Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
13 replies to this topic

#1 A87CEO

A87CEO

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 AM

Posted 28 August 2008 - 05:30 PM

:thumbsup: Can someoelook at thislog file andll if there is something in my computer, that should not be there? :) My computer is ra slow. Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:02 PM

Posted 13 September 2008 - 06:42 AM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image

#3 A87CEO

A87CEO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 AM

Posted 16 September 2008 - 02:45 PM

Thank you for your response. Here are the logs you requested:

info.txt logfile of random's system information tool 1.01 2008-09-15 09:56:35

Uninstall list

-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
3D Home Architect Home Décor and Design-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{71C94C17-5E02-4919-A07C-EF2EDE54B450}
Adobe Acrobat 7.0.9 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Registration-->"C:\Program Files\AOL\RC\uninstall.exe"
AOL Toolbar for Internet Explorer-->"C:\Program Files\AOL Toolbar\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AutoCAD 2007 - English-->MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CallingID Link Advisor-->MsiExec.exe /X{6071E0F5-A11A-4AAC-9AB8-468A2DA8C2A2}
CallingID-->MsiExec.exe /X{01DA2D62-595E-4348-A763-D6788680C671}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
CPC Review 2008-->C:\WINDOWS\iun6002.exe "C:\Program Files\CPC Review 2008\irunin.ini"
DB CIF Cam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
Debugging Tools for Windows-->MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Laser Printer 1100 Software Uninstall-->C:\Program Files\DELL\Dell Laser Printer 1100\Install\setup.exe /Uninstall
Dell Support 3.2.1-->MsiExec.exe /X{7A35F91E-1D16-454F-A248-B9B782A2327C}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Disney Pix 2.0-->MsiExec.exe /X{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}
Dll Orphans-->C:\Program Files\Camtech\Dll Orphans\Uninstal.exe
DTCLookup-->C:\PROGRA~1\DTCLOO~1\UNWISE.EXE C:\PROGRA~1\DTCLOO~1\INSTALL.LOG
Easy XP Manager-->"C:\Program Files\InstallShield Installation Information\{20607E68-DF42-4722-B185-56A3F2B3F352}\setup.exe" -runfromtemp -l0x0009 -removeonly
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Expedia Fare Alert-->MsiExec.exe /X{398C2796-C320-485C-9226-3E5AD0CAFABE}
Extended Language Support Fonts Package-->MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-E98530000001}
Family Lawyer 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95C2FBF3-4462-41E3-89DC-0F784387BD53}\setup.exe" -l0x9
FileAlyzer-->"C:\Program Files\Safer Networking\FileAlyzer\unins000.exe"
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hanes® T-ShirtMaker® Deluxe Plus-->MsiExec.exe /I{BC821C1F-B3F3-42ED-B579-83151FE36FDA}
Hidden Utilities XP-->MsiExec.exe /I{E4E3B247-9A66-45B0-A624-278A0606B896}
HijackThis 2.0.2-->"c:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk E-mail Reporting Tool-->MsiExec.exe /I{B72B06E0-0C54-495F-896F-E3ED2905624D}
Kids Cam Show and Share Creativity Center -->C:\PROGRA~1\KIDSCA~1\Setup.exe /remove /q0
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
Match-Up!-->MsiExec.exe /I{439800C9-FD42-4EA3-94D2-063DF0926873}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Standard 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006-->MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft IPsec Diagnostic Tool-->MsiExec.exe /X{931DCC98-DA00-4908-8356-FB822088E278}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Location Finder-->MsiExec.exe /I{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 International Character Toolbar-->MsiExec.exe /I{B6828215-1469-43A2-8BEE-F5A970F98161}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint 2003 Template Creation Wizard-->MsiExec.exe /I{39B1915D-3CBA-42F8-8A58-2AB5587BF863}
Microsoft Office PowerPoint 2003 Template Pack 1-->MsiExec.exe /I{90AB0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint 2003 Template Pack 2-->MsiExec.exe /I{90AC0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint 2003 Template Pack 3-->MsiExec.exe /I{90AD0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Standard 2003-->MsiExec.exe /I{913A0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds-->MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Standard 2003-->MsiExec.exe /I{91530409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Producer for Microsoft Office PowerPoint 2003-->MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-15E08F691033}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Streets & Trips 2006-->MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft Video Email add-in for Outlook 2003-->MsiExec.exe /X{05383BE9-DB28-4BAE-9177-A2BC21CAF625}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
m-Vision-->C:\Program Files\Microsoft ActiveSync\m-Vision\Uninstall.exe m-Vision
NETGEAR Wireless Adapter WPN311-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB938897-211A-4999-9749-236D2E8E464A}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
Philips SPC710NC Webcam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14B99A75-85F7-4AAE-8D07-50F91BD609AB}\setup.exe" -l0x9
Philips VLounge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B3A8956-FAF7-4DB7-897C-86926C5323D2}\Setup.exe" -l0x9
Picture Painter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CCD94FE-325B-4D3A-BBBD-E34AE6F3885C}\setup.exe" -l0x9 -removeonly
PKZIP for Windows 8.00.0037-->MsiExec.exe /I{D2522E9A-7E37-4116-9965-41AAE7A775DA}
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Project Report Presentation Add-in for Microsoft Office Project 2003-->MsiExec.exe /I{9B6C2105-4489-46AB-AD28-4535D9011136}
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Read in Microsoft Reader Add-in for Microsoft Word-->MsiExec.exe /I{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
Registry First Aid-->"C:\Program Files\RFA\unins000.exe"
Registry Mechanic 6.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Road Runner Medic 6.1-->"C:\Program Files\twc\medicsp2\unins000.exe"
RoadRunner-->MsiExec.exe /I{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic RecordNow! Deluxe-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Simple Backup-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Tidy Start Menu-->C:\Program Files\Tidy Start Menu\uninstall.exe
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
TurboTax Premier 2007-->C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
V CAST Music with Rhapsody-->C:\PROGRA~1\VCASTM~1\Unwise32.exe /A C:\PROGRA~1\VCASTM~1\install.log
VGA Dual-Mode Camera-->MsiExec.exe /X{44E75850-B838-43D2-8F37-84D3FB71FF6E}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 07/18/2006 2.0.1.0-->C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DPInst.exe /u mr97310v_930effb4fb2946cade43a25b55651187aae405f3
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Local Add-in for Microsoft Office Outlook-->MsiExec.exe /I{671CB656-DCED-4C30-90AD-CA75CB5C7BAA}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {7FF0415A-C82A-4715-B31F-6DBB8D28C1CA}
Windows Live Toolbar-->MsiExec.exe /X{7FF0415A-C82A-4715-B31F-6DBB8D28C1CA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client-->MsiExec.exe /X{3192A00C-7336-48C6-8BD7-54B9CFA6F7C1}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinWay Resume Deluxe-->MsiExec.exe /x{536E1504-E2E0-4B25-9D61-5418DE8319A4}

