com-.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Learn to Read at Starfall - teaching comprehension and phonics.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Life in the States.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Discount Dance Supply.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\eBay Store - mixedbeads padded, hair accessories, charms.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\eBay Store – abcd-hongkong store .url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Etsy  Who wants to be featured in my blog.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Facebook  Sign Up for Facebook.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Fertility LifeLines™ .url:favicon 29926 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Flower Factory Inc. - Online Store.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Foodnetwork.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Google Image Result for http--www.peanutbutterandjam.ca-CraftImages-FlowerShowerTemplate.gif.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Home - Reach DRS.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Homepage - DaWanda.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\http--www.artbeads.com-.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Bebo.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\http--www.cranialtech.com-index.html.url:favicon 318 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Borders.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Business Cards.url:favicon 5974 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Carolinas HealthCare - Bill Payment.url:favicon 20870 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Charlotte at Play.url:favicon 766 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Costco.com.url:favicon 3262 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\thaipants.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\The American Fertility Association.url:favicon 2550 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\trimweaver.url:favicon 6598 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Welcome to Cakes.com.url:favicon 766 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Welcome to Flickr - Photo Sharing.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Welcome to International Wig®! The Largest Selection of Wigs on the Internet Today!.url:favicon 3262 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Rings & Things  Our Products  Findings  Hair Findings.url:favicon 2238 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Sew Sassy Fabrics - Bra Rings, Slides and Hooks.url:favicon 2550 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Shoes - Free Shipping & Return Shipping.url:favicon 4710 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Shutterfly  Sign in.url:favicon 2862 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Sta-Rite - Jumbo Hair Pins.url:favicon 2238 bytes
C:\Documents and Settings\WTY\Favorites\Mei Yen\Tanger Outlet Centers.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\My Weblog Kee Song.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\News\BBC SPORT.url:favicon 958 bytes
C:\Documents and Settings\WTY\Favorites\News\Business Times Online (Singapore).url:favicon 3574 bytes
C:\Documents and Settings\WTY\Favorites\News\CNN.com .url:favicon 1078 bytes
C:\Documents and Settings\WTY\Favorites\News\Fortune.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\News\Lim Kit Siang Blog.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\News\Magazines.com - Account - Sign In.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\News\The New York Times .url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\News\Wall Street Journal online.url:favicon 318 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\List of Chinese Radicals (Bushou).url:favicon 4710 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\Mandarin Chinese initials and finals.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\Mandarin Sounds -Cantonese Sounds Chart.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\MDBG Chinese-English dictionary.url:favicon 1078 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\My journey to motherhood.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\Charlotte Mothers Of Multiples (CMOMs) Home.url:favicon 15086 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\Chinese Dictionary Online Chinese-English Dictionary.url:favicon 4710 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\DILWORTHPEDIATRICS.COM.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\Enfamil.com.url:favicon 3574 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\FertilityPlus Hormone Levels & Fertility Bloodwork.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\National Organization of Mothers of Twins Clubs, Inc - Home.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Pregnancy website\Parents.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\Applebee's®.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\mizuho - MIZUHO    Gourmet Japanese Cuisine.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\Outback Steakhouse.url:favicon 7406 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\Suruchi's Indian Food.url:favicon 3262 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\Ruby Tuesday.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\Ruth's Chris Steak House .url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\Sonny's BBQ.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\Golden Corral.url:favicon 3262 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\Jason's Deli Online Ordering.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\Just Fresh  Bakery Café & Market.url:favicon 4150 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\The Pita Pit .url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Restaurant\The Sandwich Club .url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Travel Sites\AA.com.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Travel Sites\Northwest Airlines.url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Travel Sites\Oasis Hong Kong Airlines.url:favicon 1144 bytes
C:\Documents and Settings\WTY\Favorites\Travel Sites\Orbitz.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Travel Sites\Travelocity.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Travel Sites\United Airlines.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\Travel Sites\Delta Air Lines.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\Travel Sites\EVA Airways Corp..url:favicon 894 bytes
C:\Documents and Settings\WTY\Favorites\Wachovia\Employee Financial Services.url:favicon 7406 bytes
C:\Documents and Settings\WTY\Favorites\Wachovia\HR Online.url:favicon 7406 bytes
C:\Documents and Settings\WTY\Favorites\Wachovia\Wachovia Command Asset Program.url:favicon 7406 bytes
C:\Documents and Settings\WTY\Favorites\weather.com.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\YWT\2008 Beijing Summer Olympic Games  TV & Online Listings  Viewing Schedule  NBC Olympics.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Amazon.com.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\YWT\BleepingComputer.com - HijackThis Logs and Malware Removal.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Google.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\YWT\HijackThis Logs and Malware Removal.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Liverpool FC.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Merriam-Webster Online.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\YWT\SopCast.url:favicon 15086 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Tax Information for Individuals.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Duke Blue Devils (Women) News, Scores, Schedule, Stats.url:favicon 6598 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Duke Blue Devils News, Scores, Schedule, Stats - Yahoo! Sports.url:favicon 6598 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Duke Men's Basketball - News - GoDuke.com - The Official Website of Duke Athletics.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\YWT\ESPN The Worldwide Leader In Sports.url:favicon 2862 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Formula 1.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\YWT\NBA.com.url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\YWT\oHello International Instant Prepaid Phone Cards.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Online Conversion .url:favicon 3638 bytes
C:\Documents and Settings\WTY\Favorites\YWT\PGA.url:favicon 1406 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Wachovia Account Login.url:favicon 7406 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Welcome to Flickr - Photo Sharing.url:favicon 1150 bytes
C:\Documents and Settings\WTY\Favorites\YWT\Windows Security Alert Pop-up.url:favicon 1406 bytes