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: AVG Anti-Virus Free
AV: eTrust EZ Antivirus (outdated)
FW: eTrust EZ Firewall (disabled)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"devmgr_show_nonpresent_devices"=1
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0409
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

===============EOF====================================================================================


Logfile of random's system information tool 1.01 (written by random/random)
Run by PAPITO at 2008-09-15 09:55:55
Microsoft Windows XP Professional Service Pack 3, v.3311
System drive C: has 101 GB (68%) free of 148 GB
Total RAM: 502 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:27 AM, on 9/15/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DellSupport\brkrsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1140075211\ee\AOLSoftware.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\Philips SPC710NC Webcam\TrayMin710.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Common Files\AOL\1140075211\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\CallingID\Light\CIDGlobalLight.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PAPITO\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\PAPITO.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CallingID for IE - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140075211\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dla] c:\i386\tfswctrl.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\PAPITO\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: TrayMin710.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 13189 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Registry First Aid autoscan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-28 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-28 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2008-07-07 1275232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-07-14 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-07-25 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-07-19 543008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84}]
CallingID BHO - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll [2007-12-14 275896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2008-07-07 1275232]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-07-19 543008]
{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - CallingID - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll [2007-12-14 275896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-07-14 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-06-10 217088]
"HostManager"=C:\Program Files\Common Files\AOL\1140075211\ee\AOLSoftware.exe [2008-06-24 41824]
"phc710"=C:\WINDOWS\vphc700.exe [2005-07-20 339968]
"medicsp2"=C:\Program Files\twc\medicsp2\bin\sprtcmd.exe [2007-03-07 198184]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"dla"=c:\i386\tfswctrl.exe [2004-12-06 127035]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-28 1235736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\PROGRA~1\DELLSU~1\DSAgnt.exe [2006-08-28 395776]
"cdloader"=C:\Documents and Settings\PAPITO\Application Data\mjusbsp\cdloader2.exe [2008-07-22 50520]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-07-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2006-02-09 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE [2004-03-04 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2005-09-08 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe [2005-09-08 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-02-12 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-08-28 214560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-25 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
C:\Program Files\Microsoft IntelliType Pro\type32.exe [2005-06-10 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Firewall Commander]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
c:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
c:\PROGRA~1\AUTOCA~2\AUTOCA~1\Bin\acadFeui\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
c:\PROGRA~1\MI1933~1\OFFICE11\OSA.EXE [2007-03-22 99672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PKZIP Attachments Status.lnk]
C:\PROGRA~1\PKWARE\PKZIPM\800~1.003\PKTray.exe [2005-01-28 169056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"GoogleDesktopManager"=3
"RasMan"=2
"RasAuto"=3
"CiSvc"=3
"Schedule"=2
"PolicyAgent"=2
"Adobe LM Service"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
TrayMin710.exe.lnk - C:\Program Files\Philips\Philips SPC710NC Webcam\TrayMin710.exe

C:\Documents and Settings\PAPITO\Start Menu\Programs\Startup
NETGEAR WPN311 Wireless Assistant.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"=C:\Program Files\CallingID\LinkAdvisor\CIDLinkAdvisor.dll [2007-12-14 562616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCPL"=0
"NoDispCPL"=0
"NoDispScrSavPage"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoDevMgrPage"=0
"NoConfigPage"=0
"NoVirtMemPage"=0
"NoFileSysPage"=0
"NoNetSetup"=0
"NoNetSetupIDPage"=0
"NoNetSetupSecurityPage"=0
"NoWorkgroupContents"=0
"NoEntireNetwork"=0
"NoFileSharingControl"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe"="C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\Documents and Settings\JOEY & MONICA\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\JOEY & MONICA\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\AOL\1140075211\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1140075211\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL Topspeed"
"C:\Program Files\Common Files\AOL\1140075211\ee\AOLDesktop.exe"="C:\Program Files\Common Files\AOL\1140075211\ee\AOLDesktop.exe:*:Enabled:AOL Desktop"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\PAPITO\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\PAPITO\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

File associations

.js - open -
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-15 09:55:55 ----D---- C:\rsit
2008-09-12 21:55:06 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-12 21:20:46 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-12 21:20:19 ----D---- C:\Program Files\iPod
2008-09-12 21:20:09 ----D---- C:\Program Files\iTunes
2008-09-12 21:20:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 21:18:03 ----D---- C:\Program Files\Bonjour
2008-09-12 21:16:32 ----D---- C:\Program Files\QuickTime
2008-09-06 18:50:13 ----A---- C:\WINDOWS\iun6002.exe
2008-09-06 18:49:42 ----D---- C:\Program Files\CPC Review 2008
2008-09-05 16:09:34 ----A---- C:\WINDOWS\system32\sqlt28_8859_1m.dll
2008-09-05 16:09:33 ----D---- C:\Program Files\DTCLookup
2008-09-05 16:09:33 ----A---- C:\WINDOWS\system32\sqltp28.dll
2008-09-05 16:09:32 ----A---- C:\WINDOWS\system32\vbar332.dll
2008-09-04 17:32:21 ----D---- C:\Documents and Settings\PAPITO\Application Data\Malwarebytes
2008-09-04 17:32:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-04 17:32:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-28 17:04:46 ----A---- C:\WINDOWS\msoffice.ini
2008-08-28 15:05:53 ----D---- C:\WINDOWS\system32\Adobe
2008-08-28 14:21:59 ----D---- C:\Program Files\Common Files\xing shared
2008-08-28 13:22:43 ----D---- C:\Program Files\filehippo.com
2008-08-27 19:04:25 ----D---- C:\Documents and Settings\PAPITO\Application Data\acccore
2008-08-27 18:59:49 ----D---- C:\Program Files\AOL Toolbar
2008-08-11 21:10:57 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem.txt
2008-08-11 21:07:14 ----D---- C:\Program Files\V CAST Music with Rhapsody
2008-08-11 21:04:00 ----D---- C:\Program Files\LG Electronics
2008-08-11 13:50:38 ----D---- C:\Program Files\Microsoft Silverlight
2008-07-30 09:27:39 ----A---- C:\WINDOWS\system32\AOLDial.dll
2008-07-30 01:13:41 ----D---- C:\Program Files\Microsoft Bootvis
2008-07-30 00:03:37 ----HD---- C:\$AVG8.VAULT$
2008-07-28 07:26:19 ----D---- C:\Program Files\Process Explorer
2008-07-24 17:41:18 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-07-24 02:04:31 ----D---- C:\Documents and Settings\PAPITO\Application Data\GetRight
2008-07-19 22:44:18 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-07-17 16:46:14 ----D---- C:\Program Files\Pest Patrol
2008-07-15 09:20:59 ----D---- C:\Program Files\Safer Networking
2008-07-15 01:12:11 ----D---- C:\WINDOWS\ERDNT
2008-07-15 01:10:31 ----D---- C:\Deckard
2008-07-14 23:18:54 ----D---- C:\Program Files\Recuva
2008-07-14 21:31:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-14 21:31:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-14 21:31:02 ----A---- C:\WINDOWS\system32\java.exe
2008-07-14 21:27:49 ----D---- C:\Program Files\Common Files\Java
2008-07-14 20:27:25 ----D---- C:\Program Files\Registry Easy
2008-07-14 19:00:56 ----D---- C:\Program Files\Trend Micro
2008-07-14 16:03:01 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-09 09:37:37 ----D---- C:\Documents and Settings\PAPITO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-09 09:09:22 ----D---- C:\Program Files\Google
2008-07-09 09:09:16 ----D---- C:\Program Files\FlashGet
2008-07-09 09:03:28 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-06-28 18:53:51 ----D---- C:\Documents and Settings\PAPITO\Application Data\CallingID
2008-06-28 18:53:43 ----D---- C:\Program Files\CallingID
2008-06-18 18:22:49 ----A---- C:\WINDOWS\system32\ping.txt
2008-06-18 06:50:08 ----D---- C:\Program Files\Conduit

List of drivers

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-24 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-02-11 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-02-11 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-08 17801]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 AR5211;NETGEAR WPN311 V1H3 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\WPN311.sys [2006-07-04 472000]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-02-11 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 phc700;USB PC Camera (phc710); C:\WINDOWS\system32\DRIVERS\phc700.sys [2005-06-07 541568]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-06-10 21760]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-08-17 1022040]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-02-11 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-02-11 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-02-11 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-02-11 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-02-11 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-02-11 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-02-11 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 BRIDGE;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-02-11 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-02-11 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-02-11 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-02-11 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-02-11 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-02-11 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-02-11 11136]
S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-02-11 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-02-11 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-02-11 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-02-11 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-02-11 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-02-11 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-02-11 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-02-11 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-02-11 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-02-11 42240]

List of services

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-02-12 267776]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
R2 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2); C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2008-02-03 202280]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S2 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-02-12 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-10-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-03-05 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-14 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-11-23 89792]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

===============EOF====================================================================================


KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 15, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3, v.3311 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 15, 2008 17:47:28
Records in database: 1236519


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics
Files scanned 139887
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 08:11:27

File name Threat name Threats count
C:\Documents and Settings\JOEY & MONICA\Application Data\Sun\Java\Deployment\cache\6.0\21\737d53d5-60e84275 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\My Downloads\Outlook Password Recovery.zip Infected: not-a-virus:PSWTool.Win32.MailPassView.a 1

C:\Program Files\Philips\Philips SPC710NC Webcam\MioNet\install_MioNet_ver1_6_11.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

The selected area was scanned.

============================================================================================================================================================================================================

Again, thank you very much for your assistance, and hope to hear from you soon. :thumbsup:

#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:02 PM

Posted 16 September 2008 - 11:13 PM

Hello

Step #1
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.


Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

1. Click Start, point to Settings, and then click Control Panel.
2. In Control Panel, double-click Add or Remove Programs.
3. In Add or Remove Programs, highlight >>Viewpoint Media Player<< , click Remove.


Step #2
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O24 - Desktop Component 0: (no name) - (no file)


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Step #3
Backup Your Registry with ERUNT
  • Please click HERE to download Erunt.zip
  • Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Reboot your computer.

Step #4
View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Documents and Settings\All Users\Application Data\SecTaskMan
C:\Program Files\Viewpoint

Step #5
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Step #6
Please post a fresh hijackthis log and Mbam results back here :thumbsup:
How's your pc working now?

Edited by Baabiouz, 16 September 2008 - 11:15 PM.

Posted Image

#5 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:02 PM

Posted 26 September 2008 - 01:57 PM

A87CEO, are you still there? :thumbsup:
Posted Image

#6 A87CEO

A87CEO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 AM

Posted 28 September 2008 - 02:38 AM

Thank you for your help. My computer is running better now. The only exception is that for some reason, evrytime I log on, it tries to run the installation for Corel Photo Album 6, or something like that. I used to have that program, but I thought I'd taken out long time ago. I checked, and the program is not in my computer, so I think something was left after I deleted it. Is there any way to delete a file that is not there? Perhaps there is something on the register, that was left after I deleted the program, but registry mechanic has not detected it. Any assitance with this new issue will be appreciated.
Here is the Malwarebytes Log and a new HijackThis log.

Malwarebytes' Anti-Malware 1.28
Database version: 1143
Windows 5.1.2600 Service Pack 3, v.3311

9/28/2008 12:09:45 AM
mbam-log-2008-09-28 (00-09-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 194292
Time elapsed: 1 hour(s), 42 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

======================================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:47 AM, on 9/28/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\DellSupport\brkrsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1140075211\ee\AOLSoftware.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\Philips SPC710NC Webcam\TrayMin710.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Common Files\AOL\1140075211\ee\aolsoftware.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\CallingID\Light\CIDGlobalLight.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\common files\installshield\updateservice\isuspm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CallingID for IE - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140075211\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dla] c:\i386\tfswctrl.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\PAPITO\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4249373095-1014057376-1622322606-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JOEY & MONICA')
O4 - HKUS\S-1-5-21-4249373095-1014057376-1622322606-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'JOEY & MONICA')
O4 - Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: TrayMin710.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 13189 bytes

#7 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:02 PM

Posted 28 September 2008 - 03:07 AM

Hello

Let's remove Corel Photo Album 6:

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):


Corel Photo Album 6


Backup Your Registry with ERUNT
  • Please click HERE to download Erunt.zip
  • Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Reboot your computer.


Then using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Corel\Corel Photo Album 6

If you don't have other Corel products, you can delete C:\Program Files\Corel folder also.


Did it help? :thumbsup:
Posted Image

#8 A87CEO

A87CEO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 AM

Posted 01 October 2008 - 11:20 AM

I followed your instructions, but windows is still trying to install Corel Photo. I went one step further and run regedit, and looked into every possible registry entry with Corel, and deleted everyone of them. What next? :thumbsup:

#9 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:02 PM

Posted 01 October 2008 - 11:30 AM

Hello :thumbsup:

Please go to http://www.billsway.com/vbspage/ and scroll down (the downloaded programs are in alphabetical order) to:

Registry Search Tool
Download, unzip and run RegSrch.vbs
Copy and paste this numerical string into the dialog box: Corel

After a while a prompt will come up. Click OK to write the results to wordpad/notepad and post the log which is generated. (if there are any results)
Posted Image