C:\Documents and Settings\WTY\My Documents\My Music\Ray [Original Soundtrack]\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Music\Josh Groban\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Music\Feels Like Home\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\Atlanta collage\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Collage Birthday\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Collage Hilton Head\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\10th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\11th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\12th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\13 month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\14th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\15th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\1st Month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Others\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\10th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\11th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\12th month & Atlanta\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\13th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\14th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\1st Month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\2nd Month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\3rd month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\4th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\5th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\6th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\8th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\9th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\9th month - road trip\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\Birthday\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\Full Moon\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Photos for parents\seventh month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\2nd Month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\3rd month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\4th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\5th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\6th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\7th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\8th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\9th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\9th month - Hilton Head (all)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\9th month - Hilton Head (Best)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Atlanta 08 & 12th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Birthday\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Birthday II\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Facebook\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\C&C\Pictures\Full Moon\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\Pictures for WT's parents\8th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\Pictures for WT's parents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\Print\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\Shutterfly\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\To develop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\upload to 5th month\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\Upload WTY\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\Videos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Pictures\Videos for parents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\C&C\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Pictures\Honeymoon\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Pictures\Honeymoon\Developed\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Pictures\Honeymoon\Developed_1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Pictures\Honeymoon\Photos File 1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Pictures\Honeymoon\Photos File 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Pictures\Honeymoon\Photos File 3\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Pictures\January 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Pictures\Photo - Wee Tang\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Received Files\YWT1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2004-08 (Aug)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2004-11 (Nov)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2005-03 (Mar)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2005-09 (Sep)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2006-07 (Jul)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2007-01 (Jan)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2007-03 (Mar)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2007-06 (Jun)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2007-10 (Oct)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2007-12 (Dec)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2008-01 (Jan)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2008-02 (Feb)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2008-03 (Mar)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2008-05 (May)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Scans\2008-08 (Aug)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Skype Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Videos\THE_KILLING_FIELDS (D)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\My Videos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Facebook Alaska\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Facebook Victoria BC\Facebook Beijing\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Facebook Victoria BC\Facebook Siem Reap\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Facebook Victoria BC\Life in Durham\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Facebook Victoria BC\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Graduation\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Holiday 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Holiday in USA\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\May 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\2007 Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Alaska Cruise\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Alaska Cruise 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\April 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Aunt Wedding\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Aunt Wedding\Aunt's wedding\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Aunt Wedding\Aunt's wedding\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Beijing\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Develop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Develop 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\New home\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Nov 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Pregnancy\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Quatermaine\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Apartments in Charlotte\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\cny +my's b-day\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Disney\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Disney -Developed\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Disney -Developed\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\February 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\January 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Life in Durham\Life in Durham-Developed\Potluck\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Life in Durham\Life in Durham-Developed\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Life in Durham\Etc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Life in Durham\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Ling-Ling\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Malaysia\Summer Break 05\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Malaysia\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\March 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\New York City Oct18 till Oct 23\New York-developed\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\New York City Oct18 till Oct 23\New York-developed\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\New York City Oct18 till Oct 23\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\New York Internship\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Party bus & Jack Welch\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Springbreak 05\Develop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Springbreak 05\Develop\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Springbreak 05\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Winter 2005\develop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Saved files\Winter 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Siem Reap\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Siem Reap & Beijing - Develop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Summer 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Upload\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Upload\Upload1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\Wedding photos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Pictures\WT's Graduation\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Clippy Hut\New Folder\Colorful clips\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\MY\Clippy Hut\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\Y.W.T\Job Search\Online Application\JPMorgan Asia Pacific_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\Y.W.T\Job Search\Online Application\McKinsey & Company Online Application_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\Y.W.T\Pers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\Y.W.T\Subjects\Archive\Communications\Global warming\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\Y.W.T\Subjects\Archive\Computer Skills\Assign 1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\Y.W.T\Subjects\Archive\Computer Skills\Assign 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\Y.W.T\Subjects\Archive\Computer Skills\Web Publishing\WTYComputerSkillsWebSite\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\WTY\My Documents\Y.W.T\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 850