#10 A87CEO

A87CEO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 AM

Posted 01 October 2008 - 12:27 PM

Here it is:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Corel" 10/1/2008 10:09:05 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CIDCoreLight.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E5F730C1-8F7F-4385-9812-0AF3B5514D8D}]
@="CIDCoreLight"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Cscape.exe\shell\Open\ddeexec\Application]
@="Corel Netscape"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.CoreLight2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.CoreLight2]
@="CoreLight2 Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.CoreLight2\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.CoreLight2\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.CoreLight2\CurVer]
@="CIDCoreLight.CoreLight2.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.CoreLight2.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.CoreLight2.1]
@="CoreLight2 Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.CoreLight2.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.ItemLight]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.ItemLight\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.ItemLight\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.ItemLight\CurVer]
@="CIDCoreLight.ItemLight.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.ItemLight.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.ItemLight.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.SecurityProblemLight]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.SecurityProblemLight\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.SecurityProblemLight\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.SecurityProblemLight\CurVer]
@="CIDCoreLight.SecurityProblemLight.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.SecurityProblemLight.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CIDCoreLight.SecurityProblemLight.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002B400-0000-0000-C000-000000000046}]
@="Corel Quattro Pro 8 Notebook"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002B400-0000-0000-C000-000000000046}\AuxUserType\3]
@="Corel Quattro Pro 8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002B401-0000-0000-C000-000000000046}]
@="Corel Quattro Pro 8 Chart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002B401-0000-0000-C000-000000000046}\AuxUserType\3]
@="Corel Quattro Pro 8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B070D47-2318-4ea6-892E-E5BCC15A65B7}\InprocServer32]
@="C:\\Program Files\\CallingID\\Light\\CIDCoreLight.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B070D47-2318-4ea6-892E-E5BCC15A65B7}\ProgID]
@="CIDCoreLight.ItemLight.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B070D47-2318-4ea6-892E-E5BCC15A65B7}\VersionIndependentProgID]
@="CIDCoreLight.ItemLight"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DF7ECC-1610-4312-82CA-535D2A649706}\InprocServer32]
@="C:\\Program Files\\CallingID\\Light\\CIDCoreLight.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DF7ECC-1610-4312-82CA-535D2A649706}\ProgID]
@="CIDCoreLight.SecurityProblemLight.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DF7ECC-1610-4312-82CA-535D2A649706}\VersionIndependentProgID]
@="CIDCoreLight.SecurityProblemLight"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC97B82-61DF-46ff-87A1-B16B553CCBEE}]
@="CoreLight2 Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC97B82-61DF-46ff-87A1-B16B553CCBEE}\InprocServer32]
@="C:\\Program Files\\CallingID\\Light\\CIDCoreLight.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC97B82-61DF-46ff-87A1-B16B553CCBEE}\ProgID]
@="CIDCoreLight.CoreLight2.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC97B82-61DF-46ff-87A1-B16B553CCBEE}\VersionIndependentProgID]
@="CIDCoreLight.CoreLight2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}\ProgID]
@="CorelPhotoAlbumPhoto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D903FD0A-1756-4C93-B339-8C43DC70E0F7}\InProcServer32]
@="C:\\Program Files\\CallingID\\Light\\CIDCoreLight.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\85674494FC3537C4A9405E0BA90D9705\SourceList\Media]
"DiskPrompt"="Corel Photo Album 6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\BF7B2563BEDCC484A990B792F9317C11\SourceList]
"PackageName"="Corel Photo Album 6.31 English.msp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\BF7B2563BEDCC484A990B792F9317C11\SourceList\Media]
"DiskPrompt"="Corel Photo Album 6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8418B9A87DDDF844DBC65338683D3245]
"ProductName"="Corel Photo Album 6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8418B9A87DDDF844DBC65338683D3245\SourceList\Media]
"DiskPrompt"="Corel Photo Album 6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0916B6C4-6E81-405A-A792-C8D87AD12B8B}]
@="_ICIDCoreLightEvents2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41C100FE-BBBC-4E40-8FB3-5B91749585B0}]
@="_ICIDCoreLightEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AD48CC1-B3C9-4F02-8971-F5DFECCDFCA1}]
@="_ICIDCoreLightEvents3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CB04761F-D812-4A0A-A00D-5F15A8EDD49A}]
@="ICIDCoreLight2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D903FD0A-1756-4C93-B339-8C43DC70E0F7}]
@="ICIDCoreLight3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAB35821-3E72-4147-9D6B-1E6B27C25845}]
@="ICIDCoreLight"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuattroPro.Chart.7]
@="Corel Quattro Pro 8 Chart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuattroPro.Graph.6]
@="Corel Quattro Pro 8 Chart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuattroPro.Notebook.6]
@="Corel Quattro Pro 8 Notebook"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuattroPro.Notebook.7]
@="Corel Quattro Pro 8 Notebook"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuattroProGraph]
@="Corel Quattro Pro Graph"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuattroProNotebook]
@="Corel Quattro Pro Notebook"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C20D3020-43A1-4C5A-9EA7-9BB119250334}\1.0]
@="CIDCoreLight 2.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C20D3020-43A1-4C5A-9EA7-9BB119250334}\1.0\0\win32]
@="C:\\Program Files\\CallingID\\Light\\CIDCoreLight.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Jasc\Installed\Products\Album]
"Location"="SOFTWARE\\Corel\\Photo Album 6\\6.0\\Install"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Graphics Filters\Import\CDR]
"Name"="Corel Draw"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\Administrator\\My Documents\\My Music\\Corel Sample Music\\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Graphics\\Corel Photo Center\\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F6EA35D688FBEB4581A003C436052C2]
"8418B9A87DDDF844DBC65338683D3245"="02:\\Software\\Corel\\UpdateService\\Version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1743EC95C26FA664B9F90522ED825E7D]
"8418B9A87DDDF844DBC65338683D3245"="C?\\Program Files\\Common Files\\Corel\\AutoUpdate\\English\\AutoUpdateRC.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\183BD8DEEEB1DCB4B9694B76CDB1CC81]
"8418B9A87DDDF844DBC65338683D3245"="02:\\Software\\Corel\\Installed\\Photo Album 6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1976ADBC2153EA745B0502D4CF9F988C]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\sv.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2400A2E85D16EA54FBCE6A724E281DE6]
"8418B9A87DDDF844DBC65338683D3245"="02:\\Software\\Corel\\Photo Album 6\\6.0\\Install\\EULA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AAF03F86487B134888937E0017BEB8C]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\ru.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C508F83F6FE7F64892E973E48EFCEFE]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\es.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EDC63BC1647052478334EC419F9FA12]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\pt.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EFFE2564F28B7143AC3F2E31A4FDF9E]
"8418B9A87DDDF844DBC65338683D3245"="c:\\Documents and Settings\\PAPITO\\Local Settings\\Application Data\\Corel Photo Album\\6\\PhotoAlbumCache\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C5FC80EB89DB37409FAAE9CE01B0725]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\nb.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DABEF01108EE96428AE9EF2BE6E3251]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\de.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\708590E53D5805045BCB36EB0BE59AEB]
"8418B9A87DDDF844DBC65338683D3245"="02:\\Software\\Corel\\UpdateService\\Path"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75B38502E1942E741A3E7D8ECC8AF326]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\da.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\783A71A40F1AEC847AC54C3FE26A730A]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\zh_TW.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F5D123527750E0419D52C5E554BE81C]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\zh_CN.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85578703A3024A8489FE1F641D099A3D]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\fr.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE4A2AB5E5089D4A9CBFF240F16A03C]
"8418B9A87DDDF844DBC65338683D3245"="c:\\WINDOWS\\system32\\config\\systemprofile\\My Documents\\My Music\\Corel Sample Music\\Classical Interlude 1.mp3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93E3AE938F8E06243BBA761A9C1FA1B4]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\en.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\96389FC0DF6393F49ACB66155DC747A4]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\nl.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9B5050A224EE0F84EBE52C455FD7E121]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\ja.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9B97C13966CA5343A391B41E89C9D37]
"8418B9A87DDDF844DBC65338683D3245"="01:\\Software\\Corel\\Auto Update\\{8A9B8148-DDD7-448F-BD6C-358386D32354}\\Interval"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE0DA6F3286724F41903CF00FA4D71E8]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\fi.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C04B11BFB836C3740B0233419A238790]
"8418B9A87DDDF844DBC65338683D3245"="C?\\Program Files\\Common Files\\Corel\\AutoUpdate\\Update.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C251C80CF331D3248B9A4981846565AB]
"8418B9A87DDDF844DBC65338683D3245"="C?\\Program Files\\Common Files\\Corel\\AutoUpdate\\AutoUpdateRC.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3EB2CD7B2027D349834C9491BDFCE70]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\pt_PT.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB438A7FDD3C06A4F8F5CAE280A8281C]
"8418B9A87DDDF844DBC65338683D3245"="C?\\WINDOWS\\system32\\Corel Photo Album 6.scr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E134D76167101D145875082460EE194B]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\pl.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3243487F8C5AF5488B77A47B460ED8C]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\it.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FC00F8B7AEA1D6742A95E67831354781]
"AC598C7CB133D7D40ABF3DCB3697949F"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\SyncUICore.resources\\ko.lproj\\SyncUICoreLocalized.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FC36D8BF991B5DA4A8F701947F654870]
"8418B9A87DDDF844DBC65338683D3245"="01:\\Software\\Corel\\Photo Album 6\\Installer\\Shortcut_PhotoDownloader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\InstallProperties]
"DisplayName"="Corel Photo Album 6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\InstallProperties]
"URLUpdateInfo"="http://www.corel.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\InstallProperties]
"URLInfoAbout"="http://www.corel.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\InstallProperties]
"Publisher"="Corel, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\InstallProperties]
"Contact"="Corel Customer Service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\InstallProperties]
"Comments"="Installs Corel Photo Album 6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\Patches\85674494FC3537C4A9405E0BA90D9705]
"DisplayName"="Corel Photo Album 6.3.3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\Patches\85674494FC3537C4A9405E0BA90D9705]
"MoreInfoURL"="http://www.corel.com/support"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\Patches\BF7B2563BEDCC484A990B792F9317C11]
"DisplayName"="Corel Photo Album 6.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245\Patches\BF7B2563BEDCC484A990B792F9317C11]
"MoreInfoURL"="http://www.corel.com/support"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\WINDOWS\\system32\\Corel Photo Album 6.scr"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Program Files\\Common Files\\Corel\\AutoUpdate\\English\\AutoUpdateRC.dll"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Program Files\\Common Files\\Corel\\AutoUpdate\\Update.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Program Files\\Common Files\\Corel\\AutoUpdate\\AutoUpdateRC.dll"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\coreldrw.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A9B8148-DDD7-448F-BD6C-358386D32354}]
"DisplayName"="Corel Photo Album 6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A9B8148-DDD7-448F-BD6C-358386D32354}]
"URLUpdateInfo"="http://www.corel.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A9B8148-DDD7-448F-BD6C-358386D32354}]
"URLInfoAbout"="http://www.corel.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A9B8148-DDD7-448F-BD6C-358386D32354}]
"Publisher"="Corel, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A9B8148-DDD7-448F-BD6C-358386D32354}]
"Contact"="Corel Customer Service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A9B8148-DDD7-448F-BD6C-358386D32354}]
"Comments"="Installs Corel Photo Album 6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility]
"CORELCHT"="0x04000000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility]
"CORELDRW"="0x04048000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility]
"CORELPNT"="0x0C000000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility]
"CORELVP5"="0x04000000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32]
"CORELDRW"="0x04000000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"BinnerD"="C:\\WINDOWS\\Fonts\\Corel\\BINNERN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Cheltenham ITC Bold Italic"="C:\\WINDOWS\\Fonts\\Corel\\ICHLTHBI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Cheltenham ITC Bold"="C:\\WINDOWS\\Fonts\\Corel\\ICHLTHMB.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Cheltenham ITC Book"="C:\\WINDOWS\\Fonts\\Corel\\ICHLTHMN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Cheltenham ITC Book Italic"="C:\\WINDOWS\\Fonts\\Corel\\ICHLTHNI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Kaufmann Bold"="C:\\WINDOWS\\Fonts\\Corel\\KAUFMANB.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Kaufmann"="C:\\WINDOWS\\Fonts\\Corel\\KAUFMANN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Technical Italic"="C:\\WINDOWS\\Fonts\\Corel\\TECHNICI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Technical"="C:\\WINDOWS\\Fonts\\Corel\\TECHNICN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Charter Bold"="C:\\WINDOWS\\Fonts\\Corel\\CHARTRB.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Charter Bold Italic"="C:\\WINDOWS\\Fonts\\Corel\\CHARTRBI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Charter Italic"="C:\\WINDOWS\\Fonts\\Corel\\CHARTRI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Charter"="C:\\WINDOWS\\Fonts\\Corel\\CHARTRN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Franklin Gothic ITC Demi"="C:\\WINDOWS\\Fonts\\Corel\\FRKGOTD.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Franklin Gothic ITC Demi Italic"="C:\\WINDOWS\\Fonts\\Corel\\FRKGOTDI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Franklin Gothic ITC Book"="C:\\WINDOWS\\Fonts\\Corel\\FRKGOTN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Franklin Gothic ITC Book Italic"="C:\\WINDOWS\\Fonts\\Corel\\FRKGOTNI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"News Gothic Bold Italic"="C:\\WINDOWS\\Fonts\\Corel\\NEWGOTBI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"News Gothic Italic"="C:\\WINDOWS\\Fonts\\Corel\\NEWSGOT.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"News Gothic Bold"="C:\\WINDOWS\\Fonts\\Corel\\NEWSGOTB.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"News Gothic"="C:\\WINDOWS\\Fonts\\Corel\\NEWSGOTN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Zapf Humanist 601 Bold Italic"="C:\\WINDOWS\\Fonts\\Corel\\ZHU601BI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Zapf Humanist 601 Demi Italic"="C:\\WINDOWS\\Fonts\\Corel\\ZHU601DI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Zapf Humanist 601 Bold"="C:\\WINDOWS\\Fonts\\Corel\\ZHUM601B.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Zapf Humanist 601 Demi"="C:\\WINDOWS\\Fonts\\Corel\\ZHUM601D.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Zapf Humanist 601 Italic"="C:\\WINDOWS\\Fonts\\Corel\\ZHUM601I.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Zapf Humanist 601"="C:\\WINDOWS\\Fonts\\Corel\\ZHUM601N.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Galliard Bold"="C:\\WINDOWS\\Fonts\\Corel\\GALIRDB.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Galliard Bold Italic"="C:\\WINDOWS\\Fonts\\Corel\\GALIRDBI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Galliard Italic"="C:\\WINDOWS\\Fonts\\Corel\\GALIRDI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Galliard"="C:\\WINDOWS\\Fonts\\Corel\\GALIRDN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Futura Bold"="C:\\WINDOWS\\Fonts\\Corel\\FUTURAB.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Futura Bold Italic"="C:\\WINDOWS\\Fonts\\Corel\\FUTURABI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Futura Medium"="C:\\WINDOWS\\Fonts\\Corel\\FUTURAM.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Futura Medium Italic"="C:\\WINDOWS\\Fonts\\Corel\\FUTURAMI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Futura Book"="C:\\WINDOWS\\Fonts\\Corel\\FUTURAN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Futura Book Italic"="C:\\WINDOWS\\Fonts\\Corel\\FUTURANI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Goudy Old Style Bold Italic"="C:\\WINDOWS\\Fonts\\Corel\\GOUDOSBI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Goudy Old Style Bold"="C:\\WINDOWS\\Fonts\\Corel\\GOUDYOSB.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Goudy Old Style Italic"="C:\\WINDOWS\\Fonts\\Corel\\GOUDYOSI.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Goudy Old Style"="C:\\WINDOWS\\Fonts\\Corel\\GOUDYOSN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Korinna Regular"="C:\\WINDOWS\\Fonts\\Corel\\KORINAN.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"P.T. Barnum"="C:\\WINDOWS\\Fonts\\Corel\\PTBARNMN.TTF"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\StillImage\Events\Connected\{F17016CB-1047-4CD1-A1DE-6C52D4B0EAAF}]
"Name"="Corel Photo Album 6"