< End of report >


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:04 PM

Posted 26 August 2008 - 10:05 AM

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).

Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Processes - Non-Microsoft Only]
YY -> wxqlmpmn.exe -> %SystemRoot%\system32\wxqlmpmn.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> SemanticInsight -> %ProgramFiles%\RXToolBar\Semantic Insight\SemanticInsight.exe [C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> EnChkDb -> %SystemRoot%\system32\wbybohyz.exe [C:\WINDOWS\system32\wbybohyz.exe]
YY -> SmartMonEn -> %SystemRoot%\system32\wxqlmpmn.exe [C:\WINDOWS\system32\wxqlmpmn.exe]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\B1OZAADLI0 -> %AllUsersProfile%\Application Data\uzityven\cbwpened.exe [C:\Documents and Settings\All Users\Application Data\uzityven\cbwpened.exe]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> uzityven -> %AllUsersProfile%\Application Data\uzityven
[Files/Folders - Modified Within 30 days]
NY -> wbybohyz.exe -> %SystemRoot%\System32\wbybohyz.exe
NY -> wxqlmpmn.exe -> %SystemRoot%\System32\wxqlmpmn.exe
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> uzityven -> %AllUsersProfile%\Application Data\uzityven
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
=====================
Post a new Hijackthis
log and the OT Scan it results and let me know how it is running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 atv76

atv76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 26 August 2008 - 08:20 PM

Thanks again-

[Processes - Non-Microsoft Only]
Process wxqlmpmn.exe killed successfully.
C:\WINDOWS\system32\wxqlmpmn.exe moved successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SemanticInsight deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EnChkDb deleted successfully.
File C:\WINDOWS\system32\wbybohyz.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SmartMonEn deleted successfully.
File C:\WINDOWS\system32\wxqlmpmn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\B1OZAADLI0 deleted successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\uzityven folder moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\wbybohyz.exe not found!
File C:\WINDOWS\System32\wxqlmpmn.exe not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\All Users\Application Data\uzityven not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Wee Tang Yee\Local Settings\Temp\~DFAE21.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Wee Tang Yee\Local Settings\Temp\~DFAE44.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\gise8f49c\32x32_ale.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\32x32_upd.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\ci.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\cires_en.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\desktop.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\earth.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\empty.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\eula.htm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdater.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdaterAdminPrefs.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdaterInstallMgr.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdaterService.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdaterSetup.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\gtfirstboot.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\history.htm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\installer.htm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\lm.htm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\localized_eula.htm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\maintainer.htm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\minus.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\msg_error.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\npCIDetect11.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\pack.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\pack_large.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\pack_logo.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\picasa.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\plus.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\preferences.htm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\proxy.htm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\roundl_g.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\roundr_g.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\shield.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\sort_down.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\sort_up.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\talk.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\toolbar.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\ui.css scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\ui.js scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\ul.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\updates.htm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\ur.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\waiting.gif scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\gise8f49c\waiting32.gif scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08262008_211020

Files moved on Reboot...
File C:\Documents and Settings\Wee Tang Yee\Local Settings\Temp\~DFAE21.tmp not found!
File C:\Documents and Settings\Wee Tang Yee\Local Settings\Temp\~DFAE44.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\32x32_ale.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\32x32_upd.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\ci.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\cires_en.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\desktop.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\earth.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\empty.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\eula.htm scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdater.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdaterAdminPrefs.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdaterInstallMgr.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdaterService.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\GoogleUpdaterSetup.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\gtfirstboot.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\history.htm scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\installer.htm scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\lm.htm scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\localized_eula.htm scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\maintainer.htm scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\minus.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\msg_error.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\npCIDetect11.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\pack.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\pack_large.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\pack_logo.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\picasa.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\plus.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\preferences.htm scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\proxy.htm scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\roundl_g.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\roundr_g.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\shield.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\sort_down.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\sort_up.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\talk.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\toolbar.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\ui.css scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\ui.js scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\ul.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\updates.htm scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\ur.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\waiting.gif scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\gise8f49c\waiting32.gif scheduled to be moved on reboot.

#6 atv76

atv76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 26 August 2008 - 08:24 PM

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:04 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\WTY\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PicasaNet] "C:\Documents and Settings\Wee Tang Yee\My Documents\Meiyen\Pictures\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127787423232
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 13537 bytes

#7 atv76

atv76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 26 August 2008 - 08:27 PM

Let me use the comp for a few hours and i will let you know if the problem has gone away. Thanks.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:04 PM

Posted 27 August 2008 - 05:04 AM

Ok
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 atv76

atv76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 27 August 2008 - 09:49 PM

Kahdah - Thanks for your help. The problem appears to have gone away.

You're awesome!

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:04 PM

Posted 27 August 2008 - 10:16 PM

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
==============
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users