[HKEY_USERS\S-1-5-21-4249373095-1014057376-1622322606-1005\Software\Microsoft\FTP\Accounts\ftp.corel.com]

[HKEY_USERS\S-1-5-21-4249373095-1014057376-1622322606-1005\Software\Microsoft\FTP\Accounts\ftp.corel.com\a87ceo]

[HKEY_USERS\S-1-5-21-4249373095-1014057376-1622322606-1005\Software\Microsoft\FTP\Accounts\ftp.corel.com\admin]

[HKEY_USERS\S-1-5-21-4249373095-1014057376-1622322606-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids]
"CorelPhotoAlbumPhoto"=hex(0):

[HKEY_USERS\S-1-5-21-4249373095-1014057376-1622322606-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids]
"CorelPhotoAlbumPhoto"=hex(0):

[HKEY_USERS\S-1-5-21-4249373095-1014057376-1622322606-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids]
"CorelPhotoAlbumPhoto"=hex(0):

#11 A87CEO

A87CEO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 AM

Posted 01 October 2008 - 12:47 PM

I ALSO RUN THE STARTUP LIST FROM SAME SITE, AND GOT THE ATTACHED LIST. COREL PHOTO SHOWS AS ONE OF THE STARTUP PROGRAMS. DO I NEED ALL THOSE PROGRAMS AND SCRIPS TO RUN AT STARTUP? MAYBE THAT IS WHY MY COMPUTER IS SO SLOW????--- See entry COREL under: Additional non-relevant item(s) in the Startup configuration below (the list is alphabetically). THIS IS A SHORT VERSION OF THE LIST, BECAUSE IT IS TOO LONG TO POST. I'VE INCLUDE IT AS AN ATTACHEMENT IN CASE YOU WANT TO LOOK AT THE ENTIRE LIST.

Startup Items for Computer: MAINDESKTOP, User: PAPITO, 10/1/2008 9:52:42 AM Name: NETGEAR WPN311 Wireless Assistant
Command: NETGEAR WPN311 Wireless Assistant.lnk
User: MAINDESKTOP\PAPITO
Startup Location: Startup

Name: DellSupport
Command: "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
User: MAINDESKTOP\PAPITO
Startup Location: HKU\S-1-5-21-4249373095-1014057376-1622322606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: cdloader
Command: "C:\Documents and Settings\PAPITO\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
User: MAINDESKTOP\PAPITO
Startup Location: HKU\S-1-5-21-4249373095-1014057376-1622322606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: SpybotSD TeaTimer
Command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
User: MAINDESKTOP\PAPITO
Startup Location: HKU\S-1-5-21-4249373095-1014057376-1622322606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: ctfmon.exe
Command: C:\WINDOWS\system32\ctfmon.exe
User: MAINDESKTOP\PAPITO
Startup Location: HKU\S-1-5-21-4249373095-1014057376-1622322606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: Adobe Acrobat Speed Launcher
Command: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
User: All Users
Startup Location: Common Startup

Name: TrayMin710.exe
Command: C:\PROGRA~1\Philips\PHILIP~1\TRAYMI~1.EXE
User: All Users
Startup Location: Common Startup

Name: IntelliPoint
Command: "C:\Program Files\Microsoft IntelliPoint\point32.exe"
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: HostManager
Command: C:\Program Files\Common Files\AOL\1140075211\ee\AOLSoftware.exe
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: phc710
Command: C:\WINDOWS\vphc700.exe
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: medicsp2
Command: C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: Windows Defender
Command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: dla
Command: c:\i386\tfswctrl.exe
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: DellSupportCenter
Command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: SunJavaUpdateSched
Command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: AVG8_TRAY
Command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: Adobe Reader Speed Launcher
Command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: dscactivate
Command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: QuickTime Task
Command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: iTunesHelper
Command: "C:\Program Files\iTunes\iTunesHelper.exe"
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: ISUSPM Startup
Command: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: ISUSScheduler
Command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: rfagent
Command: "C:\Program Files\RFA\rfagent.exe"
User: All Users
Startup Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

*************************
Additional non-relevant item(s) in the Startup configuration:
Name: $ncsp$
Command: $ncsp$.inf
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: $winnt$
Command: $winnt$.inf
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: 12520437
Command: 12520437.cpx
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: 12520850
Command: 12520850.cpx
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: 4AD26FFDC9
Command: 4AD26FFDC9.sys
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: 6to4svc
Command: 6to4svc.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: aaaamon
Command: aaaamon.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: aaclient
Command: aaclient.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: aamd532
Command: aamd532.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: acad
Command: acad.err
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: access
Command: access.cpl
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: acctres
Command: acctres.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: accwiz
Command: accwiz.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: acelpdec
Command: acelpdec.ax
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: acledit
Command: acledit.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: aclui
Command: aclui.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: acs
Command: acs.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AcSignExt
Command: AcSignExt.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AcSignExtRes
Command: AcSignExtRes.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AcSignIcon
Command: AcSignIcon.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AcSignOpt
Command: AcSignOpt.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: activeds(3)
Command: activeds(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: activeds
Command: activeds.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: activeds
Command: activeds.tlb
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: actmovie
Command: actmovie.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: actxprxy(2)
Command: actxprxy(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: actxprxy
Command: actxprxy.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: admparse
Command: admparse.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AdobePDF
Command: AdobePDF.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: adptif
Command: adptif.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: adsldp
Command: adsldp.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: adsldpc(3)
Command: adsldpc(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: adsldpc
Command: adsldpc.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: adsmsext
Command: adsmsext.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: adsnds
Command: adsnds.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: adsnt
Command: adsnt.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: adsnw
Command: adsnw.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: advapi32
Command: advapi32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: advpack(2)
Command: advpack(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: advpack
Command: advpack.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AegisE5
Command: AegisE5.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AegisI5
Command: AegisI5.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ahui
Command: ahui.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: alg(3)
Command: alg(3).exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: alg
Command: alg.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: alrsvc
Command: alrsvc.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: amcompat
Command: amcompat.tlb
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: amstream
Command: amstream.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ansi
Command: ansi.sys
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AOLDial
Command: AOLDial.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: apcups
Command: apcups.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: append
Command: append.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: apphelp
Command: apphelp.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: appmgmts
Command: appmgmts.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: appmgr
Command: appmgr.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: appwiz
Command: appwiz.cpl
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: arp
Command: arp.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: asctrls
Command: asctrls.ocx
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: asferror
Command: asferror.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: asr_fmt
Command: asr_fmt.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: asr_ldm
Command: asr_ldm.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: asr_pfu
Command: asr_pfu.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: asycfilt
Command: asycfilt.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: at
Command: at.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: athcfg11
Command: athcfg11.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: athcfg11res
Command: athcfg11res.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ATHPRXY
Command: ATHPRXY.DLL
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ati2cqag
Command: ati2cqag.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ati2dvaa
Command: ati2dvaa.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ati2dvag
Command: ati2dvag.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ati3d1ag
Command: ati3d1ag.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ati3duag
Command: ati3duag.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ativdaxx
Command: ativdaxx.ax
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ativmvxx
Command: ativmvxx.ax
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ativtmxx
Command: ativtmxx.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ativvaxx
Command: ativvaxx.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atkctrs
Command: atkctrs.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atl(3)
Command: atl(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atl
Command: atl.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atl70
Command: atl70.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atl71
Command: atl71.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atmadm
Command: atmadm.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atmfd(3)
Command: atmfd(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atmfd
Command: atmfd.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atmlib
Command: atmlib.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atmpvcno
Command: atmpvcno.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: atrace
Command: atrace.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: attrib
Command: attrib.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: audiodev
Command: audiodev.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: audiosrv(3)
Command: audiosrv(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: audiosrv
Command: audiosrv.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: auditusr
Command: auditusr.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: authz(3)
Command: authz(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: authz
Command: authz.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: autochk
Command: autochk.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: autoconv
Command: autoconv.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: autodisc
Command: autodisc.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AUTOEXEC
Command: AUTOEXEC.NT
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: autofmt
Command: autofmt.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: autolfn
Command: autolfn.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: avgrsstx
Command: avgrsstx.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: avgrsstx.dll
Command: avgrsstx.dll.old
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: avicap
Command: avicap.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: avicap32
Command: avicap32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: avifil32
Command: avifil32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: avifile
Command: avifile.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: avmeter
Command: avmeter.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: avtapi
Command: avtapi.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: avwav
Command: avwav.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: axaltocm
Command: axaltocm.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: AXDIST
Command: AXDIST.EXE
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: azroles
Command: azroles.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: basecsp
Command: basecsp.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: basesrv
Command: basesrv.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: batmeter(2)
Command: batmeter(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: batmeter
Command: batmeter.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: batt
Command: batt.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bcsprsrc
Command: bcsprsrc.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bidispl
Command: bidispl.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bios1
Command: bios1.rom
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bios4
Command: bios4.rom
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bitsprx2
Command: bitsprx2.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bitsprx3
Command: bitsprx3.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bitsprx4
Command: bitsprx4.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: blackbox
Command: blackbox.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: blastcln
Command: blastcln.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bootcfg
Command: bootcfg.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bootok
Command: bootok.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bootvid
Command: bootvid.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bootvrfy
Command: bootvrfy.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bopomofo
Command: bopomofo.uce
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: browselc(2)
Command: browselc(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: browselc
Command: browselc.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: browser(3)
Command: browser(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: browser
Command: browser.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: browseui(2)
Command: browseui(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: browseui
Command: browseui.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: browsewm
Command: browsewm.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bthci
Command: bthci.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bthprops
Command: bthprops.cpl
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: bthserv
Command: bthserv.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: btpanui
Command: btpanui.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: C9FD6FD24A
Command: C9FD6FD24A.sys
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cabinet(3)
Command: cabinet(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cabinet
Command: cabinet.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cabview
Command: cabview.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cacls
Command: cacls.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: calc
Command: calc.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: calcpt
Command: calcpt.chm
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: camocx
Command: camocx.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: capesnpn
Command: capesnpn.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cards
Command: cards.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: catsrv(3)
Command: catsrv(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: catsrv
Command: catsrv.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: catsrvps
Command: catsrvps.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: catsrvut(3)
Command: catsrvut(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: catsrvut
Command: catsrvut.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ccfgnt
Command: ccfgnt.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cdfview
Command: cdfview.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cdintf210
Command: cdintf210.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cdm
Command: cdm.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cdmodem
Command: cdmodem.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cdosys
Command: cdosys.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cdplayer.exe
Command: cdplayer.exe.manifest
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: certcli(3)
Command: certcli(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: certcli
Command: certcli.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: certmgr
Command: certmgr.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: certmgr
Command: certmgr.msc
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cewmdm
Command: cewmdm.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cfgbkend
Command: cfgbkend.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cfgmgr32(2)
Command: cfgmgr32(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cfgmgr32
Command: cfgmgr32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: charmap
Command: charmap.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: chcp
Command: chcp.com
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: chkdsk
Command: chkdsk.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: chkntfs
Command: chkntfs.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ciadmin
Command: ciadmin.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ciadv
Command: ciadv.msc
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cic
Command: cic.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cidaemon
Command: cidaemon.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ciodm
Command: ciodm.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cipher
Command: cipher.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cisvc
Command: cisvc.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: CJXP35SE
Command: CJXP35SE.EXE
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ckcnv
Command: ckcnv.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: clb
Command: clb.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: clbcatex
Command: clbcatex.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: clbcatq(3)
Command: clbcatq(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: clbcatq
Command: clbcatq.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cleanmgr
Command: cleanmgr.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cliconf
Command: cliconf.chm
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cliconfg
Command: cliconfg.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cliconfg
Command: cliconfg.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cliconfg
Command: cliconfg.rll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: clipbrd
Command: clipbrd.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: clipsrv
Command: clipsrv.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: clusapi(3)
Command: clusapi(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: clusapi
Command: clusapi.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmcfg32
Command: cmcfg32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmd
Command: cmd.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmdial32
Command: cmdial32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmdl32
Command: cmdl32.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmdlib
Command: cmdlib.wsc
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmmgr32
Command: cmmgr32.hlp
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmmon32
Command: cmmon32.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmos
Command: cmos.ram
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmpbk32
Command: cmpbk32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmprops
Command: cmprops.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmsetacl
Command: cmsetacl.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmstp
Command: cmstp.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cmutil
Command: cmutil.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cnbjmon(2)
Command: cnbjmon(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cnbjmon
Command: cnbjmon.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cnetcfg
Command: cnetcfg.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cnvfat
Command: cnvfat.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: colbact(3)
Command: colbact(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: colbact
Command: colbact.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comaddin
Command: comaddin.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comcat
Command: comcat.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comctl32
Command: comctl32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comctl32
Command: comctl32.ocx
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: COMCTL95
Command: COMCTL95.DLL
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: COMCTLNT
Command: COMCTLNT.DLL
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comdlg32
Command: comdlg32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comdlg32
Command: comdlg32.ocx
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comm
Command: comm.drv
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: command
Command: command.com
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: commdlg
Command: commdlg.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comp
Command: comp.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: compact
Command: compact.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: compatui
Command: compatui.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: compmgmt
Command: compmgmt.msc
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: compobj
Command: compobj.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: compstui
Command: compstui.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comrepl
Command: comrepl.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comres(3)
Command: comres(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comres
Command: comres.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comsdupd
Command: comsdupd.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comsnap
Command: comsnap.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comsvcs
Command: comsvcs.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: comuid
Command: comuid.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: CONFIG
Command: CONFIG.NT
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: confmsp(2)
Command: confmsp(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: confmsp
Command: confmsp.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: conime
Command: conime.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: console
Command: console.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: control
Command: control.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: convert
Command: convert.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: Corel Photo Album 6
Command: Corel Photo Album 6.scr
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: corpol(2)
Command: corpol(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: corpol
Command: corpol.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: country
Command: country.sys
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cpascrrc6
Command: cpascrrc6.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cphc700
Command: cphc700.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: credssp
Command: credssp.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: credui(3)
Command: credui(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: credui
Command: credui.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: crtdll
Command: crtdll.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: crypt32(3)
Command: crypt32(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: crypt32
Command: crypt32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptdlg
Command: cryptdlg.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptdll(3)
Command: cryptdll(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptdll
Command: cryptdll.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptext
Command: cryptext.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptnet(3)
Command: cryptnet(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptnet
Command: cryptnet.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptsvc(3)
Command: cryptsvc(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptsvc
Command: cryptsvc.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptui(3)
Command: cryptui(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cryptui
Command: cryptui.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cscdll(3)
Command: cscdll(3).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cscdll
Command: cscdll.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cscript
Command: cscript.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cscui(2)
Command: cscui(2).dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cscui
Command: cscui.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: csrsrv
Command: csrsrv.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: csrss(3)
Command: csrss(3).exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: csrss
Command: csrss.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: csseqchk
Command: csseqchk.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ctfmon
Command: ctfmon.exe
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: CTL3D32
Command: CTL3D32.!LL
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ctl3d32
Command: ctl3d32.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: CTL3D95
Command: CTL3D95.DLL
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ctl3dv2
Command: ctl3dv2.dll
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: cttune
Command: cttune.cpl
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: ctype
Command: ctype.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_037
Command: c_037.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_10000
Command: c_10000.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_10006
Command: c_10006.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_10007
Command: c_10007.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_10010
Command: c_10010.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_10017
Command: c_10017.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_10029
Command: c_10029.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_10079
Command: c_10079.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_10081
Command: c_10081.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_10082
Command: c_10082.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1026
Command: c_1026.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1250
Command: c_1250.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1251
Command: c_1251.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1252
Command: c_1252.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1253
Command: c_1253.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1254
Command: c_1254.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1255
Command: c_1255.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1256
Command: c_1256.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1257
Command: c_1257.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_1258
Command: c_1258.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_20127
Command: c_20127.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_20261
Command: c_20261.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_20866
Command: c_20866.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_20905
Command: c_20905.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_21866
Command: c_21866.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_28591
Command: c_28591.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_28592
Command: c_28592.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_28593
Command: c_28593.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: C_28594
Command: C_28594.NLS
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: C_28595
Command: C_28595.NLS
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: C_28597
Command: C_28597.NLS
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_28598
Command: c_28598.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_28599
Command: c_28599.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_28603
Command: c_28603.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_28605
Command: c_28605.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_437
Command: c_437.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_500
Command: c_500.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_737
Command: c_737.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_775
Command: c_775.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_850
Command: c_850.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_852
Command: c_852.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_855
Command: c_855.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_857
Command: c_857.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_860
Command: c_860.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_861
Command: c_861.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_863
Command: c_863.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_865
Command: c_865.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_866
Command: c_866.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_869
Command: c_869.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_874
Command: c_874.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_875
Command: c_875.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_932
Command: c_932.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_936
Command: c_936.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_949
Command: c_949.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

Name: c_950
Command: c_950.nls
User: NT AUTHORITY\SYSTEM
Startup Location: Startup

#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:02 PM

Posted 04 October 2008 - 02:16 AM

Hello

Most of those things on startup list are needed. Please don't use caps lock when you are writing here, use normal size words.

Backup Your Registry with ERUNT

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\85674494FC3537C4A9405E0BA90D9705]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\BF7B2563BEDCC484A990B792F9317C11]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8418B9A87DDDF844DBC65338683D3245]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Jasc\Installed\Products\Album]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\183BD8DEEEB1DCB4B9694B76CDB1CC81]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2400A2E85D16EA54FBCE6A724E281DE6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EFFE2564F28B7143AC3F2E31A4FDF9E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB438A7FDD3C06A4F8F5CAE280A8281C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FC36D8BF991B5DA4A8F701947F654870]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8418B9A87DDDF844DBC65338683D3245]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A9B8148-DDD7-448F-BD6C-358386D32354}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\StillImage\Events\Connected\{F17016CB-1047-4CD1-A1DE-6C52D4B0EAAF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\WINDOWS\\system32\\Corel Photo Album 6.scr"=-


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Reboot your computer.
_______________________

How's the problem now?


StartUpLite is a lightweight and simple to use application that allows you to speed up your system startup. --> StartUpLite

:thumbsup:

Edited by Baabiouz, 04 October 2008 - 02:17 AM.

Posted Image

#13 A87CEO

A87CEO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 AM

Posted 09 October 2008 - 03:51 PM

It finally resolved the issue. Thank you very much. My computer is working much better now. :thumbsup:

Edited by A87CEO, 09 October 2008 - 03:52 PM.


#14 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:02 PM

Posted 10 October 2008 - 12:00 AM

Great to hear. You're welcome. :thumbsup:
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users